[Secure-testing-commits] r5105 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Dec 11 09:14:19 CET 2006
Author: joeyh
Date: 2006-12-11 09:14:15 +0100 (Mon, 11 Dec 2006)
New Revision: 5105
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-10 22:26:18 UTC (rev 5104)
+++ data/CVE/list 2006-12-11 08:14:15 UTC (rev 5105)
@@ -1,4 +1,178 @@
-CVE-2006-6385 [intel NIC driver privilege escalation]
+CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in DUware ...)
+ TODO: check
+CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows ...)
+ TODO: check
+CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in ...)
+ TODO: check
+CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles ...)
+ TODO: check
+CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk ...)
+ TODO: check
+CVE-2006-6450 (Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in ...)
+ TODO: check
+CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under the ...)
+ TODO: check
+CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and ...)
+ TODO: check
+CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...)
+ TODO: check
+CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4, ...)
+ TODO: check
+CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...)
+ TODO: check
+CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and ...)
+ TODO: check
+CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print ...)
+ TODO: check
+CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the ...)
+ TODO: check
+CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
+ TODO: check
+CVE-2006-6440 (Multple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre ...)
+ TODO: check
+CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
+ TODO: check
+CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
+ TODO: check
+CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, ...)
+ TODO: check
+CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network controller in ...)
+ TODO: check
+CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before ...)
+ TODO: check
+CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox ...)
+ TODO: check
+CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
+ TODO: check
+CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in Xerox ...)
+ TODO: check
+CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro ...)
+ TODO: check
+CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before ...)
+ TODO: check
+CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
+ TODO: check
+CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
+ TODO: check
+CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro before ...)
+ TODO: check
+CVE-2006-6426 (PHP remote file inclusion vulnerability in design/thinkedit/render.php ...)
+ TODO: check
+CVE-2006-6425
+ RESERVED
+CVE-2006-6424
+ RESERVED
+CVE-2006-6423
+ RESERVED
+CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ...)
+ TODO: check
+CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box ...)
+ TODO: check
+CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the ...)
+ TODO: check
+CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content ...)
+ TODO: check
+CVE-2006-6418 (Unspecified vulnerability in the POSIX Threads library (libpthread) on ...)
+ TODO: check
+CVE-2006-6417 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - ...)
+ TODO: check
+CVE-2006-6415 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye ...)
+ TODO: check
+CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and ...)
+ TODO: check
+CVE-2006-6412
+ RESERVED
+CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows ...)
+ TODO: check
+CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local ...)
+ TODO: check
+CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...)
+ TODO: check
+CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote ...)
+ TODO: check
+CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote ...)
+ TODO: check
+CVE-2006-6406 (ClamAV 0.88.6 allows remote attackers to bypass virus detection by ...)
+ TODO: check
+CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...)
+ TODO: check
+CVE-2006-6404
+ RESERVED
+CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...)
+ TODO: check
+CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in ...)
+ TODO: check
+CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...)
+ TODO: check
+CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 ...)
+ TODO: check
+CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios ...)
+ TODO: check
+CVE-2006-6397 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and ...)
+ TODO: check
+CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...)
+ TODO: check
+CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas ...)
+ TODO: check
+CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera ...)
+ TODO: check
+CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka ...)
+ TODO: check
+CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution ...)
+ TODO: check
+CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution ...)
+ TODO: check
+CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...)
+ TODO: check
+CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in ...)
+ TODO: check
+CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management ...)
+ TODO: check
+CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...)
+ TODO: check
+CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...)
+ TODO: check
+CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...)
+ TODO: check
+CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...)
+ TODO: check
+CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...)
+ TODO: check
+CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate ...)
+ TODO: check
+CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...)
+ TODO: check
+CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with ...)
+ TODO: check
+CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root ...)
+ TODO: check
+CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File ...)
+ TODO: check
+CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...)
+ TODO: check
+CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...)
+ TODO: check
+CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...)
+ TODO: check
+CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB ...)
+ TODO: check
+CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in ...)
+ TODO: check
+CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision ...)
+ TODO: check
+CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a ...)
+ TODO: check
+CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and ...)
- linux-2.6 <not-affected> (Affects only Windows despite other claims)
CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...)
TODO: check
@@ -68,13 +242,12 @@
RESERVED
CVE-2006-6335
RESERVED
-CVE-2006-6334
- RESERVED
+CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...)
+ TODO: check
CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...)
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18)
-CVE-2006-6332 [madwifi code injection]
- RESERVED
+CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in ...)
- madwifi 1:0.9.2+r1842.20061207-1 (high)
[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is ...)
@@ -141,7 +314,7 @@
TODO: check
CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...)
TODO: check
-CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3, ...)
+CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, ...)
TODO: check
CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...)
TODO: check
@@ -278,7 +451,7 @@
NOT-FOR-US: Woltlab Burning Board Lite
CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
TODO: check
-CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) before 1.2.1 allows ...)
+CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...)
{DSA-1231-1}
- gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914)
- gnupg2 2.0.0-5.2 (high; bug #401895; bug #401913)
@@ -308,8 +481,8 @@
NOT-FOR-US: Google Search Appliance
CVE-2006-6222
RESERVED
-CVE-2006-6221
- RESERVED
+CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...)
+ TODO: check
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...)
NOT-FOR-US: Recipes Complete Website
CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
@@ -336,7 +509,7 @@
NOT-FOR-US: MidiCart ASP Shopping Cart
CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds ...)
NOT-FOR-US: Enthreallweb eClassifieds
-CVE-2006-6207 (SQL injection vulnerability in products.asp in Evolve shopping cart ...)
+CVE-2006-6207 (** DISPUTED ** ...)
NOT-FOR-US: Evolve Merchant
CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping ...)
NOT-FOR-US: WarHound General Shopping Cart
@@ -1057,8 +1230,7 @@
RESERVED
CVE-2006-5875
RESERVED
-CVE-2006-5874 [clamav mime64 DoS]
- RESERVED
+CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ...)
{DSA-1232-1}
- clamav 0.86-1
CVE-2006-5873 [l2tpns Heartbeat Packets Buffer Overflow Vulnerability]
@@ -1131,7 +1303,7 @@
NOT-FOR-US: Unicore
CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in ...)
NOT-FOR-US: DodosMail
-CVE-2006-5840 (Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow ...)
+CVE-2006-5840 (** DISPUTED ** ...)
NOT-FOR-US: Abarcar Realty Portal
CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure ...)
NOT-FOR-US: PHPAdventure
@@ -1282,7 +1454,7 @@
NOT-FOR-US: FreeWebshop
CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 ...)
NOT-FOR-US: Arkoon SSL360
-CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in Mobile allow ...)
+CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...)
NOT-FOR-US: Mobile
CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS ...)
NOT-FOR-US: admin.tool CMS
@@ -1549,7 +1721,7 @@
NOT-FOR-US: Sophos
CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...)
NOT-FOR-US: Sophos
-CVE-2006-5645 (Unspecified vulnerability in Sophos Anti-Virus and Endpoint Security ...)
+CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...)
NOT-FOR-US: Sophos
CVE-2006-5644
RESERVED
@@ -4568,7 +4740,7 @@
NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo
CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...)
NOT-FOR-US: NES Game and NES System
-CVE-2006-4286 (PHP remote file inclusion vulnerability in contentpublisher.php in the ...)
+CVE-2006-4286 (** DISPUTED ** ...)
NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo
CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...)
NOT-FOR-US: Fantastic News
@@ -4656,8 +4828,7 @@
CVE-2006-4250 [buffer overflow in man-db]
RESERVED
- man-db 2.4.3-5
-CVE-2006-4249 [plone group creation privilege escalation]
- RESERVED
+CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ...)
- zope-cmfplone <unfixed> (bug #401796)
[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows ...)
@@ -19279,7 +19450,7 @@
- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
NOT-FOR-US: jportal
-CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA allows ...)
+CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA, as ...)
NOT-FOR-US: 7-Zip
CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...)
NOT-FOR-US: PhpMyFaq
@@ -23392,7 +23563,7 @@
- tor 0.0.9.10-1 (medium)
CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
NOT-FOR-US: Duware
-CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...)
+CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and ...)
NOT-FOR-US: Duware
CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...)
NOT-FOR-US: Duware
More information about the Secure-testing-commits
mailing list