[Secure-testing-commits] r5159 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Fri Dec 22 17:06:05 CET 2006
Author: stef-guest
Date: 2006-12-22 17:06:03 +0100 (Fri, 22 Dec 2006)
New Revision: 5159
Modified:
data/CVE/list
Log:
- some more chetcpasswd issues
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-22 08:14:17 UTC (rev 5158)
+++ data/CVE/list 2006-12-22 16:06:03 UTC (rev 5159)
@@ -1,77 +1,77 @@
CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-6696 (Double-free vulnerability in Microsoft Windows 2000, XP, 2003, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6694 (Directory traversal vulnerability in include/config.php in E-Uploader ...)
- TODO: check
+ NOT-FOR-US: E-Uploader
CVE-2006-6693 (Multiple buffer overflows in zabbix before 20061006 allow attackers to ...)
TODO: check
CVE-2006-6692 (Multiple format string vulnerabilities in zabbix before 20061006 allow ...)
TODO: check
CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft ...)
- TODO: check
+ NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through ...)
TODO: check
CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 ...)
- TODO: check
+ NOT-FOR-US: Paristemi
CVE-2006-6688 (Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network ...)
- TODO: check
+ NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6687 (Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal ...)
- TODO: check
+ NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6686 (PHP remote file inclusion vulnerability in sender.php in Carsen Klock ...)
- TODO: check
+ NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6685 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 ...)
- TODO: check
+ - chetcpasswd <unfixed> (medium)
CVE-2006-6684 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 ...)
- TODO: check
+ - chetcpasswd <unfixed> (medium)
CVE-2006-6683 (Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates ...)
- TODO: check
+ - chetcpasswd <unfixed> (medium)
CVE-2006-6682 (Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message ...)
- TODO: check
+ - chetcpasswd <unfixed> (medium)
CVE-2006-6681 (Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for ...)
- TODO: check
+ - chetcpasswd <unfixed> (medium)
CVE-2006-6680 (Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need ...)
- TODO: check
+ - chetcpasswd <unfixed> (low)
CVE-2006-6679 (Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For ...)
- TODO: check
+ - chetcpasswd <unfixed> (medium)
CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...)
TODO: check
CVE-2006-6677 (ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6676 (Integer overflow in ESET NOD32 Antivirus before 1.1743 allows remote ...)
- TODO: check
+ NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6675 (Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support ...)
- TODO: check
+ NOT-FOR-US: Novell
CVE-2006-6674 (Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and ...)
- TODO: check
+ NOT-FOR-US: Ozeki HTTP-SMS Gateway
CVE-2006-6673 (WinFtp Server 2.0.2 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: WinFtp Server
CVE-2006-6672 (Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal ...)
- TODO: check
+ NOT-FOR-US: Download Portal
CVE-2006-6671 (SQL injection vulnerability in down.asp in Burak Yylmaz Download ...)
- TODO: check
+ NOT-FOR-US: Download Portal
CVE-2006-6670 (Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown ...)
- TODO: check
+ NOT-FOR-US: Nortel CallPilot
CVE-2006-6669 (Cross-site scripting (XSS) vulnerability in export_handler.php in ...)
TODO: check
CVE-2006-6668 (Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier ...)
- TODO: check
+ NOT-FOR-US: VerliAdmin
CVE-2006-6667 (Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier ...)
- TODO: check
+ NOT-FOR-US: VerliAdmin
CVE-2006-6666 (PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 ...)
- TODO: check
+ NOT-FOR-US: VerliAdmin
CVE-2006-6665 (Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: DeepBurner
CVE-2006-6664 (Format string vulnerability in Marathon Aleph One before 0.17.1 and ...)
- TODO: check
+ NOT-FOR-US: Aleph One
CVE-2006-6663 (The server component in Marathon Aleph One before 0.17.1 and ...)
- TODO: check
+ NOT-FOR-US: Aleph One
CVE-2006-6662 (Unspecified vulnerability in Linux User Management (novell-lum) on ...)
- TODO: check
+ NOT-FOR-US: Linux User Management (novell-lum)
CVE-2006-6661 (Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and ...)
- TODO: check
+ NOT-FOR-US: PHP-Update
CVE-2006-6660 (The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by ...)
TODO: check
CVE-2002-2221 (Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd ...)
@@ -166,7 +166,7 @@
CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...)
NOT-FOR-US: WeBWorK
CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...)
- - openoffice.org <unfixed> (bug filed)
+ - openoffice.org <unfixed> (bug #404105)
CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...)
NOT-FOR-US: BitDefender
CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component ...)
More information about the Secure-testing-commits
mailing list