Author: stef-guest
Date: 2006-11-30 23:04:40 +0100 (Thu, 30 Nov 2006)
New Revision: 5033
Modified:
data/CVE/list
Log:
- libgsf issue DSAified ;)
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-11-30 21:39:11 UTC (rev 5032)
+++ data/CVE/list 2006-11-30 22:04:40 UTC (rev 5033)
@@ -1,7 +1,7 @@
CVE-2006-6177 (SQL injection vulnerability in
system/core/users/users.profile.inc.php ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn
before ...)
- TODO: check
+ NOT-FOR-US: Blogn
CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde
Kronolith ...)
- kronolith2 2.1.4-1 (bug #400899)
TODO: check kronolith 1.x
@@ -10,7 +10,7 @@
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function
in ...)
NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input
plugin ...)
- TODO: check
+ TODO: check xine, etc
CVE-2006-6171 (** DISPUTED ** ...)
- proftpd-dfsg 1.3.0-13 (low; bug #399070)
CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the
mod_tls ...)
@@ -22,27 +22,27 @@
CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote
attackers to ...)
- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6167 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Active PHP Bookmarks
CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE
Admin ...)
- TODO: check
+ NOT-FOR-US: Joomla Content Editor (JCE) for Joomla!
CVE-2006-6165 (** DISPUTED ** ...)
- TODO: check
+ NOTE: non-issue
CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in
OpenBSD 3.9 ...)
NOT-FOR-US: OpenBSD
CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php
in ...)
- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in
tiki-edit_structures.php ...)
- TODO: check
+ - tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum
Help Desk ...)
NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem
Liberum Help ...)
NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in
newticket.php ...)
- TODO: check
+ NOT-FOR-US: DeskPRO
CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS
Help ...)
- TODO: check
+ NOT-FOR-US: PMOS Help Desk
CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and
...)
- TODO: check
+ NOT-FOR-US: ContentNow
CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in
HIOX ...)
NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX
Star ...)
@@ -54,17 +54,17 @@
CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified
System ...)
NOTE: NOT-FOR-US (vSpin.net)
CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in
Messagerie ...)
- TODO: check
+ NOT-FOR-US: Messagerie Locale
CVE-2006-6150 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OWLLib
CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager
1.0 ...)
- TODO: check
+ NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in
submitlink.asp ...)
- TODO: check
+ NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager
allow ...)
- TODO: check
+ NOT-FOR-US: JiRos Links Manager
CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in ...)
- TODO: check
+ NOT-FOR-US: libharu
CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials
in ...)
NOT-FOR-US: CRYPTOCard
CVE-2006-6144
@@ -74,7 +74,7 @@
CVE-2006-6142
RESERVED
CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Tftpd32
CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006
(Semarang ...)
NOTE: NOT-FOR-US (Sisfo Kampus)
CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo
Kampus ...)
@@ -92,7 +92,7 @@
CVE-2006-6133 (Stack-based buffer overflow in Business Objects Crystal Reports
XI ...)
NOTE: NOT-FOR-US (Business Objects Crystal Reports)
CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite
allow ...)
- TODO: check
+ NOT-FOR-US: Link Exchange Lite
CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and
(2) ...)
NOT-FOR-US: Kerio WebSTAR
CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial
of ...)
@@ -140,17 +140,17 @@
CVE-2006-6114 (Buffer overflow in NWSPOOL.DLL in Novell Client 4.91 Post-SP3
for ...)
NOT-FOR-US: Novell
CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive
...)
- TODO: check
+ NOT-FOR-US: Monkey Boards
CVE-2006-6112
RESERVED
CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro
2.0 ...)
NOT-FOR-US: Alan Ward A-Cart Pro
CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified
BPG-InfoTech ...)
- TODO: check
+ NOT-FOR-US: BPG-InfoTech Content Management System
CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store
3.5.2.14 ...)
- TODO: check
+ NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before
1.0.1a-beta ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2006-6107
RESERVED
CVE-2006-6106
@@ -180,45 +180,45 @@
CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager
allow ...)
NOT-FOR-US: ActiveNews Manage
CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in
adminprint.php ...)
- TODO: check
+ NOT-FOR-US: PicturesPro Photo Cart
CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp
in 20/20 ...)
NOT-FOR-US: Auto Gallery
CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB
before ...)
- TODO: check
+ NOT-FOR-US: GrimBB
CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow
remote ...)
- TODO: check
+ NOT-FOR-US: BaalAsp
CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in
addpost1.asp in ...)
- TODO: check
+ NOT-FOR-US: BaalAsp forum
CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in
BlueCollar ...)
- TODO: check
+ NOT-FOR-US: i-Gallery
CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my
little ...)
- TODO: check
+ NOT-FOR-US: my little weblog
CVE-2006-6086 (PHP remote file inclusion vulnerability in ark_inc.php in e-Ark
1.0 ...)
- TODO: check
+ NOT-FOR-US: e-Ark
CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same
permissions ...)
- kile 1:1.9.3-1
CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in
aBitWhizzy ...)
- TODO: check
+ NOT-FOR-US: aBitWhizzy
CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts
Creadirectory ...)
- TODO: check
+ NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in
CreaScripts ...)
- TODO: check
+ NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6081 (PHP remote file inclusion vulnerability in
Smarty_Compiler.class.php ...)
- TODO: check
+ TODO: check smarty, moodle, gallery2
CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in
gNews ...)
- TODO: check
+ NOT-FOR-US: gNews
CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth
2.4 ...)
- TODO: check
+ NOT-FOR-US: LoudMouth (PHP thingy, not libloudmouth)
CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in
a-ConMan ...)
- TODO: check
+ NOT-FOR-US: a-ConMan
CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8
and ...)
- iceweasel <unfixed> (high)
- mozilla-firefox <unfixed> (high)
- xulrunner <unfixed> (high)
CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in Computer
...)
- TODO: check
+ NOT-FOR-US: BrightStor
CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in
BaalAsp ...)
- TODO: check
+ NOT-FOR-US: BaalAsp forum
CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping
Cart ...)
TODO: check
CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping
Cart ...)
@@ -2221,7 +2221,9 @@
CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in
...)
NOT-FOR-US: OlateDownload
CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)]
+ {DSA-1221-1}
- libgsf 1.14.2-1
+ NOTE: DSA-1221-1
CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup
r11.5 SP1 ...)
NOT-FOR-US: Backup Agent RPC Server
CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup
R11.5 ...)
@@ -3848,39 +3850,39 @@
CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for
certain ...)
NOT-FOR-US: Apple Remote Desktop
CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through
10.4.8 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and
10.4.x ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x
before ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the
Security ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8
allows ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9
does not ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8
and ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4405
RESERVED
CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier,
when ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP
Access ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X
10.4.8 and ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS)
server in ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac
OS X ...)
NOT-FOR-US: Mac OS
CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS)
server in ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4
...)
NOT-FOR-US: Mac OS
CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS
X ...)
NOT-FOR-US: Mac OS
CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through
10.4.7, ...)
@@ -4553,7 +4555,7 @@
CVE-2006-4100
RESERVED
CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates
predictable ...)
- TODO: check
+ NOT-FOR-US: Business Objects
CVE-2006-4098
RESERVED
CVE-2006-4097
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
