Author: joeyh
Date: 2006-09-13 09:14:40 +0000 (Wed, 13 Sep 2006)
New Revision: 4724
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-12 23:10:34 UTC (rev 4723)
+++ data/CVE/list 2006-09-13 09:14:40 UTC (rev 4724)
@@ -1,3 +1,223 @@
+CVE-2006-4731 (Directory traversal vulnerability in login.pl in (1) SQL-Ledger
before ...)
+ TODO: check
+CVE-2006-4730
+ RESERVED
+CVE-2006-4729
+ RESERVED
+CVE-2006-4728
+ RESERVED
+CVE-2006-4727
+ RESERVED
+CVE-2006-4726
+ RESERVED
+CVE-2006-4725
+ RESERVED
+CVE-2006-4724
+ RESERVED
+CVE-2006-4723 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board
...)
+ TODO: check
+CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro
Sports ...)
+ TODO: check
+CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in
mcGalleryPRO ...)
+ TODO: check
+CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in
MyABraCaDaWeb ...)
+ TODO: check
+CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in
livre_or.php in ...)
+ TODO: check
+CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie
module ...)
+ TODO: check
+CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in
Fire Soft ...)
+ TODO: check
+CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs
Vivvo ...)
+ TODO: check
+CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in
SpoonLabs ...)
+ TODO: check
+CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in
PSYWERKS PUMA ...)
+ TODO: check
+CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage
allow ...)
+ TODO: check
+CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage
allow ...)
+ TODO: check
+CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in
NewsGator ...)
+ TODO: check
+CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b
allows ...)
+ TODO: check
+CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in
Vikingboard ...)
+ TODO: check
+CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php
(aka the ...)
+ TODO: check
+CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in
inc/functions_post.php in ...)
+ TODO: check
+CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and
Dominic ...)
+ TODO: check
+CVE-2006-4704
+ RESERVED
+CVE-2006-4703
+ RESERVED
+CVE-2006-4702
+ RESERVED
+CVE-2006-4701
+ RESERVED
+CVE-2006-4700
+ RESERVED
+CVE-2006-4699
+ RESERVED
+CVE-2006-4698
+ RESERVED
+CVE-2006-4697
+ RESERVED
+CVE-2006-4696
+ RESERVED
+CVE-2006-4695
+ RESERVED
+CVE-2006-4694
+ RESERVED
+CVE-2006-4693
+ RESERVED
+CVE-2006-4692
+ RESERVED
+CVE-2006-4691
+ RESERVED
+CVE-2006-4690
+ RESERVED
+CVE-2006-4689
+ RESERVED
+CVE-2006-4688
+ RESERVED
+CVE-2006-4687
+ RESERVED
+CVE-2006-4686
+ RESERVED
+CVE-2006-4685
+ RESERVED
+CVE-2006-4684
+ RESERVED
+CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before
5.10 allow ...)
+ TODO: check
+CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM
Director ...)
+ TODO: check
+CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and
passwords ...)
+ TODO: check
+CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by
default, ...)
+ TODO: check
+CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3
allows ...)
+ TODO: check
+CVE-2006-4677 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded
usernames and ...)
+ TODO: check
+CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in
...)
+ TODO: check
+CVE-2006-4674 (Direct static code injection vulnerability in doku.php in
DokuWiki ...)
+ TODO: check
+CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in
PHP-Fusion ...)
+ TODO: check
+CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart
2.5 EE, ...)
+ TODO: check
+CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in
Fantastic ...)
+ TODO: check
+CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn
...)
+ TODO: check
+CVE-2006-4669 (PHP remote file inclusion vulnerability in
admin/system/include.php in ...)
+ TODO: check
+CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob
Hensley ...)
+ TODO: check
+CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow
remote ...)
+ TODO: check
+CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in WM-News
0.5 ...)
+ TODO: check
+CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in
MKPortal M1.1 ...)
+ TODO: check
+CVE-2006-4664 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4663 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in
AOL ICQ ...)
+ TODO: check
+CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does
not ...)
+ TODO: check
+CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS
Feed ...)
+ TODO: check
+CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007
11.00.00 ...)
+ TODO: check
+CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007
11.00.00 uses ...)
+ TODO: check
+CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007
11.00.00 ...)
+ TODO: check
+CVE-2006-4656 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD
extension in X ...)
+ TODO: check
+CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2
allows ...)
+ TODO: check
+CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll
store ...)
+ TODO: check
+CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll
have a ...)
+ TODO: check
+CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and
possibly ...)
+ TODO: check
+CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used
and the ...)
+ TODO: check
+CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo
News ...)
+ TODO: check
+CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo
News ...)
+ TODO: check
+CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge
News 2.2 ...)
+ TODO: check
+CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7
Pathauto ...)
+ TODO: check
+CVE-2006-4645 (PHP remote file inclusion vulnerability in
akarru.gui/main_content.php ...)
+ TODO: check
+CVE-2006-4644 (PHP remote file inclusion vulnerability in
modules/home.module.php in ...)
+ TODO: check
+CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert
...)
+ TODO: check
+CVE-2006-4642 (AuditWizard 6.3.2, when using "Remote Audit," logs
the administrator ...)
+ TODO: check
+CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber
Portal ...)
+ TODO: check
+CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0
allows ...)
+ TODO: check
+CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr
C-News ...)
+ TODO: check
+CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV
News ...)
+ TODO: check
+CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News
0.9.1 ...)
+ TODO: check
+CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and
...)
+ TODO: check
+CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and
possibly ...)
+ TODO: check
+CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM
allows ...)
+ TODO: check
+CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote
attackers ...)
+ TODO: check
+CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and
possibly ...)
+ TODO: check
+CVE-2006-4631 (Direct static code injection vulnerability in
admin/save_opt.php in ...)
+ TODO: check
+CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky
GUNNING ...)
+ TODO: check
+CVE-2006-4629 (PHP remote file inclusion vulnerability in
affichage/commentaires.php ...)
+ TODO: check
+CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983
allows ...)
+ TODO: check
+CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed
via ...)
+ TODO: check
+CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine
before ...)
+ TODO: check
+CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to
bypass ...)
+ TODO: check
+CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before
2.1.9rc1 ...)
+ TODO: check
+CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE)
decapsulation ...)
+ TODO: check
+CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web
Server ...)
+ TODO: check
CVE-2006-XXXX [gnutls signature forgery]
NOTE: GNUTLS-SA-2006-4
NOTE: fix for gnutls13 reverted in 1.4.3-2
@@ -15,7 +235,7 @@
NOT-FOR-US: Pheap
CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running
with ...)
NOT-FOR-US: Alt-N WebAdmin
-CVE-2006-4619 (The start update window in Avira AntiVir PersonalEdition
Classic ...)
+CVE-2006-4619 (The start update window in update.exe in Avira AntiVir
PersonalEdition ...)
NOT-FOR-US: Avira
CVE-2006-4618 (PHP remote file inclusion vulnerability in
adodb-postgres7.inc.php in ...)
- libphp-adodb <not-affected> (vulnerable code seems to be In-link
specific)
@@ -132,7 +352,7 @@
RESERVED
CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in
Simple ...)
NOT-FOR-US: Simple Machines Forum
-CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in modules.php in
PHP-Nuke ...)
+CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines
before ...)
NOT-FOR-US: PHP-Nuke
CVE-2006-4562 (** DISPUTED ** ...)
NOT-FOR-US: Symantec
@@ -523,31 +743,31 @@
RESERVED
CVE-2006-4390
RESERVED
-CVE-2006-4389
- RESERVED
-CVE-2006-4388
- RESERVED
+CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote
attackers to ...)
+ TODO: check
+CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
+ TODO: check
CVE-2006-4387
RESERVED
-CVE-2006-4386
- RESERVED
-CVE-2006-4385
- RESERVED
-CVE-2006-4384
- RESERVED
+CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
+ TODO: check
+CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
+ TODO: check
+CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3
allows ...)
+ TODO: check
CVE-2006-4383
RESERVED
-CVE-2006-4382
- RESERVED
-CVE-2006-4381
- RESERVED
+CVE-2006-4382 (Buffer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
+ TODO: check
+CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
+ TODO: check
CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of
service ...)
{DSA-1169}
- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
- mysql-dfsg <not-affected> (only 4.1 affected)
- mysql-dfsg-4.1 <removed>
-CVE-2006-4379
- RESERVED
+CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...)
+ TODO: check
CVE-2006-4378 (** DISPUTED ** ...)
NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
@@ -623,7 +843,7 @@
CVE-2006-4342
RESERVED
CVE-2006-4341
- RESERVED
+ REJECTED
CVE-2006-4340
RESERVED
CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before
0.9.8c, ...)
@@ -710,7 +930,7 @@
NOT-FOR-US: Solaris
CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows
remote ...)
- maxdb-7.5.00 <unfixed> (high; bug #386182)
-CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1
and ...)
+CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1,
NetBSD ...)
NOT-FOR-US: FreeBSD NetBSD
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in
Sun ...)
NOT-FOR-US: Solaris
@@ -730,8 +950,8 @@
NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in
Panda ...)
NOT-FOR-US: Panda ActiveScan
-CVE-2006-4294
- RESERVED
+CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0
through 4.0.4 ...)
+ TODO: check
CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel
10 allow ...)
NOT-FOR-US: cPanel
CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b
allows ...)
@@ -990,7 +1210,7 @@
CVE-2006-4181
RESERVED
CVE-2006-4180
- RESERVED
+ REJECTED
CVE-2006-4179
RESERVED
CVE-2006-4178
@@ -1649,8 +1869,8 @@
RESERVED
CVE-2006-3874
RESERVED
-CVE-2006-3873
- RESERVED
+CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet
...)
+ TODO: check
CVE-2006-3872
RESERVED
CVE-2006-3871
@@ -1966,7 +2186,7 @@
NOT-FOR-US: Diesel Joke Site
CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote
attackers to ...)
NOT-FOR-US: Touch Control ActiveX control
-CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in
inc/function_post.php in ...)
+CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in
inc/functions_post.php in ...)
NOT-FOR-US: MyBB
CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka
MyBulletinBoard) ...)
NOT-FOR-US: MyBB
@@ -2360,9 +2580,9 @@
NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and
Infrastructure ...)
NOT-FOR-US: VMware
-CVE-2006-3588 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0
allows ...)
+CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player
8.0.24.0 ...)
NOT-FOR-US: Macromedia Flash Player 8
-CVE-2006-3587 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0
allows ...)
+CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player
8.0.24.0 ...)
NOT-FOR-US: Macromedia Flash Player 8
CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote
...)
NOT-FOR-US: Jetbox CMS
@@ -2665,8 +2885,8 @@
NOT-FOR-US: Microsoft
CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft
Windows ...)
NOT-FOR-US: Microsoft
-CVE-2006-3442
- RESERVED
+CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM)
in ...)
+ TODO: check
CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows
2000 ...)
NOT-FOR-US: Microsoft
CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000
SP4, XP ...)
@@ -2948,8 +3168,8 @@
NOT-FOR-US: Netsoft smartNet
CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans
and ...)
NOT-FOR-US: QaTraq
-CVE-2006-3311
- RESERVED
+CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier,
Flash ...)
+ TODO: check
CVE-2006-3310
RESERVED
CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout
Portal ...)
@@ -4428,8 +4648,8 @@
NOTE: tempnam function is taking unsanitized input, it's an
NOTE: application error
- php5 5.1.6-1 (low)
-CVE-2006-2658
- RESERVED
+CVE-2006-2658 (Directory traversal vulnerability in the xsp component in
mod_mono in ...)
+ TODO: check
CVE-2006-2657
REJECTED
CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1
accidentally ...)
@@ -4807,7 +5027,7 @@
NOT-FOR-US: IntelliTampe
CVE-2006-2493
REJECTED
-CVE-2005-1755 (PHP remote code injection vulnerability in poll_vote.php in PHP
Poll ...)
+CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP
Poll ...)
NOT-FOR-US: PHP Poll Creator
CVE-2005-1754 (JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat
5.0.16, ...)
NOT-FOR-US: JavaMail API
@@ -4840,8 +5060,8 @@
NOT-FOR-US: IceWarp
CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in
...)
NOT-FOR-US: Squirrelcart
-CVE-2006-2482
- RESERVED
+CVE-2006-2482 (Heap-based buffer overflow in ZipTV for Delphi 7 2006.1.26 and
for C++ ...)
+ TODO: check
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch
4 ...)
NOT-FOR-US: VMware ESX
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted
...)
@@ -12453,8 +12673,8 @@
NOT-FOR-US: Microsoft
CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2,
Office ...)
NOT-FOR-US: Microsoft
-CVE-2006-0032
- RESERVED
+CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing
Service in ...)
+ TODO: check
CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and
2003, ...)
NOT-FOR-US: Microsoft
CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and
2003, in ...)
@@ -13281,8 +13501,8 @@
NOT-FOR-US: RDS.Dataspace
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through
2003, ...)
NOT-FOR-US: Microsoft
-CVE-2006-0001
- RESERVED
+CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through
2003 ...)
+ TODO: check
CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before
Firmware ...)
NOT-FOR-US: Apple AirPort
CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4
allows ...)
@@ -15990,7 +16210,7 @@
CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote
attackers to ...)
{DSA-809-3 DSA-809-1}
- squid 2.5.10-5 (medium)
-CVE-2005-2793 (PHP remote code injection vulnerability in welcome.php in
phpLDAPadmin ...)
+CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in
phpLDAPadmin ...)
[sarge] - phpldapadmin <not-affected> (code not present in sarge)
- phpldapadmin 0.9.6c-7 (bug #325785; medium)
- egroupware <not-affected> (copy included is older and not vulnerable;
bug #339583)
@@ -19257,11 +19477,11 @@
NOT-FOR-US: Logsurfer
CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name
requests to ...)
NOT-FOR-US: CommonName Toolbar
-CVE-2002-1887 (PHP remote code injection vulnerability in customize.php for
...)
+CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for
...)
NOT-FOR-US: phpMyNewsletter
CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root
with ...)
NOT-FOR-US: TightAuction
-CVE-2002-1885 (PHP remote code injection vulnerability in showhits.php3 for
...)
+CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for
...)
NOT-FOR-US: PPhlogger
CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in
as an ...)
NOT-FOR-US: Py-Membres
@@ -19275,7 +19495,7 @@
NOT-FOR-US: LokwaBB
CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote
attackers ...)
NOT-FOR-US: LokwaBB
-CVE-2002-1878 (PHP remote code injection vulnerability in w-Agora 4.1.3 allows
remote ...)
+CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows
remote ...)
NOT-FOR-US: w-Agora
CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access
restrictions ...)
NOT-FOR-US: Netgear hardware
@@ -19591,7 +19811,7 @@
NOT-FOR-US: McGallery
CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to
...)
NOT-FOR-US: McGallery
-CVE-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix
Site ...)
+CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix
Site ...)
NOT-FOR-US: Bitrix Site Manager
CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain
sensitive ...)
NOT-FOR-US: Bitrix Site Manager
@@ -19950,9 +20170,9 @@
NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal
allows ...)
NOT-FOR-US: e107
-CVE-2005-1965 (PHP remote code injection vulnerability in siteframe.php for
Broadpool ...)
+CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for
Broadpool ...)
NOT-FOR-US: Broadpool Siteframe
-CVE-2005-1964 (PHP remote code injection vulnerability in utilit.php for
Ovidentia ...)
+CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for
Ovidentia ...)
NOT-FOR-US: Ovidentia Portal
CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain
sensitive ...)
NOT-FOR-US: Cerberus Helpdesk
@@ -20135,7 +20355,7 @@
NOT-FOR-US: YaPiG
CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include
arbitrary ...)
NOT-FOR-US: YaPiG
-CVE-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in
YaPiG ...)
+CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in
YaPiG ...)
NOT-FOR-US: YaPiG
CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly
restrict ...)
NOT-FOR-US: YaPiG
@@ -20159,9 +20379,9 @@
NOT-FOR-US: WebSphere
CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0
through ...)
- drupal 4.5.3-1
-CVE-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php
in ...)
+CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php
in ...)
NOT-FOR-US: Popper
-CVE-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in
MWChat ...)
+CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in
MWChat ...)
NOT-FOR-US: MWChat
CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote
attackers to ...)
NOT-FOR-US: I-Man
@@ -20171,7 +20391,7 @@
NOT-FOR-US: Calendarix
CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced
1.5 ...)
NOT-FOR-US: Calendarix
-CVE-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in
...)
+CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in
...)
NOT-FOR-US: Calendarix
CVE-2003-1218
RESERVED
@@ -20290,7 +20510,7 @@
NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart
4.0.8 allow ...)
NOT-FOR-US: Qualiteam X-Cart
-CVE-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php
in ...)
+CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php
in ...)
NOT-FOR-US: PowerDownload
CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote
...)
NOT-FOR-US: Zeroboard
@@ -21123,7 +21343,7 @@
CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and
earlier, ...)
{DSA-892-1}
- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
-CVE-2005-1526 (PHP file inclusion vulnerability in config_settings.php in
Cacti ...)
+CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php
in ...)
{DSA-764-1}
- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti
before ...)
@@ -21297,7 +21517,7 @@
- firebird2 1.5.3.4870-3 (bug #357580)
CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow
remote ...)
NOT-FOR-US: no_package
-CVE-2004-2041 (PHP remote code injection vulnerability in
secure_img_render.php in ...)
+CVE-2004-2041 (PHP remote file inclusion vulnerability in
secure_img_render.php in ...)
NOT-FOR-US: no_package
CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107
0.615 ...)
NOT-FOR-US: no_package
@@ -21343,7 +21563,7 @@
NOT-FOR-US: php-nuke
CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote
...)
NOT-FOR-US: php-nuke
-CVE-2004-2018 (PHP remote code injection vulnerability in index.php in
Php-Nuke 6.x ...)
+CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in
Php-Nuke 6.x ...)
NOT-FOR-US: php-nuke
CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo
Traffic ...)
NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
@@ -21359,7 +21579,7 @@
NOT-FOR-US: NetBSD
CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote
attackers to ...)
NOT-FOR-US: MSIE
-CVE-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop
0.7.1 ...)
+CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop
0.7.1 ...)
NOT-FOR-US: phpShop
CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the
full ...)
NOT-FOR-US: NukeJokes
@@ -21401,9 +21621,9 @@
NOT-FOR-US: aweb
CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain
sensitive ...)
NOT-FOR-US: aweb
-CVE-2004-1989 (PHP remote code injection vulnerability in theme.php in
Coppermine ...)
+CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in
Coppermine ...)
NOT-FOR-US: Coppermine
-CVE-2004-1988 (PHP remote code injection vulnerability in init.inc.php in
Coppermine ...)
+CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in
Coppermine ...)
NOT-FOR-US: Coppermine
CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and
1.2.0 RC4 ...)
NOT-FOR-US: Coppermine
@@ -21493,7 +21713,7 @@
NOT-FOR-US: Kinesphere eXchange POP3
CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to
cause a ...)
NOT-FOR-US: Eudora
-CVE-2004-1943 (PHP remote code injection vulnerability in album_portal.php in
phpBB ...)
+CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in
phpBB ...)
NOT-FOR-US: phpbb as modified by przemo
CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and
114342-02 ...)
NOT-FOR-US: Solaris
@@ -21511,7 +21731,7 @@
NOT-FOR-US: ZoneAlarm
CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline
allows ...)
NOT-FOR-US: SCT Campus Pipeline
-CVE-2004-1934 (PHP remote code injection vulnerability in affich.php in
Gemitel 3.50 ...)
+CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in
Gemitel 3.50 ...)
NOT-FOR-US: Gemitel
CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory
and files ...)
NOT-FOR-US: Citadel
@@ -21737,7 +21957,7 @@
NOT-FOR-US: no_package
CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5
through ...)
NOT-FOR-US: no_package
-CVE-2004-1820 (PHP remote code injection vulnerability in displaycategory.php
in ...)
+CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php
in ...)
NOT-FOR-US: no_package
CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote
attackers to ...)
NOT-FOR-US: no_package
@@ -21785,7 +22005,7 @@
NOT-FOR-US: no_package
CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for
FreznoShop ...)
NOT-FOR-US: no_package
-CVE-2004-1796 (PHP remote code injection vulnerability in HotNews 0.7.2 and
earlier ...)
+CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and
earlier ...)
NOT-FOR-US: no_package
CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the
underlying ...)
NOT-FOR-US: no_package
@@ -21865,7 +22085,7 @@
NOT-FOR-US: Advanced Poll
CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows
remote ...)
NOT-FOR-US: Advanced Poll
-CVE-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced
Poll ...)
+CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced
Poll ...)
NOT-FOR-US: Advanced Poll
CVE-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to
execute ...)
NOT-FOR-US: Advanced Poll
@@ -21925,7 +22145,7 @@
NOT-FOR-US: Novell portmapper
CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton
Internet ...)
NOT-FOR-US: Symantec Norton Internet Security
-CVE-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php
and (2) ...)
+CVE-2003-1148 (PHP remote file inclusion vulnerability in (1) config.inc.php
and (2) ...)
NOT-FOR-US: Les Visiteurs
CVE-2003-1147
REJECTED
@@ -22075,7 +22295,7 @@
- serendipity 1.0-1
CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin
for ...)
- serendipity 1.0-1
-CVE-2005-1447 (PHP remote code injection vulnerability in main.php in
SitePanel 2.6.1 ...)
+CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in
SitePanel 2.6.1 ...)
NOT-FOR-US: SitePanel
CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote
attackers to ...)
NOT-FOR-US: SitePanel
@@ -22093,7 +22313,7 @@
NOT-FOR-US: ViArt Shop
CVE-2005-1439 (Directory traversal vulnerability in attachments.php in
osTicket ...)
NOT-FOR-US: osTicket
-CVE-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket
allows ...)
+CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket
allows ...)
NOT-FOR-US: osTicket
CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote
...)
NOT-FOR-US: osTicket
@@ -22221,7 +22441,7 @@
- lam <not-affected> (Mandrake specific packaging flaw)
CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes
module ...)
NOT-FOR-US: phpbb mod
-CVE-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline
1.5.3 ...)
+CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline
1.5.3 ...)
NOT-FOR-US: Claroline
CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1)
document.php or ...)
NOT-FOR-US: Claroline
@@ -22263,7 +22483,7 @@
NOT-FOR-US: MetaCart
CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0
allow ...)
NOT-FOR-US: MetaCart
-CVE-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS
1.1 ...)
+CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS
1.1 ...)
NOT-FOR-US: GrayCMS
CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script
allows ...)
NOT-FOR-US: text.cgi
@@ -22364,7 +22584,7 @@
- kronolith 1.1.4-1
CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module
before ...)
- sork-passwd 2.2.2-1
-CVE-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before
2.3.2 ...)
+CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before
2.3.2 ...)
NOT-FOR-US: Yappa-NG
CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before
2.3.2 ...)
NOT-FOR-US: Yappa-NG
@@ -22619,7 +22839,7 @@
- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin
board ...)
NOT-FOR-US: AZbb
-CVE-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ
...)
+CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ
...)
NOT-FOR-US: AZbb
CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads
allows ...)
NOT-FOR-US: UBB.threads
@@ -22659,7 +22879,7 @@
NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the
SSH2 protocol
CVE-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers
to ...)
NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the
SSH2 protocol
-CVE-2001-1468 (PHP remote code injection vulnerability in checklogin.php in
...)
+CVE-2001-1468 (PHP remote file inclusion vulnerability in checklogin.php in
...)
NOT-FOR-US: phpSecurePages
CVE-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through
7.0, ...)
- expect <not-affected> (in expect 5.42.1, mkpasswd does not seed by
pid)
@@ -22947,7 +23167,7 @@
NOTE: That's a policy violation, but not a security problem
CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll
in the ...)
NOT-FOR-US: RSA authentication agent
-CVE-2005-1117 (PHP remote code injection vulnerability in index.php in ...)
+CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in ...)
NOT-FOR-US: All4WWW Homepage creator
CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module
for ...)
NOT-FOR-US: phpbb2 calendar addon
@@ -23083,7 +23303,7 @@
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the
web ...)
NOT-FOR-US: TowerBlog
-CVE-2005-1054 (PHP remote code injection vulnerability in news.php in
ModernBill ...)
+CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in
ModernBill ...)
NOT-FOR-US: ModernBill
CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in
orderwiz.php in ...)
NOT-FOR-US: ModernBill
@@ -23253,7 +23473,7 @@
NOT-FOR-US: Yet Another Forum.net
CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft EPay ...)
NOT-FOR-US: Alstrasoft EPay
-CVE-2005-0980 (PHP remote code injection vulnerability in index.php in
AlstraSoft ...)
+CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in
AlstraSoft ...)
NOT-FOR-US: Alstrasoft EPay
CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote
...)
NOT-FOR-US: Rumba
@@ -23366,7 +23586,7 @@
NOT-FOR-US: phpCOIN
CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and
earlier ...)
NOT-FOR-US: phpCOIN
-CVE-2005-0931 (PHP remote code injection vulnerability in The Includer 1.0 and
1.1 ...)
+CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and
1.1 ...)
NOT-FOR-US: The Includer
CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in
Chatness ...)
NOT-FOR-US: Chatness
@@ -23395,7 +23615,7 @@
NOT-FOR-US: Adventia E-Data
CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and
earlier, ...)
NOT-FOR-US: Adobe SVG Viewer
-CVE-2005-0917 (PHP remote code injection vulnerability in index_header.php for
...)
+CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for
...)
NOT-FOR-US: EncapsBB
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64
architectures with ...)
- kernel-source-2.6.8 2.6.8-16
@@ -23414,7 +23634,7 @@
NOT-FOR-US: exoops
CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops
allow ...)
NOT-FOR-US: exoops
-CVE-2005-0909 (PHP remote code injection vulnerability in shoutact.php for
TKai's ...)
+CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for
TKai's ...)
NOT-FOR-US: THai's Shoutbox
CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in
Valdersoft ...)
NOT-FOR-US: Valdersoft Shopping Cart
@@ -23438,7 +23658,7 @@
NOT-FOR-US: AS/400 running OS400
CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in
...)
NOT-FOR-US: E-Store Kit-2 PayPal Edition
-CVE-2005-0897 (PHP remote code injection vulnerability in catalog.php in
E-Store ...)
+CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in
E-Store ...)
NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in
review.php in ...)
NOT-FOR-US: phpMyDirectory
@@ -23606,13 +23826,13 @@
NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago
CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x
allows ...)
NOT-FOR-US: PHPOpenChat
-CVE-2005-0862 (Multiple PHP remote code injection vulnerabilities in
PHPOpenChat ...)
+CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in
PHPOpenChat ...)
NOT-FOR-US: PHPOpenChat
CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow
...)
NOT-FOR-US: Delegate
-CVE-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0
allows ...)
+CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0
allows ...)
NOT-FOR-US: TRG News Script
-CVE-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b
allows ...)
+CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b
allows ...)
NOT-FOR-US: CzarNews
CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and
earlier ...)
NOT-FOR-US: CoolForum
@@ -23797,7 +24017,7 @@
NOT-FOR-US: ACS Blog
CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The
Includer ...)
NOT-FOR-US: The Includer
-CVE-2005-0800 (PHP remote code injection vulnerability in install.php in
mcNews 1.3 ...)
+CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in
mcNews 1.3 ...)
NOT-FOR-US: mcNews
CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote
attackers ...)
NOT-FOR-US: MySQL on Windows
@@ -23811,7 +24031,7 @@
NOT-FOR-US: Hola CMS
CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect
installation ...)
NOT-FOR-US: ZPanel
-CVE-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel
allows ...)
+CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel
allows ...)
NOT-FOR-US: ZPanel
CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote
attackers to ...)
NOT-FOR-US: ZPanel
@@ -23914,7 +24134,7 @@
[sarge] - kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 2.4.27-10
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
-CVE-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
+CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in ...)
NOT-FOR-US: ActiveCampaign KnowledgeBuilder
CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the
Adobe ...)
NOT-FOR-US: Adobe PhotoDeluxe
@@ -23947,7 +24167,7 @@
- wine 0.0.20050310-1.1
CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote
...)
- openslp 1.0.11a-2
-CVE-2005-0748 (PHP remote code injection vulnerability in initdb.php for
WEBInsta ...)
+CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for
WEBInsta ...)
NOT-FOR-US: WEBInsta
CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain
sensitive ...)
NOT-FOR-US: ApplyYourself
@@ -24004,9 +24224,9 @@
NOT-FOR-US: paFileDB
CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for
the ...)
NOT-FOR-US: eXPerience2
-CVE-2005-0721 (PHP remote code injection vulnerability in modules.php in
eXPerience2 ...)
+CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in
eXPerience2 ...)
NOT-FOR-US: eXPerience2
-CVE-2005-0720 (PHP remote code injection vulnerability in header.php in PHP
mcNews ...)
+CVE-2005-0720 (PHP remote file inclusion vulnerability in header.php in PHP
mcNews ...)
NOT-FOR-US: mcNews
CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64
Unix ...)
NOT-FOR-US: Tru64
@@ -24194,7 +24414,7 @@
NOT-FOR-US: Aztek
CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in
the ...)
- ethereal 0.10.9-2
-CVE-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and
earlier ...)
+CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and
earlier ...)
NOT-FOR-US: PHPWebLog
CVE-2005-0697 (SQL injection vulnerability in the process_picture function ...)
NOT-FOR-US: CopperExport
@@ -24208,7 +24428,7 @@
NOT-FOR-US: JoWood Chaser (for Windows)
CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for
...)
NOT-FOR-US: PHP-Fusion
-CVE-2005-0691 (PHP remote code injection vulnerability in article mode for ...)
+CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for ...)
NOT-FOR-US: SocialMPN
CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the
control ...)
NOT-FOR-US: Gene6 FTP Server for Win
@@ -24230,11 +24450,11 @@
- drupal 4.5.2
CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: Nokia
-CVE-2005-0680 (PHP remote code injection vulnerability in ...)
+CVE-2005-0680 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Download Center Lite
-CVE-2005-0679 (PHP remote code injection vulnerability in
tell_a_friend.inc.php for ...)
+CVE-2005-0679 (PHP remote file inclusion vulnerability in
tell_a_friend.inc.php for ...)
NOT-FOR-US: Tell A Friend Script
-CVE-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for
Form ...)
+CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for
Form ...)
NOT-FOR-US: Form Mail Script
CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform
certain ...)
NOT-FOR-US: Zorum
@@ -24490,7 +24710,7 @@
NOT-FOR-US: PunBB
CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to
cause a ...)
NOT-FOR-US: Soldier of Fortune II
-CVE-2005-0567 (Multiple PHP remote code injection vulnerabilities in
phpMyAdmin 2.6.1 ...)
+CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in
phpMyAdmin 2.6.1 ...)
- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote
attackers ...)
NOT-FOR-US: Golden FTP Server
@@ -24568,7 +24788,7 @@
- cacti 0.8.5a-5
CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list
option in ...)
- sympa 4.1.5-4 (bug #298105; low)
-CVE-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a
allows ...)
+CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a
allows ...)
- mantis 0.19.2-1
CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other
versions ...)
NOT-FOR-US: MyDMS
@@ -24719,13 +24939,13 @@
NOT-FOR-US: My Firewall Plus
CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek
before ...)
NOT-FOR-US: Verity Ultraseek
-CVE-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php
in the ...)
+CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php
in the ...)
NOT-FOR-US: pMachine
-CVE-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo
4.5.2 ...)
+CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo
4.5.2 ...)
NOT-FOR-US: Mambo
CVE-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin
3.0.6 ...)
NOT-FOR-US: vBulletin
-CVE-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in
pMachine ...)
+CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in
pMachine ...)
NOT-FOR-US: pMachine
CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to
cause ...)
NOT-FOR-US: fallback-reboot
@@ -24794,7 +25014,7 @@
NOT-FOR-US: EmuLive Server4
CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four
default ...)
NOT-FOR-US: Symantec
-CVE-2004-1693 (PHP remote code injection vulnerability in Function.php in
Mambo 4.5 ...)
+CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in
Mambo 4.5 ...)
NOT-FOR-US: Mambo
CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo
4.5 ...)
NOT-FOR-US: Mambo
@@ -24860,7 +25080,7 @@
NOT-FOR-US: YaBB
CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
NOT-FOR-US: MailWorks
-CVE-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and
earlier ...)
+CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and
earlier ...)
NOT-FOR-US: CuteNews
CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in
CuteNews ...)
NOT-FOR-US: CuteNews
@@ -25022,7 +25242,7 @@
NOT-FOR-US: FuseTalk
CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: SCT email client
-CVE-2004-1592 (PHP remote code injection vulnerability in index.php in
ocPortal 1.0.3 ...)
+CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in
ocPortal 1.0.3 ...)
NOT-FOR-US: ocPortal
CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router
SP916BM ...)
NOT-FOR-US: Micronet Wireless Router
@@ -25042,7 +25262,7 @@
- wordpress 1.2.1-1.1
CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm
1.3 ...)
NOT-FOR-US: FTP server in TriDComm
-CVE-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1
allows ...)
+CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1
allows ...)
NOT-FOR-US: BlackBoard
CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
NOT-FOR-US: BlackBoard
@@ -25101,7 +25321,7 @@
NOT-FOR-US: MyWebServer
CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant
ASP ...)
NOT-FOR-US: BroadBoard Instant ASP Message Board
-CVE-2004-1554 (PHP remote code injection vulnerability in livre_include.php in
@lex ...)
+CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in
@lex ...)
NOT-FOR-US: @lex GuestBook
CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote
attackers to ...)
NOT-FOR-US: aspWebAlbum
@@ -25196,7 +25416,7 @@
NOT-FOR-US: PHPKIT
CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade
module for ...)
NOT-FOR-US: Invision Power Board
-CVE-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for
the Cash ...)
+CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for
the Cash ...)
NOT-FOR-US: Cash Mod module of phpbb2
CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking
enabled, ...)
NOT-FOR-US: ZoneAlarm
@@ -25489,7 +25709,7 @@
NOT-FOR-US: Breed game
CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT
1.0 ...)
NOT-FOR-US: forumKIT
-CVE-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...)
+CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
NOT-FOR-US: ZeroBoard
CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard
4.1pl5 and ...)
NOT-FOR-US: ZeroBoard
@@ -25498,7 +25718,7 @@
TODO: check horde3
CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01
allows ...)
NOT-FOR-US: sgallery
-CVE-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows
local ...)
+CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows
local ...)
NOT-FOR-US: sgallery
CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to
obtain ...)
NOT-FOR-US: sgallery
@@ -25692,7 +25912,7 @@
NOT-FOR-US: ArGoSoft
CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the
user ...)
NOT-FOR-US: ArGoSoft
-CVE-2004-1427 (PHP remote code injection vulnerability in main.inc in
KorWeblog ...)
+CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in
KorWeblog ...)
NOT-FOR-US: KorWeblog
CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog
1.6.2-cvs ...)
NOT-FOR-US: KorWeblog
@@ -25700,15 +25920,15 @@
- moodle 1.4.3-1
CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and
earlier ...)
- moodle 1.4.3-1
-CVE-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1)
calendar.php ...)
+CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in (1)
calendar.php ...)
NOT-FOR-US: PHP-Calendar
CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to
gain ...)
NOT-FOR-US: WHM AutoPilot
-CVE-2004-1421 (Multiple PHP remote code injection vulnerabilities (1)
step_one.php, ...)
+CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1)
step_one.php, ...)
NOT-FOR-US: WHM AutoPilot
CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in
header.php in ...)
NOT-FOR-US: WHM AutoPilot
-CVE-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and
...)
+CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and
...)
NOT-FOR-US: ZeroBoard
CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and
...)
NOT-FOR-US: WPKontakt
@@ -25740,7 +25960,7 @@
- mediawiki 1.4.9 (bug #276057)
CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache
...)
NOT-FOR-US: Attachment Mod for phpBB
-CVE-2004-1403 (PHP remote code injection vulnerability in index.php in
GNUBoard 3.39 ...)
+CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in
GNUBoard 3.39 ...)
NOT-FOR-US: GNUBoard
CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote
attackers to ...)
NOT-FOR-US: iWebNegar
@@ -26310,7 +26530,7 @@
RESERVED
CVE-2005-0153
RESERVED
-CVE-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6
allows ...)
+CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6
allows ...)
{DSA-662-1}
- squirrelmail 1:1.2.7-1
NOTE: This bug exists only in version 1.2.6.
@@ -26438,7 +26658,7 @@
CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
{DSA-662-1}
- squirrelmail 2:1.4.4
-CVE-2005-0103 (PHP remote code injection vulnerability in webmail.php in
SquirrelMail ...)
+CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in
SquirrelMail ...)
- squirrelmail 2:1.4.4-1
CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and
earlier ...)
{DSA-673-1}
@@ -27366,7 +27586,7 @@
CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3)
...)
{DSA-608-1}
- zgv 5.7-1.3 (bug #284124)
-CVE-2004-1094 (Buffer overflow in a third-party compression library,
InnerMedia ...)
+CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version
...)
NOT-FOR-US: RealPlayer
CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
{DSA-639-1}
@@ -28602,7 +28822,7 @@
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote
...)
NOT-FOR-US: Infinity WEB
-CVE-2004-0624 (PHP remote code injection vulnerability in index.php for
Artmedic ...)
+CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for
Artmedic ...)
NOT-FOR-US: Artmedic links
CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may
allow ...)
{DSA-590-1}
@@ -29379,7 +29599,7 @@
NOT-FOR-US: Xlight FTP server 1.52;
CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote
...)
NOT-FOR-US: RobotFTP;
-CVE-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors,
(2) ...)
+CVE-2004-0285 (PHP remote file inclusion vulnerabilities in (1) AllMyVisitors,
(2) ...)
NOT-FOR-US: PHP scripts
CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003
allow ...)
NOT-FOR-US: MSIE bugs
@@ -29666,7 +29886,7 @@
CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak
in ...)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into
archive; 2.4.26-rc2)
TODO: Check 2.6
-CVE-2004-0132 (Multiple PHP remote code injection vulnerabilities in
ezContents 2.0.2 ...)
+CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in
ezContents 2.0.2 ...)
NOT-FOR-US: ezContents
CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote
attackers to ...)
NOT-FOR-US: phpGedView
@@ -29754,7 +29974,7 @@
REJECTED
CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to
gain ...)
- xsok <not-affected> (Not vulnerable. See bug #278777)
-CVE-2004-0073 (PHP remote code injection vulnerability in (1) config.php and
(2) ...)
+CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and
(2) ...)
NOT-FOR-US: EasyDynamicPages
CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server
6.0 ...)
NOT-FOR-US: Accipiter Direct Server 6.0
@@ -29824,7 +30044,7 @@
NOT-FOR-US: FistClass Desktop Client
CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum
3.4.5 ...)
NOT-FOR-US: Phorum
-CVE-2004-0030 (PHP remote code injection vulnerability in (1) functions.php,
(2) ...)
+CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php,
(2) ...)
NOT-FOR-US: PHPGEDVIEW
CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini
configuration ...)
NOT-FOR-US: Lotus Notes Domino
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
