[Secure-testing-commits] r4634 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sat Aug 26 20:24:42 UTC 2006
Author: stef-guest
Date: 2006-08-26 20:24:40 +0000 (Sat, 26 Aug 2006)
New Revision: 4634
Modified:
data/CVE/list
Log:
- CVE-2006-422[67]: new mysql issues (low)
- CVE-2006-4208: new wordpress issue (low)
- CVE-2005-480[78]: binutils issues already fixed in etch/sid (low)
- tikiwiki bugnum
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-26 19:30:47 UTC (rev 4633)
+++ data/CVE/list 2006-08-26 20:24:40 UTC (rev 4634)
@@ -62,8 +62,7 @@
CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...)
TODO: check
CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...)
- - tikiwiki <unfixed> (low)
- TODO: file bug
+ - tikiwiki <unfixed> (low; bug #384796)
CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...)
TODO: check
CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce 2.2 ...)
@@ -197,21 +196,22 @@
CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in ...)
TODO: check
CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local ...)
- TODO: check
+ NOT-FOR-US: Globus Toolkit
CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, ...)
- TODO: check
+ NOT-FOR-US: Globus Toolkit
CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: Lizge Web Portal
CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the ...)
- TODO: check
+ NOT-FOR-US: mosListMessenger Component (com_lm) for Mambo and Joomla!
CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid ...)
- TODO: check
+ - mysql-dfsg-5.0 <unfixed> (low; bug #384798)
CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ...)
- TODO: check
+ - mysql-dfsg-5.0 <unfixed> (low; bug #384798)
+ - mysql-dfsg <unfixed> (low)
CVE-2006-4225 (Multiple SQL injection vulnerabilities in war.php in Virtual War ...)
NOT-FOR-US: Virtual War
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual ...)
@@ -231,62 +231,62 @@
CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: WEBInsta CMS
CVE-2006-4216 (PHP remote file inclusion vulnerability in Chaussette 080706 and ...)
- TODO: check
+ NOT-FOR-US: Chaussette
CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart ...)
NOT-FOR-US: Zen Cart
CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...)
NOT-FOR-US: Zen Cart
CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent ...)
- TODO: check
+ NOT-FOR-US: Thatware
CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet ...)
- TODO: check
+ NOT-FOR-US: Owl Intranet Engine
CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl ...)
- TODO: check
+ NOT-FOR-US: Owl Intranet Engine
CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when ...)
- TODO: check
+ NOT-FOR-US: phPay
CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta ...)
NOT-FOR-US: WEBInsta Mailing List Manager
CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy ...)
- TODO: check
+ - wordpress <unfixed> (low; bug filed)
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...)
- TODO: check
+ NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
- TODO: check
+ NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition
CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite ...)
- TODO: check
+ NOT-FOR-US: WebDynamite ProjectButler
CVE-2006-4204 (Multile PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and ...)
- TODO: check
+ NOT-FOR-US: PHProjekt
CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the MMP ...)
- TODO: check
+ NOT-FOR-US: MMP Component (com_mmp) for Mambo
CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog Script ...)
- TODO: check
+ NOT-FOR-US: Spidey Blog Script
CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager in HP ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: 04WebServer
CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 ...)
- TODO: check
+ NOT-FOR-US: 04WebServer
CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in ...)
- TODO: check
+ NOT-FOR-US: Wheatblog
CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or ...)
- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
- libmusicbrainz-2.0 <unfixed> (medium; bug #383031)
CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS ...)
NOT-FOR-US: WEBInsta CMS
CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...)
- TODO: check
+ NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook)
CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) ...)
- TODO: check
+ - binutils 2.17-1 (low)
CVE-2005-4807 (Stack-based buffer overflow in messages.c in the GNU as (gas) ...)
- TODO: check
+ - binutils 2.17-1 (low)
CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: 04WebServer
CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file names, ...)
- TODO: check
+ NOT-FOR-US: 04WebServer
CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL ...)
- TODO: check
+ NOT-FOR-US: 04WebServer
CVE-2006-XXXX [multiple issues fixed by php 4.4.4 and 5.1.5]
- php4 <unfixed> (medium)
- php5 <unfixed> (medium)
@@ -2642,7 +2642,7 @@
- mozilla <not-affected> (SunSolve claims it is only in 3.11; latest released is 3.10)
CVE-2006-3126 [unspecivied vulnerability in capi4hylafax in mgetty mode]
RESERVED
- - capi4hylafax 1:01.03.00.99.svn.300-3
+ - capi4hylafax 1:01.03.00.99.svn.300-3
TODO: check
CVE-2006-3125
RESERVED
More information about the Secure-testing-commits
mailing list