thr3ads.net - Secure testing commits - [Secure-testing-commits] r5138

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Dec-17 18:46 UTC
[Secure-testing-commits] r5138 - data/CVE

Author: stef-guest
Date: 2006-12-17 18:46:03 +0100 (Sun, 17 Dec 2006)
New Revision: 5138

Modified:
   data/CVE/list
Log:
- CVE-2006-6417: b2evolution not-affected
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-12-17 17:32:48 UTC (rev 5137)
+++ data/CVE/list	2006-12-17 17:46:03 UTC (rev 5138)
@@ -21,9 +21,9 @@
 CVE-2006-6566 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Profile Control Panel (CPanel) module for mxBB
 CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause
a ...)
-	TODO: check
+	NOT-FOR-US: FileZilla Server
 CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause
a ...)
-	TODO: check
+	NOT-FOR-US: FileZilla Server
 CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request
function in ...)
 	- proftpd-dfsg 1.3.0-17 (medium)
 	[sarge] - proftpd <not-affected> (Vulnerable code not activated in
binary build)
@@ -109,33 +109,33 @@
 CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in
...)
 	NOT-FOR-US: BoxTrapper in cPanel
 CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in
WikiTimeScale ...)
-	TODO: check
+	NOT-FOR-US: WikiTimeScale TwoZero
 CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in
Messageriescripthp 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Messageriescripthp
 CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Messageriescripthp
 CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5
allows ...)
-	TODO: check
+	NOT-FOR-US: ProNews
 CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews
1.5 ...)
-	TODO: check
+	NOT-FOR-US: ProNews
 CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics
1.16 and ...)
-	TODO: check
+	NOT-FOR-US: KDPics
 CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics
1.16 and ...)
-	TODO: check
+	NOT-FOR-US: KDPics
 CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of ...)
 	TODO: check
 CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an
insufficient ...)
-	TODO: check
+	NOT-FOR-US: Winamp Web Interface (Wawi)
 CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web
Interface ...)
-	TODO: check
+	NOT-FOR-US: Winamp Web Interface (Wawi)
 CVE-2006-6512 (Directory traversal vulnerability in the Browse function
(/browse URI) ...)
-	TODO: check
+	NOT-FOR-US: Winamp Web Interface (Wawi)
 CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch
directive ...)
-	TODO: check
+	NOT-FOR-US: dadaIMC
 CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is
...)
-	TODO: check
+	NOT-FOR-US: SiteKiosk
 CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature
in ...)
-	TODO: check
+	NOT-FOR-US: SiteKiosk
 CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21
allows ...)
 	TODO: check
 CVE-2006-6507
@@ -161,7 +161,7 @@
 CVE-2006-6497
 	RESERVED
 CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA
Anti-Virus ...)
-	TODO: check
+	NOT-FOR-US: CA Anti-Virus
 CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and
10 ...)
 	NOT-FOR-US: Solaris
 CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8,
9, and ...)
@@ -205,7 +205,7 @@
 CVE-2006-6475
 	RESERVED
 CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for
Linux ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and
...)
 	NOT-FOR-US: Xerox WorkCentre
 CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro
before ...)
@@ -223,7 +223,7 @@
 CVE-2006-6466 (Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php
in ...)
 	NOT-FOR-US: WikyBlog
 CVE-2006-6465 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: WikyBlog
 CVE-2006-6464 (viewcart in Midicart accepts negative numbers in the Qty
(quantity) ...)
 	NOT-FOR-US: Midicart
 CVE-2006-6463 (Unrestricted file upload vulnerability in admin/add.php in
Midicart ...)
@@ -235,7 +235,7 @@
 CVE-2006-6460 (Yourfreeworld.com Short Url &amp; Url Tracker Script allows
remote ...)
 	NOT-FOR-US: Yourfreeworld.com Short Url Script
 CVE-2006-6459 (Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB
...)
-	TODO: check
+	NOT-FOR-US: Toplist for phpBB
 CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before
8.150 ...)
 	NOT-FOR-US: Trend Micro (Windows)
 CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other
...)
@@ -263,7 +263,7 @@
 CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional
5.0.4, ...)
 	NOT-FOR-US: iWare Professional
 CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution
1.1.0 and ...)
-	TODO: check
+	NOT-FOR-US: Envolution
 CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0,
and ...)
 	NOT-FOR-US: Nostra DivX Player
 CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS)
Print ...)
@@ -309,59 +309,59 @@
 CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable
...)
 	NOT-FOR-US: MailEnable
 CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly
handle ...)
-	TODO: check
+	NOT-FOR-US: AgileBill AgileVoice
 CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message
box ...)
 	TODO: check
 CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php
in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla Content Editor (JCE)
 CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content
...)
-	TODO: check
+	NOT-FOR-US: Joomla Content Editor (JCE)
 CVE-2006-6418 (Unspecified vulnerability in the POSIX Threads library
(libpthread) on ...)
-	TODO: check
+	NOT-FOR-US: HP Tru64 UNIX
 CVE-2006-6417 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	- b2evolution <not-affected> (vulnerable code added later)
 CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague
- ...)
-	TODO: check
+	NOT-FOR-US: PhpLeague
 CVE-2006-6415 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: phpAdsNew
 CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol
storye ...)
-	TODO: check
+	NOT-FOR-US: dol storye
 CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11
and ...)
-	TODO: check
+	NOT-FOR-US: Amateras sns
 CVE-2006-6412
 	RESERVED
 CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A
allows ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows
local ...)
-	TODO: check
+	NOT-FOR-US: VMWare
 CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote
...)
-	TODO: check
+	NOT-FOR-US: F-Prot
 CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass
virus ...)
 	- clamav 0.88.7-1 (medium)
 CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: BitDefender
 CVE-2006-6404
 	RESERVED
 CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: MyStats
 CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and
...)
-	TODO: check
+	NOT-FOR-US: MyStats
 CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in
mystats.php in ...)
-	TODO: check
+	NOT-FOR-US: MyStats
 CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako
viewer ...)
-	TODO: check
+	NOT-FOR-US: JustSystems
 CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher
1.0 ...)
-	TODO: check
+	NOT-FOR-US: Superfreaker Studios UPublisher
 CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios
...)
-	TODO: check
+	NOT-FOR-US: Superfreaker Studios UPublisher
 CVE-2006-6397 (** DISPUTED ** ...)
-	TODO: check
+	NOTE: not a vuln
 CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and
...)
-	TODO: check
+	NOT-FOR-US: BlazeVideo HDTV Player
 CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine
before ...)
 	TODO: check
 CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas
...)
Secure testing commits - Dec 2006 - r5138 - data/CVE

[Secure-testing-commits] r5138 - data/CVE
