Update old phpMyAdmin CVE entries

years: - 2003 (ignored, no CVEs found) - 2004 (4; 1 has patch links) - 2005 (9; 3 had patch links) - 2006 (9; 9 had patch links) - 2007 (8; 8 had patch links) - 2008 (10; 10 had patch links) - 2018 (5; 5 had patch links) - 2019 (5; 5 had patch links) - 2020 (1; 1 has patch links) Fixed links for: http://www.phpmyadmin.net/home_page/security/(.*).php
author: William Desportes <williamdes@wdes.fr> 2020-01-11 20:50:29 +0100
committer: William Desportes <williamdes@wdes.fr> 2020-01-11 23:04:17 +0100
commit: 6e65e65e23ec39e6ac3c264364f4eddb68a46717 (patch)
tree: 85818826f78df2442cab40d7c466c72647fb6de0 /data/CVE/2006.list
parent: 7e55a44ab3f99b4733aea499e520c090e959f511 (diff)
1 files changed, 29 insertions, 1 deletions
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index fc416f094f..5dfaf300b1 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -708,6 +708,8 @@ CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote att
 CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...)
 	{DSA-1370-2 DSA-1370-1}
 	- phpmyadmin 4:2.9.1.1-2 (medium)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-9/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/663eb2b85ed30c1226c5d617bb06c5afe1d3caf5
 CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full s ...)
 	- phpmyadmin 4:2.9.1.1-2 (unimportant)
 	NOTE: Only path disclosure
@@ -715,6 +717,8 @@ CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin
 	{DSA-1370-2 DSA-1370-1}
 	- phpmyadmin 4:2.9.1.1-2 (medium)
 	NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer.
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-7/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/59d245f36ab4e0b8a49c44b1f9045fc9aef939b2
 CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to  ...)
 	NOT-FOR-US: FreeWebshop
 CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...)
@@ -2010,8 +2014,14 @@ CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 a
 	[sarge] - phpmyadmin <not-affected> (doesn't use sessions at all)
 	[etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions)
 	NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-1/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c9d93f63940fe960d3b6341d8bfb7b707c87e744
 CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive infor ...)
-	- phpmyadmin <unfixed> (unimportant)
+	- phpmyadmin 4:2.9.1.1-1 (unimportant)
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/98575f4e563c9323df597e2a9783e637b00b87e9
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/416285c4930ed24504edf58774384db4ffec1f86
+	NOTE: The commits are both the same but they seem to be cherry-picks one of the other at some point
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-8/
 	NOTE: path is known in Debian anyway
 CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...)
 	NOT-FOR-US: JAB Guest Book
@@ -3445,6 +3455,8 @@ CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall
 CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2. ...)
 	- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
 	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-6/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/39893dd0c956de6505d5a4d4590ad3e1f64bdffa
 CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Dat ...)
 	NOT-FOR-US: Zend Google Data Client Library (ZendGData)
 CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allo ...)
@@ -4751,6 +4763,10 @@ CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in php
 	{DSA-1207-1}
 	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low)
 	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-5/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b3906852bbcb5c4e116cc20e214b7f6793ca97aa
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ac2f606a21d474596a4b2cada961385439cbc8f0
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/50319d634c620044a0542495939cd68530f00259
 CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows rem ...)
 	NOT-FOR-US: KGB
 CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP In ...)
@@ -8682,6 +8698,8 @@ CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain se
 CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 al ...)
 	- phpmyadmin 4:2.8.2-0.1 (bug #377748; low)
 	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-4/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6d6f47bdb2c7f5519dcc6497a6ebf9ebc305e6de
 CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News 1 ...)
 	NOT-FOR-US: Fusion News
 CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to obta ...)
@@ -11720,6 +11738,10 @@ CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and
 CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2. ...)
 	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
 	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-2/
+	NOTE: The first linked commit is the official one for linked in PMASA
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79f778db99ac05e2028166d5a61ed25591e348c3
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fad722d2f488375f9cc94c0c75326e661c280ecc
 CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...)
 	NOT-FOR-US: Allied Telesyn
 CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9. ...)
@@ -12266,6 +12288,10 @@ CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allow
 CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows  ...)
 	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
 	[sarge] - phpmyadmin <not-affected>
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-3/
+	NOTE: The first linked commit is the official commit from PMASA
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fde2f613ad402e442a3b54d628ad85444faaeabe
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bf717892f9207c6161dc7800eb63e940478ec47
 CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7. ...)
 	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
 	[sarge] - phpmyadmin <not-affected> (CSRF code not present in Sarge, too intrusive to backport)
@@ -12646,6 +12672,8 @@ CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in
 CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
 	{DSA-1207-1}
 	- phpmyadmin 4:2.8.0.3-1 (bug #362567)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-1/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0933619b6b2534b221817ea3f631cb984c258d6b
 CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.0 ...)
 	NOT-FOR-US: MAXdev MD-Pro
 CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics modu ...)
author	William Desportes <williamdes@wdes.fr>	2020-01-11 20:50:29 +0100
committer	William Desportes <williamdes@wdes.fr>	2020-01-11 23:04:17 +0100
commit	6e65e65e23ec39e6ac3c264364f4eddb68a46717 (patch)
tree	85818826f78df2442cab40d7c466c72647fb6de0 /data/CVE/2006.list
parent	7e55a44ab3f99b4733aea499e520c090e959f511 (diff)