Author: stef-guest
Date: 2006-04-14 09:18:32 +0000 (Fri, 14 Apr 2006)
New Revision: 3801
Modified:
data/CVE/list
Log:
new phpmyadmin XSS
cherokee already fixed
some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-14 09:14:27 UTC (rev 3800)
+++ data/CVE/list 2006-04-14 09:18:32 UTC (rev 3801)
@@ -218,70 +218,68 @@
- gallery 1.5.3-1 (bug #361758)
CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR
...)
- fbi <unfixed> (bug #361370)
-begin claimed by stef-guest
CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members
1.1 and ...)
- TODO: check
+ NOT-FOR-US: XBrite Members
CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server
before ...)
- TODO: check
+ NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b
allow ...)
- TODO: check
+ NOT-FOR-US: MWNewsletter
CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows
remote ...)
- TODO: check
+ NOT-FOR-US: MWNewsletter
CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in
...)
- TODO: check
+ NOT-FOR-US: MWNewsletter
CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using
the ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery
4.5 and ...)
- TODO: check
+ NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system
4.0 ...)
- TODO: check
+ NOT-FOR-US: APT-webshop-system
CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system
4.0 ...)
- TODO: check
+ NOT-FOR-US: APT-webshop-system
CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in ...)
- TODO: check
+ NOT-FOR-US: APT-webshop-system
CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and
earlier ...)
- TODO: check
+ NOT-FOR-US: ecotwo Shopsystem
CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk
Guestbook ...)
- TODO: check
+ NOT-FOR-US: Chipmunk Guestbook
CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in
TalentSoft ...)
- TODO: check
+ NOT-FOR-US: TalentSoft Web+Shop
CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5
and ...)
- TODO: check
+ - cherokee 0.5.1-1
CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows
remote ...)
NOT-FOR-US: Jupiter CMS
CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php
Jupiter ...)
NOT-FOR-US: Jupiter CMS
CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- TODO: check
+ - phpmyadmin (bug #362567)
CVE-2006-1677 (MAXdev MD-Pro 1.0.73 and 1.0.72 allows remote attackers to
obtain the ...)
- TODO: check
+ NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1676 (SQL injection vulnerability in the display function in the
Topics ...)
- TODO: check
+ NOT-FOR-US: MAXdev MD-Pro
CVE-2006-XXXX [Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service]
- cyrus-sasl2 <unfixed> (bug #361937)
CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPWebGallery ...)
- TODO: check
+ NOT-FOR-US: PHPWebGallery
CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...)
- TODO: check
+ NOT-FOR-US: PHPWebGallery
CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in
Dark_Wizard ...)
- TODO: check
+ NOT-FOR-US: Dark_Wizard vBug Tracker
CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco
Optical ...)
- TODO: check
+ NOT-FOR-US: Cisco Optical Networking
CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000
series ...)
- TODO: check
+ NOT-FOR-US: Cisco Optical Networking
CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000
series ...)
- TODO: check
+ NOT-FOR-US: Cisco Optical Networking
CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven
Team ...)
- TODO: check
+ NOT-FOR-US: PHPMyChat
CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG)
(aka ...)
- TODO: check
+ NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty
Syntax ...)
- TODO: check
-end claimed by stef-guest
+ NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1
stable ...)
- TODO: check
+ NOT-FOR-US: Arab Portal
CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab
Portal ...)
- TODO: check
+ NOT-FOR-US: Arab Portal
CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and
...)
TODO: check
CVE-2006-1663
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
