[Secure-testing-commits] r4796 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sun Oct 1 19:53:15 UTC 2006
Author: stef-guest
Date: 2006-10-01 19:53:14 +0000 (Sun, 01 Oct 2006)
New Revision: 4796
Modified:
data/CVE/list
Log:
- new busybox httpd issue
- elog CVEified
- some new linux issues, some already fixed
- many moodle issues already fixed
- sun-java5 issue already fixed
- many NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-01 15:03:44 UTC (rev 4795)
+++ data/CVE/list 2006-10-01 19:53:14 UTC (rev 4796)
@@ -1,5 +1,3 @@
-CVE-2006-XXXX [elog XSS]
- - elog 2.6.2+r1719-1 (bug #389361)
CVE-2006-XXXX [graphicsmagic buffer overflows]
- graphicsmagick 1.1.7-9
TODO: check for security relevance and CVE-ids. Maybe imagemagick is affected, too
@@ -8,43 +6,43 @@
CVE-2006-5072
RESERVED
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...)
- TODO: check
+ NOT-FOR-US: eyeOS
CVE-2006-5070 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: faceStones Personal
CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in the Indexed Search 2.9.0 ...)
TODO: check
CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in ...)
- TODO: check
+ NOT-FOR-US: BrudaNews
CVE-2006-5067 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: PHP System Administration Toolkit (PHPSaTK)
CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport ...)
- TODO: check
+ NOT-FOR-US: DanPHPSupport
CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ...)
- TODO: check
+ NOT-FOR-US: ZoomStats
CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 ...)
- TODO: check
+ NOT-FOR-US: BirdBlog
CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote ...)
- TODO: check
+ - elog 2.6.2+r1719-1 (bug #389361)
CVE-2006-5062 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PBLang (PBL)
CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in ...)
- TODO: check
+ NOT-FOR-US: Advanced-Clan-Script (AVCX)
CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom ...)
- TODO: check
+ NOT-FOR-US: Jamroom
CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads ...)
- TODO: check
+ NOT-FOR-US: WWWthreads
CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty ...)
- TODO: check
+ NOT-FOR-US: Call of Duty
CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net ...)
- TODO: check
+ NOT-FOR-US: PhotoStore
CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial ...)
- TODO: check
+ NOT-FOR-US: Opial Audio/Video Download Management
CVE-2006-5055 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: syntaxCMS
CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 ...)
- TODO: check
+ NOT-FOR-US: iyzi Forum
CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php in ...)
- TODO: check
+ NOT-FOR-US: Web-News
CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
TODO: check
NOTE: This may be a dupe of CVE-2006-4925
@@ -54,103 +52,103 @@
NOTE: From my analysis only openssh with Kerberos support should be vulnerable
NOTE: However, we'll fix openssh as well just to make sure
CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox ...)
- TODO: check
+ - busybox <unfixed> (bug #390555; low)
CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component ...)
- TODO: check
+ NOT-FOR-US: Classifieds (com_classifieds) component for Joomla!
CVE-2006-5048 (Unspecified vulnerability in Security Images (com_securityimages) ...)
- TODO: check
+ NOT-FOR-US: Security Images (com_securityimages) component for Joomla!
CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 ...)
- TODO: check
+ NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and ...)
- TODO: check
+ NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and ...)
- TODO: check
+ NOT-FOR-US: PollXT component (com_pollxt) for Joomla!
CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component ...)
- TODO: check
+ NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo and Joomla!
CVE-2006-5043 (Unspecified vulnerability in JoomlaBoard (com_joomlaboard) 1.1.1 and ...)
- TODO: check
+ NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla!
CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...)
- TODO: check
+ NOT-FOR-US: mosMedia (com_mosmedia) for Joomla!
CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly ...)
- TODO: check
+ NOT-FOR-US: Hot Properties (possibly com_hotproperties) for Joomla!
CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has ...)
- TODO: check
+ NOT-FOR-US: SEF404x (com_sef) for Joomla!
CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events) for ...)
- TODO: check
+ NOT-FOR-US: Events 1.3 beta module (com_events) for Joomla!
CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, ...)
- TODO: check
+ NOT-FOR-US: FiWin
CVE-2006-5037 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: MySource Matrix
CVE-2006-5036 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: MySource Matrix
CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith ...)
- TODO: check
+ NOT-FOR-US: vCAP
CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer Services vCAP ...)
- TODO: check
+ NOT-FOR-US: vCAP
CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith ...)
- TODO: check
+ NOT-FOR-US: vCAP
CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire ...)
- TODO: check
+ NOT-FOR-US: PHPartenaire
CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in ...)
- TODO: check
+ NOT-FOR-US: CakePHP
CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 ...)
- TODO: check
+ NOT-FOR-US: exV2
CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board ...)
- TODO: check
+ NOT-FOR-US: WoltLab Burning Board (wBB)
CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php in ...)
- TODO: check
+ NOT-FOR-US: Plesk
CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: JevonCMS
CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
- TODO: check
+ NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
- TODO: check
+ NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
- TODO: check
+ NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: xweblog
CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php in ...)
- TODO: check
+ NOT-FOR-US: pNews System 1.1.0 (aka PowerNews)
CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG ...)
- TODO: check
+ NOT-FOR-US: RedBLoG
CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 ...)
- TODO: check
+ NOT-FOR-US: SolidState
CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Google Mini
CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext in an ...)
- TODO: check
+ NOT-FOR-US: ContentKeeper
CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava Gyula and ...)
- TODO: check
+ NOT-FOR-US: e-Vision CMS
CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in Szava ...)
- TODO: check
+ NOT-FOR-US: e-Vision CMS
CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows ...)
- TODO: check
+ NOT-FOR-US: Kietu
CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 ...)
NOT-FOR-US: WS_FTP
CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and ...)
@@ -256,35 +254,35 @@
CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, ...)
NOT-FOR-US: Cisco
CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site ...)
- TODO: check
+ NOT-FOR-US: Profile Directory (profile_pages.module) for Drupal
CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server ...)
- TODO: check
+ NOT-FOR-US: TFTPDWIN
CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search ...)
TODO: check
CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in ...)
- TODO: check
+ NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB)
CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka ...)
- TODO: check
+ NOT-FOR-US: DigitalWebShop
CVE-2006-4944 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ProgSys
CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the session ...)
- TODO: check
+ - moodle 1.6.2-1
CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) ...)
- TODO: check
+ - moodle 1.6.2-1
CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle before ...)
- TODO: check
+ - moodle 1.6.2-1
CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote ...)
- TODO: check
+ - moodle 1.6.2-1
CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates trace ...)
- TODO: check
+ - moodle 1.6.2-1
CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of ...)
- TODO: check
+ - moodle 1.6.2-1
CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...)
- TODO: check
+ - moodle 1.6.2-1
CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module instance id ...)
- TODO: check
+ - moodle 1.6.2-1
CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly handle ...)
- TODO: check
+ - moodle 1.6.2-1
CVE-2006-4934
RESERVED
CVE-2006-4933
@@ -304,7 +302,7 @@
CVE-2006-4926
RESERVED
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...)
- TODO: check
+ NOT-FOR-US: SISCO OSI stack for Windows
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
- linux-2.6 2.6.14
CVE-2006-4925 [openssh GSSAPI information leak)
@@ -934,7 +932,7 @@
CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 ...)
- mailman 1:2.1.8-3
CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...)
TODO: check
CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent ...)
@@ -1159,13 +1157,13 @@
CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...)
NOT-FOR-US: Cerberus Helpdesk
CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC ...)
- TODO: check
+ - linux-2.6 2.6.17-9
CVE-2006-4537 (NET$SESSION_CONTROL.EXE before 20060825 in DECnet-Plus in OpenVMS ...)
NOT-FOR-US: OpenVMS
CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss ...)
NOT-FOR-US: CMS Frogss
CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...)
NOT-FOR-US: Microsoft
CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 ...)
@@ -1703,11 +1701,11 @@
CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote ...)
- maxdb-7.5.00 <unfixed> (high; bug #386182)
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...)
- NOT-FOR-US: FreeBSD NetBSD
+ TODO: check
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
NOT-FOR-US: Solaris
CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...)
- TODO: check
+ - sun-java5 1.5.0-07-1
CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
NOT-FOR-US: Microsoft
CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...)
@@ -5449,7 +5447,7 @@
CVE-2006-2657
REJECTED
CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...)
- NOT-FOR-US: FreeBSD
+ NOT-FOR-US: build process for ypserv in FreeBSD
CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...)
NOT-FOR-US: FreeBSD-specific (see CVE-2006-1864 for Linux-specific CVE)
CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for ...)
@@ -5936,7 +5934,7 @@
{DSA-1090-1}
- spamassassin 3.1.3-1 (medium)
CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions in the ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before ...)
- linux-2.6 2.6.16-15
CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel ...)
More information about the Secure-testing-commits
mailing list