[Secure-testing-commits] r4882 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Tue Oct 24 21:24:34 UTC 2006
Author: stef-guest
Date: 2006-10-24 21:24:32 +0000 (Tue, 24 Oct 2006)
New Revision: 4882
Modified:
data/CVE/list
Log:
- CVE-2006-5451 new torrentflux XSSs (low)
- CVE-2006-5443 new WIMS issue
- some NFUs
- bugnums
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-24 21:14:27 UTC (rev 4881)
+++ data/CVE/list 2006-10-24 21:24:32 UTC (rev 4882)
@@ -3,42 +3,42 @@
CVE-2006-XXXX [drupal XSS and XSRF http://secunia.com/advisories/22486/]
- drupal <unfixed> (low)
CVE-2006-5460 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: phpht Topsites
CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
- TODO: check
+ NOT-FOR-US: Download-Engine
CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
- TODO: check
+ NOT-FOR-US: phpht Topsites
CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Casino Script (Masvet)
CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ...)
- graphicsmagick 1.1.7-9 (medium)
- imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025)
CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...)
- - bugzilla <unfixed> (bug filed; low)
+ - bugzilla <unfixed> (bug #395094; low)
CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...)
- - bugzilla <unfixed> (bug filed; low)
+ - bugzilla <unfixed> (bug #395094; low)
CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...)
- - bugzilla <unfixed> (bug filed; low)
+ - bugzilla <unfixed> (bug #395094; low)
CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...)
- TODO: check
+ NOT-FOR-US: HP Tru64
CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...)
- TODO: check
+ - torrentflux <unfixed> (bug #395099; low)
CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...)
- TODO: check
+ NOT-FOR-US: Kinesis Interactive Cinema System (KICS) CMS
CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote ...)
TODO: check
CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web ...)
TODO: check
CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino ...)
- TODO: check
+ NOT-FOR-US: Casinosoft Casino Script (aka Masvet)
CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...)
- asterisk <unfixed> (medium; bug #395080)
CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel ...)
- asterisk <unfixed> (medium; bug #395080)
CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...)
- TODO: check
+ - wims <unfixed> (bug #395102)
CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...)
TODO: check
CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...)
@@ -60,39 +60,39 @@
CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...)
NOT-FOR-US: ALiCE-CMS
CVE-2006-5432 (Multiple direct static code injection vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: phpPowerCards
CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in ...)
- TODO: check
+ NOT-FOR-US: PHPOutsourcing Zorum
CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
- TODO: check
+ NOT-FOR-US: db-central (dbc) Enterprise CMS
CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...)
- TODO: check
+ NOT-FOR-US: BRIM
CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's ...)
- TODO: check
+ NOT-FOR-US: Cerberus Helpdesk
CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...)
- TODO: check
+ NOT-FOR-US: Php AMX
CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal ...)
- TODO: check
+ NOT-FOR-US: LoCal Calendar System
CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote ...)
- TODO: check
+ NOT-FOR-US: XORP (eXtensible Open Router Platform)
CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial ...)
- TODO: check
+ NOT-FOR-US: Justsystem Ichitaro
CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in ...)
- TODO: check
+ NOT-FOR-US: Lou Portail
CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel ...)
- TODO: check
+ NOT-FOR-US: Lodel
CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: WSN Forum
CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...)
- TODO: check
+ NOT-FOR-US: Specimen Image Database (SID)
CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php ...)
- TODO: check
+ NOT-FOR-US: pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB
CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2006-5415 (PHP remote file inclusion vulnerability in ...)
TODO: check
CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to ...)
@@ -270,6 +270,7 @@
RESERVED
CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 for ...)
- flashplugin-nonfree <unfixed> (medium)
+ TODO: file bug when upstream fix is released
CVE-2006-5329
RESERVED
CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and ...)
More information about the Secure-testing-commits
mailing list