Author: alec-guest Date: 2006-07-08 02:16:33 +0000 (Sat, 08 Jul 2006) New Revision: 4351 Modified: data/CVE/list Log: * CVE-2006-3334 (libpng): high DoS/buffer-overflow-to-code-execution * CVE-2006-3325, CVE-2006-3324 (quake3): itp, contrib * CVE-2006-3320 (sitebar): low XSS Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-07-08 02:13:00 UTC (rev 4350) +++ data/CVE/list 2006-07-08 02:16:33 UTC (rev 4351) @@ -35,7 +35,7 @@ CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...) NOT-FOR-US: HP-UX CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...) - TODO: check + - libpng <unfixed> (bug filed; high) CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...) NOT-FOR-US: Zorum Forum CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...) @@ -53,9 +53,9 @@ CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote ...) NOT-FOR-US: QuickZip CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...) - TODO: check + - quake3 <itp> (bug #337937) CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...) - TODO: check + - quake3 <itp> (bug #337937) CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...) NOT-FOR-US: MF Piadas CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...) @@ -63,7 +63,7 @@ CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...) NOT-FOR-US: OpenForum CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...) - TODO: check + - sitebar <unfixed> (bug filed; low) CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...) TODO: check CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...)