thr3ads.net - Secure testing commits - [Secure-testing-commits] r4604

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Aug-20 09:36 UTC
[Secure-testing-commits] r4604 - data/CVE

Author: stef-guest
Date: 2006-08-20 09:35:24 +0000 (Sun, 20 Aug 2006)
New Revision: 4604

Modified:
   data/CVE/list
Log:
- new php issues
- new gallery2 issue fixed
- new mysql issue fixed
- mambo fixed (experimental)
- more NFUs



Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-20 08:56:39 UTC (rev 4603)
+++ data/CVE/list	2006-08-20 09:35:24 UTC (rev 4604)
@@ -1,3 +1,11 @@
+CVE-2006-XXXX [multiple issues fixed by php 4.4.4 and 5.1.5]
+	- php4 <unfixed> (medium)
+	- php5 <unfixed> (medium)
+CVE-2006-XXXX [gallery2 session ID disclosure]
+	- gallery2 2.1.2-1
+CVE-2006-XXXX [insecure filehandling in mysql_upgrade]
+	- mysql-dfsg-5.0 5.0.24-1
+	TODO: check 4.x
 CVE-2006-4194 (** DISPUTED ** ...)
 	NOT-FOR-US: Cisco
 CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions
allows ...)
@@ -201,47 +209,47 @@
 CVE-2006-4093
 	RESERVED
 CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a
user''s actions to ...)
-	TODO: check
+	NOT-FOR-US: Simpliciti Locked Browser
 CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel
...)
-	TODO: check
+	NOT-FOR-US: Archangel Weblog 
 CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster
2.2 ...)
-	TODO: check
+	NOT-FOR-US: Webligo BlogHoster
 CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76
and ...)
 	- alsaplayer <unfixed> (medium; bug #382842)
 CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in
CivicSpace ...)
-	TODO: check
+	NOT-FOR-US: CivicSpace
 CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
-	TODO: check
+	NOT-FOR-US: mojoGallery
 CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine
Aquino ...)
-	TODO: check
+	NOT-FOR-US: Online Zone Journals (OZJournals)
 CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The
Search ...)
-	TODO: check
+	NOT-FOR-US: The Search Engine Project (TSEP)
 CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before
3.2.4 ...)
-	TODO: check
+	NOT-FOR-US: phpAutoMembersArea (phpAMA)
 CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in
myWebland ...)
-	TODO: check
+	NOT-FOR-US: myEvent
 CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a
...)
-	TODO: check
+	NOT-FOR-US: Barracuda Spam Firewall
 CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001
through ...)
-	TODO: check
+	NOT-FOR-US: Barracuda Spam Firewall
 CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include
the MD5 ...)
-	TODO: check
+	NOT-FOR-US: DeluxeBB
 CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in
DeluxeBB ...)
-	TODO: check
+	NOT-FOR-US: DeluxeBB
 CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly
earlier, ...)
-	TODO: check
+	NOT-FOR-US: DeluxeBB
 CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in
Vincenzo ...)
-	TODO: check
+	NOT-FOR-US: Comet WebFileManager
 CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim
Fleischhauer ...)
-	TODO: check
+	NOT-FOR-US: docpile: wim''s edition
 CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim
Fleischhauer ...)
-	TODO: check
+	NOT-FOR-US: docpile: wim''s edition
 CVE-2006-4074 (PHP remote file inclusion vulnerability in
lib/tpl/default/main.php in ...)
-	TODO: check
+	NOT-FOR-US: JD-Wiki Component (com_jd-wiki) for Joomla!
 CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian
Hainz ...)
-	TODO: check
+	NOT-FOR-US: phpCC
 CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0
LCID 2048 ...)
-	TODO: check
+	NOT-FOR-US: Club-Nuke [XP]
 CVE-2006-XXXX [X PCF Integer Overflow Vulnerability]
 	- libxfont 1:1.2.0-2 (medium; bug #383353)
 	[sarge] - xfree86 <unfixed> (medium)
@@ -2062,9 +2070,9 @@
 CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo
...)
 	NOT-FOR-US: Namo DeepSearch
 CVE-2006-3263 (SQL injection vulnerability in the Weblinks module
(weblinks.php) in ...)
-	- mambo <unfixed> (medium)
+	- mambo 4.5.3h-2 (medium)
 CVE-2006-3262 (SQL injection vulnerability in the Weblinks module
(weblinks.php) in ...)
-	- mambo <unfixed> (medium)
+	- mambo 4.5.3h-2 (medium)
 CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control
...)
 	NOT-FOR-US: Trend Micro Control Manager
 CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook
1.02 ...)
Secure testing commits - Aug 2006 - r4604 - data/CVE

[Secure-testing-commits] r4604 - data/CVE
