[Secure-testing-commits] r3332 - data/CVE
Joey Hess
joeyh at costa.debian.org
Sat Jan 21 20:24:03 UTC 2006
Author: joeyh
Date: 2006-01-21 20:23:51 +0000 (Sat, 21 Jan 2006)
New Revision: 3332
Modified:
data/CVE/list
Log:
processed recent TODOs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-20 21:14:21 UTC (rev 3331)
+++ data/CVE/list 2006-01-21 20:23:51 UTC (rev 3332)
@@ -35,7 +35,7 @@
CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...)
NOT-FOR-US: Clipcomm hardware
CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...)
- TODO: Check
+ NOT-FOR-US: dual dns server
CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...)
NOT-FOR-US: Joomla!
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...)
@@ -61,125 +61,123 @@
CVE-2006-0292
RESERVED
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0288 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
- TODO: check
-CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0271 (Unspecified vulnerability in the Upgrade & Downgrade component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0270 (Unspecified vulnerability in the TDE Wallet component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0264 (Unspecified vulnerability in the Net Listener component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0259 (Multiple unspecified vulnerabilities in the Data Pump component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 ...)
- TODO: check
+ NOT-FOR-US: Check Point VPN
CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...)
- TODO: check
+ NOT-FOR-US: Apache Geronimo
CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in "Blue ...)
- TODO: check
+ NOT-FOR-US: AmbiCom Blue Neighbors
CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-U: Benders Calendar
CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic ...)
- TODO: check
+ - faqomatic 2.712-3
CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...)
NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP
NOTE: This bug is present in a fork, not in the mainline
NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions.
CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog ...)
- TODO: check
+ NOT-FOR-US: geoBlog
CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 ...)
- TODO: check
+ NOT-FOR-US: Virata-EmWeb web server
CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula ...)
- TODO: check
+ NOT-FOR-US: Anyboard
CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...)
- TODO: check
+ NOT-FOR-US: Widexl Download Tracker
CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2006-0244 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: phpXplorer
CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: SMBCMS
CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 ...)
- TODO: check
+ NOT-FOR-US: PHP Fusebox
CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: WBNews
CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...)
- TODO: check
+ NOT-FOR-US: Simple Blog
CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...)
- TODO: check
+ NOT-FOR-US: Simple Blog
CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 ...)
- TODO: check
+ NOT-FOR-US: GaMerZ WP-Stats
CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...)
- TODO: check
+ NOT-FOR-US: GTP iCommerce
CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...)
- TODO: check
+ - mozilla-thunderbird (unfixed; bug #349242; medium)
CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: WhiteAlbum
CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)
- TODO: check
+ NOT-FOR-US: microBlog
CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in microBlog 2.0 RC-10 allows ...)
- TODO: check
+ NOT-FOR-US: microBlog
CVE-2006-0232
RESERVED
CVE-2006-0231
@@ -187,49 +185,51 @@
CVE-2006-0230
RESERVED
CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow ...)
- TODO: check
+ NOT-FOR-US: Wehntrust
CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ...)
- TODO: check
+ - kernel-patch-grsecurity2 (unfixed; bug filed; medium)
+ - kernel-patch-2.4-grsecurity (unfixed; bug filed; medium)
CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, ...)
- TODO: check
+ NOT-FOR-US: lpsched in Sun Solaris
CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) ...)
- TODO: check
+ NOT-FOR-US: freebsd kernel
CVE-2006-0225
RESERVED
CVE-2006-0224
RESERVED
CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...)
- TODO: check
+ NOT-FOR-US: PunBB
CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat ...)
- TODO: check
+ NOT-FOR-US: TopCMM
CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon ...)
- TODO: check
+ NOT-FOR-US: Dragon Design Services Network (DDSN)
CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 ...)
- TODO: check
+ NOT-FOR-US: DCP-Portal
CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...)
- TODO: check
+ NOT-FOR-US: Ultimate Auction
CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows ...)
- TODO: check
+ NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz ...)
- TODO: check
+ NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: ezDatabase
CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 ...)
- TODO: check
+ NOT-FOR-US: Kolab Server
+ NOTE: libkolab-perl are extensions for this server, but server does not seem to be in debian
CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in Toshiba ...)
- TODO: check
+ NOT-FOR-US: Toshiba Bluetooth Stack
CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm ...)
- TODO: check
+ NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in Interspire ...)
- TODO: check
+ NOT-FOR-US: Interspire TrackPoint NX
CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...)
- TODO: check
+ NOT-FOR-US: TankLogger
CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when ...)
- php5 5.1.2-1
- php4 4:4.4.2-1
@@ -237,70 +237,71 @@
- php5 5.1.2-1
- php4 4:4.4.2-1
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 ...)
- TODO: check
+ NOT-FOR-US: Light Weight Calendar
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...)
- TODO: check
+ NOT-FOR-US: Wordcircle
CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 ...)
- TODO: check
+ NOT-FOR-US: Wordcircle
CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not ...)
- TODO: check
+ NOT-FOR-US: Mini-Nuke
CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...)
- TODO: check
+ NOT-FOR-US: PayPal Web Services
CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...)
- TODO: check
+ NOT-FOR-US: PayPal Web Services
CVE-2006-0200 (Format string vulnerability in the error-reporting feature in the ...)
- php5 5.1.2-1 (unimportant)
NOTE: Not built into the binary packages
CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 ...)
- TODO: check
+ NOT-FOR-US: Mini-Nuke
CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...)
- TODO: check
+ NOT-FOR-US: XOOPS
CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org ...)
- TODO: check
+ NOTE: exploitability uncertian
+ - xorg-x11 (unfixed; bug filed; low)
CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 ...)
- TODO: check
+ NOT-FOR-US: slsnif
CVE-2006-0195
RESERVED
CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz ...)
- TODO: check
+ NOT-FOR-US: FogBugz
CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel ...)
- TODO: check
+ NOT-FOR-US: Positive Software H-Sphere
CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 ...)
- TODO: check
+ NOT-FOR-US: ASPSurvey
CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users to ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows ...)
- TODO: check
+ NOT-FOR-US: eStara Softphone
CVE-2006-0188
RESERVED
CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other ...)
- TODO: check
+ NOT-FOR-US: OcoMon
CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly ...)
- TODO: check
+ NOT-FOR-US: OcoMon
CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly ...)
- TODO: check
+ NOT-FOR-US: OcoMon
CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail ...)
- TODO: check
+ NOT-FOR-US: Campsite
CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow ...)
- TODO: check
+ NOT-FOR-US: IPCop
CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable ...)
- TODO: check
+ NOT-FOR-US: IPCop
CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase
CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Ocean12
CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3 and ...)
- TODO: check
+ NOT-FOR-US: TClanPortal
CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier ...)
- TODO: check
+ NOT-FOR-US: AL-Caricatier
CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote ...)
- TODO: check
+ NOT-FOR-US: PHlyMail
CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 ...)
NOT-FOR-US: AlstraSoft EPay Pro
CVE-2005-4650 (Joomla! 1.03 does not restrict the number of "Search" Mambots, which ...)
More information about the Secure-testing-commits
mailing list