Secure testing commits - Apr 2006 - r3748 - data/CVE

Author: jmm-guest
Date: 2006-04-04 15:50:13 +0000 (Tue, 04 Apr 2006)
New Revision: 3748

Modified:
   data/CVE/list
Log:
new acidbase issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-04-04 15:38:09 UTC (rev 3747)
+++ data/CVE/list	2006-04-04 15:50:13 UTC (rev 3748)
@@ -191,46 +191,45 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2
ntdll.dll ...)
 	NOT-FOR-US: Microsoft
-begin claimed by jmm
 CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before
20060326 ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH
Software ...)
-	TODO: check
+	NOT-FOR-US: MH Software Connect Daily Web Calendar
 CVE-2006-1507 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows
...)
-	TODO: check
+	NOT-FOR-US: PHPKIT
 CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid
Engine ...)
-	TODO: check
+	NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3
 CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine
(BASE) ...)
-	TODO: check
+	- acidbase <unfixed>
 CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab
Portal 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Arab Portal
 CVE-2006-1503 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Virtual Wa
 CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote
...)
-	TODO: check
+	NOT-FOR-US: MPlayer 
+	NOTE: I can''t find the vulnerable code in xine-lib
 CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0
allows ...)
-	TODO: check
+	NOT-FOR-US: OneOrZero
 CVE-2006-1500 (SQL injection vulnerability in index.php in Tilde CMS 3.0 allows
...)
-	TODO: check
+	NOT-FOR-US: Tilde CMS 3.0
 CVE-2006-1499 (SQL injection vulnerability in vCounter.php in vCounter 1.0
allows ...)
-	TODO: check
+	NOT-FOR-US: vCounter
 CVE-2006-1497 (Directory traversal vulnerability in index.php in ViHor Design
allows ...)
-	TODO: check
+	NOT-FOR-US: ViHor Design
 CVE-2006-1496 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
-	TODO: check
+	NOT-FOR-US: ViHor Design
 CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1)
...)
-	TODO: check
+	NOT-FOR-US: PHPCollab / NetOffice
 CVE-2006-1494
 	RESERVED
 CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer
XP ...)
-	TODO: check
+	NOT-FOR-US: Explorer XP
 CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP
allows ...)
-	TODO: check
+	NOT-FOR-US: Explorer XP
 CVE-2006-1489 (Multiple SQL injection vulnerabilities in FusionZONE CouponZONE
...)
-	TODO: check
+	NOT-FOR-US: FusionZONE CouponZONE
 CVE-2005-4748 (PHP remote file include vulnerability in functions_admin.php in
...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: Virtual War
 CVE-2006-XXXX [unixodbc rpath set to /home]
 	- unixodbc 2.2.11-11 (bug #358142; low)
 	[sarge] - unixodbc <not-affected> (rpath not set to /home in Sarge)