[Secure-testing-commits] r4895 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Sun Oct 29 18:52:04 UTC 2006
Author: stef-guest
Date: 2006-10-29 19:52:04 +0100 (Sun, 29 Oct 2006)
New Revision: 4895
Modified:
data/CVE/list
Log:
- new mysql 5.0 DoS issues fixed (low)
- CVE-2006-547[5-7]: drupal CVEified
- many NFUs
- remove obsolete serendipity entry
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-29 14:00:32 UTC (rev 4894)
+++ data/CVE/list 2006-10-29 18:52:04 UTC (rev 4895)
@@ -1,23 +1,25 @@
+CVE-2006-XXXX [several possible mysql 5.0 local DoS vulnerabilities]
+ - mysql-dfsg-5.0 5.0.26-1 (low)
CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen ...)
- TODO: check
+ NOT-FOR-US: Zwahlen Online Shop
CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...)
- TODO: check
+ NOT-FOR-US: JaxUltraBB
CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH ...)
- TODO: check
+ NOT-FOR-US: Pexplorer
CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book ...)
- TODO: check
+ NOT-FOR-US: Burning Book
CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab ...)
- TODO: check
+ NOT-FOR-US: Burning Book
CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent ...)
- TODO: check
+ NOT-FOR-US: Der Dirigent
CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 ...)
- TODO: check
+ NOT-FOR-US: WiClear
CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote ...)
- TODO: check
+ NOT-FOR-US: 2BGal
CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum
CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum
CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX ...)
NFU: AOL Security Edition
CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control ...)
@@ -47,41 +49,41 @@
CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before ...)
NFU: RIM BlackBerry Enterprise Server
CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly ...)
- TODO: check
+ NOT-FOR-US: XchangeBoard
CVE-2006-5487
RESERVED
CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Messaging Server
CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg ...)
- TODO: check
+ NOT-FOR-US: SpeedBerg
CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...)
- TODO: check
+ NOT-FOR-US: SSH Tectia
CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
TODO: check
CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
TODO: check
CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 ...)
- TODO: check
+ NOT-FOR-US: Castor
CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in Castor 1.1.1 ...)
- TODO: check
+ NOT-FOR-US: Castor
CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2006-5478 (Stack-based buffer overflow in the BuildRedirectURL function in the ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form ...)
- TODO: check
+ - drupal <unfixed> (low)
CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...)
- TODO: check
+ - drupal <unfixed> (low)
CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...)
- TODO: check
+ - drupal <unfixed> (low)
CVE-2006-5474 (The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 ...)
- TODO: check
+ NOT-FOR-US: OneOrZero Helpdesk
CVE-2006-5473 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer ...)
- TODO: check
+ NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php ...)
- TODO: check
+ NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5470
RESERVED
CVE-2006-5469
@@ -110,10 +112,6 @@
[sarge] - postgresql <unfixed> (unimportant)
NOTE: All crashes can only be triggered by authenticated users, these are not
NOTE: treated as vulnerabilities.
-CVE-2006-XXXX [serendipity XSS for registered authors]
- - serendipity 1.0.2-1 (low)
-CVE-2006-XXXX [drupal XSS and XSRF http://secunia.com/advisories/22486/]
- - drupal <unfixed> (low)
CVE-2006-5460 (** DISPUTED ** ...)
NOT-FOR-US: phpht Topsites
CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
@@ -142,7 +140,7 @@
CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights ...)
NOT-FOR-US: Microsoft
CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web ...)
- TODO: check
+ NOT-FOR-US: DEV Web Management System (WMS)
CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino ...)
NOT-FOR-US: Casinosoft Casino Script (aka Masvet)
CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...)
@@ -206,73 +204,73 @@
CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 ...)
NOT-FOR-US: F5
CVE-2006-5415 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: News Defilante Horizontale
CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Barry Nauta BRIM
CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 ...)
- TODO: check
+ NOT-FOR-US: SuperMod for YABB (YaBBSM)
CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when ...)
- TODO: check
+ NOT-FOR-US: PHP Outburst Easynews
CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web ...)
- TODO: check
+ NOT-FOR-US: Free Web Publishing System (FreeWPS)
CVE-2006-5410 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: BoonEx Dolphin
CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management ...)
- TODO: check
+ NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ...)
- TODO: check
+ NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure ...)
- TODO: check
+ NOT-FOR-US: Passgo Defender
CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver ...)
- TODO: check
+ NOT-FOR-US: Toshiba Bluetooth wireless device driver
CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...)
- TODO: check
+ NOT-FOR-US: PHPmybibli
CVE-2006-5401 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: AROUNDMe
CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in ...)
- TODO: check
+ NOT-FOR-US: CyberBrau
CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...)
- TODO: check
+ NOT-FOR-US: PHPRecipeBook
CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...)
- TODO: check
+ NOT-FOR-US: Simplog
CVE-2006-5397
RESERVED
CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock ...)
- TODO: check
+ NOT-FOR-US: OpenDock FullCore
CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Xfire
CVE-2006-5390 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ACP User Registration (MMW) module for phpBB
CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: PHP-Wyana
CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and ...)
- TODO: check
+ NOT-FOR-US: WebSPELL
CVE-2006-5387 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PlusXL phpBB module
CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm ...)
- TODO: check
+ NOT-FOR-US: NuralStorm Webmail
CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...)
- TODO: check
+ NOT-FOR-US: SpamOborona phpBB module
CVE-2006-5384 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: CDS Agenda
CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and ...)
- TODO: check
+ NOT-FOR-US: Def-Blog
CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and ...)
- TODO: check
+ NOT-FOR-US: 3Com
CVE-2003-1307 (** DISPUTED ** ...)
TODO: check
CVE-2006-XXXX [unspecified steam cache vulnerability]
@@ -404,85 +402,85 @@
CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before ...)
NOT-FOR-US: phplist
CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans ...)
- TODO: check
+ NOT-FOR-US: Album Photo Sans Nom
CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows ...)
- TODO: check
+ NOT-FOR-US: Foafgen
CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine ...)
- TODO: check
+ NOT-FOR-US: Nayco JASmine
CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows ...)
- TODO: check
+ NOT-FOR-US: eboli
CVE-2006-5316 (registroTL stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: registroTL
CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL ...)
- TODO: check
+ NOT-FOR-US: registroTL
CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre ...)
- TODO: check
+ NOT-FOR-US: TribunaLibre
CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Hastymail
CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax ...)
- TODO: check
+ NOT-FOR-US: Ajax Shoutbox
CVE-2006-5311 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Buzlas
CVE-2006-5310 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: phpMyConferences
CVE-2006-5309 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference ...)
- TODO: check
+ NOT-FOR-US: Open Conference Systems
CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK ...)
- TODO: check
+ NOT-FOR-US: AFGB GUESTBOOK
CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals ...)
- TODO: check
+ NOT-FOR-US: Journals System module for phpBB
CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr ...)
- TODO: check
+ NOT-FOR-US: lat2cyr
CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS ...)
- TODO: check
+ NOT-FOR-US: IncCMS Core
CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to ...)
- TODO: check
+ NOT-FOR-US: Secure Computing SafeWord RemoteAccess
CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...)
- TODO: check
+ NOT-FOR-US: Redaction System
CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in ...)
- TODO: check
+ NOT-FOR-US: SpamBlockerMODv module for phpBB
CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: Gcontact
CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...)
TODO: check
CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...)
TODO: check
CVE-2006-5296 (Buffer overflow in Microsoft Office 2003 PowerPoint allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
- TODO: check
+ NOT-FOR-US: phplist
CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in ...)
- TODO: check
+ NOT-FOR-US: PhpOutsourcing Noah's Classifieds
CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in ...)
- TODO: check
+ NOT-FOR-US: Exhibit Engine
CVE-2006-5291 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Download-Engine
CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of ...)
- TODO: check
+ NOT-FOR-US: Xerox WorkCentre
CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 ...)
- TODO: check
+ NOT-FOR-US: Vtiger CRM
CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 ...)
- TODO: check
+ NOT-FOR-US: Xeobook
CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 ...)
- TODO: check
+ NOT-FOR-US: Novell BorderManager
CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...)
- TODO: check
+ NOT-FOR-US: XeoPort
CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen ...)
- TODO: check
+ NOT-FOR-US: PHP News Reader (aka pnews)
CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 ...)
- TODO: check
+ NOT-FOR-US: Minichat
CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and ...)
- TODO: check
+ NOT-FOR-US: SH-News
CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n at board ...)
- TODO: check
+ NOT-FOR-US: n at board
CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...)
- TODO: check
+ NOT-FOR-US: communityPortals
CVE-2006-5279
RESERVED
CVE-2006-5278
@@ -514,17 +512,17 @@
CVE-2006-5265
RESERVED
CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper ...)
- TODO: check
+ NOT-FOR-US: MysqlDumper
CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in ...)
- TODO: check
+ NOT-FOR-US: phpMyAgenda
CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and ...)
- TODO: check
+ NOT-FOR-US: Hastymail
CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 ...)
- TODO: check
+ NOT-FOR-US: PHPMyNews
CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2 ...)
- TODO: check
+ NOT-FOR-US: Compteur 2
CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in ...)
- TODO: check
+ NOT-FOR-US: Compteur 2
CVE-2006-5258 (The spell checking component of (1) Asbru Web Content Management ...)
TODO: check
CVE-2006-5257 (PHP remote file inclusion vulnerability in ...)
More information about the Secure-testing-commits
mailing list