thr3ads.net - Secure testing commits - [Secure-testing-commits] r4504

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Aug-05 08:39 UTC
[Secure-testing-commits] r4504 - data/CVE

Author: stef-guest
Date: 2006-08-05 08:38:40 +0000 (Sat, 05 Aug 2006)
New Revision: 4504

Modified:
   data/CVE/list
Log:
lots of NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-04 23:16:45 UTC (rev 4503)
+++ data/CVE/list	2006-08-05 08:38:40 UTC (rev 4504)
@@ -35,9 +35,9 @@
 CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB
(aka ...)
 	NOT-FOR-US: mybb
 CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing
FTP ...)
-	TODO: check
+	NOT-FOR-US: EFS Software Easy File Sharing FTP
 CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in
Mam-moodle ...)
-	TODO: check
+	NOT-FOR-US: Mam-moodle alpha component (com_moodle) for Mambo
 CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts
...)
 	NOT-FOR-US: X-Statistics
 CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php
in the ...)
@@ -47,7 +47,10 @@
 CVE-2006-3947 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Mambatstaff
 CVE-2006-3946 (The KHTMLParser::popOneBlock function in Apple Safari 2.0.4 on
Mac OS ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari 2.0.4
+	NOTE: konqueror 3.5.x is not affected
+	NOTE: PoC
http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
+	TODO: check sarge''s konqueror
 CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote
...)
 	NOT-FOR-US: Opera
 CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote
...)
@@ -61,69 +64,69 @@
 CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow
remote ...)
 	NOT-FOR-US: phpbb-Auction
 CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to
perform ...)
-	TODO: check
+	NOT-FOR-US: ScriptsCenter ezUpload Pro
 CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information
via a ...)
-	TODO: check
+	NOT-FOR-US: DotClear
 CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to
obtain ...)
-	TODO: check
+	NOT-FOR-US: x_atrix xGuestBook
 CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before
6.2.2 ...)
-	TODO: check
+	NOT-FOR-US: Alkacon OpenCms
 CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms
before ...)
-	TODO: check
+	NOT-FOR-US: Alkacon OpenCms
 CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in
...)
-	TODO: check
+	NOT-FOR-US: Alkacon OpenCms
 CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms
before ...)
 	NOT-FOR-US: OpenCms
 CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe
3.0 ...)
-	TODO: check
+	NOT-FOR-US: LinksCaffe
 CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in
Tuomas ...)
-	TODO: check
+	NOT-FOR-US: Midirecord
 CVE-2006-3930 (PHP remote file inclusion vulnerability in
admin.a6mambohelpdesk.php ...)
-	TODO: check
+	NOT-FOR-US: a6mambohelpdesk Mambo Component 18RC1
 CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin
...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews
0.2a ...)
-	TODO: check
+	NOT-FOR-US: WMNews
 CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in
...)
-	TODO: check
+	NOT-FOR-US: PhpProBid
 CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: PhpProBid
 CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX
control ...)
 	NOT-FOR-US: ITIRecorder.MicRecorder ActiveX control
 CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos
before ...)
-	TODO: check
+	NOT-FOR-US: Dokeos
 CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in
Fire-Mouse ...)
-	TODO: check
+	NOT-FOR-US: Fire-Mouse Toplist
 CVE-2006-3922 (PHP remote file inclusion vulnerability in
mod_membre/inscription.php ...)
-	TODO: check
+	NOT-FOR-US: PortailPHP
 CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web
...)
 	NOT-FOR-US: Sun Java System Application Server
 CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before
20060726 ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows
...)
-	TODO: check
+	NOT-FOR-US: SD Studio CMS
 CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and
6.1 ...)
 	- apache2 <unfixed> (bug #381376; medium)
 	- apache <unfixed> (bug #381381; medium)
 CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in
R. ...)
-	TODO: check
+	NOT-FOR-US: PHP Forge
 CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews
(aka ...)
-	TODO: check
+	NOT-FOR-US: Solucija News
 CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote
...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic
Suite ...)
-	TODO: check
+	NOT-FOR-US: Academic Suite
 CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15
Jul ...)
 	{DSA-1142-1}
 	- freeciv <unfixed> (bug #381378; medium)
 CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before
3.60 ...)
 	NOT-FOR-US: WinRAR
 CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live!
3.2.1 ...)
-	TODO: check
+	NOT-FOR-US: PHP Live
 CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is
installed, ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in
WWWthreads ...)
-	TODO: check
+	NOT-FOR-US: WWWthreads
 CVE-2006-3908 (Format string vulnerability in the flush_output function in ...)
 	NOT-FOR-US: Game Network Engine (GNE)
 CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a
denial of ...)
@@ -131,17 +134,17 @@
 CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented
on ...)
 	NOT-FOR-US: Cisco
 CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Webland MyBloggie
 CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS
0.6.1 ...)
-	TODO: check
+	NOT-FOR-US: Etomite CMS
 CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php
in ...)
-	NOT-FOR-US: myWebland MyBloggie
+	NOT-FOR-US: Webland MyBloggie
 CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in
phpFaber ...)
-	TODO: check
+	NOT-FOR-US: phpFaber TopSites
 CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email
Firewall ...)
-	TODO: check
+	NOT-FOR-US: Tumbleweed Email Firewall
 CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in
TP-Book ...)
-	TODO: check
+	NOT-FOR-US: TP-Book
 CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote
...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote
...)
@@ -169,23 +172,23 @@
 CVE-2006-3887
 	RESERVED
 CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Shalwan MusicBox
 CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W
...)
-	TODO: check
+	NOT-FOR-US: Check Point Firewall-1
 CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish
...)
-	TODO: check
+	NOT-FOR-US: Gonafish LinksCaffe
 CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish
...)
-	TODO: check
+	NOT-FOR-US: Gonafish LinksCaffe
 CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to
obtain ...)
-	TODO: check
+	NOT-FOR-US: Shalwan MusicBox
 CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox
2.3.4 and ...)
-	TODO: check
+	NOT-FOR-US: Shalwan MusicBox
 CVE-2006-3880 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c
in ...)
 	- libmikmod2 <unfixed> (bug #381379)
 CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs
/etc/init.d/mysql ...)
-	TODO: check
+	NOT-FOR-US: Opsware Network Automation System
 CVE-2006-3877
 	RESERVED
 CVE-2006-3876
@@ -237,11 +240,11 @@
 CVE-2006-3853
 	RESERVED
 CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro
...)
-	TODO: check
+	NOT-FOR-US: Micro GuestBook
 CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4
and ...)
-	TODO: check
+	NOT-FOR-US: X7 Chat
 CVE-2006-3850 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Vanilla CMS
 CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone
Resurrection ...)
 	NOT-FOR-US: Warzone
 CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP
...)
Secure testing commits - Aug 2006 - r4504 - data/CVE

[Secure-testing-commits] r4504 - data/CVE
