[Secure-testing-commits] r4630 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Fri Aug 25 16:52:20 UTC 2006
Author: stef-guest
Date: 2006-08-25 16:52:14 +0000 (Fri, 25 Aug 2006)
New Revision: 4630
Modified:
data/CVE/list
Log:
- libmusicbrainz CVEified
- CVE-2006-4299: new tikiwiki XSS (low)
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-25 16:38:29 UTC (rev 4629)
+++ data/CVE/list 2006-08-25 16:52:14 UTC (rev 4630)
@@ -24,19 +24,19 @@
CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows ...)
TODO: check
CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: WFTPD
CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab ...)
TODO: check
CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root ...)
- TODO: check
+ NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia ...)
- TODO: check
+ NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise ...)
TODO: check
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...)
@@ -46,23 +46,24 @@
CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
TODO: check
CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-4305
RESERVED
CVE-2006-4304 (Buffer overflow in the ppp driver in FreeBSD 4.11 to 6.1 and NetBSD ...)
- TODO: check
+ NOT-FOR-US: FreeBSD NetBSD
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
TODO: check
CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...)
TODO: check
CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...)
TODO: check
CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...)
- TODO: check
+ - tikiwiki <unfixed> (low)
+ TODO: file bug
CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...)
TODO: check
CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce 2.2 ...)
@@ -74,15 +75,15 @@
CVE-2006-4294
RESERVED
CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...)
TODO: check
CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PHlyMail Lite
CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...)
- TODO: check
+ NOT-FOR-US: Sony
CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x ...)
- TODO: check
+ NOT-FOR-US: Sony
CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...)
TODO: check
CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...)
@@ -106,7 +107,7 @@
CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...)
TODO: check
CVE-2006-4278 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: SportsPHool
CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 ...)
TODO: check
CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier ...)
@@ -114,7 +115,7 @@
CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the ...)
TODO: check
CVE-2006-4274 (Unknown vulnerability in Microsoft PowerPoint allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 ...)
TODO: check
CVE-2006-4272 (** DISPUTED ** ...)
@@ -130,9 +131,9 @@
CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier ...)
TODO: check
CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows ...)
- TODO: check
+ NOT-FOR-US: Kaspersky
CVE-2006-4264 (Multiple PHP remote file inclusion vulnerabilities in the ...)
TODO: check
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...)
@@ -146,15 +147,15 @@
CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...)
TODO: check
CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in ...)
- TODO: check
+ NOT-FOR-US: Anti-Spam SMTP Proxy
CVE-2006-4257 (Unspecified vulnerability in IBM DB2 Universal Database (UDB) before ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...)
TODO: check
CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...)
TODO: check
CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
TODO: check
CVE-2006-4252
@@ -212,29 +213,29 @@
CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ...)
TODO: check
CVE-2006-4225 (Multiple SQL injection vulnerabilities in war.php in Virtual War ...)
- TODO: check
+ NOT-FOR-US: Virtual War
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual ...)
- TODO: check
+ NOT-FOR-US: Virtual War
CVE-2006-4223 (IBM WebSphere Application Server before 6.0.2.13 allows ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application
CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application
CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2006-4220
RESERVED
CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote ...)
- TODO: check
+ NOT-FOR-US: Terminal Services COM object
CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WEBInsta CMS
CVE-2006-4216 (PHP remote file inclusion vulnerability in Chaussette 080706 and ...)
TODO: check
CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent ...)
TODO: check
CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet ...)
@@ -244,7 +245,7 @@
CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when ...)
TODO: check
CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta ...)
- TODO: check
+ NOT-FOR-US: WEBInsta Mailing List Manager
CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy ...)
TODO: check
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...)
@@ -268,9 +269,10 @@
CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in ...)
TODO: check
CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or ...)
- TODO: check
+ - libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
+ - libmusicbrainz-2.0 <unfixed> (medium; bug #383031)
CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS ...)
- TODO: check
+ NOT-FOR-US: WEBInsta CMS
CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...)
TODO: check
CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) ...)
@@ -545,9 +547,6 @@
CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick ...)
- imagemagick <unfixed> (medium; bug #383314)
- graphicsmagick 1.1.7-7 (medium; bug #383333)
-CVE-2006-XXXX [libmusicbrainz buffer overflows]
- - libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
- - libmusicbrainz-2.0 <unfixed> (medium; bug #383031)
CVE-2006-XXXX [crash in the certificate verification logic]
NOTE: GNUTLS-SA-2006-2
- gnutls11 <unfixed> (medium)
More information about the Secure-testing-commits
mailing list