Author: stef-guest
Date: 2006-09-21 21:57:25 +0000 (Thu, 21 Sep 2006)
New Revision: 4755
Modified:
data/CVE/list
Log:
some NFUs, one moodle issue already fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-21 21:36:36 UTC (rev 4754)
+++ data/CVE/list 2006-09-21 21:57:25 UTC (rev 4755)
@@ -1,43 +1,43 @@
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in
eSyndiCat ...)
- TODO: check
+ NOT-FOR-US: eSyndiCat Portal System
CVE-2006-4922 (Unrestricted file upload vulnerability in ...)
- TODO: check
+ NOT-FOR-US: [EMAIL PROTECTED]
CVE-2006-4921 (PHP remote file inclusion vulnerability in [EMAIL PROTECTED]
([EMAIL PROTECTED]) 2.4.03 ...)
- TODO: check
+ NOT-FOR-US: [EMAIL PROTECTED]
CVE-2006-4920 (Multiple PHP remote file inclusion vulnerabilities in [EMAIL
PROTECTED] ...)
- TODO: check
+ NOT-FOR-US: [EMAIL PROTECTED]
CVE-2006-4919 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: [EMAIL PROTECTED]
CVE-2006-4918 (Multiple PHP remote file inclusion vulnerabilities in Simple
...)
- TODO: check
+ NOT-FOR-US: Simple Discussion Board
CVE-2006-4917 (Cross-site scripting (XSS) vulnerability in search.php in PT
News ...)
- TODO: check
+ NOT-FOR-US: PT News
CVE-2006-4916 (SQL injection vulnerability in uye_profil.asp in Tekman Portal
(TR) ...)
- TODO: check
+ NOT-FOR-US: Tekman Portal
CVE-2006-4915 (Cross-site scripting (XSS) vulnerability in index.php in
Innovate ...)
- TODO: check
+ NOT-FOR-US: Innovate Portal
CVE-2006-4914 (Directory traversal vulnerability in A.l-Pifou 1.8p2 allows
remote ...)
- TODO: check
+ NOT-FOR-US: A.l-Pifou
CVE-2006-4913 (Directory traversal vulnerability in chat/getStartOptions.php
in ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft E-friends
CVE-2006-4912 (PHP remote file inclusion vulnerability in PHP DocWriter 0.3
and ...)
- TODO: check
+ NOT-FOR-US: PHP DocWriter
CVE-2006-4911 (Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and
5.1 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4910 (The web administration interface (mainApp) to Cisco IDS before
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4909 (Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4908 (OSU 3.11alpha and 3.10a allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: OSU
CVE-2006-4907 (OSU 3.11alpha and 3.10a allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: OSU
CVE-2006-4906 (SQL injection vulnerability in modules/calendar/week.php in ...)
- TODO: check
+ NOT-FOR-US: More.groupware
CVE-2006-4905 (PHP remote file inclusion vulnerability in index.php in
Artmedic Links ...)
- TODO: check
+ NOT-FOR-US: Artmedic Links
CVE-2006-4904 (Dynamic variable evaluation vulnerability in cmpi.php in
Qualiteam ...)
- TODO: check
+ NOT-FOR-US: X-Cart
CVE-2006-4903
RESERVED
CVE-2006-4902
@@ -49,100 +49,100 @@
CVE-2006-4899
RESERVED
CVE-2006-4898 (PHP remote file inclusion vulnerability in
include/phpxd/phpXD.php in ...)
- TODO: check
+ NOT-FOR-US: guanxiCRM
CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the
web ...)
- TODO: check
+ NOT-FOR-US: CMtextS
CVE-2006-4896 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1+,
and ...)
- TODO: check
+ - moodle 1.6.2-1 (bug #387177)
CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in
forms/lostpassword.php in ...)
- TODO: check
+ NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4893 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: phpBB XS
CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ
...)
- TODO: check
+ NOT-FOR-US: Techno Dreams FAQ
CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno
Dreams ...)
- TODO: check
+ NOT-FOR-US: Techno Dreams
CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS
1.5 and ...)
- TODO: check
+ NOT-FOR-US: UNAK-CMS
CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn
...)
- TODO: check
+ NOT-FOR-US: Telekorn SignKorn Guestbook
CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does
not drop ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan
Enterprise ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal
5.599 and ...)
- TODO: check
+ NOT-FOR-US: Shadowed Portal
CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot
...)
- TODO: check
+ NOT-FOR-US: IDevSpot iSupport
CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot
...)
- TODO: check
+ NOT-FOR-US: IDevSpot BizDirectory
CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts
Charon ...)
- TODO: check
+ NOT-FOR-US: Cart 3
CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David
Bennett ...)
- TODO: check
+ NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett
PHP-Post ...)
- TODO: check
+ NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4878 (Directory traversal vulnerability in footer.php in David
Bennett ...)
- TODO: check
+ NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post
(PHPp) 1.0 ...)
- TODO: check
+ NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow
remote ...)
- TODO: check
+ NOT-FOR-US: Jupiter CMS
CVE-2006-4875 (Unrestricted file upload vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Jupiter CMS
CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter
CMS ...)
- TODO: check
+ NOT-FOR-US: Jupiter CMS
CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive
information ...)
- TODO: check
+ NOT-FOR-US: Jupiter CMS
CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka
Keyvan ...)
- TODO: check
+ NOT-FOR-US: ECardPro
CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka
Keyvan ...)
- TODO: check
+ NOT-FOR-US: EShoppingPro
CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating
4.1, ...)
- TODO: check
+ NOT-FOR-US: AEDating
CVE-2006-4869 (PHP remote file inclusion vulnerability in
phpunity-postcard.php in ...)
- TODO: check
+ NOT-FOR-US: phpunity.postcard
CVE-2006-4868 (Stack-based buffer overflow in Microsoft Internet Explorer 6.0
on ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and
earlier ...)
- TODO: check
+ NOT-FOR-US: GNUTurk
CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by
TDIXSupport in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: PhpQuiz
CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All
Enthusiast ...)
- TODO: check
+ NOT-FOR-US: ReviewPost
CVE-2006-4863 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: mcLinksCounter
CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows
remote ...)
- TODO: check
+ NOT-FOR-US: easypage
CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed
Mehdi ...)
- TODO: check
+ NOT-FOR-US: Complain Center
CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) ...)
- TODO: check
+ NOT-FOR-US: Limbo
CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in
the ...)
- TODO: check
+ NOT-FOR-US: Limbo
CVE-2006-4858 (PHP remote file inclusion vulnerability in
install.serverstat.php in ...)
- TODO: check
+ NOT-FOR-US: Serverstat (com_serverstat) component for Mambo
CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page)
in ...)
- TODO: check
+ NOT-FOR-US: ClickBlog
CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller
...)
- TODO: check
+ NOT-FOR-US: WebLogger
CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal
Firewall 2006 ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-4854
REJECTED
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02
through ...)
- TODO: check
+ NOT-FOR-US: Haberx
CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop
3.5 ...)
- TODO: check
+ NOT-FOR-US: QuadComm Q-Shop
CVE-2006-4851 (PHP remote file inclusion vulnerability in ...)
TODO: check
CVE-2006-4850 (PHP remote file inclusion vulnerability in ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
