Author: stef-guest
Date: 2006-09-09 22:22:45 +0000 (Sat, 09 Sep 2006)
New Revision: 4706
Modified:
data/CVE/list
data/embedded-code-copies
Log:
- CVE-2006-4561 new firefox issue (low)
- tikiwiki CVEified
- CVE-2006-4618 adodb not affected (in 6 packages)
- CVE-2006-4455 xchat not affected
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-09 09:25:30 UTC (rev 4705)
+++ data/CVE/list 2006-09-09 22:22:45 UTC (rev 4706)
@@ -7,7 +7,12 @@
CVE-2006-4619 (The start update window in Avira AntiVir PersonalEdition
Classic ...)
NOT-FOR-US: Avira
CVE-2006-4618 (PHP remote file inclusion vulnerability in
adodb-postgres7.inc.php in ...)
- TODO: check
+ - libphp-adodb <not-affected> (vulnerable code seems to be In-link
specific)
+ - egroupware <not-affected> (vulnerable code seems to be In-link
specific)
+ - moodle <not-affected> (vulnerable code seems to be In-link specific)
+ - phppgadmin <not-affected> (vulnerable code seems to be In-link
specific)
+ - gallery2 <not-affected> (vulnerable code seems to be In-link specific)
+ - phpwiki <not-affected> (vulnerable code seems to be In-link specific)
CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in
vtiger ...)
NOT-FOR-US: vtiger CRM
CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and
Enterprise ...)
@@ -21,7 +26,7 @@
CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12
allows ...)
NOT-FOR-US: ZIXForum
CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in
dsocks ...)
- TODO: check
+ NOT-FOR-US: dsocks
CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in
GrapAgenda ...)
NOT-FOR-US: GrapAgenda
CVE-2006-4609 (** DISPUTED ** ...)
@@ -38,8 +43,6 @@
NOT-FOR-US: Lanifex Database of Managed Objects (DMO)
CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to
bypass ...)
NOT-FOR-US: Swift Sound Web Dictate
-CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki
1.9.4 ...)
- TODO: check
CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2
allows ...)
NOT-FOR-US: 1Two
CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated
users with ...)
@@ -123,85 +126,88 @@
CVE-2006-4562 (** DISPUTED ** ...)
NOT-FOR-US: Symantec
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute
arbitrary ...)
- TODO: check
+ - xulrunner <unfixed> (low)
+ - firefox <unfixed> (low>
+ - mozilla <unfixed> (low>
+ - mozilla-firefox <removed> (low)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers
to ...)
NOT-FOR-US: Internet Explorer
CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet
Another ...)
- TODO: check
+ NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server
with the ...)
- TODO: check
+ NOT-FOR-US: DeluxeBB
CVE-2006-4557 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Discloser
CVE-2006-4556 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: JIM component for Mambo and Joomla!
CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX
control ...)
- TODO: check
+ NOT-FOR-US: Miniclip CR64Loader ActiveX control
CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ...)
- TODO: check
+ NOT-FOR-US: BeCubed Compression Plus
CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in
the ...)
- TODO: check
+ NOT-FOR-US: com_comprofiler Components for Mambo and Joomla!
CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter
...)
- TODO: check
+ NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21
allows ...)
- TODO: check
+ NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter
2006-01-21 ...)
- TODO: check
+ NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read
the ...)
- TODO: check
+ NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when
the input ...)
- TODO: check
+ NOTE: this should be fixed in PHP (CVE-2006-3017)
CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to
obtain ...)
- TODO: check
+ NOT-FOR-US: Lyris ListManager
CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who
have ...)
- TODO: check
+ NOT-FOR-US: Lyris ListManager
CVE-2006-4545 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: ModuleBased CMS Pre-Alpha
CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB
1.9.1, when ...)
- TODO: check
+ NOT-FOR-US: ExBB
CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in
HLStats 1.34 ...)
- TODO: check
+ NOT-FOR-US: HLStats
CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly
handle a ...)
TODO: check
CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and
possibly ...)
- TODO: check
+ NOT-FOR-US: BlackICE PC Protection
CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in
...)
- TODO: check
+ NOT-FOR-US: Learn.com LearnCenter
CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...)
- TODO: check
+ NOT-FOR-US: Cerberus Helpdesk
CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC
...)
TODO: check
CVE-2006-4537 (NET$SESSION_CONTROL.EXE before 20060825 in DECnet-Plus in
OpenVMS ...)
- TODO: check
+ NOT-FOR-US: OpenVMS
CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS
Frogss ...)
- TODO: check
+ NOT-FOR-US: CMS Frogss
CVE-2006-4535
RESERVED
CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000 allows remote
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS
1.0.6 ...)
- TODO: check
+ NOT-FOR-US: Plume CMS
CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php
in Yet ...)
- TODO: check
+ NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in
Pheap CMS ...)
- TODO: check
+ NOT-FOR-US: Pheap CMS
CVE-2006-4530 (Direct static code injection vulnerability in
include/change.php in ...)
- TODO: check
+ NOT-FOR-US: membrepass
CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in
membrepass 1.5. ...)
- TODO: check
+ NOT-FOR-US: membrepass
CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in
membrepass 1.5 ...)
- TODO: check
+ NOT-FOR-US: membrepass
CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and
earlier, when ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php
in ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and
...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in
Digiappz ...)
- TODO: check
+ NOT-FOR-US: Digiappz Freekot
CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal
and ...)
- TODO: check
+ NOT-FOR-US: 2Wire
CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3
allows ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote
attackers to ...)
TODO: check
CVE-2006-XXXX [hostapd dos]
@@ -342,7 +348,7 @@
CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook
before ...)
NOT-FOR-US: iAddressBook
CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to
cause ...)
- TODO: check
+ NOT-FOR-US: AnywhereUSB/5
CVE-2006-4458 (Directory traversal vulnerability in ...)
- phpgroupware <unfixed> (bug #386061; medium)
CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in
phpECard 2.1.4 ...)
@@ -350,9 +356,7 @@
CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in
phpECard ...)
NOT-FOR-US: phpECard
CVE-2006-4455 (** DISPUTED ** ...)
- TODO: check
- NOTE: xchat, disputed because it does "not affect any recent version"
- NOTE: sarge's 2.4.1 is not recent by their definition :-|
+ - xchat <not-affected> (not reproducible)
CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in
HLstats ...)
NOT-FOR-US: HLstats
CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before
2.1.18 ...)
@@ -404,7 +408,7 @@
[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a
backport)
CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a
denial ...)
NOT-FOR-US: Microsoft
-CVE-2006-XXXX [tikiwiki security issue in jhot.php]
+CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki
1.9.4 ...)
- tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions,
creates ...)
- isakmpd 20041012-4 (bug #385894; medium)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2006-09-09 09:25:30 UTC (rev 4705)
+++ data/embedded-code-copies 2006-09-09 22:22:45 UTC (rev 4706)
@@ -188,3 +188,11 @@
scite
qscintilla
geany
+
+libphp-adodb
+gallery2
+phppgadmin
+egroupware
+phpwiki
+moodle
+
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
