[Secure-testing-commits] r5039 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Fri Dec 1 23:01:05 CET 2006
Author: stef-guest
Date: 2006-12-01 23:01:02 +0100 (Fri, 01 Dec 2006)
New Revision: 5039
Modified:
data/CVE/list
Log:
- libgsf CVEified
- new libxslt issue
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-01 20:14:34 UTC (rev 5038)
+++ data/CVE/list 2006-12-01 22:01:02 UTC (rev 5039)
@@ -1,3 +1,6 @@
+CVE-2006-XXXX [libxslt segfault / DoS]
+ - libxslt 1.1.18-3 (low)
+ [sarge] - libxslt <not-affected> (vulnerability added later)
CVE-2006-6177 (SQL injection vulnerability in system/core/users/users.profile.inc.php ...)
NOT-FOR-US: Neocrome Seditio
CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...)
@@ -222,27 +225,27 @@
CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp ...)
NOT-FOR-US: BaalAsp forum
CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...)
- TODO: check
+ NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...)
- TODO: check
+ NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...)
- TODO: check
+ NOT-FOR-US: BPG-InfoTech Easy Publisher
CVE-2006-6071
RESERVED
CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...)
- TODO: check
+ NOT-FOR-US: ASP Nuke
CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: mAlbum
CVE-2006-6068 (Directory traversal vulnerability in the cached_album function in ...)
- TODO: check
+ NOT-FOR-US: mAlbum
CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real ...)
- TODO: check
+ NOT-FOR-US: DataShed
CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar / Events ...)
- TODO: check
+ NOT-FOR-US: Dragon Calendar
CVE-2006-6065 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...)
- TODO: check
+ NOT-FOR-US: CalSnails Module for MxBB Portal
CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter (MPI) in ...)
- TODO: check
+ NOT-FOR-US: Fuzzball MUCK
CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier ...)
NOT-FOR-US: XMPlay
CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other ...)
@@ -452,7 +455,7 @@
CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows ...)
NOT-FOR-US: Panda ActiveScan
CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...)
- TODO: check
+ NOT-FOR-US: PassGo SSO Plus
CVE-2006-5964
RESERVED
CVE-2006-5963
@@ -492,15 +495,15 @@
CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP ...)
NOT-FOR-US: FunkyASP Glossary
CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager ...)
- TODO: check
+ NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)
- TODO: check
+ NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5943 (Multiple SQL injection vulnerabilities in inventory/display/imager.asp ...)
- TODO: check
+ NOT-FOR-US: Less Inventory Manager
CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Less Inventory Manager
CVE-2006-5941 (snmpd in (1) the SUNWsmagt package in Solaris 10 before 20061122 and ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...)
NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...)
@@ -528,55 +531,55 @@
CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler ...)
NOT-FOR-US: Phpjobscheduler
CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal ...)
- TODO: check
+ NOT-FOR-US: ASP Scripter Easy Portal
CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru before ...)
- TODO: check
+ NOT-FOR-US: Vallheru
CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed ...)
- links 0.99+1.00pre12-1.1 (medium; bug #399188)
- elinks 0.11.1-1.2 (medium; bug #399187)
- links2 2.1pre25-2
CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP ...)
- TODO: check
+ NOT-FOR-US: Efficient IP iPmanager (IPm)
CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac ...)
- TODO: check
+ NOT-FOR-US: gtcatalog
CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Wheatblog
CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php ...)
- TODO: check
+ NOT-FOR-US: Wheatblog
CVE-2006-5920 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Exporia
CVE-2006-5919 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: KnowledgeBuilder
CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid ...)
- TODO: check
+ NOT-FOR-US: RapidKill
CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article Manager ...)
- TODO: check
+ NOT-FOR-US: OmniStar Article Manager
CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Intego VirusBarrier
CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in ...)
- TODO: check
+ NOT-FOR-US: LandShop
CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows ...)
- TODO: check
+ NOT-FOR-US: LandShop
CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1) cause a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has ...)
- TODO: check
+ NOT-FOR-US: Campware Campsite
CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware ...)
- TODO: check
+ NOT-FOR-US: Campware Campsite
CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware ...)
- TODO: check
+ NOT-FOR-US: Campware Campsite
CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And Research ...)
- TODO: check
+ NOT-FOR-US: Stanford Conference And Research Forum (SCARF)
CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user function in ...)
- TODO: check
+ NOT-FOR-US: Yet Another News System
CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php in ...)
- TODO: check
+ NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5906 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the database ...)
- TODO: check
+ NOT-FOR-US: Web Directory Pro
CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 ...)
- TODO: check
+ NOT-FOR-US: MWChat Pro
CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to ...)
NOT-FOR-US: GSpace
CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to perform ...)
@@ -584,7 +587,7 @@
CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP ...)
NOT-FOR-US: Hawking Technology wireless router WR254-CA
CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Zend Framework Preview
CVE-2006-5899 (** DISPUTED ** ...)
NOT-FOR-US: @cid stat
CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 ...)
@@ -592,7 +595,7 @@
CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...)
NOT-FOR-US: PhpMyChat Plus
CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the ...)
- TODO: check
+ NOT-FOR-US: Web Mech Designer
CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in EncapsCMS ...)
NOT-FOR-US: EncapsCMS
CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68 and ...)
@@ -660,13 +663,13 @@
CVE-2006-5867
RESERVED
CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for ...)
- TODO: check
+ NOT-FOR-US: phpManta
CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php for Script ...)
- TODO: check
+ NOT-FOR-US: Script Dowload
CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for ...)
- TODO: check
+ NOT-FOR-US: LetterIt
CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of the web ...)
- TODO: check
+ NOT-FOR-US: Network Administration Visualized
CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...)
TODO: check
CVE-2006-5860
@@ -2222,10 +2225,6 @@
NOT-FOR-US: OlateDownload
CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in ...)
NOT-FOR-US: OlateDownload
-CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)]
- - libgsf 1.14.2-1
- [sarge] - libgsf 1.11.1-1sarge1
- NOTE: DSA-1221-1
CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 ...)
NOT-FOR-US: Backup Agent RPC Server
CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 ...)
@@ -3613,9 +3612,10 @@
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-4515
RESERVED
-CVE-2006-4514
+CVE-2006-4514 [unspecified libgsf security issue (IDEF1622)]
+ {DSA-1221-1}
RESERVED
- {DSA-1221-1}
+ - libgsf 1.14.2-1
CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly ...)
- wv 1.2.4-1 (bug #396256; medium)
CVE-2006-4512
More information about the Secure-testing-commits
mailing list