[Secure-testing-commits] r4759 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Sun Sep 24 19:51:16 UTC 2006
Author: stef-guest
Date: 2006-09-24 19:51:14 +0000 (Sun, 24 Sep 2006)
New Revision: 4759
Modified:
data/CVE/list
Log:
some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-24 19:11:52 UTC (rev 4758)
+++ data/CVE/list 2006-09-24 19:51:14 UTC (rev 4759)
@@ -148,21 +148,21 @@
CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 ...)
NOT-FOR-US: QuadComm Q-Shop
CVE-2006-4851 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: BolinOS
CVE-2006-4850 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: BolinOS
CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...)
- TODO: check
+ NOT-FOR-US: MobilePublisherPHP
CVE-2006-4848 (Multiple PHP remote file inclusion vulnerabilities in Brian Fraval ...)
- TODO: check
+ NOT-FOR-US: Hitweb
CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix ...)
- TODO: check
+ NOT-FOR-US: WS_FTP
CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2006-4845 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: TeamCal
CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Claroline
CVE-2006-4843
RESERVED
CVE-2006-4842
@@ -174,43 +174,43 @@
CVE-2006-4839
RESERVED
CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE ...)
- TODO: check
+ NOT-FOR-US: DCP-Portal
CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE ...)
- TODO: check
+ NOT-FOR-US: DCP-Portal
CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows ...)
- TODO: check
+ NOT-FOR-US: DCP-Portal
CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: Blue Magic Board (BMB) (aka BMForum)
CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...)
- TODO: check
+ NOT-FOR-US: phpQuiz
CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx ...)
- TODO: check
+ NOT-FOR-US: NetPerformer
CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT ...)
- TODO: check
+ NOT-FOR-US: NetPerformer
CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before ...)
- TODO: check
+ NOT-FOR-US: IP over DNS is now easy (iodine)
CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in ...)
- TODO: check
+ NOT-FOR-US: Blojsom
CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...)
- TODO: check
+ NOT-FOR-US: Blojsom
CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in ...)
- TODO: check
+ NOT-FOR-US: PhotoPost
CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat ...)
- TODO: check
+ NOT-FOR-US: Vmist Downstat
CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed ...)
- TODO: check
+ NOT-FOR-US: Shadowed Portal
CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: PHP Event Calendar
CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in ...)
- TODO: check
+ NOT-FOR-US: Quicksilver Forums (QSF)
CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in ...)
- TODO: check
+ NOT-FOR-US: Magic News
CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: emuCMS
CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview ...)
- TODO: check
+ NOT-FOR-US: Drupal Userreview module
CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2006-4819
RESERVED
CVE-2006-4818
@@ -244,27 +244,27 @@
CVE-2006-4804
RESERVED
CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...)
- TODO: check
+ NOT-FOR-US: Novell Identity Manager
CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and ...)
- TODO: check
+ NOT-FOR-US: Roxio Toast
CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...)
TODO: check
CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...)
TODO: check
CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which ...)
- TODO: check
+ - sql-ledger 2.4.5-1
CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine ...)
- TODO: check
+ NOT-FOR-US: CJ Tag Board
CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums ...)
- TODO: check
+ NOT-FOR-US: Snitz Forums
CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 ...)
- TODO: check
+ NOT-FOR-US: TualBLOG
CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
TODO: check
CVE-2006-XXXX [linux-ftpd allows chdir to disallowed directories]
@@ -442,17 +442,17 @@
CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow ...)
- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator ...)
- TODO: check
+ NOT-FOR-US: NewsGator FeedDemon
CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b allows ...)
- TODO: check
+ NOT-FOR-US: Vikingboard
CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
- TODO: check
+ NOT-FOR-US: Vikingboard
CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php (aka the ...)
- TODO: check
+ NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
- TODO: check
+ NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic ...)
- TODO: check
+ NOT-FOR-US: Timesheet (aka Timesheet.php)
CVE-2006-4704
RESERVED
CVE-2006-4703
@@ -496,122 +496,122 @@
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 ...)
TODO: check
CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM Director
CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...)
- TODO: check
+ NOT-FOR-US: IBM Director
CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM Director ...)
- TODO: check
+ NOT-FOR-US: IBM Director
CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords ...)
- TODO: check
+ NOT-FOR-US: Canon imageRUNNER
CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, ...)
TODO: check
CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...)
- TODO: check
+ NOT-FOR-US: News Evolution
CVE-2006-4677 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: phpopenchat
CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and ...)
- TODO: check
+ NOT-FOR-US: TIBCO RendezVous
CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in ...)
TODO: check
CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki ...)
TODO: check
CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...)
- TODO: check
+ NOT-FOR-US: ppalCart
CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in Fantastic ...)
- TODO: check
+ NOT-FOR-US: Fantastic News
CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn ...)
- TODO: check
+ NOT-FOR-US: PhotoKorn Gallery
CVE-2006-4669 (PHP remote file inclusion vulnerability in admin/system/include.php in ...)
- TODO: check
+ NOT-FOR-US: Somery
CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley ...)
- TODO: check
+ NOT-FOR-US: AckerTodo
CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote ...)
- TODO: check
+ NOT-FOR-US: RunCMS
CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst ...)
- TODO: check
+ NOT-FOR-US: Newsscript (aka WM-News)
CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...)
- TODO: check
+ NOT-FOR-US: MKPortal
CVE-2006-4664 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Premod Shadow
CVE-2006-4663 (** DISPUTED ** ...)
TODO: check
CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ ...)
- TODO: check
+ NOT-FOR-US: AOL ICQ
CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not ...)
- TODO: check
+ NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed ...)
- TODO: check
+ NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...)
- TODO: check
+ NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses ...)
- TODO: check
+ NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...)
- TODO: check
+ NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4656 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Web Provence SL_Site
CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD extension in X ...)
- TODO: check
+ NOT-FOR-US: X11R6.4
CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2 allows ...)
- TODO: check
+ NOT-FOR-US: Address Book Web Server
CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll store ...)
- TODO: check
+ NOT-FOR-US: Amazing Little Poll
CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have a ...)
- TODO: check
+ NOT-FOR-US: Amazing Little Poll
CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and possibly ...)
- TODO: check
+ NOT-FOR-US: Php download
CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo News ...)
- TODO: check
+ NOT-FOR-US: BinGo News
CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News ...)
- TODO: check
+ NOT-FOR-US: BinGo News
CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 ...)
- TODO: check
+ NOT-FOR-US: Sponge News
CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto ...)
- TODO: check
+ NOT-FOR-US: Drupal Pathauto module
CVE-2006-4645 (PHP remote file inclusion vulnerability in akarru.gui/main_content.php ...)
- TODO: check
+ NOT-FOR-US: Social BookMarking Engine
CVE-2006-4644 (PHP remote file inclusion vulnerability in modules/home.module.php in ...)
- TODO: check
+ NOT-FOR-US: phpFullAnnu
CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert ...)
- TODO: check
+ NOT-FOR-US: PhpLeague
CVE-2006-4642 (AuditWizard 6.3.2, when using "Remote Audit," logs the administrator ...)
- TODO: check
+ NOT-FOR-US: AuditWizard
CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal ...)
- TODO: check
+ NOT-FOR-US: Muratsoft Haber Portal
CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...)
- flashplugin-nonfree 7.0.68.0.1
[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...)
- TODO: check
+ NOT-FOR-US: C-News.fr C-News
CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...)
- TODO: check
+ NOT-FOR-US: ACGV News
CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 ...)
- TODO: check
+ NOT-FOR-US: ACGV News
CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and ...)
- TODO: check
+ NOT-FOR-US: PhpCommander
CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and possibly ...)
- TODO: check
+ NOT-FOR-US: MySource Classic
CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows ...)
- TODO: check
+ NOT-FOR-US: VBZooM
CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: SoftBB
CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly ...)
- TODO: check
+ NOT-FOR-US: SoftBB
CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php in ...)
- TODO: check
+ NOT-FOR-US: SoftBB
CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING ...)
- TODO: check
+ NOT-FOR-US: MySpeach
CVE-2006-4629 (PHP remote file inclusion vulnerability in affichage/commentaires.php ...)
- TODO: check
+ NOT-FOR-US: C-News.fr C-News
CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows ...)
- TODO: check
+ NOT-FOR-US: VCD-db
CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed via ...)
- TODO: check
+ NOT-FOR-US: System Information ActiveX control
CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before ...)
- TODO: check
+ NOT-FOR-US: avast! Anti-virus Engine
CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...)
TODO: check
CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 ...)
@@ -1068,9 +1068,9 @@
CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure ...)
NOT-FOR-US: Solaris
CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux ...)
- TODO: check
+ NOT-FOR-US: SpIDer for Dr.Web Scanner
CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Tagger LE
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...)
NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...)
@@ -1181,30 +1181,30 @@
CVE-2006-4390
RESERVED
CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4387
RESERVED
CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4383
RESERVED
CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...)
{DSA-1169}
- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
- mysql-dfsg <not-affected> (only 4.1 affected)
- mysql-dfsg-4.1 <removed>
CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...)
- TODO: check
+ NOT-FOR-US: Ipswitch Collaboration 2006 Suite
CVE-2006-4378 (** DISPUTED ** ...)
NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
@@ -2326,7 +2326,7 @@
CVE-2006-3874
RESERVED
CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3872
RESERVED
CVE-2006-3871
More information about the Secure-testing-commits
mailing list