[Secure-testing-commits] r3444 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Feb 8 10:01:28 UTC 2006
Author: jmm-guest
Date: 2006-02-08 10:01:22 +0000 (Wed, 08 Feb 2006)
New Revision: 3444
Modified:
data/CVE/list
Log:
two elog issues fixed since some time
lots of NFUs
four provisional placeholders for requested elog CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-08 09:14:21 UTC (rev 3443)
+++ data/CVE/list 2006-02-08 10:01:22 UTC (rev 3444)
@@ -1,3 +1,11 @@
+CVE-2006-XXXX [elog: buffer overflow in write_logfile]
+ - elog 2.6.1+r1642-1
+CVE-2006-XXXX [elog: remote DoS through overly long attributes]
+ - elog 2.6.1+r1642-1
+CVE-2006-XXXX [elog: information discloure in password denial]
+ - elog 2.6.1+r1642-1
+CVE-2006-XXXX [elog: remote DoS through endless loop]
+ - elog 2.6.1+r1642-1
CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...)
TODO: check
CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing service ...)
@@ -54,17 +62,16 @@
TODO: check
CVE-2006-XXXX [bluez-hcidump DoS]
- bluez-hcidump <unfixed> (bug filed)
-begin claimed by jmm
CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote ...)
- TODO: check
+ NOT-FOR-US: Communigate Pro
CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in ...)
- TODO: check
+ NOT-FOR-US: LoudBlog
CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c ...)
- TODO: check
+ NOT-FOR-US: PluggedOut Blog
CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...)
- TODO: check
+ NOT-FOR-US: PluggedOut Blog
CVE-2006-0561
RESERVED
CVE-2006-0560
@@ -84,50 +91,50 @@
CVE-2006-0553
RESERVED
CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application ...)
- TODO: check
+ NOT-FOR-US: Strange app at www.egeinternet.com
CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...)
- TODO: check
+ NOT-FOR-US: UBB.threads
CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Cerulean Trillian
CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb ...)
- TODO: check
+ NOT-FOR-US: NukedWeb
CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...)
- TODO: check
+ NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook ...)
- TODO: check
+ NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...)
- TODO: check
+ - fcron <not-affected> (Vulnerable app in the Debian package, not setuid anyway)
CVE-2006-0538 (CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is ...)
- TODO: check
+ NOT-FOR-US: IronMail
CVE-2006-0537 (Buffer overflow in eXchange POP3 before 5.0.060125 allows remote ...)
- TODO: check
+ NOT-FOR-US: eXchange POP3
CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...)
- TODO: check
+ NOT-FOR-US: NeoMail
CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community ...)
- TODO: check
+ NOT-FOR-US: Community Server
CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
- TODO: check
+ NOT-FOR-US: CyberShop Ultimate E-commerce
CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...)
- TODO: check
+ NOT-FOR-US: cPanel
+ NOTE: Not Debian's cpanel
CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...)
- TODO: check
+ NOT-FOR-US: SoftMaker Shop
CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: Sun Java System Access Manager
CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...)
TODO: check
CVE-2006-XXXX [kphone creates world-readable config file with passwords]
@@ -211,9 +218,9 @@
CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 ...)
NOT-FOR-US: Derek Ashauer ashNews
CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
- TODO: check
+ NOT-FOR-US: PHP GEN
CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...)
- TODO: check
+ NOT-FOR-US: PHP GEN
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
- firefox <unfixed> (bug #349339)
- mozilla-firefox <unfixed> (bug #349339)
@@ -612,9 +619,9 @@
CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...)
NOT-FOR-US: eggblog
CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG ...)
- - elog <unfixed> (bug #349528; medium)
+ - elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote ...)
- - elog <unfixed> (bug #349528; medium)
+ - elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows ...)
NOT-FOR-US: SaralBlog
CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote ...)
More information about the Secure-testing-commits
mailing list