[Secure-testing-commits] r5085 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Dec 7 21:14:37 CET 2006
Author: joeyh
Date: 2006-12-07 21:14:35 +0100 (Thu, 07 Dec 2006)
New Revision: 5085
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-07 07:43:37 UTC (rev 5084)
+++ data/CVE/list 2006-12-07 20:14:35 UTC (rev 5085)
@@ -1,6 +1,192 @@
-CVE-2006-6302 [fail2ban remote DoS]
+CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...)
+ TODO: check
+CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware ...)
+ TODO: check
+CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...)
+ TODO: check
+CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside ...)
+ TODO: check
+CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket ...)
+ TODO: check
+CVE-2006-6362 (Buffer overflow in the cluster_process_heartbeat function in cluster.c ...)
+ TODO: check
+CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file ...)
+ TODO: check
+CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...)
+ TODO: check
+CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...)
+ TODO: check
+CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in ...)
+ TODO: check
+CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...)
+ TODO: check
+CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate ...)
+ TODO: check
+CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews ...)
+ TODO: check
+CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X ...)
+ TODO: check
+CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted ...)
+ TODO: check
+CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with ...)
+ TODO: check
+CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient ...)
+ TODO: check
+CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The ...)
+ TODO: check
+CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 ...)
+ TODO: check
+CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote ...)
+ TODO: check
+CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 ...)
+ TODO: check
+CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service ...)
+ TODO: check
+CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and ...)
+ TODO: check
+CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and ...)
+ TODO: check
+CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. ...)
+ TODO: check
+CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...)
+ TODO: check
+CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...)
+ TODO: check
+CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...)
+ TODO: check
+CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee Ziyaretci ...)
+ TODO: check
+CVE-2006-6336
+ RESERVED
+CVE-2006-6335
+ RESERVED
+CVE-2006-6334
+ RESERVED
+CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...)
+ TODO: check
+CVE-2006-6332
+ RESERVED
+CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is ...)
+ TODO: check
+CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...)
+ TODO: check
+CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files ...)
+ TODO: check
+CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 ...)
+ TODO: check
+CVE-2006-6327
+ RESERVED
+CVE-2006-6326
+ RESERVED
+CVE-2006-6325
+ RESERVED
+CVE-2006-6324
+ RESERVED
+CVE-2006-6323
+ RESERVED
+CVE-2006-6322
+ RESERVED
+CVE-2006-6321
+ RESERVED
+CVE-2006-6320
+ RESERVED
+CVE-2006-6319
+ RESERVED
+CVE-2006-6318
+ RESERVED
+CVE-2006-6317
+ RESERVED
+CVE-2006-6316
+ RESERVED
+CVE-2006-6315
+ RESERVED
+CVE-2006-6314
+ RESERVED
+CVE-2006-6313
+ RESERVED
+CVE-2006-6312
+ RESERVED
+CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...)
+ TODO: check
+CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote ...)
+ TODO: check
+CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...)
+ TODO: check
+CVE-2006-6308 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...)
+ TODO: check
+CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...)
+ TODO: check
+CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...)
+ TODO: check
+CVE-2006-6304
+ RESERVED
+CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...)
+ TODO: check
+CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
+ TODO: check
+CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...)
+ TODO: check
+CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...)
+ TODO: check
+CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3, ...)
+ TODO: check
+CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...)
+ TODO: check
+CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...)
+ TODO: check
+CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot ...)
+ TODO: check
+CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before ...)
+ TODO: check
+CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 allows remote ...)
+ TODO: check
+CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable ...)
+ TODO: check
+CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...)
+ TODO: check
+CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset ...)
+ TODO: check
+CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 215 and earlier ...)
+ TODO: check
+CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...)
+ TODO: check
+CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions ...)
+ TODO: check
+CVE-2006-6285 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 ...)
+ TODO: check
+CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
+ TODO: check
+CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a ...)
+ TODO: check
+CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in ...)
+ TODO: check
+CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP ...)
+ TODO: check
+CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex ...)
+ TODO: check
+CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ...)
+ TODO: check
+CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server ...)
+ TODO: check
+CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...)
+ TODO: check
+CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...)
+ TODO: check
+CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which ...)
- fail2ban <unfixed> (medium; bug filed)
-CVE-2006-6301 [denyhosts remote DoS]
+CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows remote ...)
- denyhosts <unfixed> (medium; bug filed)
CVE-2006-XXXX [l2tpns Heartbeat Packets Buffer Overflow Vulnerability]
- l2tpns 2.1.21-1 (medium; bug #401742)
@@ -88,8 +274,7 @@
NOT-FOR-US: Woltlab Burning Board Lite
CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
TODO: check
-CVE-2006-6235 [arbitrary indirect call in GnuPG]
- RESERVED
+CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) before 1.2.1 allows ...)
- gnupg <unfixed> (high; bug #401894; bug #401914)
- gnupg2 <unfixed> (high; bug #401895; bug #401913)
CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in ...)
@@ -287,8 +472,7 @@
RESERVED
CVE-2006-6143
RESERVED
-CVE-2006-6142 [squirrelmail XSS]
- RESERVED
+CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
- squirrelmail 2:1.4.9a-1
CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a ...)
NOT-FOR-US: Tftpd32
@@ -304,7 +488,7 @@
NOTE: NOT-FOR-US (IBM WebSphere)
CVE-2006-6135 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
NOTE: NOT-FOR-US (IBM WebSphere)
-CVE-2006-6134 (Windows Media 10.00.00.4036 allows remote attackers to cause a denial ...)
+CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in ...)
NOTE: NOT-FOR-US (Windows Media)
CVE-2006-6133 (Stack-based buffer overflow in Business Objects Crystal Reports XI ...)
NOTE: NOT-FOR-US (Business Objects Crystal Reports)
@@ -359,8 +543,8 @@
NOT-FOR-US: Novell
CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Monkey Boards
-CVE-2006-6112
- RESERVED
+CVE-2006-6112 (LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP ...)
+ TODO: check
CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 ...)
NOT-FOR-US: Alan Ward A-Cart Pro
CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech ...)
@@ -602,8 +786,8 @@
RESERVED
CVE-2006-5995
RESERVED
-CVE-2006-5994
- RESERVED
+CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...)
+ TODO: check
CVE-2006-5993
RESERVED
CVE-2006-5992
@@ -685,7 +869,7 @@
NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART ...)
NOT-FOR-US: INFINICART
-CVE-2006-5957 (Multiple SQL injection vulnerabilities in INFINICART allow remote ...)
+CVE-2006-5957 (** DISPUTED ** ...)
NOT-FOR-US: INFINICART
CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) ...)
NOT-FOR-US: PHPRunner
@@ -896,10 +1080,10 @@
RESERVED
CVE-2006-5857
RESERVED
-CVE-2006-5856
- RESERVED
-CVE-2006-5855
- RESERVED
+CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 ...)
+ TODO: check
+CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 ...)
+ TODO: check
CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in ...)
TODO: check
CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy ...)
@@ -1519,7 +1703,7 @@
NOT-FOR-US: Discuz! GBK
CVE-2006-5560 (Cross-site scripting (XSS) vulnerability in heading.php in Boesch ...)
NOT-FOR-US: ProgSys
-CVE-2006-5559 (The ADODB.Connection 2.7 ActiveX control object (ADODB.Connection.2.7) ...)
+CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control ...)
NOT-FOR-US: ADODB.Connection 2.7 ActiveX control
CVE-2006-5558 (Format string vulnerability in the swask command in HP-UX B.11.11 and ...)
NOT-FOR-US: HP-UX
@@ -2115,7 +2299,7 @@
CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...)
- mutt <unfixed> (bug #396104; low)
[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
-CVE-2006-5296 (Buffer overflow in Microsoft Office 2003 PowerPoint allows ...)
+CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a ...)
NOT-FOR-US: Microsoft
CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
NOT-FOR-US: phplist
@@ -5247,8 +5431,8 @@
RESERVED
CVE-2006-3894
RESERVED
-CVE-2006-3893
- RESERVED
+CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...)
+ TODO: check
CVE-2006-3892
RESERVED
CVE-2006-3891
@@ -17066,7 +17250,7 @@
NOT-FOR-US: phpAdsNews
CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows ...)
NOT-FOR-US: phpAdsNews
-CVE-2005-3644 (upnp_getdevicelist in UPnP for Windows 2000 Server SP3 and earlier, ...)
+CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows ...)
NOT-FOR-US: Windows
CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...)
NOT-FOR-US: DB2
More information about the Secure-testing-commits
mailing list