[Secure-testing-commits] r3255 - data/CVE

Moritz Muehlenhoff Mon, 09 Jan 2006 16:41:23 -0800

Author: jmm-guest
Date: 2006-01-10 00:40:55 +0000 (Tue, 10 Jan 2006)
New Revision: 3255


Modified:
   data/CVE/list
Log:
three new kernel issues, two already in the patch tracker
lots of NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-01-10 00:11:42 UTC (rev 3254)
+++ data/CVE/list       2006-01-10 00:40:55 UTC (rev 3255)
@@ -53,98 +53,102 @@
        NOT-FOR-US: Enhanced Simple PHP Gallery
 CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in 
Enhanced ...)
        NOT-FOR-US: Enhanced Simple PHP Gallery
-begin claimed by jmm
 CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media 
...)
-       TODO: check
+       NOT-FOR-US: Boxcar Media Shopping Cart
 CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in 
Foro Domus ...)
-       TODO: check
+       NOT-FOR-US: Foro Domus 
 CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular 
Merchant ...)
-       TODO: check
+       NOT-FOR-US: Modular Merchant Shopping Cart 
 CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS 
allows ...)
-       TODO: check
+       NOT-FOR-US: Timecan CMS 
 CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: Timecan CMS 
 CVE-2006-0105
        RESERVED
 CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: TinyPHPForum
 CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/anyuser.hash 
and (2) ...)
-       TODO: check
+       NOT-FOR-US: TinyPHPForum
 CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 
3.6 and ...)
-       TODO: check
+       NOT-FOR-US: TinyPHPForum
 CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 
0.7.1 ...)
-       TODO: check
+       NOT-FOR-US: sBLOG
 CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow 
local ...)
-       TODO: check
+       NOT-FOR-US: NicoFTP
 CVE-2006-0099 (PHP remote file include vulnerability in (1) ...)
-       TODO: check
+       NOT-FOR-US: Valdersoft Shopping Cart
 CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 
3.7 and ...)
-       TODO: check
+       NOT-FOR-US: OpenBSD
 CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function 
in ...)
-       TODO: check
+       NOTE: This is probably not-affected as it's Windows-specific
+       TODO: double-check, if this is really Windows-specific
 CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 
2.4.29 ...)
-       TODO: check
+       - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
+       - kernel-source-2.4.27 2.4.27-8
+       NOTE: sarge 2.6.8 and 2.4.27 are affected, woody is unclear
 CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a 
structure ...)
-       TODO: check
+       - linux-2.6 <unfixed>
+       - kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
+       NOTE: 2.6.8 sarge affected, 2.4 kernels not affected
 CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 
1.0 ...)
-       TODO: check
+       NOT-FOR-US: oaBoard
 CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card 
ME PHP ...)
-       TODO: check
+       NOT-FOR-US: @Card ME PHP 
 CVE-2006-0092 (SQL injection vulnerability in index.php in SiteSuite CMS 
allows ...)
-       TODO: check
+       NOT-FOR-US: SiteSuite CMS
 CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in 
Open-Xchange ...)
-       TODO: check
+       NOT-FOR-US: Open-Xchange
 CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory 
Viewer ...)
-       TODO: check
+       NOT-FOR-US: IDV Directory Viewer
 CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: ESRI ArcPad
 CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 
Alpha ...)
-       TODO: check
+       NOT-FOR-US: inTouch
 CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php 
in ...)
-       TODO: check
+       NOT-FOR-US: Lizard Cart
 CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next 
Generation ...)
-       TODO: check
+       NOT-FOR-US: Next Generation Image Gallery 
 CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote 
...)
-       TODO: check
+       NOT-FOR-US: Nkads
 CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 
and ...)
-       TODO: check
+       NOT-FOR-US: raSMP
 CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel 
before ...)
-       TODO: check
+       NOTE: Unclear, whether this is really exploitable, re-pinged Dann and 
Horms
 CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign 
SupportTrio ...)
-       TODO: check
+       NOT-FOR-US: ActiveCampaign SupportTrio
 CVE-2005-4633 (SQL injection vulnerability in index.php in phpoutsourcing 
Zorum Forum ...)
-       TODO: check
+       NOT-FOR-US: phpoutsourcing Zorum Forum 
 CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0 
and ...)
-       TODO: check
+       NOT-FOR-US: Vote!Pro
 CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Zina
 CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 
allows ...)
-       TODO: check
+       NOT-FOR-US: ClientExec
 CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: SMBCMS
 CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 
and ...)
-       TODO: check
+       NOT-FOR-US: HelpDeskPoint
 CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) 
GmailSite ...)
-       TODO: check
+       NOT-FOR-US: GmailSite 
 CVE-2005-4626 (The default configuration of Recruitment Software installs ...)
-       TODO: check
+       NOT-FOR-US: Recruitment Software 
 CVE-2005-4625 (Drivers for certain display adapters, including (1) an 
unspecified ATI ...)
-       TODO: check
+       NOT-FOR-US: Strange Windows drivers
 CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 
allows ...)
-       TODO: check
+       NOT-FOR-US: PTnet ircd
 CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a 
denial ...)
-       TODO: check
+       NOT-FOR-US: eFileGo
 CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote 
...)
-       TODO: check
+       NOT-FOR-US: eFileGo
 CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page 
in ...)
-       TODO: check
+       NOT-FOR-US: vBulletin
 CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users 
to ...)
-       TODO: check
+       NOT-FOR-US: WinRAR
 CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing 
Zorum Forum ...)
-       TODO: check
+       NOT-FOR-US: phpoutsourcing Zorum Forum 
 CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 
allows ...)
-       TODO: check
-end claimed by jmm
+       - linux-2.6 <unfixed>
+       NOTE: Added patch tracker template
 CVE-2006-0083 [smstools logging format string issue]
        RESERVED
        {DSA-930-1}


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3255 - data/CVE

Reply via email to