[Secure-testing-commits] r5138 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Sun Dec 17 18:46:05 CET 2006
Author: stef-guest
Date: 2006-12-17 18:46:03 +0100 (Sun, 17 Dec 2006)
New Revision: 5138
Modified:
data/CVE/list
Log:
- CVE-2006-6417: b2evolution not-affected
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-17 17:32:48 UTC (rev 5137)
+++ data/CVE/list 2006-12-17 17:46:03 UTC (rev 5138)
@@ -21,9 +21,9 @@
CVE-2006-6566 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Profile Control Panel (CPanel) module for mxBB
CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: FileZilla Server
CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: FileZilla Server
CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in ...)
- proftpd-dfsg 1.3.0-17 (medium)
[sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build)
@@ -109,33 +109,33 @@
CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in ...)
NOT-FOR-US: BoxTrapper in cPanel
CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale ...)
- TODO: check
+ NOT-FOR-US: WikiTimeScale TwoZero
CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 ...)
- TODO: check
+ NOT-FOR-US: Messageriescripthp
CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Messageriescripthp
CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows ...)
- TODO: check
+ NOT-FOR-US: ProNews
CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 ...)
- TODO: check
+ NOT-FOR-US: ProNews
CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and ...)
- TODO: check
+ NOT-FOR-US: KDPics
CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and ...)
- TODO: check
+ NOT-FOR-US: KDPics
CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of ...)
TODO: check
CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient ...)
- TODO: check
+ NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web Interface ...)
- TODO: check
+ NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6512 (Directory traversal vulnerability in the Browse function (/browse URI) ...)
- TODO: check
+ NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive ...)
- TODO: check
+ NOT-FOR-US: dadaIMC
CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is ...)
- TODO: check
+ NOT-FOR-US: SiteKiosk
CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in ...)
- TODO: check
+ NOT-FOR-US: SiteKiosk
CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...)
TODO: check
CVE-2006-6507
@@ -161,7 +161,7 @@
CVE-2006-6497
RESERVED
CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus ...)
- TODO: check
+ NOT-FOR-US: CA Anti-Virus
CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 ...)
NOT-FOR-US: Solaris
CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...)
@@ -205,7 +205,7 @@
CVE-2006-6475
RESERVED
CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for Linux ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...)
NOT-FOR-US: Xerox WorkCentre
CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before ...)
@@ -223,7 +223,7 @@
CVE-2006-6466 (Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in ...)
NOT-FOR-US: WikyBlog
CVE-2006-6465 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: WikyBlog
CVE-2006-6464 (viewcart in Midicart accepts negative numbers in the Qty (quantity) ...)
NOT-FOR-US: Midicart
CVE-2006-6463 (Unrestricted file upload vulnerability in admin/add.php in Midicart ...)
@@ -235,7 +235,7 @@
CVE-2006-6460 (Yourfreeworld.com Short Url & Url Tracker Script allows remote ...)
NOT-FOR-US: Yourfreeworld.com Short Url Script
CVE-2006-6459 (Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB ...)
- TODO: check
+ NOT-FOR-US: Toplist for phpBB
CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 8.150 ...)
NOT-FOR-US: Trend Micro (Windows)
CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other ...)
@@ -263,7 +263,7 @@
CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4, ...)
NOT-FOR-US: iWare Professional
CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...)
- TODO: check
+ NOT-FOR-US: Envolution
CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and ...)
NOT-FOR-US: Nostra DivX Player
CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print ...)
@@ -309,59 +309,59 @@
CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable ...)
NOT-FOR-US: MailEnable
CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ...)
- TODO: check
+ NOT-FOR-US: AgileBill AgileVoice
CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box ...)
TODO: check
CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the ...)
- TODO: check
+ NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content ...)
- TODO: check
+ NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6418 (Unspecified vulnerability in the POSIX Threads library (libpthread) on ...)
- TODO: check
+ NOT-FOR-US: HP Tru64 UNIX
CVE-2006-6417 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ - b2evolution <not-affected> (vulnerable code added later)
CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - ...)
- TODO: check
+ NOT-FOR-US: PhpLeague
CVE-2006-6415 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: phpAdsNew
CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye ...)
- TODO: check
+ NOT-FOR-US: dol storye
CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and ...)
- TODO: check
+ NOT-FOR-US: Amateras sns
CVE-2006-6412
RESERVED
CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local ...)
- TODO: check
+ NOT-FOR-US: VMWare
CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote ...)
- TODO: check
+ NOT-FOR-US: Kaspersky
CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote ...)
- TODO: check
+ NOT-FOR-US: F-Prot
CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...)
- clamav 0.88.7-1 (medium)
CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: BitDefender
CVE-2006-6404
RESERVED
CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: MyStats
CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...)
- TODO: check
+ NOT-FOR-US: MyStats
CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in ...)
- TODO: check
+ NOT-FOR-US: MyStats
CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...)
- TODO: check
+ NOT-FOR-US: JustSystems
CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 ...)
- TODO: check
+ NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios ...)
- TODO: check
+ NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6397 (** DISPUTED ** ...)
- TODO: check
+ NOTE: not a vuln
CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and ...)
- TODO: check
+ NOT-FOR-US: BlazeVideo HDTV Player
CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...)
TODO: check
CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas ...)
More information about the Secure-testing-commits
mailing list