[Secure-testing-commits] r5033 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Thu Nov 30 23:04:42 CET 2006
Author: stef-guest
Date: 2006-11-30 23:04:40 +0100 (Thu, 30 Nov 2006)
New Revision: 5033
Modified:
data/CVE/list
Log:
- libgsf issue DSAified ;)
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-11-30 21:39:11 UTC (rev 5032)
+++ data/CVE/list 2006-11-30 22:04:40 UTC (rev 5033)
@@ -1,7 +1,7 @@
CVE-2006-6177 (SQL injection vulnerability in system/core/users/users.profile.inc.php ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...)
- TODO: check
+ NOT-FOR-US: Blogn
CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...)
- kronolith2 2.1.4-1 (bug #400899)
TODO: check kronolith 1.x
@@ -10,7 +10,7 @@
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...)
NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input plugin ...)
- TODO: check
+ TODO: check xine, etc
CVE-2006-6171 (** DISPUTED ** ...)
- proftpd-dfsg 1.3.0-13 (low; bug #399070)
CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls ...)
@@ -22,27 +22,27 @@
CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to ...)
- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6167 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Active PHP Bookmarks
CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin ...)
- TODO: check
+ NOT-FOR-US: Joomla Content Editor (JCE) for Joomla!
CVE-2006-6165 (** DISPUTED ** ...)
- TODO: check
+ NOTE: non-issue
CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 ...)
NOT-FOR-US: OpenBSD
CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in ...)
- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php ...)
- TODO: check
+ - tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem Liberum Help ...)
NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...)
- TODO: check
+ NOT-FOR-US: DeskPRO
CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help ...)
- TODO: check
+ NOT-FOR-US: PMOS Help Desk
CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and ...)
- TODO: check
+ NOT-FOR-US: ContentNow
CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX ...)
NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX Star ...)
@@ -54,17 +54,17 @@
CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified System ...)
NOTE: NOT-FOR-US (vSpin.net)
CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in Messagerie ...)
- TODO: check
+ NOT-FOR-US: Messagerie Locale
CVE-2006-6150 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OWLLib
CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 ...)
- TODO: check
+ NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp ...)
- TODO: check
+ NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager allow ...)
- TODO: check
+ NOT-FOR-US: JiRos Links Manager
CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in ...)
- TODO: check
+ NOT-FOR-US: libharu
CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in ...)
NOT-FOR-US: CRYPTOCard
CVE-2006-6144
@@ -74,7 +74,7 @@
CVE-2006-6142
RESERVED
CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Tftpd32
CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang ...)
NOTE: NOT-FOR-US (Sisfo Kampus)
CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus ...)
@@ -92,7 +92,7 @@
CVE-2006-6133 (Stack-based buffer overflow in Business Objects Crystal Reports XI ...)
NOTE: NOT-FOR-US (Business Objects Crystal Reports)
CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite allow ...)
- TODO: check
+ NOT-FOR-US: Link Exchange Lite
CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2) ...)
NOT-FOR-US: Kerio WebSTAR
CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of ...)
@@ -140,17 +140,17 @@
CVE-2006-6114 (Buffer overflow in NWSPOOL.DLL in Novell Client 4.91 Post-SP3 for ...)
NOT-FOR-US: Novell
CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Monkey Boards
CVE-2006-6112
RESERVED
CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 ...)
NOT-FOR-US: Alan Ward A-Cart Pro
CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech ...)
- TODO: check
+ NOT-FOR-US: BPG-InfoTech Content Management System
CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 ...)
- TODO: check
+ NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2006-6107
RESERVED
CVE-2006-6106
@@ -180,45 +180,45 @@
CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...)
NOT-FOR-US: ActiveNews Manage
CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in adminprint.php ...)
- TODO: check
+ NOT-FOR-US: PicturesPro Photo Cart
CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 ...)
NOT-FOR-US: Auto Gallery
CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before ...)
- TODO: check
+ NOT-FOR-US: GrimBB
CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow remote ...)
- TODO: check
+ NOT-FOR-US: BaalAsp
CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in ...)
- TODO: check
+ NOT-FOR-US: BaalAsp forum
CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...)
- TODO: check
+ NOT-FOR-US: i-Gallery
CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
- TODO: check
+ NOT-FOR-US: my little weblog
CVE-2006-6086 (PHP remote file inclusion vulnerability in ark_inc.php in e-Ark 1.0 ...)
- TODO: check
+ NOT-FOR-US: e-Ark
CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions ...)
- kile 1:1.9.3-1
CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy ...)
- TODO: check
+ NOT-FOR-US: aBitWhizzy
CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts Creadirectory ...)
- TODO: check
+ NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts ...)
- TODO: check
+ NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6081 (PHP remote file inclusion vulnerability in Smarty_Compiler.class.php ...)
- TODO: check
+ TODO: check smarty, moodle, gallery2
CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in gNews ...)
- TODO: check
+ NOT-FOR-US: gNews
CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 ...)
- TODO: check
+ NOT-FOR-US: LoudMouth (PHP thingy, not libloudmouth)
CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in a-ConMan ...)
- TODO: check
+ NOT-FOR-US: a-ConMan
CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and ...)
- iceweasel <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- xulrunner <unfixed> (high)
CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in Computer ...)
- TODO: check
+ NOT-FOR-US: BrightStor
CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp ...)
- TODO: check
+ NOT-FOR-US: BaalAsp forum
CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...)
TODO: check
CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...)
@@ -2221,7 +2221,9 @@
CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in ...)
NOT-FOR-US: OlateDownload
CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)]
+ {DSA-1221-1}
- libgsf 1.14.2-1
+ NOTE: DSA-1221-1
CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 ...)
NOT-FOR-US: Backup Agent RPC Server
CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 ...)
@@ -3848,39 +3850,39 @@
CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for certain ...)
NOT-FOR-US: Apple Remote Desktop
CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the Security ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4405
RESERVED
CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier, when ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS) server in ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac OS X ...)
NOT-FOR-US: Mac OS
CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS) server in ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 ...)
NOT-FOR-US: Mac OS
CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X ...)
NOT-FOR-US: Mac OS
CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, ...)
@@ -4553,7 +4555,7 @@
CVE-2006-4100
RESERVED
CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates predictable ...)
- TODO: check
+ NOT-FOR-US: Business Objects
CVE-2006-4098
RESERVED
CVE-2006-4097
More information about the Secure-testing-commits
mailing list