[Secure-testing-commits] r3255 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Jan 10 00:41:00 UTC 2006
Author: jmm-guest
Date: 2006-01-10 00:40:55 +0000 (Tue, 10 Jan 2006)
New Revision: 3255
Modified:
data/CVE/list
Log:
three new kernel issues, two already in the patch tracker
lots of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-10 00:11:42 UTC (rev 3254)
+++ data/CVE/list 2006-01-10 00:40:55 UTC (rev 3255)
@@ -53,98 +53,102 @@
NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in Enhanced ...)
NOT-FOR-US: Enhanced Simple PHP Gallery
-begin claimed by jmm
CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media ...)
- TODO: check
+ NOT-FOR-US: Boxcar Media Shopping Cart
CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...)
- TODO: check
+ NOT-FOR-US: Foro Domus
CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...)
- TODO: check
+ NOT-FOR-US: Modular Merchant Shopping Cart
CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows ...)
- TODO: check
+ NOT-FOR-US: Timecan CMS
CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Timecan CMS
CVE-2006-0105
RESERVED
CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier ...)
- TODO: check
+ NOT-FOR-US: TinyPHPForum
CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/anyuser.hash and (2) ...)
- TODO: check
+ NOT-FOR-US: TinyPHPForum
CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...)
- TODO: check
+ NOT-FOR-US: TinyPHPForum
CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 ...)
- TODO: check
+ NOT-FOR-US: sBLOG
CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local ...)
- TODO: check
+ NOT-FOR-US: NicoFTP
CVE-2006-0099 (PHP remote file include vulnerability in (1) ...)
- TODO: check
+ NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in ...)
- TODO: check
+ NOTE: This is probably not-affected as it's Windows-specific
+ TODO: double-check, if this is really Windows-specific
CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
- TODO: check
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
+ - kernel-source-2.4.27 2.4.27-8
+ NOTE: sarge 2.6.8 and 2.4.27 are affected, woody is unclear
CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ - kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
+ NOTE: 2.6.8 sarge affected, 2.4 kernels not affected
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
- TODO: check
+ NOT-FOR-US: oaBoard
CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP ...)
- TODO: check
+ NOT-FOR-US: @Card ME PHP
CVE-2006-0092 (SQL injection vulnerability in index.php in SiteSuite CMS allows ...)
- TODO: check
+ NOT-FOR-US: SiteSuite CMS
CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...)
- TODO: check
+ NOT-FOR-US: IDV Directory Viewer
CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: ESRI ArcPad
CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha ...)
- TODO: check
+ NOT-FOR-US: inTouch
CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in ...)
- TODO: check
+ NOT-FOR-US: Lizard Cart
CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation ...)
- TODO: check
+ NOT-FOR-US: Next Generation Image Gallery
CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote ...)
- TODO: check
+ NOT-FOR-US: Nkads
CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ...)
- TODO: check
+ NOT-FOR-US: raSMP
CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel before ...)
- TODO: check
+ NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms
CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...)
- TODO: check
+ NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-4633 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
- TODO: check
+ NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0 and ...)
- TODO: check
+ NOT-FOR-US: Vote!Pro
CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...)
- TODO: check
+ NOT-FOR-US: Zina
CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 allows ...)
- TODO: check
+ NOT-FOR-US: ClientExec
CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: SMBCMS
CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ...)
- TODO: check
+ NOT-FOR-US: HelpDeskPoint
CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...)
- TODO: check
+ NOT-FOR-US: GmailSite
CVE-2005-4626 (The default configuration of Recruitment Software installs ...)
- TODO: check
+ NOT-FOR-US: Recruitment Software
CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...)
- TODO: check
+ NOT-FOR-US: Strange Windows drivers
CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows ...)
- TODO: check
+ NOT-FOR-US: PTnet ircd
CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: eFileGo
CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote ...)
- TODO: check
+ NOT-FOR-US: eFileGo
CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page in ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to ...)
- TODO: check
+ NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
- TODO: check
+ NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
- TODO: check
-end claimed by jmm
+ - linux-2.6 <unfixed>
+ NOTE: Added patch tracker template
CVE-2006-0083 [smstools logging format string issue]
RESERVED
{DSA-930-1}
More information about the Secure-testing-commits
mailing list