[Secure-testing-commits] r3395 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Jan 31 11:19:55 UTC 2006
Author: jmm-guest
Date: 2006-01-31 11:19:49 +0000 (Tue, 31 Jan 2006)
New Revision: 3395
Modified:
data/CVE/list
Log:
new unimportant phpbb issue
new zoph issue
new tiff issue
lots of NFUs
can someone less offended by MySQL than myself please have a look
at CVE-2006-0369?
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-31 10:46:57 UTC (rev 3394)
+++ data/CVE/list 2006-01-31 11:19:49 UTC (rev 3395)
@@ -1,18 +1,17 @@
-begin claimed by jmm
CVE-2006-0467
RESERVED
CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag ...)
- TODO: check
+ NOT-FOR-US: Goldstag Content Management System
CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in ...)
- TODO: check
+ NOT-FOR-US: active121 Site Manager
CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in IdeoContent ...)
- TODO: check
+ NOT-FOR-US: IdeoContent Manager
CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows ...)
- TODO: check
+ NOT-FOR-US: IdeoContent Manager
CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog ...)
- TODO: check
+ NOT-FOR-US: AndoNET Blog
CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in ...)
- TODO: check
+ NOT-FOR-US: ExpressionEngine
CVE-2006-0460
RESERVED
CVE-2006-0459
@@ -34,56 +33,58 @@
CVE-2006-0451
RESERVED
CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of ...)
- TODO: check
+ - phpbb2 <unfixed> (unimportant)
+ NOTE: As discussed with the phpbb maintainers; this is only a lack of feature
+ NOTE: (phpbb2 doesn't allow a kind of rate control for maximum login/searches for
+ NOTE: a certain time frame), but not a directly fixable security problem
CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post Mail ...)
- TODO: check
+ NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and ...)
- TODO: check
+ NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail ...)
- TODO: check
+ NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote ...)
- TODO: check
+ NOT-FOR-US: WeBWorK
CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users ...)
- TODO: check
+ NOT-FOR-US: Phpclanwebsite
CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) ...)
- TODO: check
+ NOT-FOR-US: Phpclanwebsite
CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog ...)
- TODO: check
+ NOT-FOR-US: CheesyBlog
CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Sami FTP Server
CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and upload ...)
- TODO: check
+ NOT-FOR-US: Text Rider
CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the ...)
- TODO: check
+ NOT-FOR-US: Text Rider
CVE-2006-0438
RESERVED
CVE-2006-0437
RESERVED
CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL) allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows ...)
- TODO: check
+ NOT-FOR-US: phpXplorer
CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in Complete PHP ...)
- TODO: check
+ NOT-FOR-US: Complete PHP Counter
CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete PHP ...)
- TODO: check
+ NOT-FOR-US: Complete PHP Counter
CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on whether ...)
- TODO: check
+ NOT-FOR-US: ioFTPD
CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php ...)
- TODO: check
+ NOT-FOR-US: CityPost Simple Image-Editor
CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in ...)
- TODO: check
+ NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost ...)
- TODO: check
+ NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin ...)
- TODO: check
+ NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin
CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: ParoxProxy
CVE-2006-0433
RESERVED
CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
@@ -128,31 +129,30 @@
NOT-FOR-US: SleeperChat
CVE-2006-0414 (Tor 0.1.1.10-alpha and earlier allows remote attackers to identify ...)
- tor <unfixed> (bug #349283)
-begin claimed by jmm
CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow ...)
- TODO: check
+ NOT-FOR-US: NewsPHP
CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: CyberShop
CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable session ...)
- TODO: check
+ NOT-FOR-US: Claroline
CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using ...)
- libphp-adodb <unfixed> (medium; bug #349985)
CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost ...)
- TODO: check
+ NOT-FOR-US: Pixelpost Photoblog
CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...)
- TODO: check
+ NOT-FOR-US: Sun Grid Engine
CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin ...)
- TODO: check
+ NOT-FOR-US: AZ Bulletin Board
CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...)
- TODO: check
+ - tiff <unfixed> (bug filed)
CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...)
- TODO: check
+ NOT-FOR-US: Note-A-Day Weblog
CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...)
- TODO: check
+ NOT-FOR-US: e-moBLOG
CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote ...)
- TODO: check
+ - zoph <unfixed> (bug filed)
CVE-2006-0401
RESERVED
CVE-2006-0400
@@ -194,32 +194,31 @@
CVE-2006-0382
RESERVED
CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...)
- TODO: check
+ NOT-FOR-US: pf on Free BSD and Open BSD
CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...)
- TODO: check
+ NOT-FOR-US: Netrix X-Site Manager
CVE-2006-0377
RESERVED
CVE-2006-0376 (The 802.11 wireless client in certain operating systems including ...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
- TODO: check
+ NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
- TODO: check
+ NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran ...)
- TODO: check
+ NOT-FOR-US: Douran FollowWeb
CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...)
- TODO: check
+ NOT-FOR-US: Insane Visions BlogPHP
CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog ...)
- TODO: check
+ NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under ...)
- TODO: check
+ NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0369 (** DISPUTED ** ...)
- TODO: check
-end claimed by jmm
+ TODO: I don't know MySQL very well, but I suppose that is normal?
CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before ...)
NOT-FOR-US: Cisco CallManager
CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...)
More information about the Secure-testing-commits
mailing list