[Secure-testing-commits] r5004 - data/CVE

Stefan Fritsch stef-guest at alioth.debian.org
Thu Nov 23 23:50:53 CET 2006 

Author: stef-guest
Date: 2006-11-23 23:50:51 +0100 (Thu, 23 Nov 2006)
New Revision: 5004

Modified:
   data/CVE/list
Log:
- CVE-2006-5969 new fvwm issue already fixed (low)
- CVE-2006-6009 new sun-java5 issue already fixed (low)
- some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-11-23 22:17:36 UTC (rev 5003)
+++ data/CVE/list	2006-11-23 22:50:51 UTC (rev 5004)
@@ -107,11 +107,11 @@
 CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive ...)
 	NOT-FOR-US: SAP
 CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing ...)
-	TODO: check
+	- sun-java5 1.5.0-08-1
 CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, ...)
 	- linux-ftpd 0.17-22
 CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...)
-	TODO: check
+	NOT-FOR-US: WebEvents (Online Event Registration Template)
 CVE-2006-6006
 	RESERVED
 CVE-2006-6005
@@ -143,39 +143,39 @@
 CVE-2006-5992
 	RESERVED
 CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop ...)
-	TODO: check
+	NOT-FOR-US: CactuShop
 CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...)
-	TODO: check
+	NOT-FOR-US: VMWare
 CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 ...)
 	- libapache-mod-auth-kerb 5.3-1 (low)
 CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running ...)
 	NOT-FOR-US: Windows
 CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet 2.1 allows ...)
-	TODO: check
+	NOT-FOR-US: ASPintranet
 CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not ...)
-	TODO: check
+	NOT-FOR-US: Extreme CMS
 CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Extreme CMS
 CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...)
-	TODO: check
+	NOT-FOR-US: Helm Hosting Control Panel
 CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software ...)
-	TODO: check
+	NOT-FOR-US: DirectAdmin
 CVE-2006-5982 (Selenium Server 1.0, and possibly earlier, stores user passwords in ...)
-	TODO: check
+	NOT-FOR-US: Selenium Server
 CVE-2006-5981 (Multiple directory traversal vulnerabilities in Selenium Server 1.0, ...)
-	TODO: check
+	NOT-FOR-US: Selenium Server
 CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly ...)
-	TODO: check
+	NOT-FOR-US: NetJetServer
 CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure ...)
-	TODO: check
+	NOT-FOR-US: NetJetServer
 CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown ...)
-	TODO: check
+	NOT-FOR-US: E-Xoopport
 CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow remote ...)
-	TODO: check
+	NOT-FOR-US: MultiCalendars
 CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe ...)
-	TODO: check
+	NOT-FOR-US: BlogMe
 CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...)
-	TODO: check
+	NOT-FOR-US: BlogMe
 CVE-2006-5974
 	RESERVED
 CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...)
@@ -195,7 +195,7 @@
 CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain ...)
 	NOT-FOR-US: Verity Ultraseek
 CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm ...)
-	TODO: check
+	- fvwm 1:2.5.18-2 (low)
 CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ...)
 	NOT-FOR-US: MDaemon
 CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions before ...)
@@ -233,15 +233,15 @@
 CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 ...)
 	NOT-FOR-US: Exophpdesk
 CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and ...)
-	TODO: check
+	NOT-FOR-US: ALTools ALFTP FTP Server
 CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta ...)
-	TODO: check
+	NOT-FOR-US: ALTools ALFTP FTP Server
 CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php in ...)
-	TODO: check
+	NOT-FOR-US: phpPeanuts
 CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP Server ...)
-	TODO: check
+	NOT-FOR-US: Conxint FTP Server
 CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP ...)
-	TODO: check
+	NOT-FOR-US: FunkyASP Glossary
 CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager ...)
 	TODO: check
 CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)

More information about the Secure-testing-commits mailing list