Author: joeyh
Date: 2006-01-21 20:23:51 +0000 (Sat, 21 Jan 2006)
New Revision: 3332
Modified:
data/CVE/list
Log:
processed recent TODOs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-20 21:14:21 UTC (rev 3331)
+++ data/CVE/list 2006-01-21 20:23:51 UTC (rev 3332)
@@ -35,7 +35,7 @@
CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running
firmware ...)
NOT-FOR-US: Clipcomm hardware
CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote
attackers to ...)
- TODO: Check
+ NOT-FOR-US: dual dns server
CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing
component, ...)
NOT-FOR-US: Joomla!
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware
WV.00.02 ...)
@@ -61,125 +61,123 @@
CVE-2006-0292
RESERVED
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7,
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application
Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0288 (Unspecified vulnerability in the Oracle Reports Developer
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component
of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component
of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application
Server ...)
- TODO: check
-CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2,
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4,
9.0.1.5, ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server
8.95.F1 ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise
Portal 8.4 ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration
Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0272 (Unspecified vulnerability in the XML Database component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0271 (Unspecified vulnerability in the Upgrade & Downgrade
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0270 (Unspecified vulnerability in the TDE Wallet component of Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0264 (Unspecified vulnerability in the Net Listener component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component
of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server
9.2.0.7 ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0259 (Multiple unspecified vulnerabilities in the Data Pump component
of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component
of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component
of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1
...)
- TODO: check
+ NOT-FOR-US: Check Point VPN
CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Geronimo ...)
- TODO: check
+ NOT-FOR-US: Apache Geronimo
CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in
"Blue ...)
- TODO: check
+ NOT-FOR-US: AmbiCom Blue Neighbors
CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows
remote ...)
- TODO: check
+ NOT-FOR-U: Benders Calendar
CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in
Faq-O-Matic ...)
- TODO: check
+ - faqomatic 2.712-3
CVE-2006-0250 (Format string vulnerability in the snmp_input function in
snmptrapd in ...)
NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP
NOTE: This bug is present in a fork, not in the mainline
NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions.
CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged
geoBlog ...)
- TODO: check
+ NOT-FOR-US: geoBlog
CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed
500 ...)
- TODO: check
+ NOT-FOR-US: Virata-EmWeb web server
CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in
Netbula ...)
- TODO: check
+ NOT-FOR-US: Anyboard
CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl
Download ...)
- TODO: check
+ NOT-FOR-US: Widexl Download Tracker
CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart
...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2006-0244 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: phpXplorer
CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: SMBCMS
CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox
4.0.6 ...)
- TODO: check
+ NOT-FOR-US: PHP Fusebox
CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: WBNews
CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Simple Blog
CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple
Blog 2.1 ...)
- TODO: check
+ NOT-FOR-US: Simple Blog
CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats
2.0 ...)
- TODO: check
+ NOT-FOR-US: GaMerZ WP-Stats
CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP
iCommerce ...)
- TODO: check
+ NOT-FOR-US: GTP iCommerce
CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird
1.0.2, ...)
- TODO: check
+ - mozilla-thunderbird (unfixed; bug #349242; medium)
CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: WhiteAlbum
CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10
allows ...)
- TODO: check
+ NOT-FOR-US: microBlog
CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in microBlog 2.0 RC-10
allows ...)
- TODO: check
+ NOT-FOR-US: microBlog
CVE-2006-0232
RESERVED
CVE-2006-0231
@@ -187,49 +185,51 @@
CVE-2006-0230
RESERVED
CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might
allow ...)
- TODO: check
+ NOT-FOR-US: Wehntrust
CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not
properly ...)
- TODO: check
+ - kernel-patch-grsecurity2 (unfixed; bug filed; medium)
+ - kernel-patch-2.4-grsecurity (unfixed; bug filed; medium)
CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris
8, 9, ...)
- TODO: check
+ NOT-FOR-US: lpsched in Sun Solaris
CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem
(ieee80211_ioctl.c) ...)
- TODO: check
+ NOT-FOR-US: freebsd kernel
CVE-2006-0225
RESERVED
CVE-2006-0224
RESERVED
CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and
earlier ...)
- TODO: check
+ NOT-FOR-US: PunBB
CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash
Chat ...)
- TODO: check
+ NOT-FOR-US: TopCMM
CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in
AlstraSoft ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in
Dragon ...)
- TODO: check
+ NOT-FOR-US: Dragon Design Services Network (DDSN)
CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in
DCP-Portal 5.3 ...)
- TODO: check
+ NOT-FOR-US: DCP-Portal
CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update
from ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB)
before ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate
...)
- TODO: check
+ NOT-FOR-US: Ultimate Auction
CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644
allows ...)
- TODO: check
+ NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in
QualityEBiz ...)
- TODO: check
+ NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: ezDatabase
CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions
pre-2.1-20051215 ...)
- TODO: check
+ NOT-FOR-US: Kolab Server
+ NOTE: libkolab-perl are extensions for this server, but server does not
seem to be in debian
CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in
Toshiba ...)
- TODO: check
+ NOT-FOR-US: Toshiba Bluetooth Stack
CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp
in Helm ...)
- TODO: check
+ NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in
Interspire ...)
- TODO: check
+ NOT-FOR-US: Interspire TrackPoint NX
CVE-2006-0209 (SQL injection vulnerability in general_functions.php in
TankLogger 2.4 ...)
- TODO: check
+ NOT-FOR-US: TankLogger
CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
5.1.1, when ...)
- php5 5.1.2-1
- php4 4:4.4.2-1
@@ -237,70 +237,71 @@
- php5 5.1.2-1
- php4 4:4.4.2-1
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0
...)
- TODO: check
+ NOT-FOR-US: Light Weight Calendar
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Wordcircle
CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in
Wordcircle 2.17 ...)
- TODO: check
+ NOT-FOR-US: Wordcircle
CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does
not ...)
- TODO: check
+ NOT-FOR-US: Mini-Nuke
CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka
PHP ...)
- TODO: check
+ NOT-FOR-US: PayPal Web Services
CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka
PHP ...)
- TODO: check
+ NOT-FOR-US: PayPal Web Services
CVE-2006-0200 (Format string vulnerability in the error-reporting feature in
the ...)
- php5 5.1.2-1 (unimportant)
NOTE: Not built into the binary packages
CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System
1.8.2 ...)
- TODO: check
+ NOT-FOR-US: Mini-Nuke
CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module,
possibly ...)
- TODO: check
+ NOT-FOR-US: XOOPS
CVE-2006-0197 (The XClientMessageEvent struct used in certain components of
X.Org ...)
- TODO: check
+ NOTE: exploitability uncertian
+ - xorg-x11 (unfixed; bug filed; low)
CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif)
0.4.4 ...)
- TODO: check
+ NOT-FOR-US: slsnif
CVE-2006-0195
RESERVED
CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in
FogBugz ...)
- TODO: check
+ NOT-FOR-US: FogBugz
CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control
Panel ...)
- TODO: check
+ NOT-FOR-US: Positive Software H-Sphere
CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey
1.10 ...)
- TODO: check
+ NOT-FOR-US: ASPSurvey
CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users
to ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86
platform ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46
allows ...)
- TODO: check
+ NOT-FOR-US: eStara Softphone
CVE-2006-0188
RESERVED
CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other
...)
- TODO: check
+ NOT-FOR-US: OcoMon
CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and
possibly ...)
- TODO: check
+ NOT-FOR-US: OcoMon
CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and
possibly ...)
- TODO: check
+ NOT-FOR-US: OcoMon
CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an
e-mail ...)
- TODO: check
+ NOT-FOR-US: Campsite
CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10
might allow ...)
- TODO: check
+ NOT-FOR-US: IPCop
CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable ...)
- TODO: check
+ NOT-FOR-US: IPCop
CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase
CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to
bypass ...)
- TODO: check
+ NOT-FOR-US: Ocean12
CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3
and ...)
- TODO: check
+ NOT-FOR-US: TClanPortal
CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in
PHP-Fusion ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView
(OfO) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and
earlier ...)
- TODO: check
+ NOT-FOR-US: AL-Caricatier
CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote
...)
- TODO: check
+ NOT-FOR-US: PHlyMail
CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro
2.0 ...)
NOT-FOR-US: AlstraSoft EPay Pro
CVE-2005-4650 (Joomla! 1.03 does not restrict the number of "Search"
Mambots, which ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
