Author: stef-guest Date: 2006-03-10 21:42:31 +0000 (Fri, 10 Mar 2006) New Revision: 3590 Modified: data/CVE/list Log: some NFUs; htpasswd setuid unsafeness Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-03-10 21:14:25 UTC (rev 3589) +++ data/CVE/list 2006-03-10 21:42:31 UTC (rev 3590) @@ -91,44 +91,46 @@ NOT-FOR-US: PHP-Stats CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...) NOT-FOR-US: PHP-Stats -begin claimed by stef-guest CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...) - TODO: check + NOT-FOR-US: phpArcadeScript CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...) - TODO: check + NOT-FOR-US: PluggedOut Nexus CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel ...) - TODO: check + NOT-FOR-US: Game-Panel CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products ...) - TODO: check + - thttpd 2.23beta1-2.4 (bug #253816; low) + NOTE: apache''s htpasswd not vulnerable, but source contains note about + NOTE: not being safe for sudo + NOTE: filed whishlist bug to add this to manpage CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, ...) - TODO: check + - thttpd 2.23beta1-2.4 (bug #253816; low) + NOTE: apache''s htpasswd not vulnerable CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Evo-Dev evoBlog ...) - TODO: check + NOT-FOR-US: Evo-Dev evoBlog CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic ...) - TODO: check + NOT-FOR-US: checkInvision Power Board CVE-2006-1075 (Format string vulnerability in the visualization function in Jason ...) - TODO: check + NOT-FOR-US: Liero Xtreme CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers ...) - TODO: check + NOT-FOR-US: Liero Xtreme CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog ...) - TODO: check + NOT-FOR-US: Daverave Simplog CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...) - TODO: check + NOT-FOR-US: Daverave Simplog CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook ...) - TODO: check + NOT-FOR-US: DVguestbook CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...) - TODO: check + NOT-FOR-US: DVguestbook CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x ...) - TODO: check + NOT-FOR-US: Geeklog CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote ...) - TODO: check + NOT-FOR-US: VXWorks CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote ...) - TODO: check + NOT-FOR-US: VXWorks CVE-2006-1066 RESERVED CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...) - TODO: check -end claimed by stef-guest + NOT-FOR-US: MyBulletinBoard CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...) - lurker 2.1-1 CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote ...)