[Secure-testing-commits] r3412 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Feb 2 09:14:23 UTC 2006
Author: joeyh
Date: 2006-02-02 09:14:17 +0000 (Thu, 02 Feb 2006)
New Revision: 3412
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-01 21:14:28 UTC (rev 3411)
+++ data/CVE/list 2006-02-02 09:14:17 UTC (rev 3412)
@@ -1,7 +1,135 @@
+CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
+ TODO: check
+CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...)
+ TODO: check
+CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
+ TODO: check
+CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...)
+ TODO: check
+CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...)
+ TODO: check
+CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as ...)
+ TODO: check
+CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote ...)
+ TODO: check
+CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 ...)
+ TODO: check
+CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...)
+ TODO: check
+CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably ...)
+ TODO: check
+CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS ...)
+ TODO: check
+CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email ...)
+ TODO: check
+CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance ...)
+ TODO: check
+CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S ...)
+ TODO: check
+CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...)
+ TODO: check
+CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...)
+ TODO: check
+CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
+ TODO: check
+CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...)
+ TODO: check
+CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in ...)
+ TODO: check
+CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, ...)
+ TODO: check
+CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...)
+ TODO: check
+CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...)
+ TODO: check
+CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows ...)
+ TODO: check
+CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers ...)
+ TODO: check
+CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...)
+ TODO: check
+CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...)
+ TODO: check
+CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...)
+ TODO: check
+CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in ...)
+ TODO: check
+CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and ...)
+ TODO: check
+CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
+ TODO: check
+CVE-2005-4706 (Unspecified vulnerability in the "privilege management" feature of Sun ...)
+ TODO: check
+CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...)
+ TODO: check
+CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
+ TODO: check
+CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers ...)
+ TODO: check
+CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in ...)
+ TODO: check
+CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun ...)
+ TODO: check
+CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) ...)
+ TODO: check
+CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows ...)
+ TODO: check
+CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier ...)
+ TODO: check
+CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local ...)
+ TODO: check
+CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP ...)
+ TODO: check
+CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...)
+ TODO: check
+CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...)
+ TODO: check
+CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...)
+ TODO: check
+CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...)
+ TODO: check
+CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...)
+ TODO: check
+CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation ...)
+ TODO: check
+CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes ...)
+ TODO: check
+CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail ...)
+ TODO: check
+CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's ...)
+ TODO: check
+CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes ...)
+ TODO: check
+CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...)
+ TODO: check
+CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS ...)
+ TODO: check
+CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of ...)
+ TODO: check
+CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...)
+ TODO: check
+CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...)
+ TODO: check
+CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...)
+ TODO: check
+CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote ...)
+ TODO: check
+CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the ...)
+ TODO: check
+CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the ...)
+ TODO: check
+CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...)
+ TODO: check
+CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute ...)
+ TODO: check
CVE-2006-XXXX [pioneers: Client and server can crash from huge chat buffer]
- pioneers 0.9.49-1 (bug #350237; medium)
-CVE-2006-0467
- RESERVED
+CVE-2006-0467 (Unspecified vulnerability in pioneers before 0.9.49 allows remote ...)
+ TODO: check
CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag ...)
NOT-FOR-US: Goldstag Content Management System
CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in ...)
@@ -370,8 +498,7 @@
NOT-FOR-US: Joomla!
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...)
NOT-FOR-US: ZyXel hardware
-CVE-2006-0301 [another xpdf heap overflow in splash handling]
- RESERVED
+CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf allows attackers to ...)
- poppler <unfixed>
- tetex-bin 3.0-12
- kdegraphics <unfixed>
@@ -1367,8 +1494,7 @@
CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran]
- libjpeg6b 6b-11
[woody] - libjpeg6b <not-affected> (Does not include exifautotran)
-CVE-2006-0043 [symlink-related buffer overflow in the user-space rpc.mountd]
- RESERVED
+CVE-2006-0043 (Buffer overflow in the realpath function in nfs-server rpc.mountd, as ...)
- nfs-user-server 2.2beta47-22 (high; bug #350020)
NOTE: nfs-utils (kernel NFS server) is not affected
NOTE: (it uses PATH_MAX for the buffer passed to realpath).
More information about the Secure-testing-commits
mailing list