thr3ads.net - Secure testing commits - [Secure-testing-commits] r5033

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Nov-30 23:04 UTC
[Secure-testing-commits] r5033 - data/CVE

Author: stef-guest
Date: 2006-11-30 23:04:40 +0100 (Thu, 30 Nov 2006)
New Revision: 5033

Modified:
   data/CVE/list
Log:
- libgsf issue DSAified ;)
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-30 21:39:11 UTC (rev 5032)
+++ data/CVE/list	2006-11-30 22:04:40 UTC (rev 5033)
@@ -1,7 +1,7 @@
 CVE-2006-6177 (SQL injection vulnerability in
system/core/users/users.profile.inc.php ...)
-	TODO: check
+	NOT-FOR-US: Neocrome Seditio
 CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn
before ...)
-	TODO: check
+	NOT-FOR-US: Blogn
 CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde
Kronolith ...)
 	- kronolith2 2.1.4-1 (bug #400899)
 	TODO: check kronolith 1.x
@@ -10,7 +10,7 @@
 CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in
...)
 	NOT-FOR-US: Mac OS X 
 CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input
plugin ...)
-	TODO: check
+	TODO: check xine, etc
 CVE-2006-6171 (** DISPUTED ** ...)
 	- proftpd-dfsg 1.3.0-13 (low; bug #399070)
 CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the
mod_tls ...)
@@ -22,27 +22,27 @@
 CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote
attackers to ...)
 	- tikiwiki 1.9.7+dfsg-1 (low)
 CVE-2006-6167 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Active PHP Bookmarks
 CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE
Admin ...)
-	TODO: check
+	NOT-FOR-US: Joomla Content Editor (JCE) for Joomla!
 CVE-2006-6165 (** DISPUTED ** ...)
-	TODO: check
+	NOTE: non-issue
 CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in
OpenBSD 3.9 ...)
 	NOT-FOR-US: OpenBSD
 CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php
in ...)
 	- tikiwiki 1.9.7+dfsg-1 (low)
 CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in
tiki-edit_structures.php ...)
-	TODO: check
+	- tikiwiki 1.9.7+dfsg-1 (low)
 CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum
Help Desk ...)
 	NOT-FOR-US: Doug Luxem Liberum Help Desk
 CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem Liberum
Help ...)
 	NOT-FOR-US: Doug Luxem Liberum Help Desk
 CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in
newticket.php ...)
-	TODO: check
+	NOT-FOR-US: DeskPRO
 CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS
Help ...)
-	TODO: check
+	NOT-FOR-US: PMOS Help Desk
 CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and
...)
-	TODO: check
+	NOT-FOR-US: ContentNow
 CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in
HIOX ...)
 	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
 CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX
Star ...)
@@ -54,17 +54,17 @@
 CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified
System ...)
 	NOTE: NOT-FOR-US (vSpin.net)
 CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in
Messagerie ...)
-	TODO: check
+	NOT-FOR-US: Messagerie Locale
 CVE-2006-6150 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: OWLLib
 CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager
1.0 ...)
-	TODO: check
+	NOT-FOR-US: JiRos FAQ Manager
 CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in
submitlink.asp ...)
-	TODO: check
+	NOT-FOR-US: JiRos FAQ Manager
 CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager
allow ...)
-	TODO: check
+	NOT-FOR-US: JiRos Links Manager
 CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in ...)
-	TODO: check
+	NOT-FOR-US: libharu
 CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials
in ...)
 	NOT-FOR-US: CRYPTOCard
 CVE-2006-6144
@@ -74,7 +74,7 @@
 CVE-2006-6142
 	RESERVED
 CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause
a ...)
-	TODO: check
+	NOT-FOR-US: Tftpd32
 CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006
(Semarang ...)
 	NOTE: NOT-FOR-US (Sisfo Kampus)
 CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo
Kampus ...)
@@ -92,7 +92,7 @@
 CVE-2006-6133 (Stack-based buffer overflow in Business Objects Crystal Reports
XI ...)
 	NOTE: NOT-FOR-US (Business Objects Crystal Reports)
 CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite
allow ...)
-	TODO: check
+	NOT-FOR-US: Link Exchange Lite
 CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2)
...)
 	NOT-FOR-US: Kerio WebSTAR
 CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of
...)
@@ -140,17 +140,17 @@
 CVE-2006-6114 (Buffer overflow in NWSPOOL.DLL in Novell Client 4.91 Post-SP3
for ...)
 	NOT-FOR-US: Novell
 CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive
...)
-	TODO: check
+	NOT-FOR-US: Monkey Boards
 CVE-2006-6112
 	RESERVED
 CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro
2.0 ...)
 	NOT-FOR-US: Alan Ward A-Cart Pro
 CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified
BPG-InfoTech ...)
-	TODO: check
+	NOT-FOR-US: BPG-InfoTech Content Management System 
 CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store
3.5.2.14 ...)
-	TODO: check
+	NOT-FOR-US: CandyPress Store
 CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before
1.0.1a-beta ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2006-6107
 	RESERVED
 CVE-2006-6106
@@ -180,45 +180,45 @@
 CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager
allow ...)
 	NOT-FOR-US: ActiveNews Manage
 CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in
adminprint.php ...)
-	TODO: check
+	NOT-FOR-US: PicturesPro Photo Cart
 CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in
20/20 ...)
 	NOT-FOR-US: Auto Gallery
 CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB
before ...)
-	TODO: check
+	NOT-FOR-US: GrimBB
 CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow
remote ...)
-	TODO: check
+	NOT-FOR-US: BaalAsp
 CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in
addpost1.asp in ...)
-	TODO: check
+	NOT-FOR-US: BaalAsp forum
 CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in
BlueCollar ...)
-	TODO: check
+	NOT-FOR-US: i-Gallery
 CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my
little ...)
-	TODO: check
+	NOT-FOR-US: my little weblog
 CVE-2006-6086 (PHP remote file inclusion vulnerability in ark_inc.php in e-Ark
1.0 ...)
-	TODO: check
+	NOT-FOR-US: e-Ark
 CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same
permissions ...)
 	- kile 1:1.9.3-1
 CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in
aBitWhizzy ...)
-	TODO: check
+	NOT-FOR-US: aBitWhizzy
 CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts
Creadirectory ...)
-	TODO: check
+	NOT-FOR-US: CreaScripts Creadirectory
 CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in
CreaScripts ...)
-	TODO: check
+	NOT-FOR-US: CreaScripts Creadirectory
 CVE-2006-6081 (PHP remote file inclusion vulnerability in
Smarty_Compiler.class.php ...)
-	TODO: check
+	TODO: check smarty, moodle, gallery2
 CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in
gNews ...)
-	TODO: check
+	NOT-FOR-US: gNews
 CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth
2.4 ...)
-	TODO: check
+	NOT-FOR-US: LoudMouth (PHP thingy, not libloudmouth)
 CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in
a-ConMan ...)
-	TODO: check
+	NOT-FOR-US: a-ConMan
 CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and
...)
 	- iceweasel <unfixed> (high)
 	- mozilla-firefox <unfixed> (high)
 	- xulrunner <unfixed> (high)
 CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in Computer
...)
-	TODO: check
+	NOT-FOR-US: BrightStor
 CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in
BaalAsp ...)
-	TODO: check
+	NOT-FOR-US: BaalAsp forum
 CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping
Cart ...)
 	TODO: check
 CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping
Cart ...)
@@ -2221,7 +2221,9 @@
 CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in
...)
 	NOT-FOR-US: OlateDownload
 CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)]
+	{DSA-1221-1}
 	- libgsf 1.14.2-1
+	NOTE: DSA-1221-1
 CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5
SP1 ...)
 	NOT-FOR-US: Backup Agent RPC Server
 CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup
R11.5 ...)
@@ -3848,39 +3850,39 @@
 CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for
certain ...)
 	NOT-FOR-US: Apple Remote Desktop
 CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through
10.4.8 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and
10.4.x ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x
before ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the
Security ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8
allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9
does not ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4405
 	RESERVED
 CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier,
when ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP
Access ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X
10.4.8 and ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS)
server in ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac
OS X ...)
 	NOT-FOR-US: Mac OS
 CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS)
server in ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4
...)
 	NOT-FOR-US: Mac OS
 CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X
...)
 	NOT-FOR-US: Mac OS
 CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through
10.4.7, ...)
@@ -4553,7 +4555,7 @@
 CVE-2006-4100
 	RESERVED
 CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates
predictable ...)
-	TODO: check
+	NOT-FOR-US: Business Objects
 CVE-2006-4098
 	RESERVED
 CVE-2006-4097
Secure testing commits - Nov 2006 - r5033 - data/CVE

[Secure-testing-commits] r5033 - data/CVE
