Author: stef-guest Date: 2006-08-10 18:11:14 +0000 (Thu, 10 Aug 2006) New Revision: 4549 Modified: data/CVE/list Log: - new ruby on rails issue fixed (medium) - xulrunner fixed - knowledgeroot had all problems fixed before first upload - snort fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-08-10 09:14:48 UTC (rev 4548) +++ data/CVE/list 2006-08-10 18:11:14 UTC (rev 4549) @@ -1,3 +1,5 @@ +CVE-2006-XXXX [unspecified vulnerability in ruby on rails] + - rails 1.1.5-1 (bug #382255; medium) CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...) TODO: check CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...) @@ -551,7 +553,7 @@ CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) NOTE: MFSA-2006-56 - mozilla <unfixed> (medium) - - xulrunner <unfixed> (medium) + - xulrunner 1.8.0.5-1 (medium) - mozilla-firefox <removed> (medium) - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird <unfixed> (unimportant) @@ -559,7 +561,7 @@ CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...) NOTE: MFSA-2006-55 - mozilla <unfixed> (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.5-1 (high) - mozilla-firefox <removed> (high) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird <unfixed> (medium) @@ -567,7 +569,7 @@ CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...) NOTE: MFSA-2006-54 - mozilla <not-affected> (mozilla 1.7 not affected) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.5-1 (high) - mozilla-firefox <not-affected> (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird <unfixed> (medium) @@ -575,7 +577,7 @@ CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) NOTE: MFSA-2006-53 - mozilla <unfixed> (medium) - - xulrunner <unfixed> (medium) + - xulrunner 1.8.0.5-1 (medium) - mozilla-firefox <removed> (medium) - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird <unfixed> (medium) @@ -583,13 +585,13 @@ CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...) NOTE: MFSA-2006-52 - mozilla <unfixed> (medium) - - xulrunner <unfixed> (medium) + - xulrunner 1.8.0.5-1 (medium) - mozilla-firefox <removed> (medium) - firefox 1.5.dfsg+1.5.0.5-1 (medium) CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) NOTE: MFSA-2006-51 - mozilla <unfixed> (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.5-1 (high) - mozilla-firefox <removed> (high) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird <unfixed> (medium) @@ -597,7 +599,7 @@ CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...) NOTE: MFSA-2006-50 - mozilla <unfixed> (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.5-1 (high) - mozilla-firefox <removed> (high) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird <unfixed> (medium) @@ -605,7 +607,7 @@ CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...) NOTE: MFSA-2006-50 - mozilla <unfixed> (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.5-1 (high) - mozilla-firefox <removed> (high) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird <unfixed> (medium) @@ -618,7 +620,7 @@ CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...) NOTE: MFSA-2006-48 - mozilla <not-affected> (mozilla 1.7 not affected) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.5-1 (high) - mozilla-firefox <not-affected> (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird <unfixed> (medium) @@ -626,7 +628,7 @@ CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) NOTE: MFSA-2006-47 - mozilla <not-affected> (mozilla 1.7 not affected) - - xulrunner <unfixed> (medium) + - xulrunner 1.8.0.5-1 (medium) - mozilla-firefox <not-affected> (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (medium) - thunderbird <unfixed> (medium) @@ -637,7 +639,7 @@ - mozilla-thunderbird <not-affected> (only firefox >= 1.5) - mozilla <not-affected> (mozilla 1.7 not affected) - firefox 1.5.dfsg+1.5.0.5-1 (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.5-1 (high) - thunderbird <unfixed> (medium) CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...) NOT-FOR-US: AFCommerce @@ -909,7 +911,7 @@ CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...) NOTE: MFSA-2006-45 - mozilla <not-affected> (mozilla 1.7 not affected) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.5-1 (high) - mozilla-firefox <not-affected> (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird <not-affected> @@ -1078,7 +1080,8 @@ CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH ...) NOT-FOR-US: FlexWATCH Network Camera CVE-2006-3602 (Directory traversal vulnerability in ...) - TODO: check wordpress, moodle, knowledgeroot + TODO: check wordpress, moodle + - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) CVE-2006-3601 (** UNVERIFIABLE ** ...) NOT-FOR-US: DotNetNuke CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup ...) @@ -1578,7 +1581,7 @@ CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...) NOT-FOR-US: Glossaire for Xoops CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager, as used ...) - - knowledgeroot <unfixed> (bug #381912) + - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...) NOT-FOR-US: Stud.IP CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...) @@ -2109,7 +2112,7 @@ CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) NOTE: MFSA-2006-46 - mozilla <not-affected> (mozilla 1.7 not affected) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.5-1 (high) - mozilla-firefox <not-affected> (only firefox >= 1.5) - firefox 1.5.dfsg+1.5.0.5-1 (high) - thunderbird <unfixed> (medium) @@ -2952,7 +2955,7 @@ CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...) NOT-FOR-US: pppBLOG CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...) - - snort <unfixed> (low; bug #381726) + - snort 2.3.3-8 (low; bug #381726) CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...) NOT-FOR-US: METAjour CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...) @@ -3486,7 +3489,7 @@ CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...) NOT-FOR-US: Snitz mod CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...) - TODO: check knowledgeroot + - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in ...) NOT-FOR-US: phpBazar CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...) @@ -7364,7 +7367,7 @@ CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an ...) NOT-FOR-US: CubeCart CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in ...) - TODO: check knowledgeroot + - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server''s FTP ...) NOT-FOR-US: Oi! Email Marketing System CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! ...) @@ -7985,7 +7988,7 @@ CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and ...) NOT-FOR-US: Runcms CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 ...) - TODO: check knowledgeroot + - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event ...) NOT-FOR-US: Softcomplex CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 ...) @@ -9635,9 +9638,11 @@ CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before ...) NOT-FOR-US: MyBB CVE-2005-4600 (tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote ...) - TODO: check wordpress, moodle, knowledgeroot + TODO: check wordpress, moodle + - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in ...) - TODO: check wordpress, moodle, knowledgeroot + TODO: check wordpress, moodle + - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp ...) NOT-FOR-US: OoApp Guestbook CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...) @@ -10793,10 +10798,8 @@ NOT-FOR-US: Apache James CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...) NOT-FOR-US: DoceboLMS - TODO: check knowledgeroot CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...) NOT-FOR-US: DoceboLMS - TODO: check knowledgeroot CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence R56, ...) NOT-FOR-US: Check Point CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple ...) @@ -23078,8 +23081,7 @@ CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...) - phpbb2 2.0.13-1 CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...) - NOT-FOR-US: FCKeditor - TODO: check knowledgeroot + - knowledgeroot <not-affected> (fixed before first upload; see bug #381912) CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...) NOT-FOR-US: Cisco CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)