Author: stef-guest
Date: 2006-03-10 21:42:31 +0000 (Fri, 10 Mar 2006)
New Revision: 3590
Modified:
data/CVE/list
Log:
some NFUs; htpasswd setuid unsafeness
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-10 21:14:25 UTC (rev 3589)
+++ data/CVE/list 2006-03-10 21:42:31 UTC (rev 3590)
@@ -91,44 +91,46 @@
NOT-FOR-US: PHP-Stats
CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats
0.1.9.1 and ...)
NOT-FOR-US: PHP-Stats
-begin claimed by stef-guest
CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in
phpArcadeScript ...)
- TODO: check
+ NOT-FOR-US: phpArcadeScript
CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in
Jonathan ...)
- TODO: check
+ NOT-FOR-US: PluggedOut Nexus
CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in
Game-Panel ...)
- TODO: check
+ NOT-FOR-US: Game-Panel
CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other
products ...)
- TODO: check
+ - thttpd 2.23beta1-2.4 (bug #253816; low)
+ NOTE: apache's htpasswd not vulnerable, but source contains note about
+ NOTE: not being safe for sudo
+ NOTE: filed whishlist bug to add this to manpage
CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd
2.25b, ...)
- TODO: check
+ - thttpd 2.23beta1-2.4 (bug #253816; low)
+ NOTE: apache's htpasswd not vulnerable
CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Evo-Dev
evoBlog ...)
- TODO: check
+ NOT-FOR-US: Evo-Dev evoBlog
CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a
showtopic ...)
- TODO: check
+ NOT-FOR-US: checkInvision Power Board
CVE-2006-1075 (Format string vulnerability in the visualization function in
Jason ...)
- TODO: check
+ NOT-FOR-US: Liero Xtreme
CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Liero Xtreme
CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave
Simplog ...)
- TODO: check
+ NOT-FOR-US: Daverave Simplog
CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog
1.0.2 and ...)
- TODO: check
+ NOT-FOR-US: Daverave Simplog
CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in
DVguestbook ...)
- TODO: check
+ NOT-FOR-US: DVguestbook
CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...)
- TODO: check
+ NOT-FOR-US: DVguestbook
CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog
1.4.x ...)
- TODO: check
+ NOT-FOR-US: Geeklog
CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow
remote ...)
- TODO: check
+ NOT-FOR-US: VXWorks
CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote
...)
- TODO: check
+ NOT-FOR-US: VXWorks
CVE-2006-1066
RESERVED
CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard
(MyBB) ...)
- TODO: check
-end claimed by stef-guest
+ NOT-FOR-US: MyBulletinBoard
CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker
2.0 and ...)
- lurker 2.1-1
CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows
remote ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
