[Secure-testing-commits] r3441 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue Feb 7 21:14:30 UTC 2006
Author: joeyh
Date: 2006-02-07 21:14:23 +0000 (Tue, 07 Feb 2006)
New Revision: 3441
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-07 20:42:50 UTC (rev 3440)
+++ data/CVE/list 2006-02-07 21:14:23 UTC (rev 3441)
@@ -1,3 +1,77 @@
+CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote ...)
+ TODO: check
+CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in ...)
+ TODO: check
+CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...)
+ TODO: check
+CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c ...)
+ TODO: check
+CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...)
+ TODO: check
+CVE-2006-0561
+ RESERVED
+CVE-2006-0560
+ RESERVED
+CVE-2006-0559
+ RESERVED
+CVE-2006-0558
+ RESERVED
+CVE-2006-0557
+ RESERVED
+CVE-2006-0556
+ RESERVED
+CVE-2006-0555
+ RESERVED
+CVE-2006-0554
+ RESERVED
+CVE-2006-0553
+ RESERVED
+CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...)
+ TODO: check
+CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...)
+ TODO: check
+CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow ...)
+ TODO: check
+CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in ...)
+ TODO: check
+CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle ...)
+ TODO: check
+CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ...)
+ TODO: check
+CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application ...)
+ TODO: check
+CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...)
+ TODO: check
+CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...)
+ TODO: check
+CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb ...)
+ TODO: check
+CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...)
+ TODO: check
+CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook ...)
+ TODO: check
+CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...)
+ TODO: check
+CVE-2006-0538 (IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows ...)
+ TODO: check
+CVE-2006-0537 (Buffer overflow in eXchange POP3 before 5.0.060125 allows remote ...)
+ TODO: check
+CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...)
+ TODO: check
+CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community ...)
+ TODO: check
+CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
+ TODO: check
+CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...)
+ TODO: check
+CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...)
+ TODO: check
+CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...)
+ TODO: check
+CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...)
+ TODO: check
CVE-2006-XXXX [kphone creates world-readable config file with passwords]
- kphone <unfixed> (bug #337830; low)
CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...)
@@ -18,7 +92,7 @@
NOTE: applies to BIND on other operating systems."
CVE-2006-0526 (The default configuration of the America Online (AOL) client software ...)
NOT-FOR-US: AOL
-CVE-2006-0525 (Multiple unspecified Adobe products install a large number of .EXE and ...)
+CVE-2006-0525 (Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator ...)
NOT-FOR-US: Windows issue
CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek ...)
NOT-FOR-US: Derek Ashauer ashnews
@@ -42,8 +116,8 @@
RESERVED
CVE-2006-0514
RESERVED
-CVE-2006-0513
- RESERVED
+CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web Server ...)
+ TODO: check
CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which ...)
NOT-FOR-US: PADL MigrationTools
CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not ...)
@@ -68,7 +142,7 @@
NOT-FOR-US: FarsiNews
CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows ...)
NOT-FOR-US: MyCo Guestbook
-CVE-2006-0500 (MyCO Guestbook 1.0 admin directory under the web document root with ...)
+CVE-2006-0500 (MyCO Guestbook 1.0 stores the admin directory under the web document ...)
NOT-FOR-US: MyCo Guestbook
CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 ...)
NOT-FOR-US: Rlink module add-on for phpbb (not included in Debian package)
@@ -210,7 +284,7 @@
TODO: check
CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute ...)
TODO: check
-CVE-2006-0467 (Unspecified vulnerability in pioneers before 0.9.49 allows remote ...)
+CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before ...)
{DSA-964-1}
[woody] - gnocatan 0.6.1-5woody3
[sarge] - gnocatan 0.8.1.59-1sarge1
@@ -277,10 +351,10 @@
NOT-FOR-US: Text Rider
CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the ...)
NOT-FOR-US: Text Rider
-CVE-2006-0438
- RESERVED
-CVE-2006-0437
- RESERVED
+CVE-2006-0438 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when ...)
+ TODO: check
+CVE-2006-0437 (Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB ...)
+ TODO: check
CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 ...)
NOT-FOR-US: HP-UX
CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL) allows attackers to ...)
@@ -688,7 +762,8 @@
NOT-FOR-US: Oracle
CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server ...)
NOT-FOR-US: Oracle
-CVE-2006-0264 (Unspecified vulnerability in the Net Listener component of Oracle ...)
+CVE-2006-0264
+ REJECTED
NOT-FOR-US: Oracle
CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...)
NOT-FOR-US: Oracle
@@ -698,7 +773,7 @@
NOT-FOR-US: Oracle
CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...)
NOT-FOR-US: Oracle
-CVE-2006-0259 (Multiple unspecified vulnerabilities in the Data Pump component of ...)
+CVE-2006-0259 (Multiple unspecified vulnerabilities in Oracle Database server ...)
NOT-FOR-US: Oracle
CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of ...)
NOT-FOR-US: Oracle
@@ -5269,8 +5344,8 @@
NOT-FOR-US: iGateway
CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...)
NOT-FOR-US: Qualcomm WorldMail IMAP Server
-CVE-2005-3188
- RESERVED
+CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to ...)
+ TODO: check
CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a ...)
NOT-FOR-US: WinProxy
CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...)
More information about the Secure-testing-commits
mailing list