[Secure-testing-commits] r5144 - data/CVE
Micah Anderson
micah at alioth.debian.org
Mon Dec 18 15:27:29 CET 2006
Author: micah
Date: 2006-12-18 15:27:26 +0100 (Mon, 18 Dec 2006)
New Revision: 5144
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-17 23:45:34 UTC (rev 5143)
+++ data/CVE/list 2006-12-18 14:27:26 UTC (rev 5144)
@@ -365,75 +365,75 @@
CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and ...)
NOT-FOR-US: BlazeVideo HDTV Player
CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...)
- TODO: check
+ NOT-FOR-US: Ulrik Petersen Emdros Database Engine
CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas ...)
- TODO: check
+ NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera ...)
- TODO: check
+ NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka ...)
- TODO: check
+ NOT-FOR-US: plxWebDev
CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution ...)
- TODO: check
+ NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution ...)
- TODO: check
+ NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...)
- TODO: check
+ NOT-FOR-US: ac4p Mobile
CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in ...)
- TODO: check
+ NOT-FOR-US: LINK Content Management Server
CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management ...)
- TODO: check
+ NOT-FOR-US: LINK Content Management Server
CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...)
- TODO: check
+ NOT-FOR-US: CVS management/tracker (drupal plugin)
CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...)
- TODO: check
+ NOT-FOR-US: abitwhizzy.php
CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...)
- php5 <unfixed> (unimportant)
- php4 <unfixed> (unimportant)
NOTE: safe-mode and basedir violations not treated as security issues
CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...)
- TODO: check
+ NOT-FOR-US: Positive Software H-Sphere
CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...)
- TODO: check
+ NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate ...)
- TODO: check
+ NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...)
- TODO: check
+ NOT-FOR-US: BrightStor Backup Discovery Service
CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with ...)
- TODO: check
+ NOT-FOR-US: BTSaveMySql
CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root ...)
- TODO: check
+ NOT-FOR-US: Uploadscript
CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File ...)
- TODO: check
+ NOT-FOR-US: Simple File Manager
CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...)
- TODO: check
+ NOT-FOR-US: Simple machines Forum
CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...)
TODO: check phpmyadmin
CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...)
TODO: check phpmyadmin
CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...)
- TODO: check
+ NOT-FOR-US: JAB Guest Book
CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB ...)
- TODO: check
+ NOT-FOR-US: JAB Guest Book
CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in ...)
- TODO: check
+ NOT-FOR-US: Invision Gallery
CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision ...)
- TODO: check
+ NOT-FOR-US: Invision Community Blog Mod
CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a ...)
TODO: check
CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and ...)
NOT-FOR-US: Affects only Windows despite other claims
CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...)
- TODO: check
+ NOT-FOR-US: awrate
CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware ...)
NOT-FOR-US: Duware
CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Cerberus Helpdesk
CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...)
NOT-FOR-US: Duware
CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside ...)
- TODO: check
+ NOT-FOR-US: Inside Systems Mail (ISMail)
CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket ...)
- TODO: check
+ NOT-FOR-US: BlueSocket Secure Controller
CVE-2006-6362
REJECTED
CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file ...)
@@ -441,9 +441,9 @@
CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...)
NOT-FOR-US: PHP Upload Center
CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...)
- TODO: check
+ NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in ...)
- TODO: check
+ NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...)
NOT-FOR-US: PHPNews
CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -457,41 +457,41 @@
CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted ...)
NOT-FOR-US: F-Prot Antivirus
CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with ...)
- TODO: check
+ NOT-FOR-US: KhaledMuratList
CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient ...)
- TODO: check
+ NOT-FOR-US: listpics 5
CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The ...)
- TODO: check
+ NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 ...)
- TODO: check
+ NOT-FOR-US: mowdBB
CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote ...)
- TODO: check
+ NOT-FOR-US: TFT-Gallery
CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 ...)
TODO: check
CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service ...)
TODO: check
CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. ...)
- TODO: check
+ NOT-FOR-US: KLF-DESIGN
CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...)
- TODO: check
+ NOT-FOR-US: mg.applanix
CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...)
NOT-FOR-US: nVIDIA nView
CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...)
- TODO: check
+ NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...)
- TODO: check
+ NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee Ziyaretci ...)
- TODO: check
+ NOT-FOR-US: Aspee Ziyaretci Defteri
CVE-2006-6336
RESERVED
CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before ...)
- TODO: check
+ NOT-FOR-US: Sophos Anti-Virus
CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...)
- TODO: check
+ NOT-FOR-US: Citrix Presentation Server Client
CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...)
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18)
@@ -1901,7 +1901,7 @@
CVE-2006-5681
RESERVED
CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...)
- TODO: check libarchive, pinged maintainer
+ NOT-FOR-US: FreeBSD libarchive, pinged maintainer
CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...)
- kfreebsd-5 <unfixed>
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
@@ -2435,7 +2435,7 @@
CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...)
- wims 3.60-1 (bug #395102)
CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...)
- TODO: check viewcvs
+ NOT-FOR-US: ViewVC viewcvs
CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...)
NOT-FOR-US: Comdev Web Blogger
CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
@@ -5777,7 +5777,7 @@
NOT-FOR-US: Apple Safari 2.0.4
NOTE: konqueror 3.5.x is not affected
NOTE: PoC http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
- TODO: check sarge's konqueror (sf: pinged maintainers)
+ NOT-FOR-US: Apple Mac OS X sarge's konqueror (sf: pinged maintainers)
CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote ...)
NOT-FOR-US: Opera
CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
More information about the Secure-testing-commits
mailing list