[Secure-testing-commits] r5127 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Dec 15 21:14:21 CET 2006
Author: joeyh
Date: 2006-12-15 21:14:18 +0100 (Fri, 15 Dec 2006)
New Revision: 5127
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-15 20:05:38 UTC (rev 5126)
+++ data/CVE/list 2006-12-15 20:14:18 UTC (rev 5127)
@@ -1,3 +1,159 @@
+CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced ...)
+ TODO: check
+CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) ...)
+ TODO: check
+CVE-2006-6571 (Multiple cross-site scripting (XSS) vulnerabilities in form.php in ...)
+ TODO: check
+CVE-2006-6570 (Unrestricted file upload vulnerability in upload.php in GenesisTrader ...)
+ TODO: check
+CVE-2006-6569 (form.php in GenesisTrader 1.0 allows remote attackers to read source ...)
+ TODO: check
+CVE-2006-6568 (Directory traversal vulnerability in includes/kb_constants.php in the ...)
+ TODO: check
+CVE-2006-6567 (PHP remote file inclusion vulnerability in includes/kb_constants.php ...)
+ TODO: check
+CVE-2006-6566 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in ...)
+ TODO: check
+CVE-2006-6562
+ RESERVED
+CVE-2006-6561 (Unspecified vulnerability in Microsoft Word allows user-assisted ...)
+ TODO: check
+CVE-2006-6560 (PHP remote file inclusion vulnerability in includes/common.php in the ...)
+ TODO: check
+CVE-2006-6559 (SQL injection vulnerability in ProductDetails.asp in Lotfian Request ...)
+ TODO: check
+CVE-2006-6558 (Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2006-6557 (Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have ...)
+ TODO: check
+CVE-2006-6556 (The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before ...)
+ TODO: check
+CVE-2006-6555 (Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow ...)
+ TODO: check
+CVE-2006-6554 (Unspecified vulnerability in Kerio MailServer before 6.3.1 allows ...)
+ TODO: check
+CVE-2006-6553 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-6552 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-6551 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-6550 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-6549 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-6548 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...)
+ TODO: check
+CVE-2006-6547 (Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod ...)
+ TODO: check
+CVE-2006-6546 (PHP remote file inclusion vulnerability in inc/shows.inc.php in ...)
+ TODO: check
+CVE-2006-6545 (PHP remote file inclusion vulnerability in includes/common.php in the ...)
+ TODO: check
+CVE-2006-6544 (Cross-site scripting (XSS) vulnerability in CM68 News allows remote ...)
+ TODO: check
+CVE-2006-6543 (Multiple SQL injection vulnerabilities in login.asp in AppIntellect ...)
+ TODO: check
+CVE-2006-6542 (SQL injection vulnerability in news.php in Fantastic News 2.1.4 and ...)
+ TODO: check
+CVE-2006-6541 (PHP remote file inclusion vulnerability in signer/final.php in ...)
+ TODO: check
+CVE-2006-6540 (SQL injection vulnerability in bt-trackback.php in Bluetrait before ...)
+ TODO: check
+CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and ...)
+ TODO: check
+CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) ...)
+ TODO: check
+CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, ...)
+ TODO: check
+CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber ...)
+ TODO: check
+CVE-2006-6535
+ RESERVED
+CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce ...)
+ TODO: check
+CVE-2006-6533 (Directory traversal vulnerability in admin/templates_boxes_layout.php ...)
+ TODO: check
+CVE-2006-6532 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...)
+ TODO: check
+CVE-2006-6531 (Cross-site scripting (XSS) vulnerability in the Help Tip module before ...)
+ TODO: check
+CVE-2006-6530 (SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 ...)
+ TODO: check
+CVE-2006-6529 (The Chatroom Module before 4.7.x.-1.0 for Drupal displays private ...)
+ TODO: check
+CVE-2006-6528 (The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom ...)
+ TODO: check
+CVE-2006-6527 (PHP remote file inclusion vulnerability in guest.php in Gizzar ...)
+ TODO: check
+CVE-2006-6526 (PHP remote file inclusion vulnerability in index.php in Gizzar ...)
+ TODO: check
+CVE-2006-6525 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...)
+ TODO: check
+CVE-2006-6524 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...)
+ TODO: check
+CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in ...)
+ TODO: check
+CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale ...)
+ TODO: check
+CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 ...)
+ TODO: check
+CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows ...)
+ TODO: check
+CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 ...)
+ TODO: check
+CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and ...)
+ TODO: check
+CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and ...)
+ TODO: check
+CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of ...)
+ TODO: check
+CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient ...)
+ TODO: check
+CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web Interface ...)
+ TODO: check
+CVE-2006-6512 (Directory traversal vulnerability in the Browse function (/browse URI) ...)
+ TODO: check
+CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive ...)
+ TODO: check
+CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is ...)
+ TODO: check
+CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in ...)
+ TODO: check
+CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...)
+ TODO: check
+CVE-2006-6507
+ RESERVED
+CVE-2006-6506
+ RESERVED
+CVE-2006-6505
+ RESERVED
+CVE-2006-6504
+ RESERVED
+CVE-2006-6503
+ RESERVED
+CVE-2006-6502
+ RESERVED
+CVE-2006-6501
+ RESERVED
+CVE-2006-6500
+ RESERVED
+CVE-2006-6499
+ RESERVED
+CVE-2006-6498
+ RESERVED
+CVE-2006-6497
+ RESERVED
+CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus ...)
+ TODO: check
CVE-2006-XXXX [proftpd mod_ctrls local root]
- proftpd-dfsg 1.3.0-17 (medium)
[sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build)
@@ -5,7 +161,7 @@
NOT-FOR-US: Solaris
CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...)
NOT-FOR-US: Solaris
-CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function vin ...)
+CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function in ...)
TODO: check
CVE-2006-6492
RESERVED
@@ -43,8 +199,8 @@
RESERVED
CVE-2006-6475
RESERVED
-CVE-2006-6474
- RESERVED
+CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for Linux ...)
+ TODO: check
CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...)
NOT-FOR-US: Xerox WorkCentre
CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before ...)
@@ -387,8 +543,8 @@
TODO: check
CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...)
TODO: check
-CVE-2006-6304
- RESERVED
+CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets ...)
+ TODO: check
CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...)
NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
- ruby1.8 1.8.5-4 (low)
@@ -561,8 +717,8 @@
NOT-FOR-US: Puntal
CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...)
NOT-FOR-US: Google Search Appliance
-CVE-2006-6222
- RESERVED
+CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
+ TODO: check
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...)
NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...)
@@ -814,13 +970,11 @@
NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...)
NOT-FOR-US: EC-CUBE
-CVE-2006-6107
- RESERVED
+CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in ...)
- dbus 1.0.2-1
CVE-2006-6106
RESERVED
-CVE-2006-6105 [gdmchooser format string issue]
- RESERVED
+CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...)
- gdm <unfixed> (medium)
[sarge] - gdm <not-affected> (Vulnerable code not present)
CVE-2006-6104
@@ -960,7 +1114,7 @@
NOT-FOR-US: Oliver (formerly Webshare)
CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in ...)
NOT-FOR-US: phpWebThings
-CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in WORK system ...)
+CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in Laurent Van den ...)
NOT-FOR-US: WORK system e-commerce
CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: vBulletin
@@ -1313,8 +1467,7 @@
RESERVED
CVE-2006-5876
RESERVED
-CVE-2006-5875 [EoC shell command injection]
- RESERVED
+CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote ...)
- enemies-of-carlotta 1.2.4-1 (medium)
CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ...)
{DSA-1232-1}
@@ -1425,8 +1578,8 @@
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...)
- linux-2.6 <unfixed>
-CVE-2006-5822
- RESERVED
+CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
+ TODO: check
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...)
NOT-FOR-US: Citrix
CVE-2006-5820
@@ -1800,10 +1953,10 @@
NOT-FOR-US: DigiOz Guestbook
CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ ...)
NOT-FOR-US: ICQPhone.SipxPhoneManager
-CVE-2006-5649
- RESERVED
-CVE-2006-5648
- RESERVED
+CVE-2006-5649 (Unspecified vulnerability in the "alignment check exception handling" ...)
+ TODO: check
+CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a ...)
+ TODO: check
CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...)
NOT-FOR-US: Sophos
CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...)
@@ -1861,7 +2014,7 @@
NOT-FOR-US: Electronic Engineering Tool (EE Tool)
CVE-2006-5622 (SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery ...)
NOT-FOR-US: Coppermine Photo Gallery
-CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR ...)
+CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, ...)
NOT-FOR-US: ask_rave
CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...)
NOT-FOR-US: MiniBILL
@@ -1941,7 +2094,7 @@
NOT-FOR-US: Microsoft
CVE-2006-5580
RESERVED
-CVE-2006-5579 (Microsoft Internet Explorer 6 accesses previously freed memory, which ...)
+CVE-2006-5579 (Microsoft Internet Explorer 6 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft
CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote attackers to read ...)
NOT-FOR-US: Microsoft
@@ -3421,8 +3574,8 @@
NOT-FOR-US: X-Cart
CVE-2006-4903
RESERVED
-CVE-2006-4902
- RESERVED
+CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 ...)
+ TODO: check
CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up ...)
NOT-FOR-US: CA eTrust
CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust ...)
More information about the Secure-testing-commits
mailing list