Author: micah
Date: 2006-05-18 15:48:10 +0000 (Thu, 18 May 2006)
New Revision: 3964
Modified:
data/CVE/list
data/ID_pending
Log:
Some NFUs, and a handful of pending IDs obtained from Mitre
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-17 19:27:50 UTC (rev 3963)
+++ data/CVE/list 2006-05-18 15:48:10 UTC (rev 3964)
@@ -3,39 +3,40 @@
NOTE: mail to bugtraq implies 4.0 is not vulnerable
TODO: sarge needs to be checked
CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various
scripts ...)
- TODO: check
+ NOT-FOR-US: Web Labs CMS
CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional
2006 ...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp
Professional 2006 ...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp
Professional ...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and
Ipswitch ...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional
2006 ...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch
...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch
...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2350 (SQL injection vulnerability in the inc/elementz.php script in
AliPAGER ...)
- TODO: check
+ NOT-FOR-US: AliPAGER
CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: E-Business Designer
CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in
...)
- TODO: check
+ NOT-FOR-US: E-Business Designer
CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: E-Business Designer
CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled,
allows ...)
- TODO: check
+ NOTE: Unable to reach CVS to determine if prior versions are affected
+ NOTE: Micah will return to this one
CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in
...)
- TODO: check
+ NOT-FOR-US: AliPAGER
CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER
1.5, with ...)
- TODO: check
+ NOT-FOR-US: AliPAGER
CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in
ManageEngine ...)
- TODO: check
+ NOT-FOR-US: ManageEngine OpManager
CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows
remote ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-XXXX [dovecot information disclosure: list .. directory]
- dovecot 1.0.beta8-1 (low)
[sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)
@@ -3840,7 +3841,7 @@
NOT-FOR-US: Geeklog
CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3
allows ...)
NOT-FOR-US: PhpTagCool
-CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand]
+CVE-2006-2440 [imagemagick: array index overflow in DisplayImageCommand]
- imagemagick 6:6.2.4.5-0.6 (bug #345595)
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M.
Blom ...)
NOT-FOR-US: My Blog
@@ -4069,7 +4070,7 @@
CVE-2006-XXXX [dpkg-sig: insecure temp file bug]
- dpkg-sig 0.13 (bug #352723; low)
[sarge] - dpkg-sig <no-dsa> (Only affected in debug mode)
-CVE-2006-XXXX [pioneers meta-server DoS]
+CVE-2006-2441 [pioneers meta-server DoS]
- pioneers 0.9.55-1 (bug #351986; medium)
[sarge] - gnocatan <not-affected> (Not exploitable in Sarge per
maintainer)
CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in
...)
@@ -5248,7 +5249,7 @@
NOT-FOR-US: Illustrate dBpowerAMP Music Converter
CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1,
with RMI ...)
NOT-FOR-US: BEA WebLogic Server
-CVE-2006-XXXX [knowledgetree information disclosure]
+CVE-2006-2443 [knowledgetree information disclosure]
- knowledgetree <unfixed> (bug #348306; medium)
CVE-2006-XXXX [php5 response splitting]
- php5 5.1.2-1 (bug #347894)
Modified: data/ID_pending
===================================================================
--- data/ID_pending 2006-05-17 19:27:50 UTC (rev 3963)
+++ data/ID_pending 2006-05-18 15:48:10 UTC (rev 3964)
@@ -1,16 +1,7 @@
-CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand]
- - imagemagick 6:6.2.4.5-0.6 (bug #345595)
- NOTE: Requested by Micah March 26, 2006
-CVE-2006-XXXX [pioneers meta-server DoS]
- - pioneers 0.9.55-1 (bug #351986; medium)
- [sarge] - gnocatan <not-affected> (Not exploitable in Sarge per
maintainer)
- NOTE: Requested by Micah March 26, 2006
CVE-2006-XXXX [kphone creates world-readable config file with passwords]
- kphone <unfixed> (bug #337830; low)
NOTE: Requested by Micah March 26, 2006
-CVE-2006-XXXX [knowledgetree information disclosure]
- - knowledgetree <unfixed> (bug #348306; medium)
- NOTE: Requested by Micah March 26, 2006
+ NOTE: CVE-2006-2442 obtained, but might be a duplicate of CVE-2006-2192
CVE-2006-XXXX [php5 response splitting]
- php5 5.1.2-1 (bug #347894)
- php4 <not-affected> (vulnerable code was introduced in PHP5)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
