Author: stef-guest Date: 2006-10-29 19:52:04 +0100 (Sun, 29 Oct 2006) New Revision: 4895 Modified: data/CVE/list Log: - new mysql 5.0 DoS issues fixed (low) - CVE-2006-547[5-7]: drupal CVEified - many NFUs - remove obsolete serendipity entry Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-29 14:00:32 UTC (rev 4894) +++ data/CVE/list 2006-10-29 18:52:04 UTC (rev 4895) @@ -1,23 +1,25 @@ +CVE-2006-XXXX [several possible mysql 5.0 local DoS vulnerabilities] + - mysql-dfsg-5.0 5.0.26-1 (low) CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen ...) - TODO: check + NOT-FOR-US: Zwahlen Online Shop CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...) - TODO: check + NOT-FOR-US: JaxUltraBB CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH ...) - TODO: check + NOT-FOR-US: Pexplorer CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book ...) - TODO: check + NOT-FOR-US: Burning Book CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab ...) - TODO: check + NOT-FOR-US: Burning Book CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent ...) - TODO: check + NOT-FOR-US: Der Dirigent CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 ...) - TODO: check + NOT-FOR-US: WiClear CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote ...) - TODO: check + NOT-FOR-US: 2BGal CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...) - TODO: check + NOT-FOR-US: Simple Machines Forum CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...) - TODO: check + NOT-FOR-US: Simple Machines Forum CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX ...) NFU: AOL Security Edition CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control ...) @@ -47,41 +49,41 @@ CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before ...) NFU: RIM BlackBerry Enterprise Server CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly ...) - TODO: check + NOT-FOR-US: XchangeBoard CVE-2006-5487 RESERVED CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...) - TODO: check + NOT-FOR-US: Sun Java System Messaging Server CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg ...) - TODO: check + NOT-FOR-US: SpeedBerg CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...) - TODO: check + NOT-FOR-US: SSH Tectia CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...) TODO: check CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...) TODO: check CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 ...) - TODO: check + NOT-FOR-US: Castor CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in Castor 1.1.1 ...) - TODO: check + NOT-FOR-US: Castor CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...) - TODO: check + NOT-FOR-US: Novell eDirectory CVE-2006-5478 (Stack-based buffer overflow in the BuildRedirectURL function in the ...) - TODO: check + NOT-FOR-US: Novell eDirectory CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form ...) - TODO: check + - drupal <unfixed> (low) CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...) - TODO: check + - drupal <unfixed> (low) CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...) - TODO: check + - drupal <unfixed> (low) CVE-2006-5474 (The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 ...) - TODO: check + NOT-FOR-US: OneOrZero Helpdesk CVE-2006-5473 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Softerra PHP Developer Library CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer ...) - TODO: check + NOT-FOR-US: Softerra PHP Developer Library CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php ...) - TODO: check + NOT-FOR-US: Softerra PHP Developer Library CVE-2006-5470 RESERVED CVE-2006-5469 @@ -110,10 +112,6 @@ [sarge] - postgresql <unfixed> (unimportant) NOTE: All crashes can only be triggered by authenticated users, these are not NOTE: treated as vulnerabilities. -CVE-2006-XXXX [serendipity XSS for registered authors] - - serendipity 1.0.2-1 (low) -CVE-2006-XXXX [drupal XSS and XSRF http://secunia.com/advisories/22486/] - - drupal <unfixed> (low) CVE-2006-5460 (** DISPUTED ** ...) NOT-FOR-US: phpht Topsites CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...) @@ -142,7 +140,7 @@ CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights ...) NOT-FOR-US: Microsoft CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web ...) - TODO: check + NOT-FOR-US: DEV Web Management System (WMS) CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino ...) NOT-FOR-US: Casinosoft Casino Script (aka Masvet) CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...) @@ -206,73 +204,73 @@ CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 ...) NOT-FOR-US: F5 CVE-2006-5415 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: News Defilante Horizontale CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to ...) - TODO: check + NOT-FOR-US: Barry Nauta BRIM CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 ...) - TODO: check + NOT-FOR-US: SuperMod for YABB (YaBBSM) CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when ...) - TODO: check + NOT-FOR-US: PHP Outburst Easynews CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web ...) - TODO: check + NOT-FOR-US: Free Web Publishing System (FreeWPS) CVE-2006-5410 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: BoonEx Dolphin CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management ...) - TODO: check + NOT-FOR-US: Highwall Enterprise and Highwall Endpoint CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ...) - TODO: check + NOT-FOR-US: Highwall Enterprise and Highwall Endpoint CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket ...) - TODO: check + NOT-FOR-US: osTicket CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure ...) - TODO: check + NOT-FOR-US: Passgo Defender CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver ...) - TODO: check + NOT-FOR-US: Toshiba Bluetooth wireless device driver CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec ...) - TODO: check + NOT-FOR-US: Symantec CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec ...) - TODO: check + NOT-FOR-US: Symantec CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...) - TODO: check + NOT-FOR-US: PHPmybibli CVE-2006-5401 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: AROUNDMe CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in ...) - TODO: check + NOT-FOR-US: CyberBrau CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...) - TODO: check + NOT-FOR-US: PHPRecipeBook CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...) - TODO: check + NOT-FOR-US: Simplog CVE-2006-5397 RESERVED CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock ...) - TODO: check + NOT-FOR-US: OpenDock FullCore CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Xfire CVE-2006-5390 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: ACP User Registration (MMW) module for phpBB CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: PHP-Wyana CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and ...) - TODO: check + NOT-FOR-US: WebSPELL CVE-2006-5387 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: PlusXL phpBB module CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm ...) - TODO: check + NOT-FOR-US: NuralStorm Webmail CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...) - TODO: check + NOT-FOR-US: SpamOborona phpBB module CVE-2006-5384 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: CDS Agenda CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and ...) - TODO: check + NOT-FOR-US: Def-Blog CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and ...) - TODO: check + NOT-FOR-US: 3Com CVE-2003-1307 (** DISPUTED ** ...) TODO: check CVE-2006-XXXX [unspecified steam cache vulnerability] @@ -404,85 +402,85 @@ CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before ...) NOT-FOR-US: phplist CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans ...) - TODO: check + NOT-FOR-US: Album Photo Sans Nom CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows ...) - TODO: check + NOT-FOR-US: Foafgen CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine ...) - TODO: check + NOT-FOR-US: Nayco JASmine CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows ...) - TODO: check + NOT-FOR-US: eboli CVE-2006-5316 (registroTL stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: registroTL CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL ...) - TODO: check + NOT-FOR-US: registroTL CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre ...) - TODO: check + NOT-FOR-US: TribunaLibre CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated ...) - TODO: check + NOT-FOR-US: Hastymail CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax ...) - TODO: check + NOT-FOR-US: Ajax Shoutbox CVE-2006-5311 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Buzlas CVE-2006-5310 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: phpMyConferences CVE-2006-5309 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Prillian French module for phpBB CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference ...) - TODO: check + NOT-FOR-US: Open Conference Systems CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK ...) - TODO: check + NOT-FOR-US: AFGB GUESTBOOK CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals ...) - TODO: check + NOT-FOR-US: Journals System module for phpBB CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr ...) - TODO: check + NOT-FOR-US: lat2cyr CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS ...) - TODO: check + NOT-FOR-US: IncCMS Core CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to ...) - TODO: check + NOT-FOR-US: Secure Computing SafeWord RemoteAccess CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...) - TODO: check + NOT-FOR-US: Redaction System CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in ...) - TODO: check + NOT-FOR-US: SpamBlockerMODv module for phpBB CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 ...) - TODO: check + NOT-FOR-US: HP CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Gcontact CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...) TODO: check CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...) TODO: check CVE-2006-5296 (Buffer overflow in Microsoft Office 2003 PowerPoint allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...) - TODO: check + NOT-FOR-US: phplist CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in ...) - TODO: check + NOT-FOR-US: PhpOutsourcing Noah''s Classifieds CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in ...) - TODO: check + NOT-FOR-US: Exhibit Engine CVE-2006-5291 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Download-Engine CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of ...) - TODO: check + NOT-FOR-US: Xerox WorkCentre CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 ...) - TODO: check + NOT-FOR-US: Vtiger CRM CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 ...) - TODO: check + NOT-FOR-US: Xeobook CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 ...) - TODO: check + NOT-FOR-US: Novell BorderManager CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...) - TODO: check + NOT-FOR-US: XeoPort CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen ...) - TODO: check + NOT-FOR-US: PHP News Reader (aka pnews) CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 ...) - TODO: check + NOT-FOR-US: Minichat CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and ...) - TODO: check + NOT-FOR-US: SH-News CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n@board ...) - TODO: check + NOT-FOR-US: n@board CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...) - TODO: check + NOT-FOR-US: communityPortals CVE-2006-5279 RESERVED CVE-2006-5278 @@ -514,17 +512,17 @@ CVE-2006-5265 RESERVED CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper ...) - TODO: check + NOT-FOR-US: MysqlDumper CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in ...) - TODO: check + NOT-FOR-US: phpMyAgenda CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and ...) - TODO: check + NOT-FOR-US: Hastymail CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 ...) - TODO: check + NOT-FOR-US: PHPMyNews CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2 ...) - TODO: check + NOT-FOR-US: Compteur 2 CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in ...) - TODO: check + NOT-FOR-US: Compteur 2 CVE-2006-5258 (The spell checking component of (1) Asbru Web Content Management ...) TODO: check CVE-2006-5257 (PHP remote file inclusion vulnerability in ...)