thr3ads.net - Secure testing commits - [Secure-testing-commits] r3255

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2006-Jan-10 00:41 UTC
[Secure-testing-commits] r3255 - data/CVE

Author: jmm-guest
Date: 2006-01-10 00:40:55 +0000 (Tue, 10 Jan 2006)
New Revision: 3255

Modified:
   data/CVE/list
Log:
three new kernel issues, two already in the patch tracker
lots of NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-01-10 00:11:42 UTC (rev 3254)
+++ data/CVE/list	2006-01-10 00:40:55 UTC (rev 3255)
@@ -53,98 +53,102 @@
 	NOT-FOR-US: Enhanced Simple PHP Gallery
 CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in
Enhanced ...)
 	NOT-FOR-US: Enhanced Simple PHP Gallery
-begin claimed by jmm
 CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media
...)
-	TODO: check
+	NOT-FOR-US: Boxcar Media Shopping Cart
 CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro
Domus ...)
-	TODO: check
+	NOT-FOR-US: Foro Domus 
 CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular
Merchant ...)
-	TODO: check
+	NOT-FOR-US: Modular Merchant Shopping Cart 
 CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS
allows ...)
-	TODO: check
+	NOT-FOR-US: Timecan CMS 
 CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Timecan CMS 
 CVE-2006-0105
 	RESERVED
 CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: TinyPHPForum
 CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/anyuser.hash
and (2) ...)
-	TODO: check
+	NOT-FOR-US: TinyPHPForum
 CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF)
3.6 and ...)
-	TODO: check
+	NOT-FOR-US: TinyPHPForum
 CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG
0.7.1 ...)
-	TODO: check
+	NOT-FOR-US: sBLOG
 CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow
local ...)
-	TODO: check
+	NOT-FOR-US: NicoFTP
 CVE-2006-0099 (PHP remote file include vulnerability in (1) ...)
-	TODO: check
+	NOT-FOR-US: Valdersoft Shopping Cart
 CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7
and ...)
-	TODO: check
+	NOT-FOR-US: OpenBSD
 CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in
...)
-	TODO: check
+	NOTE: This is probably not-affected as it''s Windows-specific
+	TODO: double-check, if this is really Windows-specific
 CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before
2.4.29 ...)
-	TODO: check
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
+	- kernel-source-2.4.27 2.4.27-8
+	NOTE: sarge 2.6.8 and 2.4.27 are affected, woody is unclear
 CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a
structure ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- kernel-source-2.4.27 <not-affected> (2.4 doesn''t have
dm-crypt)
+	NOTE: 2.6.8 sarge affected, 2.4 kernels not affected
 CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard
1.0 ...)
-	TODO: check
+	NOT-FOR-US: oaBoard
 CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card
ME PHP ...)
-	TODO: check
+	NOT-FOR-US: @Card ME PHP 
 CVE-2006-0092 (SQL injection vulnerability in index.php in SiteSuite CMS allows
...)
-	TODO: check
+	NOT-FOR-US: SiteSuite CMS
 CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in
Open-Xchange ...)
-	TODO: check
+	NOT-FOR-US: Open-Xchange
 CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory
Viewer ...)
-	TODO: check
+	NOT-FOR-US: IDV Directory Viewer
 CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: ESRI ArcPad
 CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1
Alpha ...)
-	TODO: check
+	NOT-FOR-US: inTouch
 CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php
in ...)
-	TODO: check
+	NOT-FOR-US: Lizard Cart
 CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next
Generation ...)
-	TODO: check
+	NOT-FOR-US: Next Generation Image Gallery 
 CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Nkads
 CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0
and ...)
-	TODO: check
+	NOT-FOR-US: raSMP
 CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel
before ...)
-	TODO: check
+	NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms
 CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign
SupportTrio ...)
-	TODO: check
+	NOT-FOR-US: ActiveCampaign SupportTrio
 CVE-2005-4633 (SQL injection vulnerability in index.php in phpoutsourcing Zorum
Forum ...)
-	TODO: check
+	NOT-FOR-US: phpoutsourcing Zorum Forum 
 CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0
and ...)
-	TODO: check
+	NOT-FOR-US: Vote!Pro
 CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Zina
 CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3
allows ...)
-	TODO: check
+	NOT-FOR-US: ClientExec
 CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: SMBCMS
 CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38
and ...)
-	TODO: check
+	NOT-FOR-US: HelpDeskPoint
 CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1)
GmailSite ...)
-	TODO: check
+	NOT-FOR-US: GmailSite 
 CVE-2005-4626 (The default configuration of Recruitment Software installs ...)
-	TODO: check
+	NOT-FOR-US: Recruitment Software 
 CVE-2005-4625 (Drivers for certain display adapters, including (1) an
unspecified ATI ...)
-	TODO: check
+	NOT-FOR-US: Strange Windows drivers
 CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6
allows ...)
-	TODO: check
+	NOT-FOR-US: PTnet ircd
 CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a
denial ...)
-	TODO: check
+	NOT-FOR-US: eFileGo
 CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote
...)
-	TODO: check
+	NOT-FOR-US: eFileGo
 CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page
in ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to
...)
-	TODO: check
+	NOT-FOR-US: WinRAR
 CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum
Forum ...)
-	TODO: check
+	NOT-FOR-US: phpoutsourcing Zorum Forum 
 CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15
allows ...)
-	TODO: check
-end claimed by jmm
+	- linux-2.6 <unfixed>
+	NOTE: Added patch tracker template
 CVE-2006-0083 [smstools logging format string issue]
 	RESERVED
 	{DSA-930-1}
Secure testing commits - Jan 2006 - r3255 - data/CVE

[Secure-testing-commits] r3255 - data/CVE
