Author: jmm-guest Date: 2006-02-08 10:01:22 +0000 (Wed, 08 Feb 2006) New Revision: 3444 Modified: data/CVE/list Log: two elog issues fixed since some time lots of NFUs four provisional placeholders for requested elog CVEs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-08 09:14:21 UTC (rev 3443) +++ data/CVE/list 2006-02-08 10:01:22 UTC (rev 3444) @@ -1,3 +1,11 @@ +CVE-2006-XXXX [elog: buffer overflow in write_logfile] + - elog 2.6.1+r1642-1 +CVE-2006-XXXX [elog: remote DoS through overly long attributes] + - elog 2.6.1+r1642-1 +CVE-2006-XXXX [elog: information discloure in password denial] + - elog 2.6.1+r1642-1 +CVE-2006-XXXX [elog: remote DoS through endless loop] + - elog 2.6.1+r1642-1 CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...) TODO: check CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing service ...) @@ -54,17 +62,16 @@ TODO: check CVE-2006-XXXX [bluez-hcidump DoS] - bluez-hcidump <unfixed> (bug filed) -begin claimed by jmm CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote ...) - TODO: check + NOT-FOR-US: Communigate Pro CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in ...) - TODO: check + NOT-FOR-US: LoudBlog CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c ...) - TODO: check + NOT-FOR-US: PluggedOut Blog CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...) - TODO: check + NOT-FOR-US: PluggedOut Blog CVE-2006-0561 RESERVED CVE-2006-0560 @@ -84,50 +91,50 @@ CVE-2006-0553 RESERVED CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application ...) - TODO: check + NOT-FOR-US: Strange app at www.egeinternet.com CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...) - TODO: check + NOT-FOR-US: UBB.threads CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Cerulean Trillian CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb ...) - TODO: check + NOT-FOR-US: NukedWeb CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...) - TODO: check + NOT-FOR-US: Tachyon Vanilla Guestbook CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook ...) - TODO: check + NOT-FOR-US: Tachyon Vanilla Guestbook CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...) - TODO: check + - fcron <not-affected> (Vulnerable app in the Debian package, not setuid anyway) CVE-2006-0538 (CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is ...) - TODO: check + NOT-FOR-US: IronMail CVE-2006-0537 (Buffer overflow in eXchange POP3 before 5.0.060125 allows remote ...) - TODO: check + NOT-FOR-US: eXchange POP3 CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...) - TODO: check + NOT-FOR-US: NeoMail CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community ...) - TODO: check + NOT-FOR-US: Community Server CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) - TODO: check + NOT-FOR-US: CyberShop Ultimate E-commerce CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...) - TODO: check + NOT-FOR-US: cPanel + NOTE: Not Debian''s cpanel CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...) - TODO: check + NOT-FOR-US: SoftMaker Shop CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...) - TODO: check -end claimed by jmm + NOT-FOR-US: Sun Java System Access Manager CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...) TODO: check CVE-2006-XXXX [kphone creates world-readable config file with passwords] @@ -211,9 +218,9 @@ CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 ...) NOT-FOR-US: Derek Ashauer ashNews CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...) - TODO: check + NOT-FOR-US: PHP GEN CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...) - TODO: check + NOT-FOR-US: PHP GEN CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...) - firefox <unfixed> (bug #349339) - mozilla-firefox <unfixed> (bug #349339) @@ -612,9 +619,9 @@ CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...) NOT-FOR-US: eggblog CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG ...) - - elog <unfixed> (bug #349528; medium) + - elog 2.6.1+r1642-1 (bug #349528; medium) CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote ...) - - elog <unfixed> (bug #349528; medium) + - elog 2.6.1+r1642-1 (bug #349528; medium) CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows ...) NOT-FOR-US: SaralBlog CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote ...)