Author: stef-guest
Date: 2006-09-17 20:08:32 +0000 (Sun, 17 Sep 2006)
New Revision: 4736
Modified:
data/CVE/list
Log:
some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-17 19:33:36 UTC (rev 4735)
+++ data/CVE/list 2006-09-17 20:08:32 UTC (rev 4736)
@@ -11,11 +11,11 @@
CVE-2006-4791
RESERVED
CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local
users ...)
- TODO: check
+ NOT-FOR-US: Open Movie Editor
CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php
in ...)
- TODO: check
+ NOT-FOR-US: SignKorn Guestbook
CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive
...)
- TODO: check
+ NOT-FOR-US: AlphaMail
CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain
sensitive ...)
TODO: check
CVE-2006-4785 (SQL injection vulnerability in Moodle 1.6.1 and earlier allows
remote ...)
@@ -23,103 +23,103 @@
CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle
1.6.1 ...)
TODO: check
CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01
and ...)
- TODO: check
+ NOT-FOR-US: WebSPELL
CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when
register_globals ...)
- TODO: check
+ NOT-FOR-US: WebSPELL
CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server
Multithreaded ...)
- TODO: check
+ NOT-FOR-US: FutureSoft TFTP Server
CVE-2006-4780 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
TODO: check
CVE-2006-4779 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Vitrax Premodded phpBB
CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost
before ...)
- TODO: check
+ NOT-FOR-US: Creative Commons Tools ccHost
CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation.PathControl
COM ...)
- TODO: check
+ NOT-FOR-US: DirectAnimation.PathControl
CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP)
feature ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19)
and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19)
allows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11
and ...)
- TODO: check
+ NOT-FOR-US: Sun StorEdge
CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root
with ...)
- TODO: check
+ NOT-FOR-US: HotPlug CMS
CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in
ForumJBC 4 ...)
- TODO: check
+ NOT-FOR-US: ForumJBC
CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in [EMAIL
PROTECTED] 2.0 ...)
- TODO: check
+ NOT-FOR-US: [EMAIL PROTECTED]
CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS
1.05 ...)
- TODO: check
+ NOT-FOR-US: p4CMS
CVE-2006-4768 (Multiple direct static code injection vulnerabilities in
add_go.php in ...)
- TODO: check
+ NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst
...)
- TODO: check
+ NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst
...)
- TODO: check
+ NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28
allows ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas
LETE ...)
- TODO: check
+ NOT-FOR-US: WTools
CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a
client's ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon
RssReader ...)
- TODO: check
+ NOT-FOR-US: Ykoon RssReader
CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke
Hutteman ...)
- TODO: check
+ NOT-FOR-US: SharpReader
CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin
Pasero ...)
- TODO: check
+ NOT-FOR-US: RSSOwl
CVE-2006-4759 (PunBB 1.2.12 does not properly handle pathnames ending in %00,
which ...)
- TODO: check
+ NOT-FOR-US: PunBB
CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00,
which ...)
TODO: check
CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in
e107 ...)
TODO: check
CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory
10.4.6 and ...)
- TODO: check
+ NOT-FOR-US: phpMyDirectory
CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in ...)
- TODO: check
+ NOT-FOR-US: phpMyDirectory
CVE-2006-4754 (Cross-site scripting (XSS) vulnerability in index.php in PHProg
before ...)
- TODO: check
+ NOT-FOR-US: PHProg
CVE-2006-4753 (Directory traversal vulnerability in index.php in PHProg before
1.1 ...)
- TODO: check
+ NOT-FOR-US: PHProg
CVE-2006-4752 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4751 (Cross-site scripting (XSS) vulnerability in index.php in
Laurentiu ...)
- TODO: check
+ NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4750 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OPENi-CMS
CVE-2006-4749 (Multiple PHP remote file inclusion vulnerabilities in PHP
Advanced ...)
- TODO: check
+ NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2006-4748 (Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1
allow ...)
- TODO: check
+ NOT-FOR-US: F-ART BLOG:CMS
CVE-2006-4747 (Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot
...)
- TODO: check
+ NOT-FOR-US: IdevSpot TextAds
CVE-2006-4746 (PHP remote file inclusion vulnerability in
news/include/customize.php ...)
- TODO: check
+ NOT-FOR-US: Web Server Creator
CVE-2006-4745 (ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded
key to ...)
- TODO: check
+ NOT-FOR-US: ScaryBear PocketExpense Pro
CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit
authentication ...)
- TODO: check
+ NOT-FOR-US: Abidia (1) O-Anywhere and (2) Abidia Wireless
CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain
...)
TODO: check
CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in
IDevSpot ...)
- TODO: check
+ NOT-FOR-US: PhpLinkExchange
CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in
...)
- TODO: check
+ NOT-FOR-US: PhpLinkExchange
CVE-2006-4740 (Jetbox CMS allows remote attackers to obtain sensitive
information via ...)
- TODO: check
+ NOT-FOR-US: Jetbox CMS
CVE-2006-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox
CMS ...)
- TODO: check
+ NOT-FOR-US: Jetbox CMS
CVE-2006-4738 (PHP remote file inclusion vulnerability in phpthumb.php in
Jetbox CMS ...)
- TODO: check
+ NOT-FOR-US: Jetbox CMS
CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows
remote ...)
- TODO: check
+ NOT-FOR-US: Jetbox CMS
CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R.
allow ...)
- TODO: check
+ NOT-FOR-US: CMS.R
CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to
obtain ...)
- TODO: check
+ - magpierss <unfixed> (unimportant; path disclosure)
CVE-2006-4734 (Multiple SQL injection vulnerabilities in
tiki-g-admin_processes.php ...)
TODO: check
CVE-2006-4733 (PHP remote file inclusion vulnerability in
sipssys/code/box.inc.php in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
