[Secure-testing-commits] r3891 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sat Apr 29 07:19:51 UTC 2006
Author: stef-guest
Date: 2006-04-29 07:19:39 +0000 (Sat, 29 Apr 2006)
New Revision: 3891
Modified:
data/CVE/list
Log:
new phpldapadmin issue
php bugnums
safari issues don't affect konqueror in sid
some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-29 06:42:18 UTC (rev 3890)
+++ data/CVE/list 2006-04-29 07:19:39 UTC (rev 3891)
@@ -1,90 +1,93 @@
CVE-2006-XXXX [librsvg2 crash on certain svg files]
- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
-begin claimed by stef-guest
CVE-2006-2018 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service ...)
- dnsmasq 2.30-1 (medium)
CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin ...)
- TODO: check
+ - phpldapadmin <unfixed> (bug #365313; low)
+ - egroupware <unfixed> (bug #365314; low)
CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: SL_site
CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0 ...)
- TODO: check
+ NOT-FOR-US: SL_site
CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: SL_site
CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Skulltag
CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 ...)
- TODO: check
+ NOT-FOR-US: 4images
CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in Bloggage ...)
- TODO: check
+ NOT-FOR-US: Bloggage
CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda ...)
- TODO: check
+ NOT-FOR-US: phpMyAgenda
CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in Built2Go ...)
- TODO: check
+ NOT-FOR-US: Built2Go
CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Winny
CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 ...)
- TODO: check
+ NOT-FOR-US: IZArc Archiver
CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: ClanSys
CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote ...)
- TODO: check
+ NOT-FOR-US: RI Blog
CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community ...)
- TODO: check
+ NOT-FOR-US: Community Architect Guestbook
CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in MyGamingLadder ...)
- TODO: check
+ NOT-FOR-US: MyGamingLadder
CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery ...)
- TODO: check
+ NOT-FOR-US: Scry Gallery
CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods ...)
- TODO: check
+ NOT-FOR-US: logMethods
CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause ...)
- TODO: check
+ NOT-FOR-US: OpenTTD
CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: OpenTTD
CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere before 7.0 allows ...)
- TODO: check
+ NOT-FOR-US: Sybase Pylon Anywhere
CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Scry Gallery
CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery 1.1 ...)
- TODO: check
+ NOT-FOR-US: Scry Gallery
CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and earlier ...)
- TODO: check
+ NOT-FOR-US: dForum
CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-1991 (The substr_compare function in string.c in PHP 4.4.2 and 5.1.2 allows ...)
- - php4 <unfixed> (bug filed; medium)
- - php5 <unfixed> (bug filed; medium)
+ - php4 <unfixed> (bug #365311; medium)
+ - php5 <unfixed> (bug #365312; medium)
CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...)
- - php4 <unfixed> (bug filed; medium)
- - php5 <unfixed> (bug filed; medium)
+ - php4 <unfixed> (bug #365311; medium)
+ - php5 <unfixed> (bug #365312; medium)
CVE-2006-1989
RESERVED
CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
+ NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
+ NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
+ NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1985 (Heap-based buffer overflow in BOMArchiveHelper 10.4 (6.3) Build 312, ...)
- TODO: check
+ NOT-FOR-US: BOMArchiveHelper
CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking allows ...)
- TODO: check
+ NOT-FOR-US: W2B Online Banking
CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web ...)
- TODO: check
+ NOT-FOR-US: Manic Web MWGuest
CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and ...)
- TODO: check
+ NOT-FOR-US: FlexBB
CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and ...)
- TODO: check
+ NOT-FOR-US: FlexBB
CVE-2006-1993 (Mozilla Firefox 1.5.0.2 allows remote attackers to cause a denial of ...)
- firefox 1.5.dfsg+1.5.0.2-2
[sarge] - mozilla-firefox <not-affected>
@@ -92,7 +95,6 @@
- typo3-src <unfixed> (bug #364350)
CVE-2006-XXXX [moinmoin XSS]
- moin 1.5.3-1
-end claimed by stef-guest
CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer ...)
NOT-FOR-US: Prayer Request Board
CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in ...)
More information about the Secure-testing-commits
mailing list