[Secure-testing-commits] r3587 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Fri Mar 10 20:19:34 UTC 2006
Author: stef-guest
Date: 2006-03-10 20:19:26 +0000 (Fri, 10 Mar 2006)
New Revision: 3587
Modified:
data/CVE/list
Log:
some NFUs, claim some more
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-10 19:42:55 UTC (rev 3586)
+++ data/CVE/list 2006-03-10 20:19:26 UTC (rev 3587)
@@ -1,100 +1,99 @@
-begin claimed by stef-guest
-
CVE-2006-1128 (Directory traversal vulnerability in the session handling class ...)
- TODO: check
+ - gallery2 2.0.3
CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 ...)
- TODO: check
+ - gallery2 2.0.3
CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP ...)
- TODO: check
+ - gallery2 2.0.3
CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets ...)
- TODO: check
+ NOT-FOR-US: Grisoft AVG
CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote ...)
- TODO: check
+ NOT-FOR-US: RevilloC MailServer and Proxy
CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: D2KBlog
CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog ...)
- TODO: check
+ NOT-FOR-US: D2KBlog
CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows ...)
- TODO: check
+ NOT-FOR-US: CuteNews
CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
- TODO: check
+ NOT-FOR-US: DCP-Portal
CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has insufficient ...)
- TODO: check
+ NOT-FOR-US: Cpanel (PHP)
CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 allows ...)
- TODO: check
+ NOT-FOR-US: Aardvark
CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) ...)
- TODO: check
+ NOT-FOR-US: nCipher
CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 2.18 ...)
- TODO: check
+ NOT-FOR-US: nCipher
CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman ...)
- TODO: check
+ NOT-FOR-US: nCipher
CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 0.42 ...)
- TODO: check
+ NOT-FOR-US: Loudblog
CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 0.42 ...)
- TODO: check
+ NOT-FOR-US: Loudblog
CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows ...)
- TODO: check
+ NOT-FOR-US: Total Ecommerce
CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 ...)
- TODO: check
+ NOT-FOR-US: NMDeluxe
CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe ...)
- TODO: check
+ NOT-FOR-US: NMDeluxe
CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and ...)
- TODO: check
+ NOT-FOR-US: Pixelpost
CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Pixelpost
CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and ...)
- TODO: check
+ NOT-FOR-US: Pixelpost
CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube ...)
- TODO: check
+ NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote ...)
- TODO: check
+ NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as ...)
- TODO: check
+ NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...)
- TODO: check
+ NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...)
- TODO: check
+ NOT-FOR-US: logIT
CVE-2006-1098 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: NZ Ecommerce
CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...)
- TODO: check
+ NOT-FOR-US: Woltlab Burning Board
CVE-2006-1096 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: NZ Ecommerce
CVE-2006-1095 (Unspecified vulnerability in the FileSession object in Mod_python ...)
- TODO: check
+ NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out
+ NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged
CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for ...)
- TODO: check
+ NOT-FOR-US: Woltlab Burning Board
CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the process ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Antivirus
CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an ...)
- TODO: check
+ NOT-FOR-US: PunBB
CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 ...)
- TODO: check
+ NOT-FOR-US: PunBB
CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: PHP-Stats
CVE-2006-1087 (Direct static code injection vulnerability in the modify_config action ...)
- TODO: check
-
-end claimed by stef-guest
-
+ NOT-FOR-US: PHP-Stats
CVE-2006-1086
REJECTED
CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: PHP-Stats
CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and ...)
- TODO: check
+ NOT-FOR-US: PHP-Stats
CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...)
- TODO: check
+ NOT-FOR-US: PHP-Stats
+
+begin claimed by stef-guest
+
CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...)
TODO: check
CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...)
@@ -131,6 +130,9 @@
RESERVED
CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...)
TODO: check
+
+end claimed by stef-guest
+
CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...)
- lurker 2.1-1
CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote ...)
More information about the Secure-testing-commits
mailing list