Author: stef-guest Date: 2006-10-24 21:24:32 +0000 (Tue, 24 Oct 2006) New Revision: 4882 Modified: data/CVE/list Log: - CVE-2006-5451 new torrentflux XSSs (low) - CVE-2006-5443 new WIMS issue - some NFUs - bugnums Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-24 21:14:27 UTC (rev 4881) +++ data/CVE/list 2006-10-24 21:24:32 UTC (rev 4882) @@ -3,42 +3,42 @@ CVE-2006-XXXX [drupal XSS and XSRF http://secunia.com/advisories/22486/] - drupal <unfixed> (low) CVE-2006-5460 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: phpht Topsites CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...) - TODO: check + NOT-FOR-US: Download-Engine CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...) - TODO: check + NOT-FOR-US: phpht Topsites CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: Casino Script (Masvet) CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ...) - graphicsmagick 1.1.7-9 (medium) - imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025) CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...) - - bugzilla <unfixed> (bug filed; low) + - bugzilla <unfixed> (bug #395094; low) CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...) - - bugzilla <unfixed> (bug filed; low) + - bugzilla <unfixed> (bug #395094; low) CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...) - - bugzilla <unfixed> (bug filed; low) + - bugzilla <unfixed> (bug #395094; low) CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...) - TODO: check + NOT-FOR-US: HP Tru64 CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...) - TODO: check + - torrentflux <unfixed> (bug #395099; low) CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...) - TODO: check + NOT-FOR-US: Kinesis Interactive Cinema System (KICS) CMS CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote ...) TODO: check CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web ...) TODO: check CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino ...) - TODO: check + NOT-FOR-US: Casinosoft Casino Script (aka Masvet) CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...) - asterisk <unfixed> (medium; bug #395080) CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel ...) - asterisk <unfixed> (medium; bug #395080) CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...) - TODO: check + - wims <unfixed> (bug #395102) CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...) TODO: check CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...) @@ -60,39 +60,39 @@ CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...) NOT-FOR-US: ALiCE-CMS CVE-2006-5432 (Multiple direct static code injection vulnerabilities in ...) - TODO: check + NOT-FOR-US: phpPowerCards CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in ...) - TODO: check + NOT-FOR-US: PHPOutsourcing Zorum CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality ...) - TODO: check + NOT-FOR-US: db-central (dbc) Enterprise CMS CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...) - TODO: check + NOT-FOR-US: BRIM CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client''s ...) - TODO: check + NOT-FOR-US: Cerberus Helpdesk CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...) - TODO: check + NOT-FOR-US: Php AMX CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal ...) - TODO: check + NOT-FOR-US: LoCal Calendar System CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote ...) - TODO: check + NOT-FOR-US: XORP (eXtensible Open Router Platform) CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial ...) - TODO: check + NOT-FOR-US: Justsystem Ichitaro CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in ...) - TODO: check + NOT-FOR-US: Lou Portail CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel ...) - TODO: check + NOT-FOR-US: Lodel CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: WSN Forum CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Kerio WinRoute Firewall CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...) - TODO: check + NOT-FOR-US: Specimen Image Database (SID) CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php ...) - TODO: check + NOT-FOR-US: pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple ...) - TODO: check + NOT-FOR-US: McAfee CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 ...) - TODO: check + NOT-FOR-US: F5 CVE-2006-5415 (PHP remote file inclusion vulnerability in ...) TODO: check CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to ...) @@ -270,6 +270,7 @@ RESERVED CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 for ...) - flashplugin-nonfree <unfixed> (medium) + TODO: file bug when upstream fix is released CVE-2006-5329 RESERVED CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and ...)