Author: enerv-guest
Date: 2007-01-29 04:42:22 +0100 (Mon, 29 Jan 2007)
New Revision: 5375
Modified:
data/CVE/list
Log:
updated:
CVE-2006-6885 flashplugin-nonfree not affected.
CVE-2006-6876, CVE-2006-6877 new openserve 1.1.1-1 solves the problem.
some NFUs.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-29 00:30:05 UTC (rev 5374)
+++ data/CVE/list 2007-01-29 03:42:22 UTC (rev 5375)
@@ -1068,77 +1068,79 @@
CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation
function ...)
NOT-FOR-US: Jonathon J. Freeman OvBB
CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web
root ...)
- TODO: check
+ NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web
root ...)
- TODO: check
+ NOT-FOR-US: Voodoo chat
CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive
information ...)
- TODO: check
+ NOT-FOR-US: FreeStyle Wiki
CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web
root ...)
- TODO: check
+ NOT-FOR-US: P-News
CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0
allows ...)
- TODO: check
+ NOT-FOR-US: logahead UNU
CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive
...)
- TODO: check
+ NOT-FOR-US: phpwcms
CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10
allows ...)
- TODO: check
+ - flashplugin-nonfree <not-affected>
CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX
control (aka ...)
- TODO: check
+ NOT-FOR-US: Sky Software
CVE-2006-6883 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: PHPIrc_bot
CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows
remote ...)
- TODO: check
+ NOT-FOR-US: Golden Book
CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL
Linux ...)
- TODO: check
+ NOT-FOR-US: ATMEL WLAN drivers
CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in
...)
- TODO: check
+ NOT-FOR-US: PHP-Update
CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in
...)
- TODO: check
+ NOT-FOR-US: PHP-Update
CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote
...)
- TODO: check
+ NOT-FOR-US: PHP-Update
CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo
Lucarelli ...)
- TODO: check
+ NOT-FOR-US: Matteo Lucarelli 3editor
CVE-2006-6876 (The fetchsms function in the SMS handling module
(libsms_getsms.c) in ...)
- TODO: check
+ - openser 1.1.1-1 (medium)
+ NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open
...)
- TODO: check
+ - openser 1.1.1-1 (medium)
+ NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in
friend.php in ...)
- TODO: check
+ NOT-FOR-US: eNdonesia CMS
CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia
8.4 ...)
- TODO: check
+ NOT-FOR-US: eNdonesia CMS
CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4
allows ...)
- TODO: check
+ NOT-FOR-US: eNdonesia CMS
CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in
eNdonesia 8.4 ...)
- TODO: check
+ NOT-FOR-US: eNdonesia CMS
CVE-2006-6869 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MAXdev
CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart
Web ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir
...)
- TODO: check
+ NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the
web root ...)
- TODO: check
+ NOT-FOR-US: Ahead4
CVE-2006-6865 (Directory traversal vulnerability in
SAFileUpSamples/util/viewsrc.asp ...)
- TODO: check
+ NOT-FOR-US: Softartisans
CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in
...)
- TODO: check
+ NOT-FOR-US: Enigma2
CVE-2006-6863 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Enigma2
CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront
Spooky ...)
- TODO: check
+ NOT-FOR-US: Outfront Spooky Login
CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login
2.7 ...)
- TODO: check
+ NOT-FOR-US: Outfront Spooky Login
CVE-2006-6860 (Buffer overflow in the sendToMythTV function in
MythControlServer.c in ...)
- TODO: check
+ NOT-FOR-US: MythControl
CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website
Designs ...)
- TODO: check
+ NOT-FOR-US: Website Designs for Less
CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: eNdonesia CMS
CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php
in ...)
- TODO: check
+ NOT-FOR-US: eNdonesia
CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in
eNdonesia 8.2 ...)
- TODO: check
+ NOT-FOR-US: eNdonesia CMS
CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: eNdonesia CMS
CVE-2006-XXXX [ssmtp password leak]
- ssmtp 2.61-10.1 (bug #369542; low)
CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before
0.6.16 ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
