[Secure-testing-commits] r3636 - data/CVE

Fri Mar 17 11:03:29 UTC 2006

Author: jmm-guest
Date: 2006-03-17 11:03:23 +0000 (Fri, 17 Mar 2006)
New Revision: 3636

Modified:
   data/CVE/list
Log:
capi4hylafax n-a
NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-03-17 10:55:24 UTC (rev 3635)
+++ data/CVE/list	2006-03-17 11:03:23 UTC (rev 3636)
@@ -32,15 +32,14 @@
 	NOT-FOR-US: DSCounter
 CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...)
 	NOT-FOR-US: WMNews
-begin claimed by jmm
 CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...)
-	TODO: check
+	NOT-FOR-US: DSDownload
 CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...)
-	TODO: check
+	- capi4hylafax <not-affected> (Affected DEFINE not defined)
 CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in create.php in ...)
-	TODO: check
+	NOT-FOR-US: vCard
 CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 ...)
-	TODO: check
+	NOT-FOR-US: Hosting Controller
 CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
 	- drupal 4.5.8-1
 CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is ...)
@@ -50,40 +49,40 @@
 CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
 	- drupal 4.5.8-1
 CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows ...)
-	TODO: check
+	NOT-FOR-US: GuppY
 CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager ...)
-	TODO: check
+	NOT-FOR-US: Jupiter Content Manager
 CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 ...)
-	TODO: check
+	NOT-FOR-US: zeroboard
 CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service ...)
-	TODO: check
+	NOT-FOR-US: TrueVector
 CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...)
-	TODO: check
+	TODO: Someone please check, if this is included in the standard PEAR packages
 CVE-2006-XXXX [Insufficient filename sanitising in darcsweb]
 	- darcsweb 0.15-1
 CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for Mac ...)
-	TODO: check
+	NOT-FOR-US: MacOS X
 CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier, and ...)
 	- gallery2 2.0.4-1
 CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell BorderManager ...)
-	TODO: check
+	NOT-FOR-US: Novell BorderManager
 CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: DSPoll
 CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x ...)
-	TODO: check
+	NOT-FOR-US: Runcms
 CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab ...)
-	TODO: check
+	NOT-FOR-US: Woltlab BB
 CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified ...)
-	TODO: check
+	NOT-FOR-US: UnrealIRCd
 CVE-2006-1213 (JiRo's Banner System Experience and Professional 1.0 and earlier ...)
-	TODO: check
+	NOT-FOR-US: JiRo's Banner System Experience and Professional
 CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows ...)
-	TODO: check
+	NOT-FOR-US: CoreNews
 CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL ...)
-	TODO: check
+	NOT-FOR-US: Tivoli
 CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: Tivoli
+begin claimed by jmm
 CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...)
 	TODO: check
 CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...)
@@ -140,6 +139,7 @@
 	TODO: check
 CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe ...)
 	TODO: check
+end claimed by jmm
 CVE-2006-1181
 	RESERVED
 CVE-2006-1180


