[Secure-testing-commits] r3800 - data/CVE
Joey Hess
joeyh at costa.debian.org
Fri Apr 14 09:14:35 UTC 2006
Author: joeyh
Date: 2006-04-14 09:14:27 +0000 (Fri, 14 Apr 2006)
New Revision: 3800
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-14 08:36:08 UTC (rev 3799)
+++ data/CVE/list 2006-04-14 09:14:27 UTC (rev 3800)
@@ -1,11 +1,191 @@
+CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in ...)
+ TODO: check
+CVE-2006-1788 (Adobe Document Server for Reader Extensions 6.0, during log on, ...)
+ TODO: check
+CVE-2006-1787 (Adobe Document Server for Reader Extensions 6.0 includes a user's ...)
+ TODO: check
+CVE-2006-1786 (Cross-site scripting (XSS) vulnerability in Adobe Document Server for ...)
+ TODO: check
+CVE-2006-1785 (Adobe Document Server for Reader Extensions 6.0 allows remote ...)
+ TODO: check
+CVE-2006-1784 (PHP remote file inclusion vulnerability in admin/configset.php in ...)
+ TODO: check
+CVE-2006-1783 (Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote ...)
+ TODO: check
+CVE-2006-1782 (Unspecified vulnerability in Solaris 8 and 9 allows local users to ...)
+ TODO: check
+CVE-2006-1781 (PHP remote file inclusion vulnerability in functions.php in Circle R ...)
+ TODO: check
+CVE-2006-1780 (The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to ...)
+ TODO: check
+CVE-2006-1779 (Cross-site scripting (XSS) vulnerability in login.php in Jeremy ...)
+ TODO: check
+CVE-2006-1778 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...)
+ TODO: check
+CVE-2006-1777 (Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft ...)
+ TODO: check
+CVE-2006-1776 (PHP remote file inclusion vulnerability in doc/index.php in Jeremy ...)
+ TODO: check
+CVE-2006-1775 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 ...)
+ TODO: check
+CVE-2006-1774 (HP System Management Homepage (SMH) 2.1.3.132, when running on ...)
+ TODO: check
+CVE-2006-1773 (SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 ...)
+ TODO: check
+CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the ...)
+ TODO: check
+CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH ...)
+ TODO: check
+CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan ...)
+ TODO: check
+CVE-2006-1769 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
+ TODO: check
+CVE-2006-1768 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
+ TODO: check
+CVE-2006-1767 (Multiple PHP remote file inclusion vulnerabilities in nicecoder.com ...)
+ TODO: check
+CVE-2006-1766 (Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and ...)
+ TODO: check
+CVE-2006-1765 (Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 ...)
+ TODO: check
+CVE-2006-1764 (Hosting Controller 6.1 stores forum/db/forum.mdb under the web ...)
+ TODO: check
+CVE-2006-1763 (SQL injection vulnerability index.php in blur6ex 0.3.452 allows remote ...)
+ TODO: check
+CVE-2006-1762 (Directory traversal vulnerability in index.php in blur6ex 0.3.452 ...)
+ TODO: check
+CVE-2006-1761 (Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 ...)
+ TODO: check
+CVE-2006-1760 (Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow ...)
+ TODO: check
+CVE-2006-1759 (Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in ...)
+ TODO: check
+CVE-2006-1758 (SQL injection vulnerability in index.php in Vegadns 0.99 allows remote ...)
+ TODO: check
+CVE-2006-1757 (Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 ...)
+ TODO: check
+CVE-2006-1756 (MD News 1 allows remote attackers to bypass authentication via a ...)
+ TODO: check
+CVE-2006-1755 (SQL injection vulnerability in admin.php in MD News 1 allows remote ...)
+ TODO: check
+CVE-2006-1754 (SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, ...)
+ TODO: check
+CVE-2006-1753
+ RESERVED
+CVE-2006-1752 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...)
+ TODO: check
+CVE-2006-1751 (Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow ...)
+ TODO: check
+CVE-2006-1750 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2006-1749 (PHP remote file inclusion vulnerability in config.php in phpListPro ...)
+ TODO: check
+CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows ...)
+ TODO: check
+CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 ...)
+ TODO: check
+CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...)
+ TODO: check
+CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...)
+ TODO: check
+CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow ...)
+ TODO: check
+CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before ...)
+ TODO: check
+CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
+ TODO: check
+CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
+ TODO: check
+CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...)
+ TODO: check
+CVE-2006-1738
+ RESERVED
+CVE-2006-1737
+ RESERVED
+CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
+ TODO: check
+CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
+ TODO: check
+CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
+ TODO: check
+CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
+ TODO: check
+CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
+ TODO: check
+CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
+ TODO: check
+CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
+ TODO: check
+CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...)
+ TODO: check
+CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
+ TODO: check
+CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
+ TODO: check
+CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...)
+ TODO: check
+CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes ...)
+ TODO: check
+CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
+ TODO: check
+CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
+ TODO: check
+CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...)
+ TODO: check
+CVE-2006-1721 (Unspecified vulnerability in the CMU Cyrus Simple Authentication and ...)
+ TODO: check
+CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson ...)
+ TODO: check
+CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information ...)
+ TODO: check
+CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...)
+ TODO: check
+CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
+ TODO: check
+CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl ...)
+ TODO: check
+CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder ...)
+ TODO: check
+CVE-2006-1713 (Cross-site scripting (XSS) vulnerability in index.php in Christoph ...)
+ TODO: check
+CVE-2006-1710 (SQL injection vulnerability in admin.php in Design Nation DNGuestbook ...)
+ TODO: check
+CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in ...)
+ TODO: check
+CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not ...)
+ TODO: check
+CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is ...)
+ TODO: check
+CVE-2005-4781 (Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 ...)
+ TODO: check
+CVE-2005-4780 (** DISPUTED ** ...)
+ TODO: check
+CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with ...)
+ TODO: check
+CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an ...)
+ TODO: check
+CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP ...)
+ TODO: check
+CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...)
+ TODO: check
+CVE-2005-4775 (Michael Scholz and Sebastian Stein Contineo 2.0, when the admin ...)
+ TODO: check
+CVE-2005-4774 (Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote ...)
+ TODO: check
+CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x ...)
+ TODO: check
+CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...)
+ TODO: check
CVE-2006-XXXX [firebird local DoS]
- firebird2 1.5.3.4870-4 (bug #362001)
-CVE-2006-1744 [buffer overflow in sail]
+CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames 2.17-7 allows local ...)
- bsdgames 2.17-7 (bug #360989)
-CVE-2006-1712 [Mailman XSS]
+CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive script ...)
- mailman <unfixed>
[sarge] - mailman <not-affected> (Only affects Mailman 2.17)
-CVE-2006-1711 [plone data manipulation]
+CVE-2006-1711 (Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) ...)
{DSA-1032-1}
- zope-cmfplone 2.1.2-2
CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in ...)
@@ -38,9 +218,7 @@
- gallery 1.5.3-1 (bug #361758)
CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...)
- fbi <unfixed> (bug #361370)
-
begin claimed by stef-guest
-
CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and ...)
TODO: check
CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before ...)
@@ -99,9 +277,7 @@
TODO: check
CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax ...)
TODO: check
-
end claimed by stef-guest
-
CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable ...)
TODO: check
CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal ...)
@@ -192,10 +368,10 @@
TODO: check
CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute ...)
- openvpn 2.0.6-1 (bug #360559; medium)
-CVE-2006-1628
- RESERVED
-CVE-2006-1627
- RESERVED
+CVE-2006-1628 (Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows ...)
+ TODO: check
+CVE-2006-1627 (Adobe Document Server for Reader Extensions 6.0 does not provide ...)
+ TODO: check
CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows remote ...)
TODO: check
CVE-2006-1625 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
@@ -362,8 +538,8 @@
NOT-FOR-US: VSNS Lemon
CVE-2006-1552 (ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to ...)
NOT-FOR-US: Apple
-CVE-2006-1551
- RESERVED
+CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...)
+ TODO: check
CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
- php4 <unfixed> (bug #361854)
- php5 <unfixed> (bug #361917)
@@ -439,12 +615,12 @@
NOT-FOR-US: Sourceworkshop newsletter
CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP ...)
NOT-FOR-US: PHP Classifieds
-CVE-2006-1531
- RESERVED
-CVE-2006-1530
- RESERVED
-CVE-2006-1529
- RESERVED
+CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
+ TODO: check
+CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
+ TODO: check
+CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
+ TODO: check
CVE-2006-1528
RESERVED
CVE-2006-1527
@@ -455,8 +631,8 @@
RESERVED
CVE-2006-1524
RESERVED
-CVE-2006-1523
- RESERVED
+CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling ...)
+ TODO: check
CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 ...)
TODO: check
CVE-2006-1521
@@ -986,7 +1162,7 @@
- libpam-opie <not-affected> (FreeBSD specific vulnerability)
CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard ...)
NOT-FOR-US: MyBB
-CVE-2006-1281 (Cross-site scripting (XSS) in member.php in MyBulletinBoard (MyBB) ...)
+CVE-2006-1281 (Cross-site scripting (XSS) vulnerability in member.php in ...)
NOT-FOR-US: MyBB
CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...)
- libcgi-session-perl 4.07-1 (bug #356555)
@@ -1213,22 +1389,22 @@
NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1193
RESERVED
-CVE-2006-1192
- RESERVED
-CVE-2006-1191
- RESERVED
-CVE-2006-1190
- RESERVED
-CVE-2006-1189
- RESERVED
-CVE-2006-1188
- RESERVED
+CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
+ TODO: check
+CVE-2006-1191 (Microsoft Internet Explorer 5.01 through 6 does not always correctly ...)
+ TODO: check
+CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always return the ...)
+ TODO: check
+CVE-2006-1189 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...)
+ TODO: check
+CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
+ TODO: check
CVE-2006-1187
RESERVED
-CVE-2006-1186
- RESERVED
-CVE-2006-1185
- RESERVED
+CVE-2006-1186 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
+ TODO: check
+CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...)
+ TODO: check
CVE-2006-1184
RESERVED
CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the ...)
@@ -1640,8 +1816,8 @@
RESERVED
CVE-2006-0993
RESERVED
-CVE-2006-0992
- RESERVED
+CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 ...)
+ TODO: check
CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon ...)
NOT-FOR-US: Veritas NetBackup
CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...)
@@ -2158,10 +2334,10 @@
TODO: check
CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers (SSB) ...)
TODO: check
-CVE-2006-0749
- RESERVED
-CVE-2006-0748
- RESERVED
+CVE-2006-0749 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
+ TODO: check
+CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...)
+ TODO: check
CVE-2006-0747
RESERVED
CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
@@ -3225,7 +3401,7 @@
NOT-FOR-US: Etomite CMS
CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...)
NOT-FOR-US: WebspotBlogging
-CVE-2006-0323 (Buffer overflow in multiple RealNetworks products and versions ...)
+CVE-2006-0323 (Buffer overflow in swfformat.dll in multiple RealNetworks products and ...)
NOT-FOR-US: Real Player (initial advisory claimed Helix affected, which is incorrect
CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...)
- mediawiki <unfixed> (low)
@@ -5203,7 +5379,7 @@
NOT-FOR-US: Magic Personal Forum
CVE-2005-4070
REJECTED
-CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0 assigns insecure permissions to the ...)
+CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure ...)
NOT-FOR-US: Sony root kit
CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 ...)
NOT-FOR-US: AIX
@@ -6311,15 +6487,15 @@
RESERVED
CVE-2006-0016
RESERVED
-CVE-2006-0015
- RESERVED
-CVE-2006-0014
- RESERVED
+CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote ...)
+ TODO: check
CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft ...)
NOT-FOR-US: Microsoft
TODO: check
-CVE-2006-0012
- RESERVED
+CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows ...)
+ TODO: check
CVE-2006-0011
RESERVED
CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...)
@@ -6336,8 +6512,8 @@
NOT-FOR-US: Microsoft
CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with ...)
NOT-FOR-US: Microsoft
-CVE-2006-0003
- RESERVED
+CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, which ...)
+ TODO: check
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, ...)
NOT-FOR-US: Microsoft
CVE-2006-0001
@@ -8096,13 +8272,13 @@
CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...)
{DSA-895-1 DTSA-22-1}
- uim 1:0.4.7-2 (bug #331620; medium)
-CVE-2005-3148 (StoreBackup before 1.19 in SUSE Linux does not properly set the uid ...)
+CVE-2005-3148 (StoreBackup before 1.19 does not properly set the uid and guid for ...)
{DSA-1022-1}
- storebackup 1.19-1 (bug #332434)
-CVE-2005-3147 (StoreBackup before 1.19 in SUSE Linux creates the backup root with ...)
+CVE-2005-3147 (StoreBackup before 1.19 creates the backup root with world-readable ...)
{DSA-1022-1}
- storebackup 1.19-1 (bug #332434; medium)
-CVE-2005-3146 (StoreBackup before 1.19 in SUSE Linux allows local users to perform ...)
+CVE-2005-3146 (StoreBackup before 1.19 allows local users to perform unauthorized ...)
{DSA-1022-1}
- storebackup 1.19-2 (bug #332434; medium)
NOTE: The upstream fix only mitigated the issue, but didn't fix it
More information about the Secure-testing-commits
mailing list