[Secure-testing-commits] r4114 - data/CVE
Florian Weimer
fw at costa.debian.org
Sat Jun 3 09:09:47 UTC 2006
Author: fw
Date: 2006-06-03 09:09:45 +0000 (Sat, 03 Jun 2006)
New Revision: 4114
Modified:
data/CVE/list
Log:
NFUs
CVE-2006-2635: tiki-wiki
CVE-2006-2629: linux-2.6
CVE-2006-2611: mediawiki
CVE-2004-2660: linux-2.6 (already fixed)
CVE-2003-1301: sun-java5 (already fixed)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-06-03 08:38:14 UTC (rev 4113)
+++ data/CVE/list 2006-06-03 09:09:45 UTC (rev 4114)
@@ -10,35 +10,36 @@
CVE-2006-2656 [tiffsplit buffer overflow]
- tiff 3.8.2-3 (bug #369819; medium)
CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...)
- TODO: check
+ NOT-FOR-US: Monster Top List
CVE-2006-2642 (** UNVERIFIABLE ** ...)
- TODO: check
+ NOT-FOR-US: Php-residence
CVE-2006-2641 (** UNVERIFIABLE ** ...)
- TODO: check
+ NOT-FOR-US: John Frank Asset Manager
CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA ...)
- TODO: check
+ NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in ...)
- TODO: check
+ NOT-FOR-US: PHPSimpleChoose
CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote ...)
- TODO: check
+ NOT-FOR-US: qjForum
CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) ...)
- TODO: check
-CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: TuttoPhp
+CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLitew allows remote attackers to ...)
+ NOT-FOR-US: Katy Whitton NewsCMSLitew
CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka ...)
- TODO: check
+ - tikiwiki <unfixed> (medium)
+ NOTE: only in experimental
CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php ...)
- TODO: check
+ NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard ...)
- TODO: check
+ NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts ...)
- TODO: check
+ NOT-FOR-US: phpFoX
CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
CVE-2006-2628
RESERVED
CVE-2006-2627
@@ -60,39 +61,42 @@
CVE-2006-2619
RESERVED
CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary ...)
- TODO: check
+ NOT-FOR-US: Russcom.Ping
CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox before 1.8.0, and Netscape 7.2 ...)
- TODO: check
+ NOTE: Installation path disclosure is uninteresting on Debian systems.
+ NOTE: The profile path might be more sensitive, but exploit that
+ NOTE: requires another, real security bug.
CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the ...)
- TODO: check
+ NOT-FOR-US: Novell Client for Windows
+ NOTE: The Windows clipboard is a public resource anyway.
CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...)
- TODO: check
+ - mediawiki <unfixed> (medium)
CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...)
- TODO: check
+ NOT-FOR-US: phpRaid
CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...)
- TODO: check
+ NOT-FOR-US: artmedic newsletter
CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...)
- TODO: check
+ NOT-FOR-US: artmedic newsletter
CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows ...)
- TODO: check
+ - linux-2.6 <not-affected> (fixed before the first upload)
CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x ...)
- TODO: check
+ - sun-java5 1.5.0-06-1 (low)
CVE-2006-XXXX [mono xsp file disclosure]
- xsp 1.1.15-1 (medium)
CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return ...)
- cron 3.0pl1-64 (bug #85609; bug #86775; medium)
CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...)
- TODO: check
+ NOT-FOR-US: Chatty
CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: DSChat
CVE-2006-2604
REJECTED
CVE-2006-2603
@@ -118,15 +122,15 @@
CVE-2006-2593
REJECTED
CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: DSChat
CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...)
- TODO: check
+ NOT-FOR-US: Russcom PHPImages
CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...)
TODO: check
CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...)
More information about the Secure-testing-commits
mailing list