Author: stef-guest Date: 2006-12-21 20:37:35 +0100 (Thu, 21 Dec 2006) New Revision: 5156 Modified: data/CVE/list Log: - CVE-2006-6639: new chetcpasswd issue - CVE-2006-6628: new openoffice maybe issue - CVE-2006-6609/6610: new nexuiz issue already fixed - fai CVEified - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-21 18:57:19 UTC (rev 5155) +++ data/CVE/list 2006-12-21 19:37:35 UTC (rev 5156) @@ -22,115 +22,115 @@ - typo3 4.0.4+debian-1 (high; bug #403906) NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9 CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: Inktomi CVE-2006-6657 (The if_clone_list function in NetBSD-current before 20061027, NetBSD ...) - TODO: check + NOT-FOR-US: NetBSD CVE-2006-6656 (Unspecified vulnerability in ptrace in NetBSD-current before 20061027, ...) - TODO: check + NOT-FOR-US: NetBSD CVE-2006-6655 (The procfs implementation in NetBSD-current before 20061023, NetBSD ...) - TODO: check + NOT-FOR-US: NetBSD CVE-2006-6654 (The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and ...) - TODO: check + NOT-FOR-US: NetBSD CVE-2006-6653 (The accept function in NetBSD-current before 20061023, NetBSD 3.0 and ...) - TODO: check + NOT-FOR-US: NetBSD CVE-2006-6652 (Buffer overflow in the glob implementation in libc in NetBSD-current ...) - TODO: check + NOT-FOR-US: NetBSD CVE-2006-6651 (Race condition in W29N51.SYS in the Intel 2200BG wireless driver ...) - TODO: check + NOT-FOR-US: Intel CVE-2006-6650 (PHP remote file inclusion vulnerability in charts_constants.php in the ...) - TODO: check + NOT-FOR-US: mxBB CVE-2006-6649 (Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 ...) - TODO: check + NOT-FOR-US: HyperVM CVE-2006-6648 (PHP remote file inclusion vulnerability in main.inc.php in ...) - TODO: check + NOT-FOR-US: RateMe CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before ...) - TODO: check + NOT-FOR-US: MySite for Drupal CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) ...) - TODO: check + NOT-FOR-US: Drupal Project Issue Tracking CVE-2006-6645 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Web Links module for mxBB CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...) - TODO: check + NOT-FOR-US: Meeting module for mxBB CVE-2006-6643 (Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Fightersoft Multimedia Star FTP server CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 ...) - TODO: check + NOT-FOR-US: Sistemi CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance ...) - TODO: check + NOT-FOR-US: CA CleverPath Portal CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture ...) - TODO: check + NOT-FOR-US: SiteCatalyst CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local ...) - TODO: check + - chetcpasswd <unfixed> (medium) CVE-2006-6638 (IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: IBM CVE-2006-6637 (The Servlet Engine and Web Container in IBM WebSphere Application ...) - TODO: check + NOT-FOR-US: IBM CVE-2006-6636 (Unspecified vulnerability in the Utility Classes for IBM WebSphere ...) - TODO: check + NOT-FOR-US: IBM CVE-2006-6635 (PHP remote file inclusion vulnerability in includes/functions.php in ...) - TODO: check + NOT-FOR-US: JumbaCMS CVE-2006-6634 (Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai ...) - TODO: check + NOT-FOR-US: ExtCalThai for Mambo CVE-2006-6633 (PHP remote file inclusion vulnerability in include/yapbb_session.php ...) - TODO: check + NOT-FOR-US: YapBB CVE-2006-6632 (PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 ...) - TODO: check + NOT-FOR-US: Genepi CVE-2006-6631 (PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php ...) - TODO: check + NOT-FOR-US: osprey CVE-2006-6630 (PHP remote file inclusion vulnerability in ListRecords.php in osprey ...) - TODO: check + NOT-FOR-US: osprey CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...) - TODO: check + NOT-FOR-US: WeBWorK CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...) - TODO: check + - openoffice.org <unfixed> (bug filed) CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...) - TODO: check + NOT-FOR-US: BitDefender CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component ...) TODO: check CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in ...) TODO: check CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users ...) - TODO: check + NOT-FOR-US: Sambar CVE-2006-6623 (Sygate Personal Firewall 5.6.2808 relies on the Process Environment ...) - TODO: check + NOT-FOR-US: Sygate CVE-2006-6622 (Soft4Ever Look ''n'' Stop (LnS) 2.05p2 before 20061215 relies on the ...) - TODO: check + NOT-FOR-US: Soft4Ever Look ''n'' Stop CVE-2006-6621 (Filseclab Personal Firewall 3.0.0.8686 relies on the Process ...) - TODO: check + NOT-FOR-US: Filseclab Personal Firewall CVE-2006-6620 (Comodo Personal Firewall 2.3.6.81 relies on the Process Environment ...) - TODO: check + NOT-FOR-US: Comodo Personal Firewall CVE-2006-6619 (AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment ...) - TODO: check + NOT-FOR-US: AVG Anti-Virus plus Firewall CVE-2006-6618 (AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block ...) - TODO: check + NOT-FOR-US: AntiHook 3.0.0.23 - Desktop CVE-2006-6617 (projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-6616 (index.php in w00t Gallery 1.4.0 allows remote authenticated users with ...) TODO: check CVE-2006-6615 (PHP remote file inclusion vulnerability in includes/act_constants.php ...) - TODO: check + NOT-FOR-US: Activity Games module for mxBB CVE-2006-6614 (The save_log_local function in Fully Automatic Installation (FAI) ...) - TODO: check + - fai 3.1.3 (low) CVE-2006-6613 (Directory traversal vulnerability in language.php in phpAlbum 0.4.1 ...) - TODO: check + NOT-FOR-US: phpAlbum CVE-2006-6612 (PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms ...) - TODO: check + NOT-FOR-US: PhpMyCms CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman ...) - TODO: check + NOT-FOR-US: Barman CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote ...) - TODO: check + - nexuiz 2.2.1-1 CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of ...) - TODO: check + - nexuiz 2.2.1-1 CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP ...) - TODO: check + NOT-FOR-US: HP CVE-2006-6607 (The Java Key Store (JKS) for WebSphere Application Server (WAS) for ...) - TODO: check + NOT-FOR-US: IBM CVE-2006-6606 (Multiple SQL injection vulnerabilities in Clarens jclarens before ...) - TODO: check + NOT-FOR-US: jclarens CVE-2006-6605 (Stack-based buffer overflow in the POP service in MailEnable Standard ...) - TODO: check + NOT-FOR-US: MailEnable CVE-2006-6604 (Directory traversal vulnerability in downloaddetails.php in ...) TODO: check CVE-2006-6603 (Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) ...) @@ -214,8 +214,6 @@ CVE-2006-XXXX [archivemail insecure temporary file issues] - archivemail 0.6.2-2 [sarge] - archivemail <no-dsa> (minor issue) -CVE-2006-XXXX [fai leaves root password hash in world readable logfile] - - fai 3.1.3 (low) CVE-2006-XXXX [pythonpaste chroot esacpe] - paste 1.0.1-1 NOTE: http://pythonpaste.org/archives/message/20061218.050654.e8997561.en.html