thr3ads.net - Secure testing commits - [Secure-testing-commits] r4759

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Sep-24 19:51 UTC
[Secure-testing-commits] r4759 - data/CVE

Author: stef-guest
Date: 2006-09-24 19:51:14 +0000 (Sun, 24 Sep 2006)
New Revision: 4759

Modified:
   data/CVE/list
Log:
some NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-24 19:11:52 UTC (rev 4758)
+++ data/CVE/list	2006-09-24 19:51:14 UTC (rev 4759)
@@ -148,21 +148,21 @@
 CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5
...)
 	NOT-FOR-US: QuadComm Q-Shop
 CVE-2006-4851 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: BolinOS
 CVE-2006-4850 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: BolinOS
 CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...)
-	TODO: check
+	NOT-FOR-US: MobilePublisherPHP
 CVE-2006-4848 (Multiple PHP remote file inclusion vulnerabilities in Brian
Fraval ...)
-	TODO: check
+	NOT-FOR-US: Hitweb
 CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before
Hotfix ...)
-	TODO: check
+	NOT-FOR-US: WS_FTP
 CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced
...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2006-4845 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: TeamCal
 CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Claroline
 CVE-2006-4843
 	RESERVED
 CVE-2006-4842
@@ -174,43 +174,43 @@
 CVE-2006-4839
 	RESERVED
 CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in
DCP-Portal SE ...)
-	TODO: check
+	NOT-FOR-US: DCP-Portal
 CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal
SE ...)
-	TODO: check
+	NOT-FOR-US: DCP-Portal
 CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0
allows ...)
-	TODO: check
+	NOT-FOR-US: DCP-Portal
 CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Blue Magic Board (BMB) (aka BMForum)
 CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule
Slootbeek ...)
-	TODO: check
+	NOT-FOR-US: phpQuiz
 CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier,
SDM-93xx ...)
-	TODO: check
+	NOT-FOR-US: NetPerformer
 CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD
ACT ...)
-	TODO: check
+	NOT-FOR-US: NetPerformer
 CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine)
before ...)
-	TODO: check
+	NOT-FOR-US: IP over DNS is now easy (iodine)
 CVE-2006-4830 (Directory traversal vulnerability in
EditBlogTemplatesPlugin.java in ...)
-	TODO: check
+	NOT-FOR-US: Blojsom
 CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David
Czarnecki ...)
-	TODO: check
+	NOT-FOR-US: Blojsom
 CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in
...)
-	TODO: check
+	NOT-FOR-US: PhotoPost
 CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist
Downstat ...)
-	TODO: check
+	NOT-FOR-US: Vmist Downstat
 CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in
Shadowed ...)
-	TODO: check
+	NOT-FOR-US: Shadowed Portal
 CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: PHP Event Calendar
 CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in
...)
-	TODO: check
+	NOT-FOR-US: Quicksilver Forums (QSF)
 CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php
in ...)
-	TODO: check
+	NOT-FOR-US: Magic News
 CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
-	TODO: check
+	NOT-FOR-US: emuCMS
 CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7
Userreview ...)
-	TODO: check
+	NOT-FOR-US: Drupal Userreview module
 CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and
...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2006-4819
 	RESERVED
 CVE-2006-4818
@@ -244,27 +244,27 @@
 CVE-2006-4804
 	RESERVED
 CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity
Manager ...)
-	TODO: check
+	NOT-FOR-US: Novell Identity Manager
 CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service
in ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and
...)
-	TODO: check
+	NOT-FOR-US: Roxio Toast
 CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...)
 	TODO: check
 CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow
...)
 	TODO: check
 CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string,
which ...)
-	TODO: check
+	- sql-ledger 2.4.5-1
 CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine
...)
-	TODO: check
+	NOT-FOR-US: CJ Tag Board
 CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz
Forums ...)
-	TODO: check
+	NOT-FOR-US: Snitz Forums
 CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter
Area ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107
0.7.5 ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG
1.0 ...)
-	TODO: check
+	NOT-FOR-US: TualBLOG
 CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter
Area ...)
 	TODO: check
 CVE-2006-XXXX [linux-ftpd allows chdir to disallowed directories]
@@ -442,17 +442,17 @@
 CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage
allow ...)
 	- firefox-sage 1.3.6-3 (bug #388149; medium)
 CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator
...)
-	TODO: check
+	NOT-FOR-US: NewsGator FeedDemon
 CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b
allows ...)
-	TODO: check
+	NOT-FOR-US: Vikingboard
 CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in
Vikingboard ...)
-	TODO: check
+	NOT-FOR-US: Vikingboard
 CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php
(aka the ...)
-	TODO: check
+	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in
inc/functions_post.php in ...)
-	TODO: check
+	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and
Dominic ...)
-	TODO: check
+	NOT-FOR-US: Timesheet (aka Timesheet.php)
 CVE-2006-4704
 	RESERVED
 CVE-2006-4703
@@ -496,122 +496,122 @@
 CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and
2.8.0 ...)
 	TODO: check
 CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain
sensitive ...)
-	TODO: check
+	NOT-FOR-US: IBM Director
 CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10
allow ...)
-	TODO: check
+	NOT-FOR-US: IBM Director
 CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM
Director ...)
-	TODO: check
+	NOT-FOR-US: IBM Director
 CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and
passwords ...)
-	TODO: check
+	NOT-FOR-US: Canon imageRUNNER
 CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by
default, ...)
 	TODO: check
 CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3
allows ...)
-	TODO: check
+	NOT-FOR-US: News Evolution
 CVE-2006-4677 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: phpopenchat
 CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded
usernames and ...)
-	TODO: check
+	NOT-FOR-US: TIBCO RendezVous
 CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in
...)
 	TODO: check
 CVE-2006-4674 (Direct static code injection vulnerability in doku.php in
DokuWiki ...)
 	TODO: check
 CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in
PHP-Fusion ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart
2.5 EE, ...)
-	TODO: check
+	NOT-FOR-US: ppalCart
 CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in
Fantastic ...)
-	TODO: check
+	NOT-FOR-US: Fantastic News
 CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn
...)
-	TODO: check
+	NOT-FOR-US: PhotoKorn Gallery
 CVE-2006-4669 (PHP remote file inclusion vulnerability in
admin/system/include.php in ...)
-	TODO: check
+	NOT-FOR-US: Somery
 CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob
Hensley ...)
-	TODO: check
+	NOT-FOR-US: AckerTodo
 CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: RunCMS
 CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan
Ernst ...)
-	TODO: check
+	NOT-FOR-US: Newsscript (aka WM-News)
 CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in
MKPortal M1.1 ...)
-	TODO: check
+	NOT-FOR-US: MKPortal
 CVE-2006-4664 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Premod Shadow
 CVE-2006-4663 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in
AOL ICQ ...)
-	TODO: check
+	NOT-FOR-US: AOL ICQ
 CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does
not ...)
-	TODO: check
+	NOT-FOR-US: AOL ICQ Toolbar
 CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS
Feed ...)
-	TODO: check
+	NOT-FOR-US: AOL ICQ Toolbar
 CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007
11.00.00 ...)
-	TODO: check
+	NOT-FOR-US: Panda Platinum Internet Security
 CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00
uses ...)
-	TODO: check
+	NOT-FOR-US: Panda Platinum Internet Security
 CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00
...)
-	TODO: check
+	NOT-FOR-US: Panda Platinum Internet Security
 CVE-2006-4656 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Web Provence SL_Site
 CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD
extension in X ...)
-	TODO: check
+	NOT-FOR-US: X11R6.4
 CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2
allows ...)
-	TODO: check
+	NOT-FOR-US: Address Book Web Server
 CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll
store ...)
-	TODO: check
+	NOT-FOR-US: Amazing Little Poll
 CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have
a ...)
-	TODO: check
+	NOT-FOR-US: Amazing Little Poll
 CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and
possibly ...)
-	TODO: check
+	NOT-FOR-US: Php download
 CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used
and the ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo
News ...)
-	TODO: check
+	NOT-FOR-US: BinGo News
 CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo
News ...)
-	TODO: check
+	NOT-FOR-US: BinGo News
 CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge
News 2.2 ...)
-	TODO: check
+	NOT-FOR-US: Sponge News
 CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7
Pathauto ...)
-	TODO: check
+	NOT-FOR-US: Drupal Pathauto module
 CVE-2006-4645 (PHP remote file inclusion vulnerability in
akarru.gui/main_content.php ...)
-	TODO: check
+	NOT-FOR-US: Social BookMarking Engine
 CVE-2006-4644 (PHP remote file inclusion vulnerability in
modules/home.module.php in ...)
-	TODO: check
+	NOT-FOR-US: phpFullAnnu
 CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert
...)
-	TODO: check
+	NOT-FOR-US: PhpLeague
 CVE-2006-4642 (AuditWizard 6.3.2, when using &quot;Remote Audit,&quot;
logs the administrator ...)
-	TODO: check
+	NOT-FOR-US: AuditWizard
 CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber
Portal ...)
-	TODO: check
+	NOT-FOR-US: Muratsoft Haber Portal
 CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0
allows ...)
 	- flashplugin-nonfree 7.0.68.0.1
 	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
 CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr
C-News ...)
-	TODO: check
+	NOT-FOR-US: C-News.fr C-News
 CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV
News ...)
-	TODO: check
+	NOT-FOR-US: ACGV News
 CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News
0.9.1 ...)
-	TODO: check
+	NOT-FOR-US: ACGV News
 CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and
...)
-	TODO: check
+	NOT-FOR-US: PhpCommander
 CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and
possibly ...)
-	TODO: check
+	NOT-FOR-US: MySource Classic
 CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM
allows ...)
-	TODO: check
+	NOT-FOR-US: VBZooM
 CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: SoftBB
 CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and
possibly ...)
-	TODO: check
+	NOT-FOR-US: SoftBB
 CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php
in ...)
-	TODO: check
+	NOT-FOR-US: SoftBB
 CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky
GUNNING ...)
-	TODO: check
+	NOT-FOR-US: MySpeach
 CVE-2006-4629 (PHP remote file inclusion vulnerability in
affichage/commentaires.php ...)
-	TODO: check
+	NOT-FOR-US: C-News.fr C-News
 CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983
allows ...)
-	TODO: check
+	NOT-FOR-US: VCD-db
 CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed
via ...)
-	TODO: check
+	NOT-FOR-US: System Information ActiveX control
 CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine
before ...)
-	TODO: check
+	NOT-FOR-US: avast! Anti-virus Engine
 CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to
bypass ...)
 	TODO: check
 CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before
2.1.9rc1 ...)
@@ -1068,9 +1068,9 @@
 CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with
insecure ...)
 	NOT-FOR-US: Solaris
 CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for
Linux ...)
-	TODO: check
+	NOT-FOR-US: SpIDer for Dr.Web Scanner
 CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Tagger LE
 CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote
...)
 	NOT-FOR-US: Microsoft
 CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including
Mozilla ...)
@@ -1181,30 +1181,30 @@
 CVE-2006-4390
 	RESERVED
 CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2006-4387
 	RESERVED
 CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3
allows ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2006-4383
 	RESERVED
 CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow
...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of
service ...)
 	{DSA-1169}
 	- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
 	- mysql-dfsg <not-affected> (only 4.1 affected)
 	- mysql-dfsg-4.1 <removed>
 CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch Collaboration 2006 Suite
 CVE-2006-4378 (** DISPUTED ** ...)
 	NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
 CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
@@ -2326,7 +2326,7 @@
 CVE-2006-3874
 	RESERVED
 CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3872
 	RESERVED
 CVE-2006-3871
Secure testing commits - Sep 2006 - r4759 - data/CVE

[Secure-testing-commits] r4759 - data/CVE
