Author: stef-guest Date: 2006-02-26 16:11:28 +0000 (Sun, 26 Feb 2006) New Revision: 3539 Modified: data/CVE/list Log: new php-auth, popfile, mambo issues claim some more Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-26 15:00:56 UTC (rev 3538) +++ data/CVE/list 2006-02-26 16:11:28 UTC (rev 3539) @@ -1,60 +1,58 @@ CVE-2006-0883 RESERVED - -begin claimed by stef-guest - CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah''s Classifieds ...) - TODO: check + NOT-FOR-US: Noah''s Classifieds CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...) - TODO: check + NOT-FOR-US: Noah''s Classifieds CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Noah''s Classifieds CVE-2006-0879 (SQL injection vulnerability in the search tool in Noah''s Classifieds ...) - TODO: check + NOT-FOR-US: Noah''s Classifieds CVE-2006-0878 (Noah''s Classifieds 1.3 allows remote attackers to obtain the ...) - TODO: check + NOT-FOR-US: Noah''s Classifieds CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows remote ...) - TODO: check + NOT-FOR-US: Easy Forum CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial of ...) - TODO: check + - popfile <unfixed> (bug #354464; medium) CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 ...) - TODO: check + NOT-FOR-US: runCMS CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser ...) - TODO: check + NOT-FOR-US: Intensive Point iUser Ecommerce CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in ...) - TODO: check + - coppermine <itp> (bug #259206) CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine Photo ...) - TODO: check + - coppermine <itp> (bug #259206) CVE-2006-0871 (Unspecified vulnerability in Mambo 4.5.3, 4.5.3h, and possibly ...) - TODO: check + - mambo <unfixed> (bug #354468) + NOTE: only in experimental CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 ...) - TODO: check + NOT-FOR-US: Mini-Nuke CMS CVE-2006-0869 (Directory traversal vulnerability in the "remember me" feature in PHP ...) - TODO: check + NOT-FOR-US: PHP PEAR LiveUser CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified Auth ...) - TODO: check + - php-auth <unfixed> (bug #354474) CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT) WebDrive, ...) - TODO: check + NOT-FOR-US: WebDrive CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct brute ...) - TODO: check + NOT-FOR-US: PunBB CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: PunBB CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify the ...) - TODO: check + NOT-FOR-US: Global Hauri ViRobot CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote ...) - TODO: check + NOT-FOR-US: InfoVista PortalSE CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on ...) - TODO: check + NOT-FOR-US: InfoVista PortalSE CVE-2006-0861 (Michael Salzer Guestbox 0.6 allows remote attackers to obtain the ...) - TODO: check + NOT-FOR-US: Michael Salzer Guestbox CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer ...) - TODO: check + NOT-FOR-US: Michael Salzer Guestbox CVE-2006-0859 (Michael Salzer Guestbox 0.6 allows remote attackers to post an admin ...) - TODO: check + NOT-FOR-US: Michael Salzer Guestbox CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...) - TODO: check + NOT-FOR-US: StarForce Safe''n''Sec Personal -end claimed by stef-guest +begin claimed by stef-guest CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 ...) TODO: check @@ -86,6 +84,9 @@ TODO: check CVE-2006-0843 (Leif M. Wright''s Blog 3.5 stores the config file and other txt files ...) TODO: check + +end claimed by stef-guest + CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...) TODO: check CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...)