Author: stef-guest Date: 2006-09-18 18:14:07 +0000 (Mon, 18 Sep 2006) New Revision: 4743 Modified: data/CVE/list Log: - some new moodle issues already fixed - CVE-2006-4758: new phpbb2 issue - CVE-2006-4743: wordpress issue unimportant - CVE-2006-4734: new tikiwiki issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-09-18 17:38:04 UTC (rev 4742) +++ data/CVE/list 2006-09-18 18:14:07 UTC (rev 4743) @@ -15,11 +15,11 @@ CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive ...) NOT-FOR-US: AlphaMail CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ...) - TODO: check + - moodle 1.6.2-1 (low) CVE-2006-4785 (SQL injection vulnerability in Moodle 1.6.1 and earlier allows remote ...) - TODO: check + - moodle 1.6.2-1 (medium; bug #387177) CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ...) - TODO: check + - moodle 1.6.2-1 (low) CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and ...) NOT-FOR-US: WebSPELL CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals ...) @@ -27,7 +27,7 @@ CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded ...) NOT-FOR-US: FutureSoft TFTP Server CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in ...) - TODO: check + NOT-FOR-US: phpBB XS CVE-2006-4779 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Vitrax Premodded phpBB CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...) @@ -71,9 +71,9 @@ CVE-2006-4759 (PunBB 1.2.12 does not properly handle pathnames ending in %00, which ...) NOT-FOR-US: PunBB CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...) - TODO: check + - phpbb2 <unfixed> (bug #388120) CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 ...) - TODO: check + NOT-FOR-US: e107 CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and ...) NOT-FOR-US: phpMyDirectory CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in ...) @@ -101,7 +101,8 @@ CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication ...) NOT-FOR-US: Abidia (1) O-Anywhere and (2) Abidia Wireless CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain ...) - TODO: check + - wordpress <unfixed> (unimportant) + NOTE: path disclosure only CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot ...) NOT-FOR-US: PhpLinkExchange CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in ...) @@ -120,7 +121,7 @@ - magpierss <unfixed> (unimportant) NOTE: path disclosure only CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php ...) - TODO: check + - tikiwiki (medium; bug filed) CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...) TODO: check CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an ...)