Author: fw Date: 2006-06-03 09:09:45 +0000 (Sat, 03 Jun 2006) New Revision: 4114 Modified: data/CVE/list Log: NFUs CVE-2006-2635: tiki-wiki CVE-2006-2629: linux-2.6 CVE-2006-2611: mediawiki CVE-2004-2660: linux-2.6 (already fixed) CVE-2003-1301: sun-java5 (already fixed) Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-06-03 08:38:14 UTC (rev 4113) +++ data/CVE/list 2006-06-03 09:09:45 UTC (rev 4114) @@ -10,35 +10,36 @@ CVE-2006-2656 [tiffsplit buffer overflow] - tiff 3.8.2-3 (bug #369819; medium) CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...) - TODO: check + NOT-FOR-US: Monster Top List CVE-2006-2642 (** UNVERIFIABLE ** ...) - TODO: check + NOT-FOR-US: Php-residence CVE-2006-2641 (** UNVERIFIABLE ** ...) - TODO: check + NOT-FOR-US: John Frank Asset Manager CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA ...) - TODO: check + NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL) CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in ...) - TODO: check + NOT-FOR-US: PHPSimpleChoose CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote ...) - TODO: check + NOT-FOR-US: qjForum CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) ...) - TODO: check -CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to ...) - TODO: check + NOT-FOR-US: TuttoPhp +CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLitew allows remote attackers to ...) + NOT-FOR-US: Katy Whitton NewsCMSLitew CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka ...) - TODO: check + - tikiwiki <unfixed> (medium) + NOTE: only in experimental CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ...) - TODO: check + NOT-FOR-US: Neocrome Seditio CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php ...) - TODO: check + NOT-FOR-US: Andrew Godwin ByteHoard CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard ...) - TODO: check + NOT-FOR-US: Andrew Godwin ByteHoard CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts ...) - TODO: check + NOT-FOR-US: phpFoX CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client ...) - TODO: check + NOT-FOR-US: Symantec CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP ...) - TODO: check + - linux-2.6 <unfixed> (low) CVE-2006-2628 RESERVED CVE-2006-2627 @@ -60,39 +61,42 @@ CVE-2006-2619 RESERVED CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host ...) - TODO: check + NOT-FOR-US: AlstraSoft Web Host Directory CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost ...) - TODO: check + NOT-FOR-US: AlstraSoft Web Host Directory CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...) - TODO: check + NOT-FOR-US: AlstraSoft Web Host Directory CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary ...) - TODO: check + NOT-FOR-US: Russcom.Ping CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox before 1.8.0, and Netscape 7.2 ...) - TODO: check + NOTE: Installation path disclosure is uninteresting on Debian systems. + NOTE: The profile path might be more sensitive, but exploit that + NOTE: requires another, real security bug. CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the ...) - TODO: check + NOT-FOR-US: Novell Client for Windows + NOTE: The Windows clipboard is a public resource anyway. CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...) - TODO: check + - mediawiki <unfixed> (medium) CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...) - TODO: check + NOT-FOR-US: phpRaid CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...) - TODO: check + NOT-FOR-US: artmedic newsletter CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...) - TODO: check + NOT-FOR-US: artmedic newsletter CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows ...) - TODO: check + - linux-2.6 <not-affected> (fixed before the first upload) CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x ...) - TODO: check + - sun-java5 1.5.0-06-1 (low) CVE-2006-XXXX [mono xsp file disclosure] - xsp 1.1.15-1 (medium) CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return ...) - cron 3.0pl1-64 (bug #85609; bug #86775; medium) CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...) - TODO: check + NOT-FOR-US: Chatty CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier ...) - TODO: check + NOT-FOR-US: DSChat CVE-2006-2604 REJECTED CVE-2006-2603 @@ -118,15 +122,15 @@ CVE-2006-2593 REJECTED CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: DSChat CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and ...) - TODO: check + NOT-FOR-US: e107 CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote ...) - TODO: check + NOT-FOR-US: e107 CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...) - TODO: check + NOT-FOR-US: Russcom PHPImages CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...) TODO: check CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...)