[Secure-testing-commits] r4743 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Mon Sep 18 18:14:08 UTC 2006 

Author: stef-guest
Date: 2006-09-18 18:14:07 +0000 (Mon, 18 Sep 2006)
New Revision: 4743

Modified:
   data/CVE/list
Log:
- some new moodle issues already fixed
- CVE-2006-4758: new phpbb2 issue
- CVE-2006-4743: wordpress issue unimportant
- CVE-2006-4734: new tikiwiki issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-09-18 17:38:04 UTC (rev 4742)
+++ data/CVE/list	2006-09-18 18:14:07 UTC (rev 4743)
@@ -15,11 +15,11 @@
 CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive ...)
 	NOT-FOR-US: AlphaMail
 CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ...)
-	TODO: check
+	- moodle 1.6.2-1 (low)
 CVE-2006-4785 (SQL injection vulnerability in Moodle 1.6.1 and earlier allows remote ...)
-	TODO: check
+	- moodle 1.6.2-1 (medium; bug #387177)
 CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ...)
-	TODO: check
+	- moodle 1.6.2-1 (low)
 CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and ...)
 	NOT-FOR-US: WebSPELL
 CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals ...)
@@ -27,7 +27,7 @@
 CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded ...)
 	NOT-FOR-US: FutureSoft TFTP Server
 CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
-	TODO: check
+	NOT-FOR-US: phpBB XS
 CVE-2006-4779 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Vitrax Premodded phpBB
 CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...)
@@ -71,9 +71,9 @@
 CVE-2006-4759 (PunBB 1.2.12 does not properly handle pathnames ending in %00, which ...)
 	NOT-FOR-US: PunBB
 CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #388120)
 CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and ...)
 	NOT-FOR-US: phpMyDirectory
 CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in ...)
@@ -101,7 +101,8 @@
 CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication ...)
 	NOT-FOR-US: Abidia (1) O-Anywhere and (2) Abidia Wireless
 CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain ...)
-	TODO: check
+	- wordpress <unfixed> (unimportant)
+	NOTE: path disclosure only
 CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot ...)
 	NOT-FOR-US: PhpLinkExchange
 CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in ...)
@@ -120,7 +121,7 @@
 	- magpierss <unfixed> (unimportant)
 	NOTE: path disclosure only
 CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php ...)
-	TODO: check
+	- tikiwiki (medium; bug filed)
 CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...)
 	TODO: check
 CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an ...)

More information about the Secure-testing-commits mailing list