Author: stef-guest Date: 2006-04-19 16:01:23 +0000 (Wed, 19 Apr 2006) New Revision: 3829 Modified: data/CVE/list Log: new phpmyadmin issue old mambo issue old wordpress issue mozilla issue already fixed some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-04-19 14:49:13 UTC (rev 3828) +++ data/CVE/list 2006-04-19 16:01:23 UTC (rev 3829) @@ -1,81 +1,81 @@ -claimed by stef-guest CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery ...) - TODO: check + NOT-FOR-US: Snipe Gallery CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in phpLinks ...) - TODO: check + NOT-FOR-US: phpLinks CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: PhpGuestbook CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier ...) - TODO: check + NOT-FOR-US: FarsiNews CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in FarsiNews ...) - TODO: check + NOT-FOR-US: FarsiNews CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1 allows ...) - TODO: check + NOT-FOR-US: ModX CMS CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 ...) - TODO: check + NOT-FOR-US: ModX CMS CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in ...) - TODO: check + NOT-FOR-US: phpWebSite CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...) - TODO: check + NOT-FOR-US: warforge.NEWS CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, ...) - TODO: check + NOT-FOR-US: warforge.NEWS CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and ...) - TODO: check + NOT-FOR-US: VBulletin CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) - TODO: check + NOT-FOR-US: Tritanium Bulletin Board CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of ...) - TODO: check + NOT-FOR-US: NetBSD kernel CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2 and ...) - TODO: check + NOT-FOR-US: phpWebFTP CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web document root ...) - TODO: check + NOT-FOR-US: phpWebFTP CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow ...) - TODO: check + NOT-FOR-US: FlexBB CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 ...) - TODO: check + NOT-FOR-US: FlexBB CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Lifetype CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in Lifetype ...) - TODO: check + NOT-FOR-US: Lifetype CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 ...) - TODO: check + NOT-FOR-US: Musicbox CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in Musicbox ...) - TODO: check + NOT-FOR-US: Musicbox CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allows ...) - TODO: check + NOT-FOR-US: PowerClan CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows ...) - TODO: check + - phpmyadmin <unfixed> (bug #363519; low) CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin ...) - TODO: check + - phpmyadmin <unfixed> (bug #363519; low) CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in ...) - TODO: check + NOT-FOR-US: TinyWebGallery CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in planetsearchplus.php in ...) - TODO: check + NOT-FOR-US: planetSearch+ CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 ...) - TODO: check + NOT-FOR-US: SimpleBBS CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: Censtore CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote ...) - TODO: check + NOT-FOR-US: RateIt CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows local ...) - TODO: check + NOT-FOR-US: NetBSD kernel CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links ...) - TODO: check + - wordpress 2.0.1 (bug #328909) CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI ...) - TODO: check + NOT-FOR-US: UPDI Network Enterprise CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly ...) - TODO: check + NOTE: only in experimental + - mambo <unfixed> (bug #354468) CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier allows ...) - TODO: check + NOT-FOR-US: runCMS CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard ...) - TODO: check + NOT-FOR-US: MailEnable CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4 ...) - TODO: check + NOT-FOR-US: QuickBlogger CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to ...) - TODO: check + - firefox 1.5 + - mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5) CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...) - TODO: check -end claimed by stef-guest + NOT-FOR-US: QuickBlogger CVE-2006-XXXX [two amaya buffer overflows] - amaya <unfixed> (bug #362575) CVE-2006-XXXX [kphone stores SIP passwords in world readable files] @@ -571,9 +571,9 @@ CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before 1.1.5.22 ...) NOT-FOR-US: KGB Archiver CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in SQuery ...) - TODO: check + NOT-FOR-US: SQuery / Autonomous LAN party CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, ...) - TODO: check + NOT-FOR-US: Hitachi XFIT CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...) - php4 <unfixed> (bug #361856) - php5 <unfixed> (bug #361915)