Author: jmm-guest Date: 2006-04-11 14:48:56 +0000 (Tue, 11 Apr 2006) New Revision: 3786 Modified: data/CVE/list Log: four new php issues new fbi issue new cyrus-sasl2 issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-04-11 11:43:51 UTC (rev 3785) +++ data/CVE/list 2006-04-11 14:48:56 UTC (rev 3786) @@ -1,3 +1,7 @@ +CVE-2006-XXXX [Insecure temp files in fbgs] + - fbi <unfixed> (bug #361370) +CVE-2006-XXXX [Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service] + - cyrus-sasl2 <unfixed> (bug #361937) CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery ...) TODO: check CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...) @@ -143,7 +147,8 @@ CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, ...) TODO: check CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...) - TODO: check + - php4 <unfixed> (bug #361856) + - php5 <unfixed> (bug #361915) CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...) TODO: check CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before ...) @@ -279,8 +284,10 @@ NOT-FOR-US: Apple CVE-2006-1551 RESERVED -CVE-2006-1549 +CVE-2006-1549 [function *() php/apache Crash] RESERVED + - php4 <unfixed> (bug #361854) + - php5 <unfixed> (bug #361917) CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) @@ -427,7 +434,8 @@ CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) ...) NOT-FOR-US: PHPCollab / NetOffice CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...) - TODO: check + - php4 <unfixed> (bug #361855) + - php5 <unfixed> (bug #361916) CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...) NOT-FOR-US: Explorer XP CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows ...) @@ -1541,7 +1549,8 @@ CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...) NOT-FOR-US: Novell CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...) - TODO: check + - php4 <unfixed> (bug #361853) + - php5 <unfixed> (bug #361914) CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...) NOT-FOR-US: EMC Dantz Retrospect CVE-2006-0994