thr3ads.net - Secure testing commits - [Secure-testing-commits] r3891

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Apr-29 07:20 UTC
[Secure-testing-commits] r3891 - data/CVE

Author: stef-guest
Date: 2006-04-29 07:19:39 +0000 (Sat, 29 Apr 2006)
New Revision: 3891

Modified:
   data/CVE/list
Log:
new phpldapadmin issue
php bugnums
safari issues don''t affect konqueror in sid
some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-04-29 06:42:18 UTC (rev 3890)
+++ data/CVE/list	2006-04-29 07:19:39 UTC (rev 3891)
@@ -1,90 +1,93 @@
 CVE-2006-XXXX [librsvg2 crash on certain svg files]
 	- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
-begin claimed by stef-guest
 CVE-2006-2018 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of
service ...)
 	- dnsmasq 2.30-1 (medium)
 CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in
phpLDAPadmin ...)
-	TODO: check
+	- phpldapadmin <unfixed> (bug #365313; low)
+	- egroupware <unfixed> (bug #365314; low)
 CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: SL_site
 CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0
...)
-	TODO: check
+	NOT-FOR-US: SL_site
 CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: SL_site
 CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows
...)
-	TODO: check
+	NOT-FOR-US: Skulltag
 CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in
4images 1.7 ...)
-	TODO: check
+	NOT-FOR-US: 4images
 CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in
Bloggage ...)
-	TODO: check
+	NOT-FOR-US: Bloggage
 CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in
phpMyAgenda ...)
-	TODO: check
+	NOT-FOR-US: phpMyAgenda
 CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in
Built2Go ...)
-	TODO: check
+	NOT-FOR-US: Built2Go
 CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Winny
 CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver
3.5 ...)
-	TODO: check
+	NOT-FOR-US: IZArc Archiver 
 CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: ClanSys
 CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: RI Blog
 CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in
Community ...)
-	TODO: check
+	NOT-FOR-US: Community Architect Guestbook
 CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in
MyGamingLadder ...)
-	TODO: check
+	NOT-FOR-US: MyGamingLadder
 CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry
Gallery ...)
-	TODO: check
+	NOT-FOR-US: Scry Gallery
 CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in
logMethods ...)
-	TODO: check
+	NOT-FOR-US: logMethods
 CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to
cause ...)
-	TODO: check
+	NOT-FOR-US: OpenTTD
 CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial
of ...)
-	TODO: check
+	NOT-FOR-US: OpenTTD
 CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere before 7.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Sybase Pylon Anywhere
 CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive
...)
-	TODO: check
+	NOT-FOR-US: Scry Gallery
 CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery
1.1 ...)
-	TODO: check
+	NOT-FOR-US: Scry Gallery
 CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: dForum
 CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet
Explorer, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-1991 (The substr_compare function in string.c in PHP 4.4.2 and 5.1.2
allows ...)
-	- php4 <unfixed> (bug filed; medium)
-	- php5 <unfixed> (bug filed; medium)
+	- php4 <unfixed> (bug #365311; medium)
+	- php5 <unfixed> (bug #365312; medium)
 CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP
4.4.2 and ...)
-	- php4 <unfixed> (bug filed; medium)
-	- php5 <unfixed> (bug filed; medium)
+	- php4 <unfixed> (bug #365311; medium)
+	- php5 <unfixed> (bug #365312; medium)
 CVE-2006-1989
 	RESERVED
 CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry:
function ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
+	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
 CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of
...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
+	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
 CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of
...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
+	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
 CVE-2006-1985 (Heap-based buffer overflow in BOMArchiveHelper 10.4 (6.3) Build
312, ...)
-	TODO: check
+	NOT-FOR-US: BOMArchiveHelper
 CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in
Mac OS X ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in
Mac OS X ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X
10.4.5 may ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking
allows ...)
-	TODO: check
+	NOT-FOR-US: W2B Online Banking
 CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic
Web ...)
-	TODO: check
+	NOT-FOR-US: Manic Web MWGuest
 CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and
...)
-	TODO: check
+	NOT-FOR-US: FlexBB
 CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA
and ...)
-	TODO: check
+	NOT-FOR-US: FlexBB
 CVE-2006-1993 (Mozilla Firefox 1.5.0.2 allows remote attackers to cause a
denial of ...)
 	- firefox 1.5.dfsg+1.5.0.2-2
 	[sarge] - mozilla-firefox <not-affected>
@@ -92,7 +95,6 @@
 	- typo3-src <unfixed> (bug #364350)
 CVE-2006-XXXX [moinmoin XSS]
 	- moin 1.5.3-1
-end claimed by stef-guest
 CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in
Prayer ...)
 	NOT-FOR-US: Prayer Request Board
 CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in
guestbook_newentry.php in ...)
Secure testing commits - Apr 2006 - r3891 - data/CVE

[Secure-testing-commits] r3891 - data/CVE
