[Secure-testing-commits] r3590 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Fri Mar 10 21:42:37 UTC 2006
Author: stef-guest
Date: 2006-03-10 21:42:31 +0000 (Fri, 10 Mar 2006)
New Revision: 3590
Modified:
data/CVE/list
Log:
some NFUs; htpasswd setuid unsafeness
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-10 21:14:25 UTC (rev 3589)
+++ data/CVE/list 2006-03-10 21:42:31 UTC (rev 3590)
@@ -91,44 +91,46 @@
NOT-FOR-US: PHP-Stats
CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...)
NOT-FOR-US: PHP-Stats
-begin claimed by stef-guest
CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...)
- TODO: check
+ NOT-FOR-US: phpArcadeScript
CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...)
- TODO: check
+ NOT-FOR-US: PluggedOut Nexus
CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel ...)
- TODO: check
+ NOT-FOR-US: Game-Panel
CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products ...)
- TODO: check
+ - thttpd 2.23beta1-2.4 (bug #253816; low)
+ NOTE: apache's htpasswd not vulnerable, but source contains note about
+ NOTE: not being safe for sudo
+ NOTE: filed whishlist bug to add this to manpage
CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, ...)
- TODO: check
+ - thttpd 2.23beta1-2.4 (bug #253816; low)
+ NOTE: apache's htpasswd not vulnerable
CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Evo-Dev evoBlog ...)
- TODO: check
+ NOT-FOR-US: Evo-Dev evoBlog
CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic ...)
- TODO: check
+ NOT-FOR-US: checkInvision Power Board
CVE-2006-1075 (Format string vulnerability in the visualization function in Jason ...)
- TODO: check
+ NOT-FOR-US: Liero Xtreme
CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers ...)
- TODO: check
+ NOT-FOR-US: Liero Xtreme
CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog ...)
- TODO: check
+ NOT-FOR-US: Daverave Simplog
CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...)
- TODO: check
+ NOT-FOR-US: Daverave Simplog
CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook ...)
- TODO: check
+ NOT-FOR-US: DVguestbook
CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...)
- TODO: check
+ NOT-FOR-US: DVguestbook
CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x ...)
- TODO: check
+ NOT-FOR-US: Geeklog
CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote ...)
- TODO: check
+ NOT-FOR-US: VXWorks
CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote ...)
- TODO: check
+ NOT-FOR-US: VXWorks
CVE-2006-1066
RESERVED
CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...)
- TODO: check
-end claimed by stef-guest
+ NOT-FOR-US: MyBulletinBoard
CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...)
- lurker 2.1-1
CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote ...)
More information about the Secure-testing-commits
mailing list