Author: stef-guest Date: 2006-10-05 20:01:21 +0000 (Thu, 05 Oct 2006) New Revision: 4814 Modified: data/CVE/list Log: - CVE-2006-511[67] new phpmyadmin issues - CVE-2006-4625: new php issues (low) - CVE-2006-5111: new libksa issue - CVE-2006-5069: typo3 not affected - CVE-2006-4542: new webmin and usermin issue in sarge Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-05 19:12:16 UTC (rev 4813) +++ data/CVE/list 2006-10-05 20:01:21 UTC (rev 4814) @@ -101,9 +101,9 @@ CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD ...) NOT-FOR-US: PHPSelect Web Development Division CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...) - TODO: check + - phpmyadmin <unfixed> (bug #391090, low) CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + - phpmyadmin <unfixed> (bug #391090, low) CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...) NOT-FOR-US: KGB CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP ...) @@ -113,7 +113,7 @@ CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...) NOT-FOR-US: NaviCOPA Web Server CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by ...) - TODO: check + - libksba <unfixed> (bug #391278) CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...) NOT-FOR-US: PHP Invoice CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive ...) @@ -203,7 +203,7 @@ CVE-2006-5070 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: faceStones Personal CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...) - TODO: check + - typo3 <not-affected> (only version 4.x affected) CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in ...) NOT-FOR-US: BrudaNews CVE-2006-5067 (** DISPUTED ** ...) @@ -454,7 +454,7 @@ CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server ...) NOT-FOR-US: TFTPDWIN CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search ...) - TODO: check + NOT-FOR-US: Search Keywords module for Drupal CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in ...) NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB) CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka ...) @@ -1122,7 +1122,9 @@ CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before ...) NOT-FOR-US: avast! Anti-virus Engine CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...) - TODO: check + - php4 <unfixed> (bug filed, low) + - php5 <unfixed> (bug #391281, low) + [sarge] - php4 <no-dsa> (open_basedir violations not supported) CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 ...) - mailman 1:2.1.8-3 CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation ...) @@ -1340,7 +1342,8 @@ CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 ...) NOT-FOR-US: HLStats CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a ...) - TODO: check + - webmin <removed> (bug filed) + - usermin <removed> CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly ...) NOT-FOR-US: BlackICE PC Protection CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in ...)