[Secure-testing-commits] r4845 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sat Oct 14 13:00:10 UTC 2006
Author: stef-guest
Date: 2006-10-14 13:00:09 +0000 (Sat, 14 Oct 2006)
New Revision: 4845
Modified:
data/CVE/list
Log:
- CVE-2006-5214/5: xdm issues already fixed (low)
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-13 23:03:39 UTC (rev 4844)
+++ data/CVE/list 2006-10-14 13:00:09 UTC (rev 4845)
@@ -21,85 +21,89 @@
CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module in ...)
- moodle 1.6.2+20060930-1 (medium; bug #390294)
CVE-2006-5218 (Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in ...)
- TODO: check
+ NOT-FOR-US: systrace in OpenBSD and NetBSD
CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows ...)
- TODO: check
+ NOT-FOR-US: Emek Portal
CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) ...)
- TODO: check
+ NOT-FOR-US: Simple HTTPD (shttpd)
CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in NetBSD ...)
- TODO: check
+ - xdm 1:1.0.5-1 (low)
+ [sarge] - xfree86 <unfixed> (low)
+ NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5214 (Race condition in the Xsession script, as used by X Display Manager ...)
- TODO: check
+ - xdm 1:1.0.5-1 (low)
+ [sarge] - xfree86 <no-dsa> (low)
+ NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5213 (Sun Solaris 10 before 20061006 uses "incorrect and insufficient ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...)
- TODO: check
+ NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...)
- TODO: check
+ NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5210
RESERVED
CVE-2006-5209 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Admin Topic Action Logging Mod for phpBB
CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow ...)
- TODO: check
+ NOT-FOR-US: PHP Classifieds
CVE-2006-5207 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: phpMyTeam
CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows remote ...)
- TODO: check
+ NOT-FOR-US: Invision Gallery
CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7 allows ...)
- TODO: check
+ NOT-FOR-US: Invision Gallery
CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in action_admin/member.php in ...)
- TODO: check
+ NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted ...)
- TODO: check
+ NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and ...)
TODO: check
CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2006-5198
RESERVED
CVE-2006-5197 (PDshopPro stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: PDshopPro
CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...)
- TODO: check
+ NOT-FOR-US: Motorola SURFboard
CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 ...)
- TODO: check
+ NOT-FOR-US: Wheatblog
CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 ...)
- TODO: check
+ NOT-FOR-US: net2ftp
CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh Schmidt ...)
- TODO: check
+ NOT-FOR-US: WikyBlog
CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php in ...)
- TODO: check
+ NOT-FOR-US: phpGreetz
CVE-2006-5191 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Nivisec Static Topics module for phpBB
CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 ...)
- TODO: check
+ NOT-FOR-US: osCommerce
CVE-2006-5189 (PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php ...)
- TODO: check
+ NOT-FOR-US: klinza professional cms
CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius GOOP ...)
- TODO: check
+ NOT-FOR-US: webGENEius GOOP Gallery
CVE-2006-5187 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
- TODO: check
+ NOT-FOR-US: Bulletin Board Ace (BBaCE)
CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in ...)
- TODO: check
+ NOT-FOR-US: phpMyProfiler
CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and ...)
- TODO: check
+ NOT-FOR-US: HAMweather
CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 ...)
- TODO: check
+ NOT-FOR-US: PKR Internet Taskjitsu
CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs ...)
- TODO: check
+ NOT-FOR-US: Dayfox Blog
CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen ...)
- TODO: check
+ NOT-FOR-US: Travelsized CMS
CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...)
- TODO: check
+ NOT-FOR-US: phpMyWebmin
CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php in ...)
- TODO: check
+ NOT-FOR-US: Newswriter SW
CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent ...)
- TODO: check
+ NOT-FOR-US: Intoto iGateway
CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...)
TODO: check
CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...)
More information about the Secure-testing-commits
mailing list