thr3ads.net - Secure testing commits - [Secure-testing-commits] r4634

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Aug-26 20:25 UTC
[Secure-testing-commits] r4634 - data/CVE

Author: stef-guest
Date: 2006-08-26 20:24:40 +0000 (Sat, 26 Aug 2006)
New Revision: 4634

Modified:
   data/CVE/list
Log:
- CVE-2006-422[67]: new mysql issues (low)
- CVE-2006-4208: new wordpress issue (low)
- CVE-2005-480[78]: binutils issues already fixed in etch/sid (low)
- tikiwiki bugnum
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-26 19:30:47 UTC (rev 4633)
+++ data/CVE/list	2006-08-26 20:24:40 UTC (rev 4634)
@@ -62,8 +62,7 @@
 CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0
and ...)
 	TODO: check
 CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php
in ...)
-	- tikiwiki <unfixed> (low)
-	TODO: file bug
+	- tikiwiki <unfixed> (low; bug #384796)
 CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in
...)
 	TODO: check
 CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce
2.2 ...)
@@ -197,21 +196,22 @@
 CVE-2006-4234 (PHP remote file inclusion vulnerability in
classes/query.class.php in ...)
 	TODO: check
 CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow
local ...)
-	TODO: check
+	NOT-FOR-US: Globus Toolkit
 CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit
3.2.x, ...)
-	TODO: check
+	NOT-FOR-US: Globus Toolkit
 CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a
...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php
in ...)
-	TODO: check
+	NOT-FOR-US: Lizge Web Portal
 CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the
...)
-	TODO: check
+	NOT-FOR-US: mosListMessenger Component (com_lm) for Mambo and Joomla!
 CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0
before ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of
suid ...)
-	TODO: check
+	- mysql-dfsg-5.0 <unfixed> (low; bug #384798)
 CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12,
when ...)
-	TODO: check
+	- mysql-dfsg-5.0 <unfixed> (low; bug #384798)
+	- mysql-dfsg <unfixed> (low)
 CVE-2006-4225 (Multiple SQL injection vulnerabilities in war.php in Virtual War
...)
 	NOT-FOR-US: Virtual War
 CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in
Virtual ...)
@@ -231,62 +231,62 @@
 CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: WEBInsta CMS
 CVE-2006-4216 (PHP remote file inclusion vulnerability in Chaussette 080706 and
...)
-	TODO: check
+	NOT-FOR-US: Chaussette
 CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart
...)
 	NOT-FOR-US: Zen Cart
 CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and
earlier ...)
 	NOT-FOR-US: Zen Cart
 CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David
Kent ...)
-	TODO: check
+	NOT-FOR-US: Thatware
 CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl
Intranet ...)
-	TODO: check
+	NOT-FOR-US: Owl Intranet Engine
 CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris
Vincent Owl ...)
-	TODO: check
+	NOT-FOR-US: Owl Intranet Engine
 CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when
...)
-	TODO: check
+	NOT-FOR-US: phPay
 CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in
WEBInsta ...)
 	NOT-FOR-US: WEBInsta Mailing List Manager
 CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy
...)
-	TODO: check
+	- wordpress <unfixed> (low; bug filed)
 CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell
...)
-	TODO: check
+	NOT-FOR-US: Discloser
 CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
-	TODO: check
+	NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition 
 CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in
WebDynamite ...)
-	TODO: check
+	NOT-FOR-US: WebDynamite ProjectButler
 CVE-2006-4204 (Multile PHP remote file inclusion vulnerabilities in PHProjekt
5.1 and ...)
-	TODO: check
+	NOT-FOR-US: PHProjekt
 CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the
MMP ...)
-	TODO: check
+	NOT-FOR-US: MMP Component (com_mmp) for Mambo
 CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog
Script ...)
-	TODO: check
+	NOT-FOR-US: Spidey Blog Script
 CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager
in HP ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView Storage Data Protector
 CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows
...)
-	TODO: check
+	NOT-FOR-US: 04WebServer
 CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer
1.83 ...)
-	TODO: check
+	NOT-FOR-US: 04WebServer
 CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php
in ...)
-	TODO: check
+	NOT-FOR-US: Wheatblog
 CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or
...)
 	- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
 	- libmusicbrainz-2.0 <unfixed> (medium; bug #383031)
 CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta
CMS ...)
 	NOT-FOR-US: WEBInsta CMS
 CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php
in the ...)
-	TODO: check
+	NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook)
 CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as
(gas) ...)
-	TODO: check
+	- binutils 2.17-1 (low)
 CVE-2005-4807 (Stack-based buffer overflow in messages.c in the GNU as (gas)
...)
-	TODO: check
+	- binutils 2.17-1 (low)
 CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access
...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to
cause a ...)
-	TODO: check
+	NOT-FOR-US: 04WebServer
 CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file
names, ...)
-	TODO: check
+	NOT-FOR-US: 04WebServer
 CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL
...)
-	TODO: check
+	NOT-FOR-US: 04WebServer
 CVE-2006-XXXX [multiple issues fixed by php 4.4.4 and 5.1.5]
 	- php4 <unfixed> (medium)
 	- php5 <unfixed> (medium)
@@ -2642,7 +2642,7 @@
 	- mozilla <not-affected> (SunSolve claims it is only in 3.11; latest
released is 3.10)
 CVE-2006-3126 [unspecivied vulnerability in capi4hylafax in mgetty mode]
 	RESERVED
-	-  capi4hylafax 1:01.03.00.99.svn.300-3
+	- capi4hylafax 1:01.03.00.99.svn.300-3
 	TODO: check
 CVE-2006-3125
 	RESERVED
Secure testing commits - Aug 2006 - r4634 - data/CVE

[Secure-testing-commits] r4634 - data/CVE
