[Secure-testing-commits] r4760 - data/CVE

[Stefan Fritsch]

Author: stef-guest
Date: 2006-09-24 20:32:21 +0000 (Sun, 24 Sep 2006)
New Revision: 4760

Modified:
   data/CVE/list
Log:
- CVE-2006-467[459]: new dokuwiki remote code execution issue
- CVE-2006-4294 new twiki issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-09-24 19:51:14 UTC (rev 4759)
+++ data/CVE/list	2006-09-24 20:32:21 UTC (rev 4760)
@@ -504,7 +504,7 @@
 CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords ...)
 	NOT-FOR-US: Canon imageRUNNER
 CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, ...)
-	TODO: check
+	- dokuwiki <unfixed> (low; bug #388082)
 CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...)
 	NOT-FOR-US: News Evolution
 CVE-2006-4677 (** DISPUTED ** ...)
@@ -512,9 +512,9 @@
 CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and ...)
 	NOT-FOR-US: TIBCO RendezVous
 CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in ...)
-	TODO: check
+	- dokuwiki <unfixed> (medium; bug #388082)
 CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki ...)
-	TODO: check
+	- dokuwiki <unfixed> (medium; bug #388082)
 CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...)
@@ -1399,7 +1399,7 @@
 CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...)
 	NOT-FOR-US: Panda ActiveScan
 CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 ...)
-	TODO: check
+	- twiki <unfixed> (bug filed)
 CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
 	NOT-FOR-US: cPanel
 CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...)