thr3ads.net - Secure testing commits - [Secure-testing-commits] r5004

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Nov-23 23:50 UTC
[Secure-testing-commits] r5004 - data/CVE

Author: stef-guest
Date: 2006-11-23 23:50:51 +0100 (Thu, 23 Nov 2006)
New Revision: 5004

Modified:
   data/CVE/list
Log:
- CVE-2006-5969 new fvwm issue already fixed (low)
- CVE-2006-6009 new sun-java5 issue already fixed (low)
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-23 22:17:36 UTC (rev 5003)
+++ data/CVE/list	2006-11-23 22:50:51 UTC (rev 5004)
@@ -107,11 +107,11 @@
 CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive ...)
 	NOT-FOR-US: SAP
 CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE)
Swing ...)
-	TODO: check
+	- sun-java5 1.5.0-08-1
 CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other
versions, ...)
 	- linux-ftpd 0.17-22
 CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration
Template) 2.0 ...)
-	TODO: check
+	NOT-FOR-US: WebEvents (Online Event Registration Template)
 CVE-2006-6006
 	RESERVED
 CVE-2006-6005
@@ -143,39 +143,39 @@
 CVE-2006-5992
 	RESERVED
 CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts
CactuShop ...)
-	TODO: check
+	NOT-FOR-US: CactuShop
 CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build
33643) and ...)
-	TODO: check
+	NOT-FOR-US: VMWare
 CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb
5.0 ...)
 	- libapache-mod-auth-kerb 5.3-1 (low)
 CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4
running ...)
 	NOT-FOR-US: Windows
 CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet 2.1
allows ...)
-	TODO: check
+	NOT-FOR-US: ASPintranet
 CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does
not ...)
-	TODO: check
+	NOT-FOR-US: Extreme CMS
 CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Extreme CMS
 CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web
...)
-	TODO: check
+	NOT-FOR-US: Helm Hosting Control Panel
 CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC
Software ...)
-	TODO: check
+	NOT-FOR-US: DirectAdmin
 CVE-2006-5982 (Selenium Server 1.0, and possibly earlier, stores user passwords
in ...)
-	TODO: check
+	NOT-FOR-US: Selenium Server
 CVE-2006-5981 (Multiple directory traversal vulnerabilities in Selenium Server
1.0, ...)
-	TODO: check
+	NOT-FOR-US: Selenium Server
 CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and
possibly ...)
-	TODO: check
+	NOT-FOR-US: NetJetServer
 CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses
insecure ...)
-	TODO: check
+	NOT-FOR-US: NetJetServer
 CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown
...)
-	TODO: check
+	NOT-FOR-US: E-Xoopport
 CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow
remote ...)
-	TODO: check
+	NOT-FOR-US: MultiCalendars
 CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in
BlogMe ...)
-	TODO: check
+	NOT-FOR-US: BlogMe
 CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in
comments.asp in ...)
-	TODO: check
+	NOT-FOR-US: BlogMe
 CVE-2006-5974
 	RESERVED
 CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through
1.0.rc14, and ...)
@@ -195,7 +195,7 @@
 CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain
...)
 	NOT-FOR-US: Verity Ultraseek
 CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in
fvwm ...)
-	TODO: check
+	- fvwm 1:2.5.18-2 (low)
 CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other
versions, ...)
 	NOT-FOR-US: MDaemon
 CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions
before ...)
@@ -233,15 +233,15 @@
 CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in
Exophpdesk 1.2 ...)
 	NOT-FOR-US: Exophpdesk
 CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta
1, and ...)
-	TODO: check
+	NOT-FOR-US: ALTools ALFTP FTP Server
 CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server
4.1 beta ...)
-	TODO: check
+	NOT-FOR-US: ALTools ALFTP FTP Server
 CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php
in ...)
-	TODO: check
+	NOT-FOR-US: phpPeanuts
 CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP
Server ...)
-	TODO: check
+	NOT-FOR-US: Conxint FTP Server
 CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in
FunkyASP ...)
-	TODO: check
+	NOT-FOR-US: FunkyASP Glossary
 CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site
Manager ...)
 	TODO: check
 CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp
in ...)
Secure testing commits - Nov 2006 - r5004 - data/CVE

[Secure-testing-commits] r5004 - data/CVE
