thr3ads.net - Secure testing commits - [Secure-testing-commits] r5039

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Dec-01 23:01 UTC
[Secure-testing-commits] r5039 - data/CVE

Author: stef-guest
Date: 2006-12-01 23:01:02 +0100 (Fri, 01 Dec 2006)
New Revision: 5039

Modified:
   data/CVE/list
Log:
- libgsf CVEified
- new libxslt issue
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-12-01 20:14:34 UTC (rev 5038)
+++ data/CVE/list	2006-12-01 22:01:02 UTC (rev 5039)
@@ -1,3 +1,6 @@
+CVE-2006-XXXX [libxslt segfault / DoS]
+	- libxslt 1.1.18-3 (low)
+	[sarge] - libxslt <not-affected> (vulnerability added later)
 CVE-2006-6177 (SQL injection vulnerability in
system/core/users/users.profile.inc.php ...)
 	NOT-FOR-US: Neocrome Seditio
 CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn
before ...)
@@ -222,27 +225,27 @@
 CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in
BaalAsp ...)
 	NOT-FOR-US: BaalAsp forum
 CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping
Cart ...)
-	TODO: check
+	NOT-FOR-US: Enthrallweb eShopping Cart
 CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping
Cart ...)
-	TODO: check
+	NOT-FOR-US: Enthrallweb eShopping Cart
 CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...)
-	TODO: check
+	NOT-FOR-US: BPG-InfoTech Easy Publisher
 CVE-2006-6071
 	RESERVED
 CVE-2006-6070 (SQL injection vulnerability in
module/account/register/register.asp in ...)
-	TODO: check
+	NOT-FOR-US: ASP Nuke
 CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to
obtain ...)
-	TODO: check
+	NOT-FOR-US: mAlbum
 CVE-2006-6068 (Directory traversal vulnerability in the cached_album function
in ...)
-	TODO: check
+	NOT-FOR-US: mAlbum
 CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka
Real ...)
-	TODO: check
+	NOT-FOR-US: DataShed
 CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar /
Events ...)
-	TODO: check
+	NOT-FOR-US: Dragon Calendar
 CVE-2006-6065 (PHP remote file inclusion vulnerability in
includes/mx_common.php in ...)
-	TODO: check
+	NOT-FOR-US: CalSnails Module for MxBB Portal
 CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter
(MPI) in ...)
-	TODO: check
+	NOT-FOR-US: Fuzzball MUCK
 CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and
earlier ...)
 	NOT-FOR-US: XMPlay
 CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly
other ...)
@@ -452,7 +455,7 @@
 CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01,
allows ...)
 	NOT-FOR-US: Panda ActiveScan
 CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses
insecure ...)
-	TODO: check
+	NOT-FOR-US: PassGo SSO Plus
 CVE-2006-5964
 	RESERVED
 CVE-2006-5963
@@ -492,15 +495,15 @@
 CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in
FunkyASP ...)
 	NOT-FOR-US: FunkyASP Glossary
 CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site
Manager ...)
-	TODO: check
+	NOT-FOR-US: MGinternet Car Site Manager
 CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp
in ...)
-	TODO: check
+	NOT-FOR-US: MGinternet Car Site Manager
 CVE-2006-5943 (Multiple SQL injection vulnerabilities in
inventory/display/imager.asp ...)
-	TODO: check
+	NOT-FOR-US: Less Inventory Manager
 CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Less Inventory Manager
 CVE-2006-5941 (snmpd in (1) the SUNWsmagt package in Solaris 10 before 20061122
and ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before
7.1.407 has ...)
 	NOT-FOR-US: Grisoft AVG Anti-Virus
 CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to
cause ...)
@@ -528,55 +531,55 @@
 CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in
Phpjobscheduler ...)
 	NOT-FOR-US: Phpjobscheduler
 CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy
Portal ...)
-	TODO: check
+	NOT-FOR-US: ASP Scripter Easy Portal
 CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru
before ...)
-	TODO: check
+	NOT-FOR-US: Vallheru
 CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient
installed ...)
 	- links 0.99+1.00pre12-1.1 (medium; bug #399188)
 	- elinks 0.11.1-1.2 (medium; bug #399187)
 	- links2 2.1pre25-2
 CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in
Efficient IP ...)
-	TODO: check
+	NOT-FOR-US: Efficient IP iPmanager (IPm)
 CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris
Mac ...)
-	TODO: check
+	NOT-FOR-US: gtcatalog
 CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain
...)
-	TODO: check
+	NOT-FOR-US: Wheatblog
 CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in
add_comment.php ...)
-	TODO: check
+	NOT-FOR-US: Wheatblog
 CVE-2006-5920 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Exporia
 CVE-2006-5919 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: KnowledgeBuilder
 CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP
Rapid ...)
-	TODO: check
+	NOT-FOR-US: RapidKill
 CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article
Manager ...)
-	TODO: check
+	NOT-FOR-US: OmniStar Article Manager
 CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to
bypass ...)
-	TODO: check
+	NOT-FOR-US: Intego VirusBarrier
 CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in
...)
-	TODO: check
+	NOT-FOR-US: LandShop
 CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows
...)
-	TODO: check
+	NOT-FOR-US: LandShop
 CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1)
cause a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has
...)
-	TODO: check
+	NOT-FOR-US: Campware Campsite
 CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware
...)
-	TODO: check
+	NOT-FOR-US: Campware Campsite
 CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware
...)
-	TODO: check
+	NOT-FOR-US: Campware Campsite
 CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And
Research ...)
-	TODO: check
+	NOT-FOR-US: Stanford Conference And Research Forum (SCARF)
 CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user
function in ...)
-	TODO: check
+	NOT-FOR-US: Yet Another News System
 CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php
in ...)
-	TODO: check
+	NOT-FOR-US: SCRIPT BANNIERES
 CVE-2006-5906 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: SCRIPT BANNIERES
 CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the
database ...)
-	TODO: check
+	NOT-FOR-US: Web Directory Pro
 CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro
7.0 ...)
-	TODO: check
+	NOT-FOR-US: MWChat Pro
 CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to
...)
 	NOT-FOR-US: GSpace
 CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to
perform ...)
@@ -584,7 +587,7 @@
 CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP
...)
 	NOT-FOR-US: Hawking Technology wireless router WR254-CA
 CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: Zend Framework Preview
 CVE-2006-5899 (** DISPUTED ** ...)
 	NOT-FOR-US: @cid stat
 CVE-2006-5898 (Directory traversal vulnerability in
localization/languages.lib.php3 ...)
@@ -592,7 +595,7 @@
 CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus
1.9 and ...)
 	NOT-FOR-US: PhpMyChat Plus
 CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain
the ...)
-	TODO: check
+	NOT-FOR-US: Web Mech Designer
 CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in
EncapsCMS ...)
 	NOT-FOR-US: EncapsCMS
 CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68
and ...)
@@ -660,13 +663,13 @@
 CVE-2006-5867
 	RESERVED
 CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php
for ...)
-	TODO: check
+	NOT-FOR-US: phpManta
 CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php for
Script ...)
-	TODO: check
+	NOT-FOR-US: Script Dowload
 CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for
...)
-	TODO: check
+	NOT-FOR-US: LetterIt
 CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of
the web ...)
-	TODO: check
+	NOT-FOR-US: Network Administration Visualized
 CVE-2006-5861 (The Independent Management Architecture (IMA) service
(ImaSrv.exe) in ...)
 	TODO: check
 CVE-2006-5860
@@ -2222,10 +2225,6 @@
 	NOT-FOR-US: OlateDownload
 CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in
...)
 	NOT-FOR-US: OlateDownload
-CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)]
-	- libgsf 1.14.2-1
-	[sarge] - libgsf 1.11.1-1sarge1
-	NOTE: DSA-1221-1
 CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5
SP1 ...)
 	NOT-FOR-US: Backup Agent RPC Server
 CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup
R11.5 ...)
@@ -3613,9 +3612,10 @@
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-4515
 	RESERVED
-CVE-2006-4514
+CVE-2006-4514 [unspecified libgsf security issue (IDEF1622)]
+	{DSA-1221-1}
 	RESERVED
-	{DSA-1221-1}
+	- libgsf 1.14.2-1
 CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly
...)
 	- wv 1.2.4-1 (bug #396256; medium)
 CVE-2006-4512
Secure testing commits - Dec 2006 - r5039 - data/CVE

[Secure-testing-commits] r5039 - data/CVE
