Author: stef-guest Date: 2006-08-26 21:23:51 +0000 (Sat, 26 Aug 2006) New Revision: 4636 Modified: data/CVE/list Log: - CVE-2006-4261/4253/4310: new mozilla issues - CVE-2006-425[56]: new horde3 issues (low) - CVE-2006-4292: new honeyd DoS (low) - wordpress bugnum - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-08-26 21:14:23 UTC (rev 4635) +++ data/CVE/list 2006-08-26 21:23:51 UTC (rev 4636) @@ -38,13 +38,16 @@ CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...) NOT-FOR-US: Cisco CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise ...) - TODO: check + NOT-FOR-US: Sonium Enterprise Adressbook CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...) - TODO: check + - xulrunner <unfixed> + - firefox <unfixed> + - mozilla <unfixed> + - mozilla-firefox <unfixed> CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not ...) - TODO: check + NOT-FOR-US: AK-Systems Windows Terminal CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...) - TODO: check + NOT-FOR-US: Blackboard Learning System CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...) NOT-FOR-US: Solaris CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...) @@ -54,29 +57,29 @@ CVE-2006-4304 (Buffer overflow in the ppp driver in FreeBSD 4.11 to 6.1 and NetBSD ...) NOT-FOR-US: FreeBSD NetBSD CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...) - TODO: check + NOT-FOR-US: Solaris CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...) TODO: check CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) NOT-FOR-US: Microsoft CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...) - TODO: check + NOT-FOR-US: SimpleBlog CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...) - tikiwiki <unfixed> (low; bug #384796) CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce 2.2 ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ...) - TODO: check + NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...) - TODO: check + NOT-FOR-US: Panda ActiveScan CVE-2006-4294 RESERVED CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...) NOT-FOR-US: cPanel CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...) - TODO: check + - honeyd <unfixed> (low; bug filed) CVE-2006-4291 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: PHlyMail Lite CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...) @@ -140,7 +143,10 @@ CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...) TODO: check CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...) - TODO: check + - xulrunner <unfixed> + - firefox <unfixed> + - mozilla <unfixed> + - mozilla-firefox <unfixed> CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...) TODO: check CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...) @@ -150,13 +156,16 @@ CVE-2006-4257 (Unspecified vulnerability in IBM DB2 Universal Database (UDB) before ...) NOT-FOR-US: IBM DB2 CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...) - TODO: check + - horde3 <unfixed> (low; bug #383416) CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...) - TODO: check + - horde3 <unfixed> (low; bug #383416) CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...) NOT-FOR-US: IBM AIX CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...) - TODO: check + - xulrunner <unfixed> + - firefox <unfixed> + - mozilla <unfixed> + - mozilla-firefox <unfixed> CVE-2006-4252 RESERVED CVE-2006-4251 @@ -178,23 +187,23 @@ CVE-2006-4243 RESERVED CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...) - TODO: check + NOT-FOR-US: JIM component for Joomla or Mambo CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...) - TODO: check + NOT-FOR-US: Reporter Mambo component (com_reporter) CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News ...) - TODO: check + NOT-FOR-US: Fusion News CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in ...) - TODO: check + NOT-FOR-US: Outreach Project Tool CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) ...) - TODO: check + NOT-FOR-US: WebTorrent (WTcom) CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php ...) - TODO: check + NOT-FOR-US: Invisionix Roaming System Remote (IRSR) CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow ...) - TODO: check + NOT-FOR-US: POWERGAP CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...) - TODO: check + NOT-FOR-US: Sony CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in ...) - TODO: check + NOT-FOR-US: dotProject CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local ...) NOT-FOR-US: Globus Toolkit CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, ...) @@ -247,7 +256,7 @@ CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta ...) NOT-FOR-US: WEBInsta Mailing List Manager CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy ...) - - wordpress <unfixed> (low; bug filed) + - wordpress <unfixed> (low; bug #384800) CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...) NOT-FOR-US: Discloser CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)