[Secure-testing-commits] r3790 - data/CVE

Joey Hess joeyh at costa.debian.org
Wed Apr 12 21:14:34 UTC 2006 

Author: joeyh
Date: 2006-04-12 21:14:27 +0000 (Wed, 12 Apr 2006)
New Revision: 3790

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-12 20:10:22 UTC (rev 3789)
+++ data/CVE/list	2006-04-12 21:14:27 UTC (rev 3790)
@@ -1,3 +1,71 @@
+CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in ...)
+	TODO: check
+CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows remote ...)
+	TODO: check
+CVE-2006-1707 (index.php in Shopweezle 2.0 allows remote attackers to include ...)
+	TODO: check
+CVE-2006-1706 (Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote ...)
+	TODO: check
+CVE-2006-1705 (Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" ...)
+	TODO: check
+CVE-2006-1704 (Sire 2.0 nws allows remote attackers to upload arbitrary image files ...)
+	TODO: check
+CVE-2006-1703 (PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws ...)
+	TODO: check
+CVE-2006-1702 (PHP remote file inclusion vulnerability in spip_login.php3 in SPIP ...)
+	TODO: check
+CVE-2006-1701 (Cross-site scripting (XSS) vulnerability in the Pages module in ...)
+	TODO: check
+CVE-2006-1700 (Buy.php in Aweb Scripts Seller uses predictable cookies for ...)
+	TODO: check
+CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner ...)
+	TODO: check
+CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...)
+	TODO: check
+CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...)
+	TODO: check
+CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 ...)
+	TODO: check
+CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...)
+	TODO: check
+CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and ...)
+	TODO: check
+CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before ...)
+	TODO: check
+CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow ...)
+	TODO: check
+CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows remote ...)
+	TODO: check
+CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in ...)
+	TODO: check
+CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using the ...)
+	TODO: check
+CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and ...)
+	TODO: check
+CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 ...)
+	TODO: check
+CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system 4.0 ...)
+	TODO: check
+CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in ...)
+	TODO: check
+CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier ...)
+	TODO: check
+CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook ...)
+	TODO: check
+CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft ...)
+	TODO: check
+CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and ...)
+	TODO: check
+CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote ...)
+	TODO: check
+CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php Jupiter ...)
+	TODO: check
+CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
+	TODO: check
+CVE-2006-1677 (MAXdev MD-Pro 1.0.73 and 1.0.72 allows remote attackers to obtain the ...)
+	TODO: check
+CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics ...)
+	TODO: check
 CVE-2006-XXXX [Insecure temp files in fbgs]
 	- fbi <unfixed> (bug #361370)
 CVE-2006-XXXX [Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service]
@@ -284,8 +352,7 @@
 	NOT-FOR-US: Apple 
 CVE-2006-1551
 	RESERVED
-CVE-2006-1549 [function *() php/apache Crash]
-	RESERVED
+CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
 	- php4 <unfixed> (bug #361854)
 	- php5 <unfixed> (bug #361917)
 CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
@@ -1412,8 +1479,8 @@
 	- curl 7.15.3-1 
 	[woody] - curl <not-affected> (Vulnerable code not present)
 	[sarge] - curl <not-affected> (Vulnerable code not present)
-CVE-2006-1060
-	RESERVED
+CVE-2006-1060 (Heap-based buffer overflow in xzgv allows user-complicit attackers to ...)
+	TODO: check
 CVE-2006-1059 (The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine ...)
 	- samba 3.0.22-1
 	[woody] - samba <not-affected>

More information about the Secure-testing-commits mailing list