[Secure-testing-commits] r4604 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sun Aug 20 09:35:26 UTC 2006
Author: stef-guest
Date: 2006-08-20 09:35:24 +0000 (Sun, 20 Aug 2006)
New Revision: 4604
Modified:
data/CVE/list
Log:
- new php issues
- new gallery2 issue fixed
- new mysql issue fixed
- mambo fixed (experimental)
- more NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-20 08:56:39 UTC (rev 4603)
+++ data/CVE/list 2006-08-20 09:35:24 UTC (rev 4604)
@@ -1,3 +1,11 @@
+CVE-2006-XXXX [multiple issues fixed by php 4.4.4 and 5.1.5]
+ - php4 <unfixed> (medium)
+ - php5 <unfixed> (medium)
+CVE-2006-XXXX [gallery2 session ID disclosure]
+ - gallery2 2.1.2-1
+CVE-2006-XXXX [insecure filehandling in mysql_upgrade]
+ - mysql-dfsg-5.0 5.0.24-1
+ TODO: check 4.x
CVE-2006-4194 (** DISPUTED ** ...)
NOT-FOR-US: Cisco
CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...)
@@ -201,47 +209,47 @@
CVE-2006-4093
RESERVED
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to ...)
- TODO: check
+ NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel ...)
- TODO: check
+ NOT-FOR-US: Archangel Weblog
CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 ...)
- TODO: check
+ NOT-FOR-US: Webligo BlogHoster
CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and ...)
- alsaplayer <unfixed> (medium; bug #382842)
CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace ...)
- TODO: check
+ NOT-FOR-US: CivicSpace
CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
- TODO: check
+ NOT-FOR-US: mojoGallery
CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino ...)
- TODO: check
+ NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The Search ...)
- TODO: check
+ NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 ...)
- TODO: check
+ NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in myWebland ...)
- TODO: check
+ NOT-FOR-US: myEvent
CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a ...)
- TODO: check
+ NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...)
- TODO: check
+ NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 ...)
- TODO: check
+ NOT-FOR-US: DeluxeBB
CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB ...)
- TODO: check
+ NOT-FOR-US: DeluxeBB
CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, ...)
- TODO: check
+ NOT-FOR-US: DeluxeBB
CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo ...)
- TODO: check
+ NOT-FOR-US: Comet WebFileManager
CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
- TODO: check
+ NOT-FOR-US: docpile: wim's edition
CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
- TODO: check
+ NOT-FOR-US: docpile: wim's edition
CVE-2006-4074 (PHP remote file inclusion vulnerability in lib/tpl/default/main.php in ...)
- TODO: check
+ NOT-FOR-US: JD-Wiki Component (com_jd-wiki) for Joomla!
CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz ...)
- TODO: check
+ NOT-FOR-US: phpCC
CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...)
- TODO: check
+ NOT-FOR-US: Club-Nuke [XP]
CVE-2006-XXXX [X PCF Integer Overflow Vulnerability]
- libxfont 1:1.2.0-2 (medium; bug #383353)
[sarge] - xfree86 <unfixed> (medium)
@@ -2062,9 +2070,9 @@
CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo ...)
NOT-FOR-US: Namo DeepSearch
CVE-2006-3263 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...)
- - mambo <unfixed> (medium)
+ - mambo 4.5.3h-2 (medium)
CVE-2006-3262 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...)
- - mambo <unfixed> (medium)
+ - mambo 4.5.3h-2 (medium)
CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control ...)
NOT-FOR-US: Trend Micro Control Manager
CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 ...)
More information about the Secure-testing-commits
mailing list