[Secure-testing-commits] r3587 - data/CVE

Stefan Fritsch Fri, 10 Mar 2006 12:20:35 -0800

Author: stef-guest
Date: 2006-03-10 20:19:26 +0000 (Fri, 10 Mar 2006)
New Revision: 3587


Modified:
   data/CVE/list
Log:
some NFUs, claim some more

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-03-10 19:42:55 UTC (rev 3586)
+++ data/CVE/list       2006-03-10 20:19:26 UTC (rev 3587)
@@ -1,100 +1,99 @@
-begin claimed by stef-guest
-
 CVE-2006-1128 (Directory traversal vulnerability in the session handling class 
...)
-       TODO: check
+       - gallery2 2.0.3
 CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 
2.0.2 ...)
-       TODO: check
+       - gallery2 2.0.3
 CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP 
...)
-       TODO: check
+       - gallery2 2.0.3
 CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, 
sets ...)
-       TODO: check
+       NOT-FOR-US: Grisoft AVG
 CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: RevilloC MailServer and Proxy
 CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: D2KBlog
 CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in 
D2KBlog ...)
-       TODO: check
+       NOT-FOR-US: D2KBlog
 CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: CuteNews
 CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in 
DCP-Portal ...)
-       TODO: check
+       NOT-FOR-US: DCP-Portal
 CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has 
insufficient ...)
-       TODO: check
+       NOT-FOR-US: Cpanel (PHP)
 CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: Aardvark
 CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) 
nForce, (3) ...)
-       TODO: check
+       NOT-FOR-US: nCipher
 CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 
2.18 ...)
-       TODO: check
+       NOT-FOR-US: nCipher
 CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman ...)
-       TODO: check
+       NOT-FOR-US: nCipher
 CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 
0.42 ...)
-       TODO: check
+       NOT-FOR-US: Loudblog
 CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 
0.42 ...)
-       TODO: check
+       NOT-FOR-US: Loudblog
 CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
-       TODO: check
+       NOT-FOR-US: Aztek Forum
 CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
-       TODO: check
+       NOT-FOR-US: Aztek Forum
 CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 
allows ...)
-       TODO: check
+       NOT-FOR-US: Aztek Forum
 CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 
allows ...)
-       TODO: check
+       NOT-FOR-US: Total Ecommerce
 CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 
1.0.1 ...)
-       TODO: check
+       NOT-FOR-US: NMDeluxe
 CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in 
NMDeluxe ...)
-       TODO: check
+       NOT-FOR-US: NMDeluxe
 CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 
1 and ...)
-       TODO: check
+       NOT-FOR-US: Pixelpost
 CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to 
obtain ...)
-       TODO: check
+       NOT-FOR-US: Pixelpost
 CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 
and ...)
-       TODO: check
+       NOT-FOR-US: Pixelpost
 CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from 
the Cube ...)
-       TODO: check
+       NOT-FOR-US: Sauerbraten / cube engine
 CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: Sauerbraten / cube engine
 CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 
2006_02_28, as ...)
-       TODO: check
+       NOT-FOR-US: Sauerbraten / cube engine
 CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...)
-       TODO: check
+       NOT-FOR-US: Sauerbraten / cube engine
 CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 
allows ...)
-       TODO: check
+       NOT-FOR-US: logIT
 CVE-2006-1098 (** DISPUTED ** ...)
-       TODO: check
+       NOT-FOR-US: NZ Ecommerce
 CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in 
Datenbank MOD ...)
-       TODO: check
+       NOT-FOR-US: Woltlab Burning Board
 CVE-2006-1096 (** DISPUTED ** ...)
-       TODO: check
+       NOT-FOR-US: NZ Ecommerce
 CVE-2006-1095 (Unspecified vulnerability in the FileSession object in 
Mod_python ...)
-       TODO: check
+       NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out
+       NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be 
packaged
 CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier 
for ...)
-       TODO: check
+       NOT-FOR-US: Woltlab Burning Board
 CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 
5.0.2.15 ...)
-       TODO: check
+       NOT-FOR-US: IBM WebSphere
 CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the 
process ...)
-       TODO: check
+       NOT-FOR-US: Solaris
 CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to 
cause a ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky Antivirus
 CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause 
an ...)
-       TODO: check
+       NOT-FOR-US: PunBB
 CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 
1.2.10 ...)
-       TODO: check
+       NOT-FOR-US: PunBB
 CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain 
...)
-       TODO: check
+       NOT-FOR-US: PHP-Stats
 CVE-2006-1087 (Direct static code injection vulnerability in the modify_config 
action ...)
-       TODO: check
-
-end claimed by stef-guest
-
+       NOT-FOR-US: PHP-Stats
 CVE-2006-1086
        REJECTED
 CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: PHP-Stats
 CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and 
...)
-       TODO: check
+       NOT-FOR-US: PHP-Stats
 CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 
0.1.9.1 and ...)
-       TODO: check
+       NOT-FOR-US: PHP-Stats
+
+begin claimed by stef-guest
+
 CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in 
phpArcadeScript ...)
        TODO: check
 CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in 
Jonathan ...)
@@ -131,6 +130,9 @@
        RESERVED
 CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard 
(MyBB) ...)
        TODO: check
+
+end claimed by stef-guest
+
 CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 
2.0 and ...)
        - lurker 2.1-1
 CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows 
remote ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3587 - data/CVE

Reply via email to