Author: stef-guest
Date: 2006-12-27 23:45:01 +0100 (Wed, 27 Dec 2006)
New Revision: 5188
Modified:
data/CVE/list
Log:
- openser CVEified
- CVE-2006-67{45,36,37,31}: sun java issues already fixed
- some NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-27 20:24:58 UTC (rev 5187)
+++ data/CVE/list 2006-12-27 22:45:01 UTC (rev 5188)
@@ -1,111 +1,109 @@
CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in
default.asp in ...)
- TODO: check
+ NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6767
RESERVED
CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and
...)
- TODO: check
+ NOT-FOR-US: cwmExplorer
CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in
src/admin/pt_upload.php ...)
- TODO: check
+ NOT-FOR-US: Pagetool
CVE-2006-6764 (PHP remote file inclusion vulnerability in authenticate.php in
Keep It ...)
- TODO: check
+ NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6763 (Multiple PHP remote file inclusion vulnerabilities in the Keep
It ...)
- TODO: check
+ NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6762 (The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2
allows ...)
- TODO: check
+ NOT-FOR-US: Novell NetMail
CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell
...)
- TODO: check
+ NOT-FOR-US: Novell NetMail
CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in
template.php in ...)
- TODO: check
+ NOT-FOR-US: phpMyAnime (aka phpmymanga)
CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks
RealPlayer ...)
- TODO: check
+ NOT-FOR-US: RealNetworks RealPlayer
CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Http explorer
CVE-2006-6757 (Directory traversal vulnerability in index.php in cwmExplorer
1.0 ...)
- TODO: check
+ NOT-FOR-US: cwmExplorer
CVE-2006-6756 (The code function in install.fct.php in Ixprim 1.2 produces a
...)
- TODO: check
+ NOT-FOR-US: Ixprim
CVE-2006-6755 (Ixprim 1.2 allows remote attackers to obtain sensitive
information via ...)
- TODO: check
+ NOT-FOR-US: Ixprim
CVE-2006-6754 (Multiple SQL injection vulnerabilities in Ixprim 1.2 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Ixprim
CVE-2006-6753 (Event Viewer (eventvwr.exe) in Microsoft Windows does not
properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-6752 (Buffer overflow in FTPRush 1.0.0.610 might allow attackers to
gain ...)
- TODO: check
+ NOT-FOR-US: FTPRush
CVE-2006-6751 (Format string vulnerability in XM Easy Personal FTP Server 5.2.1
...)
- TODO: check
+ NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6750 (Format string vulnerability in XM Easy Personal FTP Server 5.0.1
...)
- TODO: check
-CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config
in ...)
- TODO: check
+ NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6748 (PHP remote file inclusion vulnerability in i-accueil.php in
Newxooper ...)
- TODO: check
+ NOT-FOR-US: Newxooper
CVE-2006-6747 (SQL injection vulnerability in show_news.php in Xt-News 0.1
allows ...)
- TODO: check
+ NOT-FOR-US: Xt-News
CVE-2006-6746 (Multiple cross-site scripting (XSS) vulnerabilities in Xt-News
0.1 ...)
- TODO: check
+ NOT-FOR-US: Xt-News
CVE-2006-6745 (Multiple unspecified vulnerabilities in Sun Java Development Kit
(JDK) ...)
- TODO: check
+ - sun-java5 1.5.0-08-1
CVE-2006-6744 (phpProfiles before 2.1.1 does not have an index.php or other
index ...)
- TODO: check
+ NOT-FOR-US: phpProfiles
CVE-2006-6743 (phpProfiles before 2.1.1 uses world writable permissions for
certain ...)
- TODO: check
+ NOT-FOR-US: phpProfiles
CVE-2006-6742 (Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in
HP ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2006-6741 (Cross-site request forgery (CSRF) vulnerability in urlobox in
MKPortal ...)
- TODO: check
+ NOT-FOR-US: MKPortal
CVE-2006-6740 (Multiple PHP remote file inclusion vulnerabilities in
phpProfiles ...)
- TODO: check
+ NOT-FOR-US: phpProfiles
CVE-2006-6739 (PHP remote file inclusion vulnerability in buycd.php in
Paristemi ...)
- TODO: check
+ NOT-FOR-US: Paristemi
CVE-2006-6738 (PHP remote file inclusion vulnerability in statistic.php in
cwmCounter ...)
- TODO: check
+ NOT-FOR-US: cwmCounter
CVE-2006-6737 (Unspecified vulnerability in Sun Java Development Kit (JDK) and
Java ...)
- TODO: check
+ - sun-java5 1.5.0-07-1
CVE-2006-6736 (Unspecified vulnerability in Sun Java Development Kit (JDK) and
Java ...)
- TODO: check
+ - sun-java5 1.5.0-07-1
CVE-2006-6735 (modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini
Web ...)
- TODO: check
+ NOT-FOR-US: Website Mini Web Shop
CVE-2006-6734 (Cross-site scripting (XSS) vulnerability in
modules/viewcategory.php ...)
- TODO: check
+ NOT-FOR-US: Website Mini Web Shop
CVE-2006-6733 (Cross-site scripting (XSS) vulnerability in support/view.php in
...)
- TODO: check
+ NOT-FOR-US: Support Cards 1 (osTicket)
CVE-2006-6732 (PHP remote file inclusion vulnerability in archive.php in
cwmVote 1.0 ...)
- TODO: check
+ NOT-FOR-US: cwmVote
CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and
Java ...)
- TODO: check
+ - sun-java5 1.5.0-08-1
CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display
server and ...)
- TODO: check
+ TODO: check, this probably also affects linux
CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and
earlier ...)
- TODO: check
+ NOT-FOR-US: a-blog
CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN
...)
- TODO: check
+ NOT-FOR-US: LAN Messenger
CVE-2006-6727 (PHP remote file inclusion vulnerability in inertianews_class.php
in ...)
- TODO: check
+ NOT-FOR-US: inertianews
CVE-2006-6726 (PHP remote file inclusion vulnerability in inertianews_main.php
in ...)
- TODO: check
+ NOT-FOR-US: inertianews
CVE-2006-6725 (Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2
and ...)
- TODO: check
+ NOT-FOR-US: PHPBuilder
CVE-2006-6724 (BolinTech Dream FTP Server 1.02 allows remote authenticated
users, ...)
- TODO: check
+ NOT-FOR-US: BolinTech Dream FTP Server
CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Bandwebsite (aka Bandsite portal system)
CVE-2006-6721 (Cross-site scripting (XSS) vulnerability in shout.php in
Knusperleicht ...)
- TODO: check
+ NOT-FOR-US: Knusperleicht ShoutBox
CVE-2006-6720 (PHP remote file inclusion vulnerability in
admin/index_sitios.php in ...)
- TODO: check
+ NOT-FOR-US: Azucar CMS
CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation
(FSF) ...)
TODO: check
CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default
password ...)
- TODO: check
+ NOT-FOR-US: Allied Telesis
CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management
...)
- TODO: check
+ NOT-FOR-US: Allied Telesis
CVE-2006-6716 (SQL injection vulnerability in administration/administre2.php in
Eric ...)
- TODO: check
+ NOT-FOR-US: uploader&downloader
CVE-2006-6715 (PHP remote file inclusion vulnerability in footer.inc.php in
PowerClan ...)
- TODO: check
+ NOT-FOR-US: PowerClan
CVE-2006-6714 (Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124
before ...)
NOT-FOR-US: Hitachi Directory Server
CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before
...)
@@ -146,7 +144,7 @@
TODO: check
CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in
EternalMart ...)
TODO: check
-CVE-2006-XXXX [openser permissions module buffer overflow]
+CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config
in ...)
- openser 1.1.0-8 (medium; bug #404591)
NOTE: OpenPKG-SA-2006.042
CVE-2006-XXXX [w3m format string issue]
@@ -6330,7 +6328,6 @@
NOT-FOR-US: Apple Safari 2.0.4
NOTE: konqueror 3.5.x is not affected
NOTE: PoC
http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
- NOT-FOR-US: Apple Mac OS X sarge''s konqueror (sf: pinged maintainers)
CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote
...)
NOT-FOR-US: Opera
CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote
...)