thr3ads.net - Secure testing commits - [Secure-testing-commits] r4960

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Nov-13 22:00 UTC
[Secure-testing-commits] r4960 - data/CVE

Author: stef-guest
Date: 2006-11-13 21:59:58 +0100 (Mon, 13 Nov 2006)
New Revision: 4960

Modified:
   data/CVE/list
Log:
- CVE-2006-5794: new openssh not-quite-a-vulnerability
- CVE-2006-5815: pay-for-more-information proftpd issue :-(
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-13 17:26:11 UTC (rev 4959)
+++ data/CVE/list	2006-11-13 20:59:58 UTC (rev 4960)
@@ -5,23 +5,25 @@
 CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x
before ...)
 	NOT-FOR-US: Lotus Domino 
 CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure
...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry
Sheiko ...)
-	TODO: check
+	NOT-FOR-US: Business Card Web Builder
 CVE-2006-5815 (Unspecified vulnerability in ProFTPD allows remote attackers to
...)
-	TODO: check
+	- proftpd-dfsg <unfixed>
+	- proftpd <removed>
+	TODO: file bug when more info is available
 CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Novell eDirectory 
 CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Novell eDirectory
 CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Kerio
 CVE-2006-5811 (PHP remote file inclusion vulnerability in
library/translation.inc.php ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: XOOPS
 CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB
...)
-	TODO: check
+	NOT-FOR-US: OvBB
 CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45
uses ...)
 	NOT-FOR-US: Cicso
 CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to
...)
@@ -51,7 +53,7 @@
 CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR
2.8.1 ...)
 	NOT-FOR-US: OpenEMR
 CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation
Monitor in ...)
-	TODO: check
+	- openssh <unfixed> (low)
 CVE-2006-5793
 	RESERVED
 CVE-2006-XXXX [obexpushd arbitrary command execution]
@@ -537,25 +539,25 @@
 CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and
5.0 ...)
 	NOT-FOR-US: Cisco Security Agent 
 CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21
and ...)
-	TODO: check
+	NOT-FOR-US: RevilloC MailServer
 CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might
allow ...)
-	TODO: check
+	NOT-FOR-US: QK SMTP
 CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to
cause ...)
 	TODO: check
 CVE-2006-5549 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Adobe PHP SDK
 CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in
Open ...)
-	TODO: check
+	NOT-FOR-US: Open Tibia Server Content Management System
 CVE-2006-5547 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in
Open ...)
-	TODO: check
+	NOT-FOR-US: Open Tibia Server Content Management System
 CVE-2006-5546 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in
Open ...)
-	TODO: check
+	NOT-FOR-US: Open Tibia Server Content Management System
 CVE-2006-5545 (Premium Antispam in Symantec Mail Security for Domino Server
5.1.x ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2006-5544 (Visual truncation vulnerability in Microsoft Internet Explorer 7
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in
PHP ...)
-	TODO: check
+	NOT-FOR-US: PHP Generator of Object SQL Database
 CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows
remote ...)
 	TODO: check
 CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through
7.4.14, ...)
@@ -563,61 +565,61 @@
 CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows
...)
 	TODO: check
 CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in
...)
-	TODO: check
+	NOT-FOR-US: UeberProject Management System
 CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote
...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2006-5537 (Multiple cross-site scripting (XSS) vulnerabilities in
cgi-bin/webcm ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2006-5536 (Directory traversal vulnerability in cgi-bin/webcm in D-Link
DSL-G624T ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2006-5535 (Multiple cross-site scripting (XSS) vulnerabilities in
WebHostManager ...)
-	TODO: check
+	NOT-FOR-US: WebHostManager cPanel
 CVE-2006-5534 (Multiple cross-site scripting (XSS) vulnerabilities in index.htm
in ...)
-	TODO: check
+	NOT-FOR-US: Zwahlen Online Shop Freeware
 CVE-2006-5533 (Multiple PHP remote file inclusion vulnerabilities in AROUNDMe
0.6.9, ...)
-	TODO: check
+	NOT-FOR-US: AROUNDMe
 CVE-2006-5532 (Cross-site scripting (XSS) vulnerability in rmgs/images.php in
RMSOFT ...)
-	TODO: check
+	NOT-FOR-US: RMSOFT Gallery System
 CVE-2006-5531 (PHP remote file inclusion vulnerability in embedded.php in
Ascended ...)
-	TODO: check
+	NOT-FOR-US: Ascended Guestbook
 CVE-2006-5530 (Multiple cross-site scripting (XSS) vulnerabilities in Boesch
SimpNews ...)
-	TODO: check
+	NOT-FOR-US: SimpNews
 CVE-2006-5529 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: SchoolAlumni Portal
 CVE-2006-5528 (Directory traversal vulnerability in mod.php in SchoolAlumni
Portal ...)
-	TODO: check
+	NOT-FOR-US: SchoolAlumni Portal
 CVE-2006-5527 (PHP remote file inclusion vulnerability in lib.editor.inc.php in
...)
-	TODO: check
+	NOT-FOR-US: InteliEditor
 CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake
Nutma ...)
-	TODO: check
+	NOT-FOR-US: Fully Modded phpBB (phpbbfm) / Teake Nutma Foing
 CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke
7.9 and ...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke
 CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist
...)
-	TODO: check
+	NOT-FOR-US: phplist
 CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in
EZ-Ticket ...)
-	TODO: check
+	NOT-FOR-US: EZ-Ticket
 CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes
Erdfelt ...)
-	TODO: check
+	NOT-FOR-US: Kawf
 CVE-2006-5521 (PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS
0.03 ...)
-	TODO: check
+	NOT-FOR-US: Net_DNS
 CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in ...)
-	TODO: check
+	NOT-FOR-US: PHP Classifieds
 CVE-2006-5519 (PHP remote file inclusion vulnerability in ...)
 	TODO: check
 CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in
Christopher ...)
-	TODO: check
+	NOT-FOR-US: RSSonate
 CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode
Island ...)
-	TODO: check
+	NOT-FOR-US: Open Meetings Filing Application
 CVE-2006-5516 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: WikiNi
 CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php
in ...)
-	TODO: check
+	NOT-FOR-US: phpPgAds / phpAdsNew
 CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group
Communication ...)
 	TODO: check
 CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before
2.0.3 ...)
-	TODO: check
+	NOT-FOR-US: GeoNetwork opensource
 CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before
1.3.6, when ...)
-	TODO: check
+	NOT-FOR-US: Segue CMS
 CVE-2006-5740 (Unspecified vulnerability in the LDAP dissector in Wireshark
(formerly ...)
 	- wireshark 0.99.4-1 (bug #396258; medium)
 CVE-2006-5602 (Multiple memory leaks in xsupplicant before 1.2.6, and possibly
other ...)
@@ -2351,7 +2353,7 @@
 CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and
Dominic ...)
 	NOT-FOR-US: Timesheet (aka Timesheet.php)
 CVE-2006-4704 (Unspecified vulnerability in the WMI Object Broker ActiveX
control ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-4703
 	RESERVED
 CVE-2006-4702
@@ -2793,7 +2795,7 @@
 	- hostapd 1:0.5.4-1
 	[sarge] - hostapd <not-affected> (Vulnerable code not present)
 CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so
NMAS ...)
-	TODO: check
+	NOT-FOR-US: Novell eDirectory
 CVE-2006-4520
 	RESERVED
 CVE-2006-4519
@@ -2801,7 +2803,7 @@
 CVE-2006-4518
 	RESERVED
 CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a
...)
-	TODO: check
+	NOT-FOR-US: Novell iManager
 CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local
users to ...)
 	TODO: check
 CVE-2006-4515
@@ -32881,7 +32883,7 @@
 	{DSA-401}
 	- hylafax 1:4.1.8-1
 CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should
have ...)
-	TODO: check
+	- xscreensaver 4.15
 CVE-2003-0884
 	RESERVED
 CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows
local ...)
Secure testing commits - Nov 2006 - r4960 - data/CVE

[Secure-testing-commits] r4960 - data/CVE
