Author: enerv-guest Date: 2007-01-29 04:42:22 +0100 (Mon, 29 Jan 2007) New Revision: 5375 Modified: data/CVE/list Log: updated: CVE-2006-6885 flashplugin-nonfree not affected. CVE-2006-6876, CVE-2006-6877 new openserve 1.1.1-1 solves the problem. some NFUs. Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-29 00:30:05 UTC (rev 5374) +++ data/CVE/list 2007-01-29 03:42:22 UTC (rev 5375) @@ -1068,77 +1068,79 @@ CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...) NOT-FOR-US: Jonathon J. Freeman OvBB CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root ...) - TODO: check + NOT-FOR-US: Vz Scripts ADP Forum CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root ...) - TODO: check + NOT-FOR-US: Voodoo chat CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...) - TODO: check + NOT-FOR-US: FreeStyle Wiki CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root ...) - TODO: check + NOT-FOR-US: P-News CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows ...) - TODO: check + NOT-FOR-US: logahead UNU CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: phpwcms CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows ...) - TODO: check + - flashplugin-nonfree <not-affected> CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...) - TODO: check + NOT-FOR-US: Sky Software CVE-2006-6883 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: PHPIrc_bot CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote ...) - TODO: check + NOT-FOR-US: Golden Book CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux ...) - TODO: check + NOT-FOR-US: ATMEL WLAN drivers CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in ...) - TODO: check + NOT-FOR-US: PHP-Update CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in ...) - TODO: check + NOT-FOR-US: PHP-Update CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote ...) - TODO: check + NOT-FOR-US: PHP-Update CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli ...) - TODO: check + NOT-FOR-US: Matteo Lucarelli 3editor CVE-2006-6876 (The fetchsms function in the SMS handling module (libsms_getsms.c) in ...) - TODO: check + - openser 1.1.1-1 (medium) + NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open ...) - TODO: check + - openser 1.1.1-1 (medium) + NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in ...) - TODO: check + NOT-FOR-US: eNdonesia CMS CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 ...) - TODO: check + NOT-FOR-US: eNdonesia CMS CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows ...) - TODO: check + NOT-FOR-US: eNdonesia CMS CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 ...) - TODO: check + NOT-FOR-US: eNdonesia CMS CVE-2006-6869 (Directory traversal vulnerability in ...) - TODO: check + NOT-FOR-US: MAXdev CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web ...) - TODO: check + NOT-FOR-US: Zen Cart CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir ...) - TODO: check + NOT-FOR-US: buratinable templator (aka bubla) CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...) - TODO: check + NOT-FOR-US: Ahead4 CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp ...) - TODO: check + NOT-FOR-US: Softartisans CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in ...) - TODO: check + NOT-FOR-US: Enigma2 CVE-2006-6863 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Enigma2 CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...) - TODO: check + NOT-FOR-US: Outfront Spooky Login CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 ...) - TODO: check + NOT-FOR-US: Outfront Spooky Login CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...) - TODO: check + NOT-FOR-US: MythControl CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs ...) - TODO: check + NOT-FOR-US: Website Designs for Less CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: eNdonesia CMS CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in ...) - TODO: check + NOT-FOR-US: eNdonesia CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 ...) - TODO: check + NOT-FOR-US: eNdonesia CMS CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: eNdonesia CMS CVE-2006-XXXX [ssmtp password leak] - ssmtp 2.61-10.1 (bug #369542; low) CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...)