thr3ads.net - Secure testing commits - [Secure-testing-commits] r4796

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Oct-02 12:43 UTC
[Secure-testing-commits] r4796 - data/CVE

Author: stef-guest
Date: 2006-10-01 19:53:14 +0000 (Sun, 01 Oct 2006)
New Revision: 4796

Modified:
   data/CVE/list
Log:
- new busybox httpd issue
- elog CVEified
- some new linux issues, some already fixed
- many moodle issues already fixed
- sun-java5 issue already fixed
- many NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-10-01 15:03:44 UTC (rev 4795)
+++ data/CVE/list	2006-10-01 19:53:14 UTC (rev 4796)
@@ -1,5 +1,3 @@
-CVE-2006-XXXX [elog XSS]
-	- elog 2.6.2+r1719-1 (bug #389361)
 CVE-2006-XXXX [graphicsmagic buffer overflows]
 	- graphicsmagick 1.1.7-9
 	TODO: check for security relevance and CVE-ids. Maybe imagemagick is affected,
too
@@ -8,43 +6,43 @@
 CVE-2006-5072
 	RESERVED
 CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS
before ...)
-	TODO: check
+	NOT-FOR-US: eyeOS
 CVE-2006-5070 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: faceStones Personal
 CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in the Indexed Search
2.9.0 ...)
 	TODO: check
 CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in
...)
-	TODO: check
+	NOT-FOR-US: BrudaNews
 CVE-2006-5067 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: PHP System Administration Toolkit (PHPSaTK)
 CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in
DanPHPSupport ...)
-	TODO: check
+	NOT-FOR-US: DanPHPSupport
 CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php
in ...)
-	TODO: check
+	NOT-FOR-US: ZoomStats
 CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog
1.4 ...)
-	TODO: check
+	NOT-FOR-US: BirdBlog
 CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows
remote ...)
-	TODO: check
+	- elog 2.6.2+r1719-1 (bug #389361)
 CVE-2006-5062 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: PBLang (PBL)
 CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in ...)
-	TODO: check
+	NOT-FOR-US: Advanced-Clan-Script (AVCX)
 CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom
...)
-	TODO: check
+	NOT-FOR-US: Jamroom
 CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in
WWWthreads ...)
-	TODO: check
+	NOT-FOR-US: WWWthreads
 CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call
of Duty ...)
-	TODO: check
+	NOT-FOR-US: Call of Duty
 CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in
Ktools.net ...)
-	TODO: check
+	NOT-FOR-US: PhotoStore
 CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial
...)
-	TODO: check
+	NOT-FOR-US: Opial Audio/Video Download Management
 CVE-2006-5055 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: syntaxCMS
 CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum
1 ...)
-	TODO: check
+	NOT-FOR-US: iyzi Forum
 CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php
in ...)
-	TODO: check
+	NOT-FOR-US: Web-News
 CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when
running ...)
 	TODO: check
 	NOTE: This may be a dupe of CVE-2006-4925
@@ -54,103 +52,103 @@
 	NOTE: From my analysis only openssh with Kerberos support should be vulnerable
 	NOTE: However, we''ll fix openssh as well just to make sure
 CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley
BusyBox ...)
-	TODO: check
+	- busybox <unfixed> (bug #390555; low)
 CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds)
component ...)
-	TODO: check
+	NOT-FOR-US: Classifieds (com_classifieds) component for Joomla!
 CVE-2006-5048 (Unspecified vulnerability in Security Images
(com_securityimages) ...)
-	TODO: check
+	NOT-FOR-US: Security Images (com_securityimages) component for Joomla!
 CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2
...)
-	TODO: check
+	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
 CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3
and ...)
-	TODO: check
+	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
 CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt)
1.22.07 and ...)
-	TODO: check
+	NOT-FOR-US: PollXT component (com_pollxt) for Joomla!
 CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess
component ...)
-	TODO: check
+	NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo
and Joomla!
 CVE-2006-5043 (Unspecified vulnerability in JoomlaBoard (com_joomlaboard) 1.1.1
and ...)
-	TODO: check
+	NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla!
 CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: mosMedia (com_mosmedia) for Joomla!
 CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly ...)
-	TODO: check
+	NOT-FOR-US: Hot Properties (possibly com_hotproperties) for Joomla!
 CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has
...)
-	TODO: check
+	NOT-FOR-US: SEF404x (com_sef) for Joomla!
 CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events)
for ...)
-	TODO: check
+	NOT-FOR-US: Events 1.3 beta module (com_events) for Joomla!
 CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version
01_02_07, ...)
-	TODO: check
+	NOT-FOR-US: FiWin
 CVE-2006-5037 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: MySource Matrix
 CVE-2006-5036 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: MySource Matrix
 CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul
Smith ...)
-	TODO: check
+	NOT-FOR-US: vCAP
 CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer
Services vCAP ...)
-	TODO: check
+	NOT-FOR-US: vCAP
 CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul
Smith ...)
-	TODO: check
+	NOT-FOR-US: vCAP
 CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in
PHPartenaire ...)
-	TODO: check
+	NOT-FOR-US: PHPartenaire
 CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php
in ...)
-	TODO: check
+	NOT-FOR-US: CakePHP
 CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in
exV2 ...)
-	TODO: check
+	NOT-FOR-US: exV2
 CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning
Board ...)
-	TODO: check
+	NOT-FOR-US: WoltLab Burning Board (wBB)
 CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php
in ...)
-	TODO: check
+	NOT-FOR-US: Plesk
 CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: JevonCMS
 CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP
Scanner ...)
-	TODO: check
+	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
 CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP
Scanner ...)
-	TODO: check
+	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
 CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP
Scanner ...)
-	TODO: check
+	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
 CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: xweblog
 CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php
in ...)
-	TODO: check
+	NOT-FOR-US: pNews System 1.1.0 (aka PowerNews)
 CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun
RedBLoG ...)
-	TODO: check
+	NOT-FOR-US: RedBLoG
 CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState
0.4 ...)
-	TODO: check
+	NOT-FOR-US: SolidState
 CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to
obtain ...)
-	TODO: check
+	NOT-FOR-US: Google Mini
 CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext
in an ...)
-	TODO: check
+	NOT-FOR-US: ContentKeeper
 CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava
Gyula and ...)
-	TODO: check
+	NOT-FOR-US: e-Vision CMS
 CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in
Szava ...)
-	TODO: check
+	NOT-FOR-US: e-Vision CMS
 CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2
allows ...)
-	TODO: check
+	NOT-FOR-US: Kietu
 CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows
...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on
x64 ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before
20060925 ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0
and ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0
allows ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0
allows ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0
allows ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and
5.3.0 ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows
local ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0
and ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0
and ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0
and ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0
...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server
5.05 ...)
 	NOT-FOR-US: WS_FTP
 CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1,
and ...)
@@ -256,35 +254,35 @@
 CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco
IAD2430, ...)
 	NOT-FOR-US: Cisco
 CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site
...)
-	TODO: check
+	NOT-FOR-US: Profile Directory (profile_pages.module) for Drupal
 CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP
Server ...)
-	TODO: check
+	NOT-FOR-US: TFTPDWIN
 CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7
Search ...)
 	TODO: check
 CVE-2006-4946 (PHP remote file inclusion vulnerability in
include/startup.inc.php in ...)
-	TODO: check
+	NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB)
 CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway
(aka ...)
-	TODO: check
+	NOT-FOR-US: DigitalWebShop
 CVE-2006-4944 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: ProgSys
 CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the
session ...)
-	TODO: check
+	- moodle 1.6.2-1
 CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or
(2) ...)
-	TODO: check
+	- moodle 1.6.2-1
 CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle
before ...)
-	TODO: check
+	- moodle 1.6.2-1
 CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote
...)
-	TODO: check
+	- moodle 1.6.2-1
 CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates
trace ...)
-	TODO: check
+	- moodle 1.6.2-1
 CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of
...)
-	TODO: check
+	- moodle 1.6.2-1
 CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting
level to ...)
-	TODO: check
+	- moodle 1.6.2-1
 CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module
instance id ...)
-	TODO: check
+	- moodle 1.6.2-1
 CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly
handle ...)
-	TODO: check
+	- moodle 1.6.2-1
 CVE-2006-4934
 	RESERVED
 CVE-2006-4933
@@ -304,7 +302,7 @@
 CVE-2006-4926
 	RESERVED
 CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and
earlier, ...)
-	TODO: check
+	NOT-FOR-US: SISCO OSI stack for Windows
 CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly
2.6.12 and ...)
 	- linux-2.6 2.6.14
 CVE-2006-4925 [openssh GSSAPI information leak)
@@ -934,7 +932,7 @@
 CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before
2.1.9rc1 ...)
 	- mailman 1:2.1.8-3
 CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation
...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server
...)
 	TODO: check
 CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with
exponent ...)
@@ -1159,13 +1157,13 @@
 CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...)
 	NOT-FOR-US: Cerberus Helpdesk
 CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC
...)
-	TODO: check
+	- linux-2.6 2.6.17-9
 CVE-2006-4537 (NET$SESSION_CONTROL.EXE before 20060825 in DECnet-Plus in
OpenVMS ...)
 	NOT-FOR-US: OpenVMS
 CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS
Frogss ...)
 	NOT-FOR-US: CMS Frogss
 CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows
local ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000 allows remote
...)
 	NOT-FOR-US: Microsoft
 CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS
1.0.6 ...)
@@ -1703,11 +1701,11 @@
 CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows
remote ...)
 	- maxdb-7.5.00 <unfixed> (high; bug #386182)
 CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1,
NetBSD ...)
-	NOT-FOR-US: FreeBSD NetBSD
+	TODO: check
 CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun
...)
 	NOT-FOR-US: Solaris
 CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java
Web ...)
-	TODO: check
+	- sun-java5 1.5.0-07-1
 CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to
cause a ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0
and ...)
@@ -5449,7 +5447,7 @@
 CVE-2006-2657
 	REJECTED
 CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1
accidentally ...)
-	NOT-FOR-US: FreeBSD
+	NOT-FOR-US: build process for ypserv in FreeBSD
 CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10
up to ...)
 	NOT-FOR-US: FreeBSD-specific (see CVE-2006-1864 for Linux-specific CVE)
 CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml
for ...)
@@ -5936,7 +5934,7 @@
 	{DSA-1090-1}
 	- spamassassin 3.1.3-1 (medium)
 CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions
in the ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before
...)
 	- linux-2.6 2.6.16-15
 CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux
kernel ...)
Secure testing commits - Oct 2006 - r4796 - data/CVE

[Secure-testing-commits] r4796 - data/CVE
