[Secure-testing-commits] r3509 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Feb 19 18:47:35 UTC 2006
Author: jmm-guest
Date: 2006-02-19 18:47:30 +0000 (Sun, 19 Feb 2006)
New Revision: 3509
Modified:
data/CVE/list
Log:
two obscure new issues
flyspray not-affected
lots of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-19 18:28:50 UTC (rev 3508)
+++ data/CVE/list 2006-02-19 18:47:30 UTC (rev 3509)
@@ -2,97 +2,96 @@
- sa-exim <unfixed> (bug #345071)
CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand]
- imagemagick 6:6.2.4.5-0.6 (bug #345595)
-begin claimed by jmm
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in My Blog before 1.65 allows ...)
- TODO: check
+ NOT-FOR-US: My Blog
CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE ...)
- TODO: check
+ NOT-FOR-US: Half-Life
CVE-2006-0733 (** DISPUTED ** ...)
- TODO: check
+ - wordpress <unfixed>
+ NOTE: This may very well be a non-issue
CVE-2006-0732 (Unspecified vulnerability in SAP Business Connector 4.6 and 4.7 allows ...)
- TODO: check
+ NOT-FOR-US: SAP Business Connector
CVE-2006-0731 (Unspecified vulnerability in SAP Business Connector Core Fix 7 and ...)
- TODO: check
+ NOT-FOR-US: SAP Business Connector
CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...)
- dovecot <unfixed> (bug filed; medium)
[sarge] - dovecot <not-affected> (Vulnerable code was introduced in 1.0beta1)
CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 ...)
- TODO: check
+ NOT-FOR-US: Teca Diary
CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and ...)
- TODO: check
+ NOT-FOR-US: webSPELL
CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis ...)
- TODO: check
+ NOT-FOR-US: MusOX DF
CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke ...)
- TODO: check
+ NOT-FOR-US: CPG-Nuke
CVE-2006-0725 (PHP remote file include vulnerability in prepend.php in Plume CMS ...)
- TODO: check
+ NOT-FOR-US: Plume CMS
CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when ...)
- TODO: check
+ NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0723 (preview.php in Reamday Enterprises Magic News Lite 1.2.3, when ...)
- TODO: check
+ NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when ...)
- TODO: check
+ NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a ...)
- TODO: check
+ NOT-FOR-US: RunCMS
CVE-2006-0720
RESERVED
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds ...)
- TODO: check
+ NOT-FOR-US: PHP Classifieds
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya ...)
- TODO: check
+ NOT-FOR-US: Avaya VSU
CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Tivoli
CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote ...)
- TODO: check
+ NOT-FOR-US: sNews
CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote ...)
- TODO: check
+ NOT-FOR-US: sNews
CVE-2006-0714 (Directory traversal vulnerability in the installation file ...)
- TODO: check
+ - flyspray <not-affected> (Vulnerable code not included in Debian)
CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: LinPHA
CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly ...)
- TODO: check
+ NOT-FOR-US: Squishdot
CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl ...)
- TODO: check
+ NOT-FOR-US: NeoMail
CVE-2006-0710 (Double-free vulnerability in isode.eddy in Isode M-Vault Server 11.3 ...)
- TODO: check
+ NOT-FOR-US: Isode M-Vault
CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a ...)
- TODO: check
+ - metamail <unfixed> (bug #352482)
CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow ...)
- TODO: check
+ NOT-FOR-US: Winamp
CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows ...)
- pyblosxom 1.3.2-1 (high)
CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in Gästebuch ...)
- TODO: check
+ NOT-FOR-US: Gästebuch
CVE-2006-0705 (Format string vulnerability in a logging function as used by various ...)
- TODO: check
+ NOT-FOR-US: Proprietary SFTP servers
CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a "bespoke error ...)
- TODO: check
+ NOT-FOR-US: iE Integrator
CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown ...)
- TODO: check
+ NOT-FOR-US: imageVue
CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ...)
- TODO: check
+ NOT-FOR-US: imageVue
CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list ...)
- TODO: check
+ NOT-FOR-US: imageVue
CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission ...)
- TODO: check
+ NOT-FOR-US: imageVue
CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki ...)
- TODO: check
+ NOT-FOR-US: QWikiWiki
CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which ...)
- TODO: check
+ NOT-FOR-US: Ansilove
CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove ...)
- TODO: check
+ NOT-FOR-US: Ansilove
CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...)
- TODO: check
+ NOT-FOR-US: Roberto Butti CALimba
CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: Carey Briggs Timesheet
CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that ...)
NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software ...)
More information about the Secure-testing-commits
mailing list