[Secure-testing-commits] r4000 - data/CVE
Alec Berryman
alec-guest at costa.debian.org
Sat May 20 13:18:01 UTC 2006
Author: alec-guest
Date: 2006-05-20 13:17:58 +0000 (Sat, 20 May 2006)
New Revision: 4000
Modified:
data/CVE/list
Log:
* dia is vulnerable (low)
* NFUs (it's a good day not to be BEA)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-20 13:03:00 UTC (rev 3999)
+++ data/CVE/list 2006-05-20 13:17:58 UTC (rev 4000)
@@ -24,49 +24,50 @@
CVE-2006-2481
RESERVED
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit ...)
- TODO: check
+ NOTE: will file a bug when I finish testing the patch - alec
+ - dia <unfixed> (low)
CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...)
- TODO: check
+ NOT-FOR-US: Bitrix
CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...)
- TODO: check
+ NOT-FOR-US: Bitrix
CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative ...)
- TODO: check
+ NOT-FOR-US: Bitrix
CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ...)
- TODO: check
+ NOT-FOR-US: Bitrix
CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) ...)
- TODO: check
+ NOT-FOR-US: Cosmoshop
CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ...)
- TODO: check
+ NOT-FOR-US: Cosmoshop
CVE-2006-2473 (Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 ...)
- TODO: check
+ NOT-FOR-US: OpenWiki
CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...)
TODO: check
CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: SelectaPix
CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set ...)
- TODO: check
+ NOT-FOR-US: BEA
CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when ...)
- TODO: check
+ NOT-FOR-US: SugarCRM
CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...)
- libextractor 0.5.14-1
CVE-2006-2457
More information about the Secure-testing-commits
mailing list