Author: stef-guest Date: 2006-11-08 21:53:57 +0100 (Wed, 08 Nov 2006) New Revision: 4940 Modified: data/CVE/list Log: - CVE-2006-5779: new openldap DoS - CVE-2006-5757: new linux DoS - phpmyadmin CVEified - CVE-2006-5706: new php openbasedir issue - CVE-2006-5705: wordpress issue already fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-11-08 20:27:49 UTC (rev 4939) +++ data/CVE/list 2006-11-08 20:53:57 UTC (rev 4940) @@ -29,7 +29,8 @@ CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 ...) NOT-FOR-US: XLink Omni-NFS CVE-2006-5779 (Unspecified vulnerability in the openldap-2.2.29-1 package of OpenLDAP ...) - TODO: check + - openldap2.2 <unfixed> (bug filed) + - openldap2.3 <unfixed> CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to ...) NOT-FOR-US: Creasito E-Commerce Content Manager CVE-2006-5776 (** DISPUTED ** ...) @@ -71,7 +72,7 @@ CVE-2006-5758 (Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 ...) NOT-FOR-US: Microsoft CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...) - TODO: check + - linux-2.6 <unfixed> (low) CVE-2006-5756 RESERVED CVE-2006-5755 @@ -147,7 +148,8 @@ CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall ...) NOT-FOR-US: BytesFall Explorer (bfExplorer) CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin ...) - TODO: check + - phpmyadmin 4:2.9.0.3-1 (low; bug #396638) + [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google ...) NOT-FOR-US: Zend Google Data Client Library (ZendGData) CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 ...) @@ -171,9 +173,11 @@ CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and ...) NOT-FOR-US: PHPEasyData CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...) - TODO: check + - php5 5.2.0-1 + - php4 <unfixed> (low) + [sarge] - php4 <no-dsa> (open_basedir not supported) CVE-2006-5705 (Directory traversal vulnerability in plugins/wp-db-backup.php in ...) - TODO: check + - wordpress 2.0.5-0.1 CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 ...) NOT-FOR-US: HP CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in ...) @@ -284,9 +288,6 @@ NOT-FOR-US: DigiOz Guestbook CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ ...) NOT-FOR-US: ICQPhone.SipxPhoneManager -CVE-2006-XXXX [phpmyadmin XSS (PMASA-2006-6)] - - phpmyadmin 4:2.9.0.3-1 (low; bug #396638) - [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) CVE-2006-XXXX [avahi fake netlink message vulnerability ] - avahi 0.6.15-1 (low) CVE-2006-5649