[Secure-testing-commits] r4814 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Thu Oct 5 20:01:22 UTC 2006
Author: stef-guest
Date: 2006-10-05 20:01:21 +0000 (Thu, 05 Oct 2006)
New Revision: 4814
Modified:
data/CVE/list
Log:
- CVE-2006-511[67] new phpmyadmin issues
- CVE-2006-4625: new php issues (low)
- CVE-2006-5111: new libksa issue
- CVE-2006-5069: typo3 not affected
- CVE-2006-4542: new webmin and usermin issue in sarge
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-05 19:12:16 UTC (rev 4813)
+++ data/CVE/list 2006-10-05 20:01:21 UTC (rev 4814)
@@ -101,9 +101,9 @@
CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD ...)
NOT-FOR-US: PHPSelect Web Development Division
CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...)
- TODO: check
+ - phpmyadmin <unfixed> (bug #391090, low)
CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ - phpmyadmin <unfixed> (bug #391090, low)
CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...)
NOT-FOR-US: KGB
CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP ...)
@@ -113,7 +113,7 @@
CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...)
NOT-FOR-US: NaviCOPA Web Server
CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by ...)
- TODO: check
+ - libksba <unfixed> (bug #391278)
CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...)
NOT-FOR-US: PHP Invoice
CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive ...)
@@ -203,7 +203,7 @@
CVE-2006-5070 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: faceStones Personal
CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...)
- TODO: check
+ - typo3 <not-affected> (only version 4.x affected)
CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in ...)
NOT-FOR-US: BrudaNews
CVE-2006-5067 (** DISPUTED ** ...)
@@ -454,7 +454,7 @@
CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server ...)
NOT-FOR-US: TFTPDWIN
CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search ...)
- TODO: check
+ NOT-FOR-US: Search Keywords module for Drupal
CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in ...)
NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB)
CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka ...)
@@ -1122,7 +1122,9 @@
CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before ...)
NOT-FOR-US: avast! Anti-virus Engine
CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...)
- TODO: check
+ - php4 <unfixed> (bug filed, low)
+ - php5 <unfixed> (bug #391281, low)
+ [sarge] - php4 <no-dsa> (open_basedir violations not supported)
CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 ...)
- mailman 1:2.1.8-3
CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation ...)
@@ -1340,7 +1342,8 @@
CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 ...)
NOT-FOR-US: HLStats
CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a ...)
- TODO: check
+ - webmin <removed> (bug filed)
+ - usermin <removed>
CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly ...)
NOT-FOR-US: BlackICE PC Protection
CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in ...)
More information about the Secure-testing-commits
mailing list