[Secure-testing-commits] r4628 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Aug 24 21:14:59 UTC 2006
Author: joeyh
Date: 2006-08-24 21:14:51 +0000 (Thu, 24 Aug 2006)
New Revision: 4628
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-08-24 19:17:26 UTC (rev 4627)
+++ data/CVE/list 2006-08-24 21:14:51 UTC (rev 4628)
@@ -1,3 +1,99 @@
+CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising ...)
+ TODO: check
+CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive ...)
+ TODO: check
+CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in ...)
+ TODO: check
+CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, ...)
+ TODO: check
+CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika ...)
+ TODO: check
+CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in ...)
+ TODO: check
+CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity 1.0, ...)
+ TODO: check
+CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in the ...)
+ TODO: check
+CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the Coppermine ...)
+ TODO: check
+CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the OpenSEF ...)
+ TODO: check
+CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows ...)
+ TODO: check
+CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to ...)
+ TODO: check
+CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab ...)
+ TODO: check
+CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root ...)
+ TODO: check
+CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia ...)
+ TODO: check
+CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...)
+ TODO: check
+CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series ...)
+ TODO: check
+CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...)
+ TODO: check
+CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise ...)
+ TODO: check
+CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not ...)
+ TODO: check
+CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
+ TODO: check
+CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...)
+ TODO: check
+CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...)
+ TODO: check
+CVE-2006-4305
+ RESERVED
+CVE-2006-4304 (Buffer overflow in the ppp driver in FreeBSD 4.11 to 6.1 and NetBSD ...)
+ TODO: check
+CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
+ TODO: check
+CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...)
+ TODO: check
+CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...)
+ TODO: check
+CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...)
+ TODO: check
+CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...)
+ TODO: check
+CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce 2.2 ...)
+ TODO: check
+CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ...)
+ TODO: check
+CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...)
+ TODO: check
+CVE-2006-4294
+ RESERVED
+CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
+ TODO: check
+CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...)
+ TODO: check
+CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...)
+ TODO: check
+CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x ...)
+ TODO: check
+CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...)
+ TODO: check
+CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...)
+ TODO: check
+CVE-2006-4286 (PHP remote file inclusion vulnerability in contentpublisher.php in the ...)
+ TODO: check
+CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...)
+ TODO: check
+CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier ...)
+ TODO: check
+CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW ...)
+ TODO: check
+CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...)
+ TODO: check
CVE-2006-XXXX [capi4hylafax arbitrary remote command execution ]
- capi4hylafax 1:01.03.00.99.svn.300-1
CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...)
@@ -38,8 +134,8 @@
TODO: check
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...)
TODO: check
-CVE-2006-4262
- RESERVED
+CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
+ TODO: check
CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...)
TODO: check
CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...)
@@ -880,8 +976,8 @@
RESERVED
CVE-2006-3870
RESERVED
-CVE-2006-3869
- RESERVED
+CVE-2006-3869 (Buffer overflow in Microsoft Internet Explorer 6 SP1 on Windows 2000 ...)
+ TODO: check
CVE-2006-3868
RESERVED
CVE-2006-3867
@@ -1218,8 +1314,8 @@
{DSA-1141-1 DSA-1140-1}
- gnupg 1.4.5-1 (medium)
- gnupg2 1.9.20-2 (medium)
-CVE-2006-3745
- RESERVED
+CVE-2006-3745 (Unspecified vulnerability in the SCTP implementation in Linux 2.6.9, ...)
+ TODO: check
CVE-2006-3744
RESERVED
CVE-2006-3743
@@ -2788,7 +2884,7 @@
- php4 <unfixed> (medium; bug #382259)
CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...)
NOT-FOR-US: WinSCP
-CVE-2006-3014 (Microsoft Excel allows user-complicit attackers to execute arbitrary ...)
+CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ...)
NOT-FOR-US: Microsoft Excel
CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...)
NOT-FOR-US: phpBannerExchange
@@ -2971,8 +3067,8 @@
- linux-2.6.16 2.6.16-17
CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat ...)
[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
-CVE-2006-2932
- RESERVED
+CVE-2006-2932 (Unspecified vulnerability in the restore_all code path of the 4/4GB ...)
+ TODO: check
CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, ...)
NOT-FOR-US: CMS Mundo
CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid ...)
@@ -3041,7 +3137,7 @@
NOT-FOR-US: Partial Links
CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware ...)
NOT-FOR-US: D-Link
-CVE-2006-2900 (Internet Explorer 6 allows user-complicit remote attackers to read ...)
+CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to read ...)
NOT-FOR-US: Microsoft
CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...)
NOT-FOR-US: ESTsoft InternetDISK
@@ -4064,7 +4160,7 @@
RESERVED
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...)
NOT-FOR-US: VMware ESX
-CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit ...)
+CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted ...)
- dia 0.95.0-4 (bug #368202; low)
[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...)
@@ -4255,7 +4351,7 @@
NOT-FOR-US: OZJournals
CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
NOT-FOR-US: Microsoft
-CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-complicit ...)
+CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted ...)
NOT-FOR-US: Microsoft
CVE-2006-2387
RESERVED
@@ -4932,7 +5028,7 @@
NOT-FOR-US: Phex
CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-complicit ...)
+CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted ...)
- libnasl 2.2.8-1 (bug #365898; low)
[sarge] - libnasl <no-dsa> (Hardly exploitable, see #365898)
CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows ...)
@@ -6095,7 +6191,7 @@
- linphone 1.3.5-1 (bug #361913)
CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the ...)
- util-vserver 0.30.210-1 (bug #360438; unimportant)
-CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-complicit ...)
+CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted ...)
{DSA-1074-1}
- mpg123 0.59r-22 (bug #361863; unknown)
CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...)
@@ -6492,7 +6588,7 @@
CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi ...)
{DSA-1043-1}
- abcmidi 20060422-1
-CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-complicit ...)
+CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted ...)
{DSA-1041-1}
- abc2ps <removed> (bug #373685; low)
CVE-2006-1512
@@ -6650,7 +6746,7 @@
NOT-FOR-US: Apple
CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows ...)
NOT-FOR-US: Apple
-CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-complicit ...)
+CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted ...)
NOT-FOR-US: Apple
CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to ...)
NOT-FOR-US: Apple
@@ -6955,13 +7051,13 @@
RESERVED
CVE-2006-1310
RESERVED
-CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-complicit attackers to ...)
+CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
NOT-FOR-US: Microsoft
CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...)
NOT-FOR-US: Microsoft
CVE-2006-1307
RESERVED
-CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-complicit attackers to ...)
+CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
NOT-FOR-US: Microsoft
CVE-2006-1305
RESERVED
@@ -6971,7 +7067,7 @@
NOT-FOR-US: Microsoft
CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
NOT-FOR-US: Microsoft
-CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-complicit attackers to ...)
+CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
NOT-FOR-US: Microsoft
CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, ...)
NOT-FOR-US: Microsoft
@@ -7778,7 +7874,7 @@
RESERVED
CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the ...)
NOT-FOR-US: NOD32
-CVE-2006-0950 (unalz 0.53 allows user-complicit attackers to overwrite arbitrary ...)
+CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary ...)
- unalz 0.55-1 (bug #356832; medium)
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...)
NOT-FOR-US: RaidenHTTPD
@@ -8043,7 +8139,7 @@
NOT-FOR-US: Tivoli
CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...)
NOT-FOR-US: Tivoli
-CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to cause an ...)
+CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an ...)
- thunderbird <unfixed> (bug #370432; low)
[sarge] - mozilla-thunderbird <unfixed> (bug #370432; low)
CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...)
@@ -8090,7 +8186,7 @@
NOT-FOR-US: NetworkActiv Web Server
CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...)
NOT-FOR-US: Lighttpd under windows
-CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-complicit ...)
+CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-assisted ...)
NOT-FOR-US: WinACE
CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server ...)
NOT-FOR-US: WinACE VisNetic AntiVirus
@@ -9118,7 +9214,7 @@
NOT-FOR-US: BEA WebLogic
CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...)
NOT-FOR-US: BEA WebLogic
-CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit ...)
+CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-assisted ...)
{DSA-1012-1}
- unzip 5.52-7 (low; bug #349794)
CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...)
@@ -9387,7 +9483,7 @@
- koffice <unfixed> (medium)
- libextractor 0.5.10-1 (medium)
- pdfkit.framework 0.8-4 (medium)
-CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-complicit ...)
+CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted ...)
{DSA-987-1}
- tar 1.15.1-3 (bug #354091; high)
- dpkg <not-affected> (has completely different tar implementation)
@@ -13355,7 +13451,7 @@
NOT-FOR-US: Archilles Newsworld
CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) ...)
NOT-FOR-US: Archilles Newsworld
-CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-complicit attackers ...)
+CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers ...)
NOT-FOR-US: Mirabilis ICQ
CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password ...)
NOT-FOR-US: MiniGal2
@@ -14002,7 +14098,7 @@
CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote ...)
- ethereal 0.10.13-1 (bug #334880; medium)
NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
-CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-complicit ...)
+CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-assisted ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
NOT-FOR-US: Solaris
@@ -14840,7 +14936,7 @@
NOT-FOR-US: pam_per_user (not in Debian)
CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...)
NOT-FOR-US: KillProcess
-CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-complicit ...)
+CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted ...)
NOT-FOR-US: KillProcess
CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...)
- openssl (bug #314465; unimportant)
@@ -15274,13 +15370,13 @@
NOT-FOR-US: Symantec Antivirus
CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X ...)
NOT-FOR-US: Mac OS X
-CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-complicit attackers to ...)
+CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-assisted attackers to ...)
NOT-FOR-US: Apple QuickTime
-CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-complicit attackers to ...)
+CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-assisted attackers to ...)
NOT-FOR-US: Apple QuickTime
-CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-complicit ...)
+CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...)
NOT-FOR-US: Apple QuickTime
-CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-complicit ...)
+CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...)
NOT-FOR-US: Apple QuickTime
CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does ...)
NOT-FOR-US: Mac OS X
@@ -16672,7 +16768,7 @@
NOT-FOR-US: nbsmtp
CVE-2005-2408
RESERVED
-CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-complicit ...)
+CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted ...)
NOT-FOR-US: Opera
CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
NOT-FOR-US: Opera
More information about the Secure-testing-commits
mailing list