diff options
author | William Desportes <williamdes@wdes.fr> | 2020-01-11 20:50:29 +0100 |
---|---|---|
committer | William Desportes <williamdes@wdes.fr> | 2020-01-11 23:04:17 +0100 |
commit | 6e65e65e23ec39e6ac3c264364f4eddb68a46717 (patch) | |
tree | 85818826f78df2442cab40d7c466c72647fb6de0 /data/CVE/2006.list | |
parent | 7e55a44ab3f99b4733aea499e520c090e959f511 (diff) |
Update old phpMyAdmin CVE entries
years:
- 2003 (ignored, no CVEs found)
- 2004 (4; 1 has patch links)
- 2005 (9; 3 had patch links)
- 2006 (9; 9 had patch links)
- 2007 (8; 8 had patch links)
- 2008 (10; 10 had patch links)
- 2018 (5; 5 had patch links)
- 2019 (5; 5 had patch links)
- 2020 (1; 1 has patch links)
Fixed links for: http://www.phpmyadmin.net/home_page/security/(.*).php
Diffstat (limited to 'data/CVE/2006.list')
-rw-r--r-- | data/CVE/2006.list | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/data/CVE/2006.list b/data/CVE/2006.list index fc416f094f..5dfaf300b1 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -708,6 +708,8 @@ CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote att CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.9.1.1-2 (medium) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-9/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/663eb2b85ed30c1226c5d617bb06c5afe1d3caf5 CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full s ...) - phpmyadmin 4:2.9.1.1-2 (unimportant) NOTE: Only path disclosure @@ -715,6 +717,8 @@ CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.9.1.1-2 (medium) NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer. + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-7/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/59d245f36ab4e0b8a49c44b1f9045fc9aef939b2 CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...) NOT-FOR-US: FreeWebshop CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...) @@ -2010,8 +2014,14 @@ CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 a [sarge] - phpmyadmin <not-affected> (doesn't use sessions at all) [etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions) NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+ + NOTE: https://www.phpmyadmin.net/security/PMASA-2007-1/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c9d93f63940fe960d3b6341d8bfb7b707c87e744 CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive infor ...) - - phpmyadmin <unfixed> (unimportant) + - phpmyadmin 4:2.9.1.1-1 (unimportant) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/98575f4e563c9323df597e2a9783e637b00b87e9 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/416285c4930ed24504edf58774384db4ffec1f86 + NOTE: The commits are both the same but they seem to be cherry-picks one of the other at some point + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-8/ NOTE: path is known in Debian anyway CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...) NOT-FOR-US: JAB Guest Book @@ -3445,6 +3455,8 @@ CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2. ...) - phpmyadmin 4:2.9.0.3-1 (low; bug #396638) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-6/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/39893dd0c956de6505d5a4d4590ad3e1f64bdffa CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Dat ...) NOT-FOR-US: Zend Google Data Client Library (ZendGData) CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allo ...) @@ -4751,6 +4763,10 @@ CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in php {DSA-1207-1} - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-5/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b3906852bbcb5c4e116cc20e214b7f6793ca97aa + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ac2f606a21d474596a4b2cada961385439cbc8f0 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/50319d634c620044a0542495939cd68530f00259 CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows rem ...) NOT-FOR-US: KGB CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP In ...) @@ -8682,6 +8698,8 @@ CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain se CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 al ...) - phpmyadmin 4:2.8.2-0.1 (bug #377748; low) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-4/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6d6f47bdb2c7f5519dcc6497a6ebf9ebc305e6de CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News 1 ...) NOT-FOR-US: Fusion News CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to obta ...) @@ -11720,6 +11738,10 @@ CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2. ...) - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-2/ + NOTE: The first linked commit is the official one for linked in PMASA + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79f778db99ac05e2028166d5a61ed25591e348c3 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fad722d2f488375f9cc94c0c75326e661c280ecc CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...) NOT-FOR-US: Allied Telesyn CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9. ...) @@ -12266,6 +12288,10 @@ CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allow CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows ...) - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin <not-affected> + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-3/ + NOTE: The first linked commit is the official commit from PMASA + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fde2f613ad402e442a3b54d628ad85444faaeabe + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bf717892f9207c6161dc7800eb63e940478ec47 CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7. ...) - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin <not-affected> (CSRF code not present in Sarge, too intrusive to backport) @@ -12646,6 +12672,8 @@ CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1207-1} - phpmyadmin 4:2.8.0.3-1 (bug #362567) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-1/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0933619b6b2534b221817ea3f631cb984c258d6b CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.0 ...) NOT-FOR-US: MAXdev MD-Pro CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics modu ...) |