[Secure-testing-commits] r4664 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sat Sep 2 12:01:56 UTC 2006
Author: stef-guest
Date: 2006-09-02 12:01:55 +0000 (Sat, 02 Sep 2006)
New Revision: 4664
Modified:
data/CVE/list
Log:
some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-01 18:35:50 UTC (rev 4663)
+++ data/CVE/list 2006-09-02 12:01:55 UTC (rev 4664)
@@ -1,21 +1,21 @@
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
TODO: check
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...)
- sendmail 8.13.8-1 (bug #385054; medium)
CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...)
TODO: check
CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: Zend Platform
CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...)
- TODO: check
+ NOT-FOR-US: Zend Platform
CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4429 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: PHlyMail Lite
CVE-2006-4428 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Jupiter CMS
CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass ...)
TODO: check
CVE-2006-4426 (PHP remote file inclusion vulnerability in ...)
@@ -314,52 +314,52 @@
CVE-2006-4286 (PHP remote file inclusion vulnerability in contentpublisher.php in the ...)
TODO: check
CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...)
- TODO: check
+ NOT-FOR-US: Fantastic News
CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier ...)
- TODO: check
+ NOT-FOR-US: LBlog
CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW ...)
- TODO: check
+ NOT-FOR-US: SOLMETRA SPAW Editor
CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...)
- TODO: check
+ NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla!
CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...)
- TODO: check
+ NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo
CVE-2006-4280 (PHP remote file inclusion vulnerability in anjel.index.php in ANJEL ...)
- TODO: check
+ NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo
CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...)
- TODO: check
+ NOT-FOR-US: XennoBB
CVE-2006-4278 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: SportsPHool
CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 ...)
- TODO: check
+ NOT-FOR-US: Tutti Nova
CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier ...)
- TODO: check
+ NOT-FOR-US: Tutti Nova
CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the ...)
- TODO: check
+ NOT-FOR-US: CatalogShop component for Mambo (com_catalogshop)
CVE-2006-4274
REJECTED
NOT-FOR-US: Microsoft
CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 ...)
- TODO: check
+ NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4272 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4271 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...)
- TODO: check
+ NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo
CVE-2006-4269 (PHP remote file inclusion vulnerability in admin.x-shop.php in the ...)
- TODO: check
+ NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla!
CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...)
NOT-FOR-US: Symantec
CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows ...)
NOT-FOR-US: Kaspersky
CVE-2006-4264 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...)
- TODO: check
+ NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
TODO: check
CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
@@ -368,9 +368,9 @@
- mozilla <unfixed>
- mozilla-firefox <unfixed>
CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...)
- TODO: check
+ NOT-FOR-US: Fotopholder
CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...)
- TODO: check
+ NOT-FOR-US: Fotopholder
CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in ...)
NOT-FOR-US: Anti-Spam SMTP Proxy
CVE-2006-4257 (Unspecified vulnerability in IBM DB2 Universal Database (UDB) before ...)
@@ -702,15 +702,15 @@
CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6 ...)
TODO: check
CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 ...)
- TODO: check
+ NOT-FOR-US: blur6ex
CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database ...)
- TODO: check
+ NOT-FOR-US: Fill Threads Database
CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
NOT-FOR-US: mojoGallery
CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason ...)
- TODO: check
+ NOT-FOR-US: phNNTP
CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme ...)
- TODO: check
+ NOT-FOR-US: SQLiteWebAdmin
CVE-2006-4101
RESERVED
CVE-2006-4100
@@ -893,7 +893,7 @@
CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before ...)
NOT-FOR-US: Intel
CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...)
- TODO: check
+ NOT-FOR-US: ScatterChat
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...)
- php5 5.1.6-1 (medium; bug #382256)
- php4 4:4.4.4-1 (medium; bug #382261)
@@ -1212,7 +1212,7 @@
CVE-2006-3870
RESERVED
CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3868
RESERVED
CVE-2006-3867
@@ -1328,9 +1328,9 @@
CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...)
- twiki <not-affected> (only 4.0.x is affected)
CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell ...)
- TODO: check
+ NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...)
- TODO: check
+ NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...)
- krusader <not-affected> (bug #380063; file in directory with 0700 permissions)
CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a ...)
@@ -1339,7 +1339,7 @@
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
- cheesetracker 0.9.9-6 (bug #380364; low)
CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4 ...)
- TODO: check
+ NOT-FOR-US: Perl in Red Hat Enterprise Linux 4
CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
NOTE: MFSA-2006-56
[sarge] - mozilla <not-affected>
@@ -2077,7 +2077,7 @@
CVE-2006-3507
RESERVED
CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to ...)
NOT-FOR-US: Apple Mac OS
CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ...)
@@ -5226,9 +5226,9 @@
CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to ...)
NOT-FOR-US: SWS
CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print ...)
- TODO: check
+ NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products ...)
- TODO: check
+ NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2111 (Microsoft Internet Explorer 6.0 on Windows XP SP2, and possibly other ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x ...)
@@ -8130,7 +8130,7 @@
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...)
NOT-FOR-US: RaidenHTTPD
CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other ...)
- TODO: check
+ NOT-FOR-US: AOL
CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote ...)
NOT-FOR-US: Thomson modem firmware
CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems ...)
More information about the Secure-testing-commits
mailing list