[Secure-testing-commits] r4675 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Mon Sep 4 21:31:04 UTC 2006
Author: stef-guest
Date: 2006-09-04 21:31:03 +0000 (Mon, 04 Sep 2006)
New Revision: 4675
Modified:
data/CVE/list
Log:
- CVE-2006-4380: new mysql 4.1 issue
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-04 21:05:30 UTC (rev 4674)
+++ data/CVE/list 2006-09-04 21:31:03 UTC (rev 4675)
@@ -29,45 +29,45 @@
CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...)
TODO: check
CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...)
- TODO: check
+ NOT-FOR-US: Novell Identity Manager
CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: NX5Linx
CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: NX5Linx
CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows ...)
- TODO: check
+ NOT-FOR-US: NX5Linx
CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...)
- TODO: check
+ NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 ...)
- TODO: check
+ NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...)
- TODO: check
+ NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for ...)
- TODO: check
+ NOT-FOR-US: ModernBill
CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in ...)
- TODO: check
+ NOT-FOR-US: PortailPHP
CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows ...)
- TODO: check
+ NOT-FOR-US: IwebNegar
CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar ...)
- TODO: check
+ NOT-FOR-US: IwebNegar
CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ...)
TODO: check
CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows ...)
- TODO: check
+ NOT-FOR-US: Cybozu Office
CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before ...)
- TODO: check
+ NOT-FOR-US: Cybozu Collaborex
CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before ...)
- TODO: check
+ NOT-FOR-US: Cybozu Office
CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill ...)
- TODO: check
+ NOT-FOR-US: MiniBill
CVE-2006-4488 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ExBB Italia
CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web ...)
- TODO: check
+ NOT-FOR-US: DUpoll
CVE-2006-4486 (Unspecified vulnerability in PHP before 5.1.6, when running on a ...)
TODO: check
CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...)
@@ -81,79 +81,79 @@
CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...)
TODO: check
CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...)
- TODO: check
+ NOT-FOR-US: Nuked-Klan
CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...)
- TODO: check
+ NOT-FOR-US: ezContents
CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ...)
- TODO: check
+ NOT-FOR-US: ezContents
CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...)
- TODO: check
+ NOT-FOR-US: ezContents
CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-4467 (Interpretation conflict in Simple Machines Forum (SMF) 1.1RCx before ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum
CVE-2006-4466 (Interpretation conflict in Joomla! before 1.0.11 does not properly ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2006-4465 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in ...)
- TODO: check
+ NOT-FOR-US: JS ASP Faq Manager
CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...)
- TODO: check
+ NOT-FOR-US: LinksCaffe
CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...)
TODO: check
CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
- TODO: check
+ NOT-FOR-US: iAddressBook
CVE-2006-4459
RESERVED
CVE-2006-4458 (Directory traversal vulnerability in ...)
TODO: check
CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...)
- TODO: check
+ NOT-FOR-US: phpECard
CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard ...)
- TODO: check
+ NOT-FOR-US: phpECard
CVE-2006-4455 (** DISPUTED ** ...)
TODO: check
CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...)
- TODO: check
+ NOT-FOR-US: HLstats
CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 ...)
- TODO: check
+ NOT-FOR-US: PmWiki
CVE-2006-4452 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Web3news
CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows ...)
- TODO: check
+ NOT-FOR-US: Tag Board
CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, ...)
- TODO: check
+ - phpbb2 2.0.21-1 (low)
CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in ...)
- TODO: check
+ NOT-FOR-US: MyBulletinBoard (MyBB)
CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...)
- TODO: check
+ NOT-FOR-US: interact
CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...)
TODO: check
CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4445 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: CuteNews
CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...)
TODO: check
CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
@@ -291,9 +291,9 @@
CVE-2006-4381
RESERVED
CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...)
- TODO: check 4.0
- - mysql-dfsg-5.0 <not-affected>
- NOTE: sf: pinged maintainer
+ - mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
+ - mysql-dfsg <not-affected> (only 4.1 affected)
+ - mysql-dfsg-4.1 <unfixed>
CVE-2006-4379
RESERVED
CVE-2006-4378 (** DISPUTED ** ...)
More information about the Secure-testing-commits
mailing list