[Secure-testing-commits] r3941 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Fri May 12 10:56:57 UTC 2006
Author: stef-guest
Date: 2006-05-12 10:56:53 +0000 (Fri, 12 May 2006)
New Revision: 3941
Modified:
data/CVE/list
Log:
new xine issue
new drupal issue
new webcalendar issue
some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-12 09:55:58 UTC (rev 3940)
+++ data/CVE/list 2006-05-12 10:56:53 UTC (rev 3941)
@@ -55,69 +55,69 @@
CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...)
TODO: check
CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in ...)
- TODO: check
+ NOT-FOR-US: Jetbox CMS
CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 ...)
- TODO: check
+ NOT-FOR-US: myWebland MyBloggie
CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: FlexCustomer
CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause ...)
- TODO: check
+ NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Chirpy!
CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 ...)
- TODO: check
+ NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...)
- TODO: check
+ NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows ...)
- TODO: check
+ NOT-FOR-US: VP-ASP
CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
- TODO: check
+ NOT-FOR-US: singapore
CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 ...)
- TODO: check
+ NOT-FOR-US: ACal
CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module ...)
- TODO: check
+ - drupal <unfixed> (bug filed; medium)
CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows ...)
- TODO: check
+ NOT-FOR-US: MaxxSchedule
CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule ...)
- TODO: check
+ NOT-FOR-US: MaxxSchedule
CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...)
- TODO: check
+ NOT-FOR-US: easyEvent
CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp ...)
- TODO: check
+ NOT-FOR-US: EQdkp
CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal ...)
- TODO: check
+ NOT-FOR-US: Creative Community Portal
CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote ...)
- TODO: check
+ NOT-FOR-US: FileCOPA
CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in ...)
- TODO: check
+ NOT-FOR-US: Statit
CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 ...)
- TODO: check
+ NOT-FOR-US: OpenFAQ
CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in ...)
- TODO: check
+ NOT-FOR-US: Invision Community Blog
CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOT-FOR-US: CuteNews
CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
- TODO: check
+ NOT-FOR-US: CuteNews
CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...)
- TODO: check
+ NOT-FOR-US: Xeneo Web Server
CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages ...)
- TODO: check
+ - webcalendar <unfixed> (medium; bug #366927)
CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition ...)
- TODO: check
+ NOT-FOR-US: UBlog
CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php ...)
NOT-FOR-US: Auction mod 1.3m for phpBB
CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...)
- TODO: check
+ NOT-FOR-US: Web4Future News Portal
CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...)
- TODO: check
+ NOT-FOR-US: Web4Future News Portal
CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: acFTP
CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL ...)
- TODO: check
+ NOT-FOR-US: Fast Click SQL Lite
CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in ...)
- TODO: check
+ NOT-FOR-US: Fujitsu NetShelter/FW
CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...)
- TODO: check
+ NOT-FOR-US: Newsadmin
CVE-2006-2238
RESERVED
CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...)
@@ -125,25 +125,25 @@
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...)
- quake3 <itp> (bug #337937)
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...)
- TODO: check
+ NOT-FOR-US: Simple Poll
CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta ...)
- TODO: check
+ NOT-FOR-US: TyroCMS
CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) ...)
- TODO: check
+ NOT-FOR-US: BankTown Client Control
CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook ...)
- TODO: check
+ NOT-FOR-US: Scriptsez Cute Guestbook
CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...)
- TODO: check
+ NOT-FOR-US: Big Webmaster Guestbook Script
CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
- TODO: check
+ - xine-ui <unfixed> (medium; bug #363370)
CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...)
- openvpn <unfixed> (unimportant)
NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
NOTE: in order to be vulnerable. The man page recommends not to do it.
CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) ...)
- TODO: check
+ NOT-FOR-US: Web-Agora
CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 ...)
- TODO: check
+ NOT-FOR-US: PunBB
CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 allows remote ...)
TODO: check
CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows ...)
@@ -261,7 +261,7 @@
CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...)
TODO: check
CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...)
- TODO: check
+ NOT-FOR-US: Fast Click
CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
CVE-2006-2173 (Buffer overflow in FileZilla FTP Server allows remote authenticated ...)
More information about the Secure-testing-commits
mailing list