[Secure-testing-commits] r5188 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Wed Dec 27 23:45:03 CET 2006
Author: stef-guest
Date: 2006-12-27 23:45:01 +0100 (Wed, 27 Dec 2006)
New Revision: 5188
Modified:
data/CVE/list
Log:
- openser CVEified
- CVE-2006-67{45,36,37,31}: sun java issues already fixed
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-27 20:24:58 UTC (rev 5187)
+++ data/CVE/list 2006-12-27 22:45:01 UTC (rev 5188)
@@ -1,111 +1,109 @@
CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
- TODO: check
+ NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6767
RESERVED
CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and ...)
- TODO: check
+ NOT-FOR-US: cwmExplorer
CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php ...)
- TODO: check
+ NOT-FOR-US: Pagetool
CVE-2006-6764 (PHP remote file inclusion vulnerability in authenticate.php in Keep It ...)
- TODO: check
+ NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6763 (Multiple PHP remote file inclusion vulnerabilities in the Keep It ...)
- TODO: check
+ NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6762 (The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows ...)
- TODO: check
+ NOT-FOR-US: Novell NetMail
CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...)
- TODO: check
+ NOT-FOR-US: Novell NetMail
CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in template.php in ...)
- TODO: check
+ NOT-FOR-US: phpMyAnime (aka phpmymanga)
CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer ...)
- TODO: check
+ NOT-FOR-US: RealNetworks RealPlayer
CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows remote ...)
- TODO: check
+ NOT-FOR-US: Http explorer
CVE-2006-6757 (Directory traversal vulnerability in index.php in cwmExplorer 1.0 ...)
- TODO: check
+ NOT-FOR-US: cwmExplorer
CVE-2006-6756 (The code function in install.fct.php in Ixprim 1.2 produces a ...)
- TODO: check
+ NOT-FOR-US: Ixprim
CVE-2006-6755 (Ixprim 1.2 allows remote attackers to obtain sensitive information via ...)
- TODO: check
+ NOT-FOR-US: Ixprim
CVE-2006-6754 (Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote ...)
- TODO: check
+ NOT-FOR-US: Ixprim
CVE-2006-6753 (Event Viewer (eventvwr.exe) in Microsoft Windows does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-6752 (Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain ...)
- TODO: check
+ NOT-FOR-US: FTPRush
CVE-2006-6751 (Format string vulnerability in XM Easy Personal FTP Server 5.2.1 ...)
- TODO: check
+ NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6750 (Format string vulnerability in XM Easy Personal FTP Server 5.0.1 ...)
- TODO: check
-CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in ...)
- TODO: check
+ NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6748 (PHP remote file inclusion vulnerability in i-accueil.php in Newxooper ...)
- TODO: check
+ NOT-FOR-US: Newxooper
CVE-2006-6747 (SQL injection vulnerability in show_news.php in Xt-News 0.1 allows ...)
- TODO: check
+ NOT-FOR-US: Xt-News
CVE-2006-6746 (Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 ...)
- TODO: check
+ NOT-FOR-US: Xt-News
CVE-2006-6745 (Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) ...)
- TODO: check
+ - sun-java5 1.5.0-08-1
CVE-2006-6744 (phpProfiles before 2.1.1 does not have an index.php or other index ...)
- TODO: check
+ NOT-FOR-US: phpProfiles
CVE-2006-6743 (phpProfiles before 2.1.1 uses world writable permissions for certain ...)
- TODO: check
+ NOT-FOR-US: phpProfiles
CVE-2006-6742 (Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2006-6741 (Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal ...)
- TODO: check
+ NOT-FOR-US: MKPortal
CVE-2006-6740 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles ...)
- TODO: check
+ NOT-FOR-US: phpProfiles
CVE-2006-6739 (PHP remote file inclusion vulnerability in buycd.php in Paristemi ...)
- TODO: check
+ NOT-FOR-US: Paristemi
CVE-2006-6738 (PHP remote file inclusion vulnerability in statistic.php in cwmCounter ...)
- TODO: check
+ NOT-FOR-US: cwmCounter
CVE-2006-6737 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...)
- TODO: check
+ - sun-java5 1.5.0-07-1
CVE-2006-6736 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...)
- TODO: check
+ - sun-java5 1.5.0-07-1
CVE-2006-6735 (modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web ...)
- TODO: check
+ NOT-FOR-US: Website Mini Web Shop
CVE-2006-6734 (Cross-site scripting (XSS) vulnerability in modules/viewcategory.php ...)
- TODO: check
+ NOT-FOR-US: Website Mini Web Shop
CVE-2006-6733 (Cross-site scripting (XSS) vulnerability in support/view.php in ...)
- TODO: check
+ NOT-FOR-US: Support Cards 1 (osTicket)
CVE-2006-6732 (PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 ...)
- TODO: check
+ NOT-FOR-US: cwmVote
CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and Java ...)
- TODO: check
+ - sun-java5 1.5.0-08-1
CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...)
- TODO: check
+ TODO: check, this probably also affects linux
CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier ...)
- TODO: check
+ NOT-FOR-US: a-blog
CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN ...)
- TODO: check
+ NOT-FOR-US: LAN Messenger
CVE-2006-6727 (PHP remote file inclusion vulnerability in inertianews_class.php in ...)
- TODO: check
+ NOT-FOR-US: inertianews
CVE-2006-6726 (PHP remote file inclusion vulnerability in inertianews_main.php in ...)
- TODO: check
+ NOT-FOR-US: inertianews
CVE-2006-6725 (Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and ...)
- TODO: check
+ NOT-FOR-US: PHPBuilder
CVE-2006-6724 (BolinTech Dream FTP Server 1.02 allows remote authenticated users, ...)
- TODO: check
+ NOT-FOR-US: BolinTech Dream FTP Server
CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Bandwebsite (aka Bandsite portal system)
CVE-2006-6721 (Cross-site scripting (XSS) vulnerability in shout.php in Knusperleicht ...)
- TODO: check
+ NOT-FOR-US: Knusperleicht ShoutBox
CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in ...)
- TODO: check
+ NOT-FOR-US: Azucar CMS
CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...)
TODO: check
CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password ...)
- TODO: check
+ NOT-FOR-US: Allied Telesis
CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management ...)
- TODO: check
+ NOT-FOR-US: Allied Telesis
CVE-2006-6716 (SQL injection vulnerability in administration/administre2.php in Eric ...)
- TODO: check
+ NOT-FOR-US: uploader&downloader
CVE-2006-6715 (PHP remote file inclusion vulnerability in footer.inc.php in PowerClan ...)
- TODO: check
+ NOT-FOR-US: PowerClan
CVE-2006-6714 (Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before ...)
NOT-FOR-US: Hitachi Directory Server
CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before ...)
@@ -146,7 +144,7 @@
TODO: check
CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in EternalMart ...)
TODO: check
-CVE-2006-XXXX [openser permissions module buffer overflow]
+CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in ...)
- openser 1.1.0-8 (medium; bug #404591)
NOTE: OpenPKG-SA-2006.042
CVE-2006-XXXX [w3m format string issue]
@@ -6330,7 +6328,6 @@
NOT-FOR-US: Apple Safari 2.0.4
NOTE: konqueror 3.5.x is not affected
NOTE: PoC http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
- NOT-FOR-US: Apple Mac OS X sarge's konqueror (sf: pinged maintainers)
CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote ...)
NOT-FOR-US: Opera
CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
More information about the Secure-testing-commits
mailing list