Author: stef-guest
Date: 2007-01-07 19:38:58 +0100 (Sun, 07 Jan 2007)
New Revision: 5219
Modified:
data/CVE/list
Log:
- CVE-2006-5870: new openoffice issue (medium)
- CVE-2006-6839 to -6841: new phpbb2 issues
- two new drupal issues fixed (low)
- cacti CVEified
- tmsnc issue already fixed
- interchange issue already fixed
- some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-07 17:50:16 UTC (rev 5218)
+++ data/CVE/list 2007-01-07 18:38:58 UTC (rev 5219)
@@ -1,3 +1,9 @@
+CVE-2007-XXXX [drupal XSS]
+ - drupal 4.7.5-1 (low)
+ NOTE: DRUPAL-SA-2007-001
+CVE-2007-XXXX [drupal DoS]
+ - drupal 4.7.5-1 (low)
+ NOTE: DRUPAL-SA-2007-002
CVE-2007-XXXX WordPress Trackback Charset Decoding SQL Injection Vulnerability
- wordpress <unfixed> (medium)
NOTE: http://www.hardened-php.net/advisory_022007.141.html
@@ -83,7 +89,7 @@
CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote
attackers to ...)
NOT-FOR-US: AIDeX Mini-WebServer
CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele
...)
- TODO: check
+ NOT-FOR-US: QuickCam VC (linux-uvc and qc-usb in Debian are not related)
CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware
on ...)
NOT-FOR-US: Durian Web Application Server
CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200
61127 ...)
@@ -109,11 +115,11 @@
CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the
Acronym ...)
NOT-FOR-US: Acronym Mod for phpBB2
CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which
has ...)
- TODO: check
+ - phpbb2 <unfixed> (bug #405980)
CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown
impact ...)
- TODO: check
+ - phpbb2 <unfixed> (bug #405980)
CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown
impact ...)
- TODO: check
+ - phpbb2 <unfixed> (bug #405980)
CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote
attackers to ...)
NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2)
...)
@@ -145,7 +151,7 @@
CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows
remote ...)
NOT-FOR-US: aFAQ
CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in
b2 Blog ...)
- TODO: check
+ NOT-FOR-US: b2 Blog
CVE-2006-6829 (Efkan Forum 1.0 and earlier store sensitive information under
the web ...)
NOT-FOR-US: Efkan Forum
CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and
earlier ...)
@@ -191,106 +197,104 @@
CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in
wp-admin/templates.php in ...)
- wordpress <unfixed> (bug #405299)
CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka
Ananda ...)
- TODO: check
+ NOT-FOR-US: Ananda Real Estate
CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb
eMates ...)
- TODO: check
+ NOT-FOR-US: Enthrallweb eMates
CVE-2006-6805 (SQL injection vulnerability in newsdetail.asp in Enthrallweb
eJobs ...)
- TODO: check
+ NOT-FOR-US: Enthrallweb eJobs
CVE-2006-6804 (SQL injection vulnerability in bus_details.asp in Dragon
Business ...)
- TODO: check
+ NOT-FOR-US: Dragon Business Directory - Pro
CVE-2006-6803 (SQL injection vulnerability in Types.asp in Enthrallweb eCars
1.0 ...)
- TODO: check
+ NOT-FOR-US: Enthrallweb eCars
CVE-2006-6802 (SQL injection vulnerability in actualpic.asp in Enthrallweb
ePages ...)
- TODO: check
+ NOT-FOR-US: Enthrallweb ePages
CVE-2006-6801 (PHP remote file inclusion vulnerability in misc.php in SH-News
0.93, ...)
- TODO: check
+ NOT-FOR-US: SH-News
CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the
event ...)
- TODO: check
+ NOT-FOR-US: Limbo CMS
CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when
...)
- TODO: check
+ - cacti <unfixed> (bug #404818; medium)
CVE-2006-6798
RESERVED
CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-6796 (PHP remote file inclusion vulnerability in
admin/admin_settings.php in ...)
- TODO: check
+ NOT-FOR-US: MTCMS
CVE-2006-6795 (PHP remote file inclusion vulnerability in
gallery/displayCategory.php ...)
- TODO: check
+ NOT-FOR-US: myPHPNuke
CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0
allows ...)
- TODO: check
+ NOT-FOR-US: Efkan Forum
CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul
Merkezi ...)
- TODO: check
+ NOT-FOR-US: Okul Merkezi Portal
CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar
MX ...)
- TODO: check
+ NOT-FOR-US: Calendar MX
CVE-2006-6791 (SQL injection vulnerability in SelGruFra.asp in chatwm 1.0
allows ...)
- TODO: check
+ NOT-FOR-US: chatwm
CVE-2006-6790 (Direct static code injection vulnerability in chat/login.php in
...)
- TODO: check
+ NOT-FOR-US: Ultimate PHP Board
CVE-2006-6789 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Phpbbxtra
CVE-2006-6788 (Multiple PHP remote file inclusion vulnerabilities in LuckyBot
3 allow ...)
- TODO: check
+ NOT-FOR-US: LuckyBot
CVE-2006-6787 (SQL injection vulnerability in admin/admin_mail_adressee.asp in
...)
- TODO: check
+ NOT-FOR-US: Newsletter MX
CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Open Newsletter
CVE-2006-6785 (The admin PHP scripts in Open Newsletter 2.5 and earlier do not
exit ...)
- TODO: check
+ NOT-FOR-US: Open Newsletter
CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote
...)
- TODO: check
+ NOT-FOR-US: Netbula Anyboard
CVE-2006-6783 (logahead UNU 1.0 before 20061226 allows remote attackers to
upload ...)
- TODO: check
+ NOT-FOR-US: logahead UNU
CVE-2006-6782 (Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28
and ...)
- TODO: check
+ NOT-FOR-US: pnamazu
CVE-2006-6781 (HLstats 1.20 through 1.34 allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: HLstats
CVE-2006-6780 (SQL injection vulnerability in the login form in HLstats 1.20
through ...)
- TODO: check
+ NOT-FOR-US: HLstats
CVE-2006-6779 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin
allows ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2006-6778 (Cross-site scripting (XSS) vulnerability in shownews.php in
TimberWolf ...)
- TODO: check
+ NOT-FOR-US: TimberWolf
CVE-2006-6777 (Cross-site scripting (XSS) vulnerability in index.cfm in Future
...)
- TODO: check
+ NOT-FOR-US: Future Internet
CVE-2006-6776 (Multiple SQL injection vulnerabilities in Future Internet allow
remote ...)
- TODO: check
+ NOT-FOR-US: Future Internet
CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial
of ...)
- TODO: check
+ NOT-FOR-US: acFTP
CVE-2006-6774 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Content Federator
CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows
remote ...)
- TODO: check
+ NOT-FOR-US: Fishyshoop
CVE-2006-6772 (Format string vulnerability in w3m 0.5.1, when run with the
dump or ...)
- w3m 0.5.1-5.1 (low; bug #404564)
TODO: Check w3mee, is this forked version still needed?
CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez
CMS 0.7.1 ...)
- TODO: check
+ NOT-FOR-US: Irokez CMS
CVE-2006-6770 (Multiple PHP remote file inclusion vulnerabilities in Jinzora
Media ...)
- TODO: check
+ NOT-FOR-US: Jinzora Media Jukebox
CVE-2006-6769 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
Live! 3.2.2 ...)
- TODO: check
+ NOT-FOR-US: PHP Live!
CVE-2005-4822 (SQL injection vulnerability in projects/project-edit.asp in
Digger ...)
- TODO: check
+ NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2005-4821 (Multiple SQL injection vulnerabilities in Land Down Under (LDU)
v801 ...)
- TODO: check
+ NOT-FOR-US: Land Down Under
CVE-2005-4820 (SMC Wireless Router model SMC7904WBRA allows remote attackers
to cause ...)
- TODO: check
+ NOT-FOR-US: SMC
CVE-2005-4819 (Cross-site scripting (XSS) vulnerability in Lotus Domino
versions ...)
- TODO: check
+ NOT-FOR-US: Lotus Domino
CVE-2005-4818 (Multiple SQL injection vulnerabilities in Copernicus Europa
allow ...)
- TODO: check
+ NOT-FOR-US: Copernicus Europa
CVE-2005-4817 (Format string vulnerability in ui.c in Textbased MSN Client
(TMSNC) ...)
- TODO: check
+ - tmsnc 0.2.5-1
CVE-2004-2669 (Multiple SQL injection vulnerabilities in Land Down Under (LDU)
v701 ...)
- TODO: check
+ NOT-FOR-US: Land Down Under
CVE-2004-2668 (SQL injection vulnerability in Interchange before 4.8.9 allows
remote ...)
- TODO: check
+ - interchange 4.9.8-1
CVE-2004-2667 (Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x
before ...)
- TODO: check
+ NOT-FOR-US: Lotus Domino
CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under
(LDU) v601 ...)
- TODO: check
-CVE-2006-XXXX [cacti "cmd.php" Command Execution and SQL Injection]
- - cacti <unfixed> (bug #404818)
+ NOT-FOR-US: Land Down Under (LDU)
CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in
default.asp in ...)
NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6767
@@ -1007,7 +1011,7 @@
CVE-2006-6489
RESERVED
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the
Dialog Wrapper ...)
- TODO: check
+ NOT-FOR-US: ICONICS
CVE-2006-6487
RESERVED
CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers
to ...)
@@ -2324,7 +2328,7 @@
{DSA-1237 DSA-1233}
- linux-2.6 <not-affected> (Current Linux versions already implement
intended behaviour)
CVE-2006-5870 (Multiple integer overflows in OpenOffice.org 2.0.4 and earlier,
and ...)
- TODO: check
+ - openoffice.org <unfixed> (medium; bug filed)
CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute
...)
{DSA-1220}
- pstotext 1.9-4 (bug #356988; medium)
@@ -5138,21 +5142,21 @@
CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat
before ...)
NOT-FOR-US: FlashChat
CVE-2006-4582 (Cross-site request forgery (CSRF) vulnerability in The Address
Book 1.04e ...)
- TODO: check
+ NOT-FOR-US: The Address Book
CVE-2006-4581 (Unrestricted file upload vulnerability in The Address Book
1.04e validates ...)
- TODO: check
+ NOT-FOR-US: The Address Book
CVE-2006-4580 (register.php in The Address Book 1.04e allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: The Address Book
CVE-2006-4579 (Directory traversal vulnerability in users.php in The Address
Book ...)
- TODO: check
+ NOT-FOR-US: The Address Book
CVE-2006-4578 (export.php in The Address Book 1.04e writes username and
password hash ...)
- TODO: check
+ NOT-FOR-US: The Address Book
CVE-2006-4577 (Multiple cross-site scripting (XSS) vulnerabilities in The
Address Book 1.04e ...)
- TODO: check
+ NOT-FOR-US: The Address Book
CVE-2006-4576 (Cross-site scripting (XSS) vulnerability in The Address Book
1.04e allows ...)
- TODO: check
+ NOT-FOR-US: The Address Book
CVE-2006-4575 (Multiple SQL injection vulnerabilities in The Address Book
1.04e allow remote ...)
- TODO: check
+ NOT-FOR-US: The Address Book
CVE-2006-4574 (Off-by-one error in the MIME Multipart dissector in Wireshark
...)
- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8
combining characters ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
