Author: stef-guest Date: 2006-09-04 21:31:03 +0000 (Mon, 04 Sep 2006) New Revision: 4675 Modified: data/CVE/list Log: - CVE-2006-4380: new mysql 4.1 issue - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-09-04 21:05:30 UTC (rev 4674) +++ data/CVE/list 2006-09-04 21:31:03 UTC (rev 4675) @@ -29,45 +29,45 @@ CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...) TODO: check CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...) - TODO: check + NOT-FOR-US: Novell Identity Manager CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...) - TODO: check + NOT-FOR-US: NX5Linx CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: NX5Linx CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows ...) - TODO: check + NOT-FOR-US: NX5Linx CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...) - TODO: check + NOT-FOR-US: ezPortal/ztml CMS CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 ...) - TODO: check + NOT-FOR-US: ezPortal/ztml CMS CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...) - TODO: check + NOT-FOR-US: ezPortal/ztml CMS CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for ...) - TODO: check + NOT-FOR-US: ModernBill CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in ...) - TODO: check + NOT-FOR-US: PortailPHP CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows ...) - TODO: check + NOT-FOR-US: IwebNegar CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar ...) - TODO: check + NOT-FOR-US: IwebNegar CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user''s home directory with ...) TODO: check CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before ...) - TODO: check + NOT-FOR-US: Cybozu Collaborex CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill ...) - TODO: check + NOT-FOR-US: MiniBill CVE-2006-4488 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: ExBB Italia CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web ...) - TODO: check + NOT-FOR-US: DUpoll CVE-2006-4486 (Unspecified vulnerability in PHP before 5.1.6, when running on a ...) TODO: check CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...) @@ -81,79 +81,79 @@ CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...) TODO: check CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...) - TODO: check + NOT-FOR-US: Nuked-Klan CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...) - TODO: check + NOT-FOR-US: ezContents CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ...) - TODO: check + NOT-FOR-US: ezContents CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...) - TODO: check + NOT-FOR-US: ezContents CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-4467 (Interpretation conflict in Simple Machines Forum (SMF) 1.1RCx before ...) - TODO: check + NOT-FOR-US: Simple Machines Forum CVE-2006-4466 (Interpretation conflict in Joomla! before 1.0.11 does not properly ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-4465 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...) - TODO: check + NOT-FOR-US: Nokia CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in ...) - TODO: check + NOT-FOR-US: JS ASP Faq Manager CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...) - TODO: check + NOT-FOR-US: LinksCaffe CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...) TODO: check CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...) - TODO: check + NOT-FOR-US: iAddressBook CVE-2006-4459 RESERVED CVE-2006-4458 (Directory traversal vulnerability in ...) TODO: check CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...) - TODO: check + NOT-FOR-US: phpECard CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard ...) - TODO: check + NOT-FOR-US: phpECard CVE-2006-4455 (** DISPUTED ** ...) TODO: check CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...) - TODO: check + NOT-FOR-US: HLstats CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 ...) - TODO: check + NOT-FOR-US: PmWiki CVE-2006-4452 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Web3news CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows ...) - TODO: check + NOT-FOR-US: Tag Board CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, ...) - TODO: check + - phpbb2 2.0.21-1 (low) CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in ...) - TODO: check + NOT-FOR-US: MyBulletinBoard (MyBB) CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...) - TODO: check + NOT-FOR-US: interact CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...) TODO: check CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-4445 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: CuteNews CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for ...) - TODO: check + NOT-FOR-US: Cybozu Garoon CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...) TODO: check CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...) @@ -291,9 +291,9 @@ CVE-2006-4381 RESERVED CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...) - TODO: check 4.0 - - mysql-dfsg-5.0 <not-affected> - NOTE: sf: pinged maintainer + - mysql-dfsg-5.0 <not-affected> (only 4.1 affected) + - mysql-dfsg <not-affected> (only 4.1 affected) + - mysql-dfsg-4.1 <unfixed> CVE-2006-4379 RESERVED CVE-2006-4378 (** DISPUTED ** ...)