[Secure-testing-commits] r3829 - data/CVE

Wed, 19 Apr 2006 09:02:11 -0700 

Author: stef-guest
Date: 2006-04-19 16:01:23 +0000 (Wed, 19 Apr 2006)
New Revision: 3829

Modified:
   data/CVE/list
Log:
new phpmyadmin issue
old mambo issue
old wordpress issue
mozilla issue already fixed
some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2006-04-19 14:49:13 UTC (rev 3828)
+++ data/CVE/list       2006-04-19 16:01:23 UTC (rev 3829)
@@ -1,81 +1,81 @@
-claimed by stef-guest
 CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe 
Gallery ...)
-       TODO: check
+       NOT-FOR-US: Snipe Gallery
 CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in 
phpLinks ...)
-       TODO: check
+       NOT-FOR-US: phpLinks
 CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-       TODO: check
+       NOT-FOR-US: PhpGuestbook
 CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: FarsiNews
 CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in 
FarsiNews ...)
-       TODO: check
+       NOT-FOR-US: FarsiNews
 CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: ModX CMS
 CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX 
0.9.1 ...)
-       TODO: check
+       NOT-FOR-US: ModX CMS
 CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in 
...)
-       TODO: check
+       NOT-FOR-US: phpWebSite
 CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in 
warforge.NEWS ...)
-       TODO: check
+       NOT-FOR-US: warforge.NEWS
 CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS 
1.0, ...)
-       TODO: check
+       NOT-FOR-US: warforge.NEWS
 CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1, 
3.5.2, and ...)
-       TODO: check
+       NOT-FOR-US: VBulletin
 CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in 
register.php in ...)
-       TODO: check
+       NOT-FOR-US: Tritanium Bulletin Board
 CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a 
denial of ...)
-       TODO: check
+       NOT-FOR-US: NetBSD kernel
 CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2 
and ...)
-       TODO: check
+       NOT-FOR-US: phpWebFTP
 CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web 
document root ...)
-       TODO: check
+       NOT-FOR-US: phpWebFTP
 CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA 
allow ...)
-       TODO: check
+       NOT-FOR-US: FlexBB
 CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 
0.5.5 ...)
-       TODO: check
+       NOT-FOR-US: FlexBB
 CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain 
...)
-       TODO: check
+       NOT-FOR-US: Lifetype
 CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in 
Lifetype ...)
-       TODO: check
+       NOT-FOR-US: Lifetype
 CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox 
2.3.3 ...)
-       TODO: check
+       NOT-FOR-US: Musicbox
 CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in 
Musicbox ...)
-       TODO: check
+       NOT-FOR-US: Musicbox
 CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 
allows ...)
-       TODO: check
+       NOT-FOR-US: PowerClan
 CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 
allows ...)
-       TODO: check
+       - phpmyadmin <unfixed> (bug #363519; low)
 CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in 
phpMyAdmin ...)
-       TODO: check
+       - phpmyadmin <unfixed> (bug #363519; low)
 CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in ...)
-       TODO: check
+       NOT-FOR-US: TinyWebGallery
 CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in 
planetsearchplus.php in ...)
-       TODO: check
+       NOT-FOR-US: planetSearch+
 CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS 
1.0.6 ...)
-       TODO: check
+       NOT-FOR-US: SimpleBBS
 CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote 
attackers ...)
-       TODO: check
+       NOT-FOR-US: Censtore
 CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: RateIt
 CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows 
local ...)
-       TODO: check
+       NOT-FOR-US: NetBSD kernel
 CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links 
...)
-       TODO: check
+       - wordpress 2.0.1 (bug #328909)
 CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi 
in UPDI ...)
-       TODO: check
+       NOT-FOR-US: UPDI Network Enterprise
 CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and 
possibly ...)
-       TODO: check
+       NOTE: only in experimental
+       - mambo <unfixed> (bug #354468)
 CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier 
allows ...)
-       TODO: check
+       NOT-FOR-US: runCMS
 CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable 
Standard ...)
-       TODO: check
+       NOT-FOR-US: MailEnable
 CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 
1.4 ...)
-       TODO: check
+       NOT-FOR-US: QuickBlogger
 CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote 
attackers to ...)
-       TODO: check
+       - firefox 1.5
+       - mozilla-firefox <not-affected> (problematic fix not backported into 
1.0.4-2sarge5)
 CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 
and ...)
-       TODO: check
-end claimed by stef-guest
+       NOT-FOR-US: QuickBlogger
 CVE-2006-XXXX [two amaya buffer overflows]
        - amaya <unfixed> (bug #362575)
 CVE-2006-XXXX [kphone stores SIP passwords in world readable files]
@@ -571,9 +571,9 @@
 CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before 
1.1.5.22 ...)
        NOT-FOR-US: KGB Archiver
 CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in 
SQuery ...)
-       TODO: check
+       NOT-FOR-US: SQuery / Autonomous LAN party
 CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, 
XFIT/S/ZGN, ...)
-       TODO: check
+       NOT-FOR-US: Hitachi XFIT
 CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local 
users ...)
        - php4 <unfixed> (bug #361856)
        - php5 <unfixed> (bug #361915)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to