[Secure-testing-commits] r4960 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Mon Nov 13 21:59:59 CET 2006
Author: stef-guest
Date: 2006-11-13 21:59:58 +0100 (Mon, 13 Nov 2006)
New Revision: 4960
Modified:
data/CVE/list
Log:
- CVE-2006-5794: new openssh not-quite-a-vulnerability
- CVE-2006-5815: pay-for-more-information proftpd issue :-(
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-11-13 17:26:11 UTC (rev 4959)
+++ data/CVE/list 2006-11-13 20:59:58 UTC (rev 4960)
@@ -5,23 +5,25 @@
CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before ...)
NOT-FOR-US: Lotus Domino
CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
- TODO: check
+ NOT-FOR-US: Business Card Web Builder
CVE-2006-5815 (Unspecified vulnerability in ProFTPD allows remote attackers to ...)
- TODO: check
+ - proftpd-dfsg <unfixed>
+ - proftpd <removed>
+ TODO: file bug when more info is available
CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Kerio
CVE-2006-5811 (PHP remote file inclusion vulnerability in library/translation.inc.php ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: XOOPS
CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB ...)
- TODO: check
+ NOT-FOR-US: OvBB
CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses ...)
NOT-FOR-US: Cicso
CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to ...)
@@ -51,7 +53,7 @@
CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 ...)
NOT-FOR-US: OpenEMR
CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in ...)
- TODO: check
+ - openssh <unfixed> (low)
CVE-2006-5793
RESERVED
CVE-2006-XXXX [obexpushd arbitrary command execution]
@@ -537,25 +539,25 @@
CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 ...)
NOT-FOR-US: Cisco Security Agent
CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and ...)
- TODO: check
+ NOT-FOR-US: RevilloC MailServer
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...)
- TODO: check
+ NOT-FOR-US: QK SMTP
CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause ...)
TODO: check
CVE-2006-5549 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Adobe PHP SDK
CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
- TODO: check
+ NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5547 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
- TODO: check
+ NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5546 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
- TODO: check
+ NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5545 (Premium Antispam in Symantec Mail Security for Domino Server 5.1.x ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-5544 (Visual truncation vulnerability in Microsoft Internet Explorer 7 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP ...)
- TODO: check
+ NOT-FOR-US: PHP Generator of Object SQL Database
CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...)
TODO: check
CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, ...)
@@ -563,61 +565,61 @@
CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows ...)
TODO: check
CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in ...)
- TODO: check
+ NOT-FOR-US: UeberProject Management System
CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2006-5537 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2006-5536 (Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2006-5535 (Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager ...)
- TODO: check
+ NOT-FOR-US: WebHostManager cPanel
CVE-2006-5534 (Multiple cross-site scripting (XSS) vulnerabilities in index.htm in ...)
- TODO: check
+ NOT-FOR-US: Zwahlen Online Shop Freeware
CVE-2006-5533 (Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, ...)
- TODO: check
+ NOT-FOR-US: AROUNDMe
CVE-2006-5532 (Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT ...)
- TODO: check
+ NOT-FOR-US: RMSOFT Gallery System
CVE-2006-5531 (PHP remote file inclusion vulnerability in embedded.php in Ascended ...)
- TODO: check
+ NOT-FOR-US: Ascended Guestbook
CVE-2006-5530 (Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews ...)
- TODO: check
+ NOT-FOR-US: SimpNews
CVE-2006-5529 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5528 (Directory traversal vulnerability in mod.php in SchoolAlumni Portal ...)
- TODO: check
+ NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5527 (PHP remote file inclusion vulnerability in lib.editor.inc.php in ...)
- TODO: check
+ NOT-FOR-US: InteliEditor
CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...)
- TODO: check
+ NOT-FOR-US: Fully Modded phpBB (phpbbfm) / Teake Nutma Foing
CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
- TODO: check
+ NOT-FOR-US: phplist
CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket ...)
- TODO: check
+ NOT-FOR-US: EZ-Ticket
CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...)
- TODO: check
+ NOT-FOR-US: Kawf
CVE-2006-5521 (PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 ...)
- TODO: check
+ NOT-FOR-US: Net_DNS
CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in ...)
- TODO: check
+ NOT-FOR-US: PHP Classifieds
CVE-2006-5519 (PHP remote file inclusion vulnerability in ...)
TODO: check
CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in Christopher ...)
- TODO: check
+ NOT-FOR-US: RSSonate
CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode Island ...)
- TODO: check
+ NOT-FOR-US: Open Meetings Filing Application
CVE-2006-5516 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: WikiNi
CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in ...)
- TODO: check
+ NOT-FOR-US: phpPgAds / phpAdsNew
CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication ...)
TODO: check
CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 ...)
- TODO: check
+ NOT-FOR-US: GeoNetwork opensource
CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...)
- TODO: check
+ NOT-FOR-US: Segue CMS
CVE-2006-5740 (Unspecified vulnerability in the LDAP dissector in Wireshark (formerly ...)
- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5602 (Multiple memory leaks in xsupplicant before 1.2.6, and possibly other ...)
@@ -2351,7 +2353,7 @@
CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic ...)
NOT-FOR-US: Timesheet (aka Timesheet.php)
CVE-2006-4704 (Unspecified vulnerability in the WMI Object Broker ActiveX control ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4703
RESERVED
CVE-2006-4702
@@ -2793,7 +2795,7 @@
- hostapd 1:0.5.4-1
[sarge] - hostapd <not-affected> (Vulnerable code not present)
CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2006-4520
RESERVED
CVE-2006-4519
@@ -2801,7 +2803,7 @@
CVE-2006-4518
RESERVED
CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Novell iManager
CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...)
TODO: check
CVE-2006-4515
@@ -32881,7 +32883,7 @@
{DSA-401}
- hylafax 1:4.1.8-1
CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have ...)
- TODO: check
+ - xscreensaver 4.15
CVE-2003-0884
RESERVED
CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
More information about the Secure-testing-commits
mailing list