thr3ads.net - Secure testing commits - [Secure-testing-commits] r4630

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Aug-25 16:53 UTC
[Secure-testing-commits] r4630 - data/CVE

Author: stef-guest
Date: 2006-08-25 16:52:14 +0000 (Fri, 25 Aug 2006)
New Revision: 4630

Modified:
   data/CVE/list
Log:
- libmusicbrainz CVEified
- CVE-2006-4299: new tikiwiki XSS (low)
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-25 16:38:29 UTC (rev 4629)
+++ data/CVE/list	2006-08-25 16:52:14 UTC (rev 4630)
@@ -24,19 +24,19 @@
 CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10
allows ...)
 	TODO: check
 CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to
...)
-	TODO: check
+	NOT-FOR-US: WFTPD
 CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in
WoltLab ...)
 	TODO: check
 CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain
root ...)
-	TODO: check
+	NOT-FOR-US: SSH Tectia Management Agent
 CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH
Tectia ...)
-	TODO: check
+	NOT-FOR-US: SSH Tectia Management Agent
 CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM)
6 and ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series
...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series
Adaptive ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise
...)
 	TODO: check
 CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a
denial of ...)
@@ -46,23 +46,24 @@
 CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in
Blackboard ...)
 	TODO: check
 CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8
and 9 ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821
...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2006-4305
 	RESERVED
 CVE-2006-4304 (Buffer overflow in the ppp driver in FreeBSD 4.11 to 6.1 and
NetBSD ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD NetBSD
 CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun
...)
 	TODO: check
 CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java
Web ...)
 	TODO: check
 CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to
cause a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0
and ...)
 	TODO: check
 CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php
in ...)
-	TODO: check
+	- tikiwiki <unfixed> (low)
+	TODO: file bug
 CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in
...)
 	TODO: check
 CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce
2.2 ...)
@@ -74,15 +75,15 @@
 CVE-2006-4294
 	RESERVED
 CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10
allow ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b
allows ...)
 	TODO: check
 CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: PHlyMail Lite
 CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x,
3.x, ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x
...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2006-4288 (PHP remote file inclusion vulnerability in
admin.a6mambocredits.php in ...)
 	TODO: check
 CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game
and NES ...)
@@ -106,7 +107,7 @@
 CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1
and ...)
 	TODO: check
 CVE-2006-4278 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: SportsPHool
 CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova
1.6 ...)
 	TODO: check
 CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and
earlier ...)
@@ -114,7 +115,7 @@
 CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in
the ...)
 	TODO: check
 CVE-2006-4274 (Unknown vulnerability in Microsoft PowerPoint allows
user-assisted ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin
3.5.4 ...)
 	TODO: check
 CVE-2006-4272 (** DISPUTED ** ...)
@@ -130,9 +131,9 @@
 CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and
earlier ...)
 	TODO: check
 CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly
earlier, ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled,
allows ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2006-4264 (Multiple PHP remote file inclusion vulnerabilities in the ...)
 	TODO: check
 CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the
Product ...)
@@ -146,15 +147,15 @@
 CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in
Fotopholder ...)
 	TODO: check
 CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality
in ...)
-	TODO: check
+	NOT-FOR-US: Anti-Spam SMTP Proxy
 CVE-2006-4257 (Unspecified vulnerability in IBM DB2 Universal Database (UDB)
before ...)
-	TODO: check
+	NOT-FOR-US: IBM DB2
 CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows
remote ...)
 	TODO: check
 CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php
in ...)
 	TODO: check
 CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through
5.3.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to
cause a ...)
 	TODO: check
 CVE-2006-4252
@@ -212,29 +213,29 @@
 CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12,
when ...)
 	TODO: check
 CVE-2006-4225 (Multiple SQL injection vulnerabilities in war.php in Virtual War
...)
-	TODO: check
+	NOT-FOR-US: Virtual War
 CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in
Virtual ...)
-	TODO: check
+	NOT-FOR-US: Virtual War
 CVE-2006-4223 (IBM WebSphere Application Server before 6.0.2.13 allows ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application
 CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere
Application ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application
 CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer
...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2006-4220
 	RESERVED
 CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote
...)
-	TODO: check
+	NOT-FOR-US: Terminal Services COM object
 CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: WEBInsta CMS
 CVE-2006-4216 (PHP remote file inclusion vulnerability in Chaussette 080706 and
...)
 	TODO: check
 CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart
...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David
Kent ...)
 	TODO: check
 CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl
Intranet ...)
@@ -244,7 +245,7 @@
 CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when
...)
 	TODO: check
 CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in
WEBInsta ...)
-	TODO: check
+	NOT-FOR-US: WEBInsta Mailing List Manager
 CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy
...)
 	TODO: check
 CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell
...)
@@ -268,9 +269,10 @@
 CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php
in ...)
 	TODO: check
 CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or
...)
-	TODO: check
+	- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
+	- libmusicbrainz-2.0 <unfixed> (medium; bug #383031)
 CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta
CMS ...)
-	TODO: check
+	NOT-FOR-US: WEBInsta CMS
 CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php
in the ...)
 	TODO: check
 CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as
(gas) ...)
@@ -545,9 +547,6 @@
 CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in
ImageMagick ...)
 	- imagemagick <unfixed> (medium; bug #383314)
 	- graphicsmagick 1.1.7-7 (medium; bug #383333)
-CVE-2006-XXXX [libmusicbrainz buffer overflows]
-	- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
-	- libmusicbrainz-2.0 <unfixed> (medium; bug #383031)
 CVE-2006-XXXX [crash in the certificate verification logic]
 	NOTE: GNUTLS-SA-2006-2
 	- gnutls11 <unfixed> (medium)
Secure testing commits - Aug 2006 - r4630 - data/CVE

[Secure-testing-commits] r4630 - data/CVE
