Author: micah Date: 2006-05-18 15:48:10 +0000 (Thu, 18 May 2006) New Revision: 3964
Modified: data/CVE/list data/ID_pending Log: Some NFUs, and a handful of pending IDs obtained from Mitre Modified: data/CVE/list =================================================================== --- data/CVE/list 2006-05-17 19:27:50 UTC (rev 3963) +++ data/CVE/list 2006-05-18 15:48:10 UTC (rev 3964) @@ -3,39 +3,40 @@ NOTE: mail to bugtraq implies 4.0 is not vulnerable TODO: sarge needs to be checked CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...) - TODO: check + NOT-FOR-US: Web Labs CMS CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 ...) - TODO: check + NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 ...) - TODO: check + NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional ...) - TODO: check + NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...) - TODO: check + NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 ...) - TODO: check + NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...) - TODO: check + NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...) - TODO: check + NOT-FOR-US: Ipswitch WhatsUp CVE-2006-2350 (SQL injection vulnerability in the inc/elementz.php script in AliPAGER ...) - TODO: check + NOT-FOR-US: AliPAGER CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: E-Business Designer CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in ...) - TODO: check + NOT-FOR-US: E-Business Designer CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: E-Business Designer CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows ...) - TODO: check + NOTE: Unable to reach CVS to determine if prior versions are affected + NOTE: Micah will return to this one CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in ...) - TODO: check + NOT-FOR-US: AliPAGER CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with ...) - TODO: check + NOT-FOR-US: AliPAGER CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...) - TODO: check + NOT-FOR-US: ManageEngine OpManager CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2006-XXXX [dovecot information disclosure: list .. directory] - dovecot 1.0.beta8-1 (low) [sarge] - dovecot <not-affected> (vulnerability introduced in 1.0) @@ -3840,7 +3841,7 @@ NOT-FOR-US: Geeklog CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows ...) NOT-FOR-US: PhpTagCool -CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand] +CVE-2006-2440 [imagemagick: array index overflow in DisplayImageCommand] - imagemagick 6:6.2.4.5-0.6 (bug #345595) CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...) NOT-FOR-US: My Blog @@ -4069,7 +4070,7 @@ CVE-2006-XXXX [dpkg-sig: insecure temp file bug] - dpkg-sig 0.13 (bug #352723; low) [sarge] - dpkg-sig <no-dsa> (Only affected in debug mode) -CVE-2006-XXXX [pioneers meta-server DoS] +CVE-2006-2441 [pioneers meta-server DoS] - pioneers 0.9.55-1 (bug #351986; medium) [sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer) CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in ...) @@ -5248,7 +5249,7 @@ NOT-FOR-US: Illustrate dBpowerAMP Music Converter CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI ...) NOT-FOR-US: BEA WebLogic Server -CVE-2006-XXXX [knowledgetree information disclosure] +CVE-2006-2443 [knowledgetree information disclosure] - knowledgetree <unfixed> (bug #348306; medium) CVE-2006-XXXX [php5 response splitting] - php5 5.1.2-1 (bug #347894) Modified: data/ID_pending =================================================================== --- data/ID_pending 2006-05-17 19:27:50 UTC (rev 3963) +++ data/ID_pending 2006-05-18 15:48:10 UTC (rev 3964) @@ -1,16 +1,7 @@ -CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand] - - imagemagick 6:6.2.4.5-0.6 (bug #345595) - NOTE: Requested by Micah March 26, 2006 -CVE-2006-XXXX [pioneers meta-server DoS] - - pioneers 0.9.55-1 (bug #351986; medium) - [sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer) - NOTE: Requested by Micah March 26, 2006 CVE-2006-XXXX [kphone creates world-readable config file with passwords] - kphone <unfixed> (bug #337830; low) NOTE: Requested by Micah March 26, 2006 -CVE-2006-XXXX [knowledgetree information disclosure] - - knowledgetree <unfixed> (bug #348306; medium) - NOTE: Requested by Micah March 26, 2006 + NOTE: CVE-2006-2442 obtained, but might be a duplicate of CVE-2006-2192 CVE-2006-XXXX [php5 response splitting] - php5 5.1.2-1 (bug #347894) - php4 <not-affected> (vulnerable code was introduced in PHP5) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits