[Secure-testing-commits] r3452 - data/CVE

Joey Hess joeyh at costa.debian.org
Fri Feb 10 09:14:26 UTC 2006


Author: joeyh
Date: 2006-02-10 09:14:19 +0000 (Fri, 10 Feb 2006)
New Revision: 3452

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-09 21:14:32 UTC (rev 3451)
+++ data/CVE/list	2006-02-10 09:14:19 UTC (rev 3452)
@@ -1,14 +1,112 @@
+CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in ...)
+	TODO: check
+CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web ...)
+	TODO: check
+CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging ...)
+	TODO: check
+CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine the IP ...)
+	TODO: check
+CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root access to ...)
+	TODO: check
+CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka ...)
+	TODO: check
+CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka ...)
+	TODO: check
+CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows ...)
+	TODO: check
+CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the ...)
+	TODO: check
+CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...)
+	TODO: check
+CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition ...)
+	TODO: check
+CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board ...)
+	TODO: check
+CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently ...)
+	TODO: check
+CVE-2006-0631 (CRLF injection vulnerability in Erik C. Thauvin mailback allows remote ...)
+	TODO: check
+CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important headers ...)
+	TODO: check
+CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 ...)
+	TODO: check
+CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute ...)
+	TODO: check
+CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and ...)
+	TODO: check
+CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate Manager ...)
+	TODO: check
+CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable ...)
+	TODO: check
+CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of ...)
+	TODO: check
+CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users ...)
+	TODO: check
+CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users ...)
+	TODO: check
+CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow ...)
+	TODO: check
+CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 ...)
+	TODO: check
+CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...)
+	TODO: check
+CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and ...)
+	TODO: check
+CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...)
+	TODO: check
+CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and ...)
+	TODO: check
+CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in ...)
+	TODO: check
+CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain ...)
+	TODO: check
+CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and ...)
+	TODO: check
+CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, ...)
+	TODO: check
+CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton Design ...)
+	TODO: check
+CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 ...)
+	TODO: check
+CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords when ...)
+	TODO: check
+CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 ...)
+	TODO: check
+CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain ...)
+	TODO: check
+CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check the user ...)
+	TODO: check
+CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in Hinton ...)
+	TODO: check
+CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg ...)
+	TODO: check
+CVE-2006-0601
+	RESERVED
+CVE-2006-0596
+	RESERVED
+CVE-2006-0595
+	RESERVED
+CVE-2006-0594
+	RESERVED
+CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 ...)
+	TODO: check
+CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products ...)
+	TODO: check
 CVE-2006-0598 [elog: buffer overflow in write_logfile]
+	RESERVED
 	- elog 2.6.1+r1642-1
 CVE-2006-0597 [elog: remote DoS through overly long attributes]
+	RESERVED
 	- elog 2.6.1+r1642-1
 CVE-2006-0599 [elog: information discloure in password denial]
+	RESERVED
 	- elog 2.6.1+r1642-1
 CVE-2006-0600 [elog: remote DoS through endless loop]
+	RESERVED
 	- elog 2.6.1+r1642-1
 CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...)
 	TODO: check
-CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing service ...)
+CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server ...)
 	TODO: check
 CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based and ...)
 	TODO: check
@@ -40,7 +138,7 @@
 	TODO: check
 CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by ...)
 	TODO: check
-CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile allows ...)
+CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...)
 	TODO: check
 CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to ...)
 	TODO: check
@@ -175,10 +273,10 @@
 	- spip <unfixed> (medium; bug #351335)
 CVE-2006-0517 (Multiple SQL injection vulnerabilities in ...)
 	- spip <unfixed> (medium; bug #351334)
-CVE-2006-0625
+CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and ...)
 	- spip <unfixed> (medium; bug #352076)
 	NOTE: http://www.securityfocus.com/bid/16556
-CVE-2006-0626
+CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ...)
 	- spip <unfixed> (medium; bug #352077)
 	NOTE: http://www.securityfocus.com/bid/16551
 CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 ...)
@@ -2990,11 +3088,11 @@
 	RESERVED
 CVE-2006-0021
 	RESERVED
-CVE-2006-0020 (An unspecified Microsoft WMF parsing application allows attackers to ...)
+CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Internet ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-0018
 	REJECTED
-CVE-2005-3961 (WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar ...)
+CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers to ...)
 	- webcalendar <unfixed> (bug #341208; medium)
 CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Kadu
@@ -11597,8 +11695,8 @@
 	NOT-FOR-US: Sophos
 CVE-2005-1529
 	RESERVED
-CVE-2005-1528
-	RESERVED
+CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX ...)
+	TODO: check
 CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
 	{DSA-892-1}
 	- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)




More information about the Secure-testing-commits mailing list