Author: stef-guest Date: 2006-10-14 13:00:09 +0000 (Sat, 14 Oct 2006) New Revision: 4845 Modified: data/CVE/list Log: - CVE-2006-5214/5: xdm issues already fixed (low) - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-13 23:03:39 UTC (rev 4844) +++ data/CVE/list 2006-10-14 13:00:09 UTC (rev 4845) @@ -21,85 +21,89 @@ CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module in ...) - moodle 1.6.2+20060930-1 (medium; bug #390294) CVE-2006-5218 (Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in ...) - TODO: check + NOT-FOR-US: systrace in OpenBSD and NetBSD CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows ...) - TODO: check + NOT-FOR-US: Emek Portal CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) ...) - TODO: check + NOT-FOR-US: Simple HTTPD (shttpd) CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in NetBSD ...) - TODO: check + - xdm 1:1.0.5-1 (low) + [sarge] - xfree86 <unfixed> (low) + NOTE: probably fixed earlier than 1:1.0.5 CVE-2006-5214 (Race condition in the Xsession script, as used by X Display Manager ...) - TODO: check + - xdm 1:1.0.5-1 (low) + [sarge] - xfree86 <no-dsa> (low) + NOTE: probably fixed earlier than 1:1.0.5 CVE-2006-5213 (Sun Solaris 10 before 20061006 uses "incorrect and insufficient ...) - TODO: check + NOT-FOR-US: Solaris CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...) - TODO: check + NOT-FOR-US: Trend Micro OfficeScan CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...) - TODO: check + NOT-FOR-US: Trend Micro OfficeScan CVE-2006-5210 RESERVED CVE-2006-5209 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Admin Topic Action Logging Mod for phpBB CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow ...) - TODO: check + NOT-FOR-US: PHP Classifieds CVE-2006-5207 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: phpMyTeam CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows remote ...) - TODO: check + NOT-FOR-US: Invision Gallery CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7 allows ...) - TODO: check + NOT-FOR-US: Invision Gallery CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in action_admin/member.php in ...) - TODO: check + NOT-FOR-US: Invision Power Board (IPB) CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted ...) - TODO: check + NOT-FOR-US: Invision Power Board (IPB) CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when ...) - TODO: check + NOT-FOR-US: Linksys CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and ...) TODO: check CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...) - TODO: check + NOT-FOR-US: Adobe CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...) - TODO: check + NOT-FOR-US: Adobe CVE-2006-5198 RESERVED CVE-2006-5197 (PDshopPro stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: PDshopPro CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...) - TODO: check + NOT-FOR-US: Motorola SURFboard CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 ...) - TODO: check + NOT-FOR-US: Wheatblog CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 ...) - TODO: check + NOT-FOR-US: net2ftp CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh Schmidt ...) - TODO: check + NOT-FOR-US: WikyBlog CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php in ...) - TODO: check + NOT-FOR-US: phpGreetz CVE-2006-5191 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Nivisec Static Topics module for phpBB CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 ...) - TODO: check + NOT-FOR-US: osCommerce CVE-2006-5189 (PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php ...) - TODO: check + NOT-FOR-US: klinza professional cms CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius GOOP ...) - TODO: check + NOT-FOR-US: webGENEius GOOP Gallery CVE-2006-5187 (PHP remote file inclusion vulnerability in includes/functions.php in ...) - TODO: check + NOT-FOR-US: Bulletin Board Ace (BBaCE) CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in ...) - TODO: check + NOT-FOR-US: phpMyProfiler CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and ...) - TODO: check + NOT-FOR-US: HAMweather CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 ...) - TODO: check + NOT-FOR-US: PKR Internet Taskjitsu CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs ...) - TODO: check + NOT-FOR-US: Dayfox Blog CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen ...) - TODO: check + NOT-FOR-US: Travelsized CMS CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...) - TODO: check + NOT-FOR-US: phpMyWebmin CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php in ...) - TODO: check + NOT-FOR-US: Newswriter SW CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent ...) - TODO: check + NOT-FOR-US: Intoto iGateway CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...) TODO: check CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...)