Author: stef-guest
Date: 2006-10-29 22:04:28 +0100 (Sun, 29 Oct 2006)
New Revision: 4897
Modified:
data/CVE/list
Log:
- CVE-2006-5449: new ingo1 issue
- CVE-2006-5435: phpbb2 non-issue
- CVE-2003-1307: new old apache/php issue
- CVE-2006-5297/8: new mutt issues (low)
- CVE-2006-5173: new linux local DoS
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-29 18:59:19 UTC (rev 4896)
+++ data/CVE/list 2006-10-29 21:04:28 UTC (rev 4897)
@@ -136,7 +136,7 @@
CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive
Cinema ...)
NOT-FOR-US: Kinesis Interactive Cinema System (KICS) CMS
CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote ...)
- TODO: check
+ - ingo1 <unfixed> (bug #396099)
CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital
Rights ...)
NOT-FOR-US: Microsoft
CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV
Web ...)
@@ -164,7 +164,7 @@
CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ
1.0.e ...)
NOT-FOR-US: FreeFAQ
CVE-2006-5435 (** DISPUTED ** ...)
- TODO: check
+ - phpbb2 <not-affected> (not vulnerable)
CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News
1.16 ...)
NOT-FOR-US: P-News
CVE-2006-5433 (PHP remote file inclusion vulnerability in
modules/guestbook/index.php ...)
@@ -272,7 +272,12 @@
CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and
...)
NOT-FOR-US: 3Com
CVE-2003-1307 (** DISPUTED ** ...)
- TODO: check
+ NOTE: More of an apache flaw than a php flaw. And just one more reason
+ NOTE: why you have lost as soon as an attacker can execute arbitrary
+ NOTE: php scripts.
+ NOTE: http://www.securityfocus.com/bid/9302
+ - apache <unfixed>
+ - apache2 <unfixed>
CVE-2006-XXXX [unspecified steam cache vulnerability]
- steam 2.2.31-1
[sarge] - steam <not-affected> (Sarge version doesn't implement caching)
@@ -446,9 +451,9 @@
CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in
index.php in ...)
NOT-FOR-US: Gcontact
CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and
...)
- TODO: check
+ - mutt <unfixed> (bug #396104; low)
CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail
client ...)
- TODO: check
+ - mutt <unfixed> (bug #396104; low)
CVE-2006-5296 (Buffer overflow in Microsoft Office 2003 PowerPoint allows ...)
NOT-FOR-US: Microsoft
CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in
phplist ...)
@@ -532,55 +537,55 @@
CVE-2006-5255 (** DISPUTED ** ...)
NOT-FOR-US: gCards
CVE-2006-5254 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Detailed User Registration (com_registration_detailed), aka
regdetailed
CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in
Dayana ...)
- TODO: check
+ NOT-FOR-US: phpOnline (aka PHP-Online)
CVE-2006-5252 (PHP remote file inclusion vulnerability in
includes/core.lib.php in ...)
- TODO: check
+ NOT-FOR-US: Webmedia Explorer
CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep
CMS 2.0a ...)
- TODO: check
+ NOT-FOR-US: Deep CMS
CVE-2006-5250 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: BlueShoes
CVE-2006-5249 (PHP remote file inclusion vulnerability in
tagmin/delTagUser.php in ...)
- TODO: check
+ NOT-FOR-US: TagIt! Tagboard
CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with
...)
- TODO: check
+ NOT-FOR-US: Eazy Cart
CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy
Cart allow ...)
- TODO: check
+ NOT-FOR-US: Eazy Cart
CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other
critical ...)
- TODO: check
+ NOT-FOR-US: Eazy Cart
CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and
gain ...)
- TODO: check
+ NOT-FOR-US: Eazy Cart
CVE-2006-5244 (Multilple PHP remote file inclusion vulnerabilities in OpenDock
Easy ...)
- TODO: check
+ NOT-FOR-US: Easy Blog
CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock
Easy ...)
- TODO: check
+ NOT-FOR-US: Easy Blog
CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management
System (CMS) ...)
- TODO: check
+ NOT-FOR-US: Etomite Content Management System
CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock
Easy ...)
- TODO: check
+ NOT-FOR-US: Easy Gallery
CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php
in ...)
- TODO: check
+ NOT-FOR-US: Docmint
CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog
0.3.5 ...)
- TODO: check
+ NOT-FOR-US: eXpBlog
CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue
Smiley ...)
- TODO: check
+ NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before
4.46 ...)
- TODO: check
+ NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x
allows ...)
- TODO: check
+ NOT-FOR-US: 4images
CVE-2006-5235 (PHP remote file inclusion vulnerability in
includes/functions_kb.php ...)
- TODO: check
+ NOT-FOR-US: Dimension of phpBB
CVE-2006-5234 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: phpWebSite
CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version
...)
- TODO: check
+ NOT-FOR-US: Polycom SoundPoint IP 301 VoIP Desktop Phone
CVE-2006-5232 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: iSearch
CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version
1.1.0.5, ...)
- TODO: check
+ NOT-FOR-US: Grandstream GXP-2000 VoIP Desktop Phone
CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in
FreeForum ...)
- TODO: check
+ NOT-FOR-US: FreeForum
CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote
...)
{DSA-1196-1}
- clamav 0.88.5-1 (high; bug #393445)
@@ -630,7 +635,7 @@
CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM)
Suite for ...)
NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1
...)
- TODO: check
+ NOT-FOR-US: IronWebMail
CVE-2006-5209 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Admin Topic Action Logging Mod for phpBB
CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1
allow ...)
@@ -708,7 +713,7 @@
- linux-2.6 2.6.18-3
NOTE: s390 only
CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a
context ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2006-5172
RESERVED
CVE-2006-5171
@@ -1232,7 +1237,7 @@
CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS)
device ...)
NOT-FOR-US: Symantec AntiVirus
CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK
(KLICK.SYS) and ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Labs
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and
earlier, ...)
NOT-FOR-US: SISCO OSI stack for Windows
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly
2.6.12 and ...)
@@ -2164,9 +2169,9 @@
CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6
allows ...)
NOT-FOR-US: Novell GroupWise
CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP
service in ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest
function in ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18
and ...)
- tor 0.1.1.23-1
CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF)
in the ...)
@@ -2935,7 +2940,7 @@
- kfreebsd-5 <unfixed> (bug #391289; low)
[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for
the FreeBSD kernel)
CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell
eDirectory ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2006-4176
RESERVED
CVE-2006-4175
@@ -2982,7 +2987,7 @@
CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka
threaded ...)
NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for
Apache 2.x ...)
- TODO: check
+ NOT-FOR-US: mod_tcl
CVE-2006-4153
RESERVED
CVE-2006-4152
@@ -4599,7 +4604,7 @@
CVE-2006-3456
RESERVED
CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus
Corporate ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus
Corporate ...)
NOT-FOR-US: Symantec
CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote
attackers ...)
@@ -19348,7 +19353,7 @@
CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read
...)
NOT-FOR-US: Greasemonkey
CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses
insecure ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Notes
CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web
Server ...)
NOT-FOR-US: NetworkActiv Web Server
CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial
of ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
