thr3ads.net - Secure testing commits - [Secure-testing-commits] r4535

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Aug-09 16:24 UTC
[Secure-testing-commits] r4535 - data/CVE

Author: stef-guest
Date: 2006-08-09 16:23:25 +0000 (Wed, 09 Aug 2006)
New Revision: 4535

Modified:
   data/CVE/list
Log:
- CVE-2006-4024: festalon not-affected
- CVE-2006-3990: savant2 is included in egroupware (medium)
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-09 15:45:50 UTC (rev 4534)
+++ data/CVE/list	2006-08-09 16:23:25 UTC (rev 4535)
@@ -1,13 +1,13 @@
 CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3
allows ...)
-	TODO: check
+	NOT-FOR-US: SAPID CMS
 CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and
...)
-	TODO: check
+	NOT-FOR-US: XennoBB
 CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0
through ...)
-	TODO: check
+	- festalon <not-affected> (vuln. code introduced in 0.5.0)
 CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly
validate ...)
 	TODO: check
 CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before
...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2006-4021
 	RESERVED
 CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows
...)
@@ -19,7 +19,7 @@
 CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in
Inter ...)
 	TODO: check
 CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in
toendaCMS ...)
-	TODO: check
+	NOT-FOR-US: toendaCMS
 CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl
switches with ...)
 	NOT-FOR-US: Hewlett-Packard
 CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the
Control ...)
@@ -27,7 +27,7 @@
 CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec
Brightmail ...)
 	NOT-FOR-US: Symantec
 CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS
SaveWeb ...)
-	TODO: check
+	NOT-FOR-US: circeOS SaveWeb
 CVE-2006-4011 (PHP remote file inclusion vulnerability in ...)
 	TODO: check
 CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar)
1.5.0 and ...)
@@ -55,23 +55,23 @@
 CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly
earlier ...)
 	NOT-FOR-US: ISS BlackICE
 CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster
(aka ...)
-	TODO: check
+	NOT-FOR-US: WoWRoster
 CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in
WoWRoster ...)
-	TODO: check
+	NOT-FOR-US: WoWRoster
 CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1
and ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
-	TODO: check
+	NOT-FOR-US:  UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo
 CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in
...)
-	TODO: check
+	NOT-FOR-US: XMB (aka extreme message board)
 CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf
...)
-	TODO: check
+	NOT-FOR-US: The Search Engine Project
 CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2)
...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad
Vostrykh ...)
-	TODO: check
+	NOT-FOR-US: Voodoo chat
 CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M.
Jones ...)
-	TODO: check
+	- egroupware <unfixed> (bug filed; medium)
 CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
 	NOT-FOR-US: Knusperleicht
 CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
@@ -109,7 +109,7 @@
 CVE-2006-3972 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: Ajax Chat
 CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Ajax Chat
 CVE-2006-XXXX [unspecified security issues in steam]
 	- steam 2.2.16-1
 CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
@@ -338,25 +338,25 @@
 CVE-2006-3863
 	RESERVED
 CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5
through ...)
-	TODO: check
+	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00
before ...)
-	TODO: check
+	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2006-3860
 	RESERVED
 CVE-2006-3859
 	RESERVED
 CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00
before ...)
-	TODO: check
+	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS)
before ...)
-	TODO: check
+	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00
before ...)
-	TODO: check
+	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2006-3855 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
allows ...)
-	TODO: check
+	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2006-3854
 	RESERVED
 CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before
9.40.TC7 ...)
-	TODO: check
+	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro
...)
 	NOT-FOR-US: Micro GuestBook
 CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4
and ...)
@@ -621,17 +621,17 @@
 CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site
allows ...)
 	TODO: check
 CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Touch Control ActiveX control
 CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in
inc/function_post.php in ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka
MyBulletinBoard) ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4,
related ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka
MyBulletinBoard) ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain
...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and
...)
 	TODO: check
 CVE-2006-3755 (PHP remote file inclusion vulnerability in ...)
Secure testing commits - Aug 2006 - r4535 - data/CVE

[Secure-testing-commits] r4535 - data/CVE
