[Secure-testing-commits] r3838 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Apr 20 21:14:32 UTC 2006
Author: joeyh
Date: 2006-04-20 21:14:24 +0000 (Thu, 20 Apr 2006)
New Revision: 3838
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-04-20 21:10:32 UTC (rev 3837)
+++ data/CVE/list 2006-04-20 21:14:24 UTC (rev 3838)
@@ -1,3 +1,165 @@
+CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in phpLister ...)
+ TODO: check
+CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
+ TODO: check
+CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis ...)
+ TODO: check
+CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
+ TODO: check
+CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 ...)
+ TODO: check
+CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause a ...)
+ TODO: check
+CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya ...)
+ TODO: check
+CVE-2006-1899 (Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog ...)
+ TODO: check
+CVE-2006-1898 (Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper ...)
+ TODO: check
+CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script ...)
+ TODO: check
+CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated users ...)
+ TODO: check
+CVE-2006-1895 (Direct static code injection vulnerability in includes/template.php in ...)
+ TODO: check
+CVE-2006-1894 (Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived ...)
+ TODO: check
+CVE-2006-1893 (Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 ...)
+ TODO: check
+CVE-2006-1892 (avast! 4 Linux Home Edition 1.0.5 allows local users to modify ...)
+ TODO: check
+CVE-2006-1891 (Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard ...)
+ TODO: check
+CVE-2006-1890 (Multiple PHP remote file inclusion vulnerabilities in myWebland ...)
+ TODO: check
+CVE-2006-1889 (Cross-site scripting (XSS) vulnerability in the search action handler ...)
+ TODO: check
+CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security ...)
+ TODO: check
+CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
+ TODO: check
+CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework ...)
+ TODO: check
+CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management System ...)
+ TODO: check
+CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object Library ...)
+ TODO: check
+CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
+ TODO: check
+CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific component ...)
+ TODO: check
+CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
+ TODO: check
+CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server component in ...)
+ TODO: check
+CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...)
+ TODO: check
+CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
+ TODO: check
+CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and ...)
+ TODO: check
+CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, ...)
+ TODO: check
+CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
+ TODO: check
+CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, ...)
+ TODO: check
+CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and ...)
+ TODO: check
+CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7 and ...)
+ TODO: check
+CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
+ TODO: check
+CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and ...)
+ TODO: check
+CVE-2006-1868 (Unspecified vulnerability in Oracle Database Server 10.1.0.4 has ...)
+ TODO: check
+CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has ...)
+ TODO: check
+CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
+ TODO: check
+CVE-2006-1865
+ RESERVED
+CVE-2006-1864
+ RESERVED
+CVE-2006-1863
+ RESERVED
+CVE-2006-1862
+ RESERVED
+CVE-2006-1861
+ RESERVED
+CVE-2006-1860
+ RESERVED
+CVE-2006-1859
+ RESERVED
+CVE-2006-1858
+ RESERVED
+CVE-2006-1857
+ RESERVED
+CVE-2006-1856
+ RESERVED
+CVE-2006-1855
+ RESERVED
+CVE-2006-1854 (Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager ...)
+ TODO: check
+CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...)
+ TODO: check
+CVE-2006-1852 (SQL injection vulnerability in category.php in Article Publisher Pro ...)
+ TODO: check
+CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine the ...)
+ TODO: check
+CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 ...)
+ TODO: check
+CVE-2006-1849 (Multiple SQL injection vulnerabilities in members_only/index.cgi in ...)
+ TODO: check
+CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php ...)
+ TODO: check
+CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 ...)
+ TODO: check
+CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account module in ...)
+ TODO: check
+CVE-2006-1845 (Buffer overflow in the POP3 server in Kinesphere Corporation EXchange ...)
+ TODO: check
+CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...)
+ TODO: check
+CVE-2006-1843 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...)
+ TODO: check
+CVE-2006-1842 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...)
+ TODO: check
+CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in boastMachine ...)
+ TODO: check
+CVE-2006-1840 (Multiple unspecified vulnerabilities in Empire Server before 4.3.1 ...)
+ TODO: check
+CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album ...)
+ TODO: check
+CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows ...)
+ TODO: check
+CVE-2006-1836 (Untrusted search path vulnerability in unspecified components in ...)
+ TODO: check
+CVE-2006-1835 (Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix ...)
+ TODO: check
+CVE-2006-1834 (Integer signedness error in Opera before 8.54 allows remote attackers ...)
+ TODO: check
+CVE-2006-1833 (Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the ...)
+ TODO: check
+CVE-2006-1832 (sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2006-1831 (Direct static code injection vulnerability in sysinfo.cgi in sysinfo ...)
+ TODO: check
+CVE-2006-1830 (Sun Java Studio Enterprise 8, when installed as root, creates certain ...)
+ TODO: check
+CVE-2006-1829 (EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote ...)
+ TODO: check
+CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4 allows ...)
+ TODO: check
+CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and ...)
+ TODO: check
+CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll ...)
+ TODO: check
CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery ...)
NOT-FOR-US: Snipe Gallery
CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in phpLinks ...)
@@ -154,8 +316,7 @@
NOT-FOR-US: MD News 1
CVE-2006-1754 (SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, ...)
NOT-FOR-US: SWSoft Confixx
-CVE-2006-1753 [fcheck local arbitrary file truncate/create vuln]
- RESERVED
+CVE-2006-1753 (A cron job in fcheck before 2.7.59 allows local users to overwrite ...)
{DSA-1035-1}
- fcheck 2.7.59-8
CVE-2006-1752 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...)
@@ -818,11 +979,9 @@
RESERVED
CVE-2006-1526
RESERVED
-CVE-2006-1525 [ip_route_input panic]
- RESERVED
+CVE-2006-1525 (ip_route_input in Linux kernel before 2.6.16.8 allows local users to ...)
- linux-2.6 2.6.16-9
-CVE-2006-1524 [kernel: tmpfs local data destruction]
- RESERVED
+CVE-2006-1524 (madvise_remove in Linux kernel 2.4.x and 2.6.x before 2.6.16.6 does ...)
- linux-2.6 2.6.16-8
CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling ...)
- linux-2.6 2.6.16-7
@@ -1426,8 +1585,8 @@
NOT-FOR-US: Apple Quicktime
CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and ...)
NOT-FOR-US: HP-UX
-CVE-2006-1247
- RESERVED
+CVE-2006-1247 (Unspecified vulnerability in rm_mlcache_file command in ...)
+ TODO: check
CVE-2006-1246 (Unspecified vulnerability in BOS.RTE.LVM in IBM AIX 5.3 has unknown ...)
NOT-FOR-US: AIX
CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer ...)
@@ -1874,8 +2033,7 @@
- busybox <unfixed> (low; bug #360578)
CVE-2006-1057
RESERVED
-CVE-2006-1056 [x87 information leak between processes]
- RESERVED
+CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running ...)
- linux-2.6 2.6.16-9
CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...)
- linux-2.6 2.6.16-6
@@ -3350,7 +3508,7 @@
NOTE: Intended behaviour according to maintainer
CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 ...)
NOT-FOR-US: HP-UX
-CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL) allows attackers to ...)
+CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in ...)
NOT-FOR-US: Oracle
CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows ...)
NOT-FOR-US: phpXplorer
@@ -4189,7 +4347,7 @@
NOT-FOR-US: PostgreSQL on Windows
CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier ...)
NOT-FOR-US: TinyPHPForum
-CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/anyuser.hash and (2) ...)
+CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and ...)
NOT-FOR-US: TinyPHPForum
CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...)
NOT-FOR-US: TinyPHPForum
More information about the Secure-testing-commits
mailing list