thr3ads.net - Secure testing commits - [Secure-testing-commits] r3997

If this information is useful, please help other people find it:
Share via:

Stefan Fritsch

2006-May-20 09:34 UTC

[Secure-testing-commits] r3997 - data/CVE

Author: stef-guest
Date: 2006-05-20 09:34:12 +0000 (Sat, 20 May 2006)
New Revision: 3997

Modified:
   data/CVE/list
Log:
vnc issue is not in sarge and now has a CVE

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-05-20 09:14:23 UTC (rev 3996)
+++ data/CVE/list	2006-05-20 09:34:12 UTC (rev 3997)
@@ -242,7 +242,8 @@
 CVE-2006-2370
 	RESERVED
 CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as
AdderLink ...)
-	TODO: check
+	- vnc4 4.1.1+X4.3.0-10 (high)
+	[sarge] - vnc4 <not-affected> (vuln not in 4.0)
 CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys
(aka ...)
 	TODO: check
 CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys
(aka ...)
@@ -276,10 +277,6 @@
 	TODO: check
 CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet
Another PHP ...)
 	TODO: check
-CVE-2006-XXXX [vnc server authentication bypass]
-	- vnc4 4.1.1+X4.3.0-10 (high)
-	NOTE: mail to bugtraq implies 4.0 is not vulnerable
-	TODO: sarge needs to be checked
 CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various
scripts ...)
 	NOT-FOR-US: Web Labs CMS
 CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006
...)

Secure testing commits - May 2006 - r3997 - data/CVE

[Secure-testing-commits] r3997 - data/CVE