[Secure-testing-commits] r4636 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sat Aug 26 21:23:53 UTC 2006
Author: stef-guest
Date: 2006-08-26 21:23:51 +0000 (Sat, 26 Aug 2006)
New Revision: 4636
Modified:
data/CVE/list
Log:
- CVE-2006-4261/4253/4310: new mozilla issues
- CVE-2006-425[56]: new horde3 issues (low)
- CVE-2006-4292: new honeyd DoS (low)
- wordpress bugnum
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-26 21:14:23 UTC (rev 4635)
+++ data/CVE/list 2006-08-26 21:23:51 UTC (rev 4636)
@@ -38,13 +38,16 @@
CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...)
NOT-FOR-US: Cisco
CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise ...)
- TODO: check
+ NOT-FOR-US: Sonium Enterprise Adressbook
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...)
- TODO: check
+ - xulrunner <unfixed>
+ - firefox <unfixed>
+ - mozilla <unfixed>
+ - mozilla-firefox <unfixed>
CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not ...)
- TODO: check
+ NOT-FOR-US: AK-Systems Windows Terminal
CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
- TODO: check
+ NOT-FOR-US: Blackboard Learning System
CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...)
NOT-FOR-US: Solaris
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...)
@@ -54,29 +57,29 @@
CVE-2006-4304 (Buffer overflow in the ppp driver in FreeBSD 4.11 to 6.1 and NetBSD ...)
NOT-FOR-US: FreeBSD NetBSD
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...)
TODO: check
CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
NOT-FOR-US: Microsoft
CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...)
- TODO: check
+ NOT-FOR-US: SimpleBlog
CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...)
- tikiwiki <unfixed> (low; bug #384796)
CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...)
- TODO: check
+ NOT-FOR-US: osCommerce
CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce 2.2 ...)
- TODO: check
+ NOT-FOR-US: osCommerce
CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ...)
- TODO: check
+ NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...)
- TODO: check
+ NOT-FOR-US: Panda ActiveScan
CVE-2006-4294
RESERVED
CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
NOT-FOR-US: cPanel
CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...)
- TODO: check
+ - honeyd <unfixed> (low; bug filed)
CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: PHlyMail Lite
CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...)
@@ -140,7 +143,10 @@
CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
TODO: check
CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
- TODO: check
+ - xulrunner <unfixed>
+ - firefox <unfixed>
+ - mozilla <unfixed>
+ - mozilla-firefox <unfixed>
CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...)
TODO: check
CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...)
@@ -150,13 +156,16 @@
CVE-2006-4257 (Unspecified vulnerability in IBM DB2 Universal Database (UDB) before ...)
NOT-FOR-US: IBM DB2
CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...)
- TODO: check
+ - horde3 <unfixed> (low; bug #383416)
CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...)
- TODO: check
+ - horde3 <unfixed> (low; bug #383416)
CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...)
NOT-FOR-US: IBM AIX
CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
- TODO: check
+ - xulrunner <unfixed>
+ - firefox <unfixed>
+ - mozilla <unfixed>
+ - mozilla-firefox <unfixed>
CVE-2006-4252
RESERVED
CVE-2006-4251
@@ -178,23 +187,23 @@
CVE-2006-4243
RESERVED
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...)
- TODO: check
+ NOT-FOR-US: JIM component for Joomla or Mambo
CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...)
- TODO: check
+ NOT-FOR-US: Reporter Mambo component (com_reporter)
CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News ...)
- TODO: check
+ NOT-FOR-US: Fusion News
CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in ...)
- TODO: check
+ NOT-FOR-US: Outreach Project Tool
CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) ...)
- TODO: check
+ NOT-FOR-US: WebTorrent (WTcom)
CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php ...)
- TODO: check
+ NOT-FOR-US: Invisionix Roaming System Remote (IRSR)
CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow ...)
- TODO: check
+ NOT-FOR-US: POWERGAP
CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...)
- TODO: check
+ NOT-FOR-US: Sony
CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in ...)
- TODO: check
+ NOT-FOR-US: dotProject
CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local ...)
NOT-FOR-US: Globus Toolkit
CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, ...)
@@ -247,7 +256,7 @@
CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta ...)
NOT-FOR-US: WEBInsta Mailing List Manager
CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy ...)
- - wordpress <unfixed> (low; bug filed)
+ - wordpress <unfixed> (low; bug #384800)
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...)
NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
More information about the Secure-testing-commits
mailing list