[Secure-testing-commits] r3278 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Jan 12 12:23:47 UTC 2006
Author: jmm-guest
Date: 2006-01-12 12:23:41 +0000 (Thu, 12 Jan 2006)
New Revision: 3278
Modified:
data/CVE/list
Log:
xmame CVEfied
the rest are NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-12 11:49:17 UTC (rev 3277)
+++ data/CVE/list 2006-01-12 12:23:41 UTC (rev 3278)
@@ -1,74 +1,71 @@
CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0186 (Multiple SQL injection vulnerabilities in MusicBox 2.3 and earlier ...)
- TODO: check
+ NOT-FOR-US: MusicBox
CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote ...)
- TODO: check
+ NOT-FOR-US: AspTopSites
CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal ...)
- TODO: check
+ NOT-FOR-US: ACal Calendar Project
CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: ACal Calendar Project
CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
- TODO: check
+ NOT-FOR-US: Cisco CS-MARS
CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...)
- TODO: check
+ NOT-FOR-US: CaLogic Calendars
CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Cisco IP Phone
CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...)
- TODO: check
+ NOT-FOR-US: Cray UNICOS
CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...)
- TODO: check
+ NOT-FOR-US: Cray UNICOS
CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...)
- TODO: check
+ - xmame <unfixed> (medium)
+ NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf
+ NOTE: question, that makes it very clear that setuid root is only for single-user
+ NOTE: systems and xmame-sdl and xmess aren't setuid at all
+ [sarge] - xmame <no-dsa> (XMame is non-free software)
CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...)
- TODO: check
+ NOT-FOR-US: Web Wiz Forums
CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...)
- TODO: check
+ NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...)
- TODO: check
+ NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility ...)
- TODO: check
+ NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb ...)
- TODO: check
+ NOT-FOR-US: OrjinWeb E-commerce
CVE-2006-0170
REJECTED
- TODO: check
CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, ...)
- TODO: check
+ NOT-FOR-US: MyPhPim
CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows ...)
- TODO: check
+ NOT-FOR-US: MyPhPim
CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: MyPhPim
CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 ...)
- TODO: check
+ NOT-FOR-US: Symantec SystemWorks
CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries ...)
- TODO: check
+ NOT-FOR-US: Plain Black WebGUI
CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is ...)
- TODO: check
+ NOT-FOR-US: phgstats
CVE-2006-0163 (SQL injection vulnerability in the search module ...)
- TODO: check
+ NOT-FOR-US: PHPNuke
CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 ...)
- TODO: check
+ NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 ...)
- TODO: check
+ NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote ...)
- TODO: check
+ NOT-FOR-US: 3CFR
CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...)
- TODO: check
+ NOT-FOR-US: HTML WikiProcessor
CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS ...)
- TODO: check
+ NOT-FOR-US: Antharia OnContent
CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 ...)
- TODO: check
-CVE-2006-XXXX [xmame buffer overflows]
- - xmame <unfixed>
- NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf
- NOTE: question, that makes it very clear that setuid root is only for single-user
- NOTE: systems and xmame-sdl and xmess aren't setuid at all
- [sarge] - xmame <no-dsa> (XMame is non-free software)
+ NOT-FOR-US: HydroBB
CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 ...)
NOT-FOR-US: Venom Board
CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows ...)
More information about the Secure-testing-commits
mailing list