Author: micah
Date: 2006-02-15 05:19:30 +0000 (Wed, 15 Feb 2006)
New Revision: 3485
Modified:
data/CVE/list
Log:
A bunch of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-15 04:36:48 UTC (rev 3484)
+++ data/CVE/list 2006-02-15 05:19:30 UTC (rev 3485)
@@ -29,39 +29,39 @@
- mantis 0.19.4-3
[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus
Domino ...)
- TODO: check
+ NOT-FOR-US: Lotus Domino
CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes
Client ...)
- TODO: check
+ NOT-FOR-US: Lotus Domino
CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in SmE GB Host 1.21
and SmE ...)
- TODO: check
+ NOT-FOR-US: SmE GB Host
CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5
and ...)
- TODO: check
+ NOT-FOR-US: FarsiNews
CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in Runcms 1.2
and ...)
- TODO: check
+ NOT-FOR-US: Runcms
CVE-2006-0658 (Incomplete blacklist vulnerability in FCKeditor 2.0 and 2.2, as
used ...)
- TODO: check
+ NOT-FOR-US: FCKeditor
CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP
Event ...)
- TODO: check
+ NOT-FOR-US: Softcomplex
CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager
4.2 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- TODO: check
+ NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate
...)
- TODO: check
+ NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht
Topsites ...)
- TODO: check
+ NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect
permissions ...)
- TODO: check
+ NOT-FOR-US: WHMCompleteSolution
CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote
...)
- TODO: check
+ NOT-FOR-US: vwdev
CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in
the ...)
- TODO: check
+ NOT-FOR-US: CPAINT
CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch
before 4.37 ...)
- TODO: check
+ NOT-FOR-US: DataparkSearch
CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar
2.0.1, ...)
- TODO: check
+ NOT-FOR-US: PHP iCalendar
CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running
on Linux ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Directory Server
CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain ...)
- binutils <not-affected> (SuSE specific vulnerability)
CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1)
GnuTLS ...)
@@ -71,11 +71,11 @@
CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in
PHP-Nuke 7.8, ...)
NOT-FOR-US: PHP-Nuke
CVE-2005-4714 (Format string vulnerability in the vmps_log function in
OpenVMPS (VLAN ...)
- TODO: check
+ NOT-FOR-US: OpenVMPS
CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in
PAM-MySQL ...)
TODO: check
CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP
Handicapper ...)
- TODO: check
+ NOT-FOR-US: Handicapper
CVE-2006-XXXX [imagemagick's display(1) deletes arbitrary files]
- imagemagick 6:6.2.4.5-0.7 (bug #352575; medium)
- graphicsmagick <not-affected> (Vulnerable code not present)
@@ -232,7 +232,7 @@
CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM
privileges by ...)
NOT-FOR-US: Lexmark printer
CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile
0.9.1 and ...)
- TODO: check
+ - oprofile <unfixed> (bug #352910; low)
CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote
attackers to ...)
- fcron <not-affected> (Not included in Debian package)
CVE-2006-0574 (Cross-site scripting (XSS) vulnerability in mime/handle.html in
cPanel ...)
@@ -325,7 +325,7 @@
CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0
allows ...)
NOT-FOR-US: Sun Java System Access Manager
CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb
...)
- TODO: check
+ NOT-FOR-US: NukedWeb
CVE-2006-XXXX [kphone creates world-readable config file with passwords]
- kphone <unfixed> (bug #337830; low)
CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before
1.07 ...)
@@ -421,29 +421,29 @@
- mozilla-firefox <unfixed> (bug #349339)
- mozilla <unfixed>
CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to
...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard)
1.02 ...)
NOT-FOR-US: MyBB
CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known
as ...)
- TODO: check
+ NOT-FOR-US: MG2
CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow
remote ...)
- TODO: check
+ NOT-FOR-US: Calendarix
CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in
SZUserMgnt 1.4 ...)
- TODO: check
+ NOT-FOR-US: SZUserMgnt
CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai
Forums ...)
- TODO: check
+ NOT-FOR-US: ASPThai Forums
CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC,
probably ...)
TODO: check
CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate
Email ...)
- TODO: check
+ NOT-FOR-US: Tumbleweed MailGate Email Firewall
CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with
maintenance ...)
NOT-FOR-US: IOS
CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16,
12.2(18)S ...)
NOT-FOR-US: IOS
CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the
FACE ...)
- TODO: check
+ NOT-FOR-US: FACE CONTROL product
CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0
through ...)
NOT-FOR-US: Cisco VPN 3000
CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
@@ -454,11 +454,11 @@
[woody] - libpng <not-affected> (Only 1.2.7 affected)
[sarge] - libpng3 1.2.8rel-1
CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module
in ...)
- TODO: check
+ NOT-FOR-US: sPaiz-Nuke
CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals
enabled, ...)
- pmwiki <itp> (bug #330117)
CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged
actions, ...)
- TODO: check
+ NOT-FOR-US: CRE Loaded
CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5
allows ...)
- git-core 1.1.5-1 (bug #350274)
CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers
to ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
