[Secure-testing-commits] r3480 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue Feb 14 21:14:30 UTC 2006
Author: joeyh
Date: 2006-02-14 21:14:24 +0000 (Tue, 14 Feb 2006)
New Revision: 3480
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-14 20:56:53 UTC (rev 3479)
+++ data/CVE/list 2006-02-14 21:14:24 UTC (rev 3480)
@@ -1,3 +1,77 @@
+CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows ...)
+ TODO: check
+CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 ...)
+ TODO: check
+CVE-2006-0675 (Cross-site scripting (XSS) vulnerability in search.php in Siteframe ...)
+ TODO: check
+CVE-2006-0674 (Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 ...)
+ TODO: check
+CVE-2006-0673 (Multiple SQL injection vulnerabilities in cms/index.php in Magic ...)
+ TODO: check
+CVE-2006-0672 (Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before ...)
+ TODO: check
+CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell ...)
+ TODO: check
+CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0669 (Multiple SQL injection vulnerabilities in archive.asp in GA's Forum ...)
+ TODO: check
+CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...)
+ TODO: check
+CVE-2006-0667
+ RESERVED
+CVE-2006-0666
+ RESERVED
+CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
+ TODO: check
+CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...)
+ TODO: check
+CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino ...)
+ TODO: check
+CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...)
+ TODO: check
+CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in SmE GB Host 1.21 and SmE ...)
+ TODO: check
+CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and ...)
+ TODO: check
+CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in Runcms 1.2 and ...)
+ TODO: check
+CVE-2006-0658 (Incomplete blacklist vulnerability in FCKeditor 2.0 and 2.2, as used ...)
+ TODO: check
+CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event ...)
+ TODO: check
+CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 ...)
+ TODO: check
+CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+ TODO: check
+CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate ...)
+ TODO: check
+CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites ...)
+ TODO: check
+CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions ...)
+ TODO: check
+CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote ...)
+ TODO: check
+CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the ...)
+ TODO: check
+CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 ...)
+ TODO: check
+CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, ...)
+ TODO: check
+CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on Linux ...)
+ TODO: check
+CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain ...)
+ TODO: check
+CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS ...)
+ TODO: check
+CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, ...)
+ TODO: check
+CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...)
+ TODO: check
+CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL ...)
+ TODO: check
+CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper ...)
+ TODO: check
CVE-2006-XXXX [imagemagick's display(1) deletes arbitrary files]
- imagemagick 6:6.2.4.5-0.7 (bug #352575; medium)
- graphicsmagick <not-affected> (Vulnerable code not present)
@@ -111,20 +185,16 @@
NOT-FOR-US: Land Down Under
CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products ...)
NOT-FOR-US: AutoCAD
-CVE-2006-0598 [elog: buffer overflow in write_logfile]
- RESERVED
+CVE-2006-0598 (Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows ...)
{DSA-967-1}
- elog 2.6.1+r1642-1
-CVE-2006-0597 [elog: remote DoS through overly long attributes]
- RESERVED
+CVE-2006-0597 (Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 ...)
{DSA-967-1}
- elog 2.6.1+r1642-1
-CVE-2006-0599 [elog: information discloure in password denial]
- RESERVED
+CVE-2006-0599 (The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 ...)
{DSA-967-1}
- elog 2.6.1+r1642-1
-CVE-2006-0600 [elog: remote DoS through endless loop]
- RESERVED
+CVE-2006-0600 (elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of ...)
{DSA-967-1}
- elog 2.6.1+r1642-1
CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...)
@@ -149,7 +219,7 @@
NOT-FOR-US: PeopleSoft People Tools
CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and ...)
NOT-FOR-US: Clever Copy
-CVE-2006-0582 (Unspecified vulnerability in Heimdal rshd 0.6.x before 0.6.6 and 0.7.x ...)
+CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and ...)
- heimdal <unfixed>
CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 ...)
NOT-FOR-US: Hosting Controller
@@ -855,6 +925,7 @@
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...)
NOT-FOR-US: ZyXel hardware
CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other ...)
+ {DSA-971-1}
- poppler 0.4.5-1 (medium)
- tetex-bin 3.0-12 (medium)
- kdegraphics 4:3.5.1-2 (medium)
@@ -1553,8 +1624,8 @@
RESERVED
CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
NOT-FOR-US: Windows
-CVE-2006-0056
- RESERVED
+CVE-2006-0056 (Double-free vulnerability in the authentication and authentication ...)
+ TODO: check
CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable ...)
- ee <unfixed> (bug #348322)
NOTE: Sarge and Woody are affected
@@ -1620,8 +1691,7 @@
RESERVED
CVE-2006-0047
RESERVED
-CVE-2006-0046 [adzapper DoS]
- RESERVED
+CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows remote ...)
{DSA-966-1}
- adzapper 20060115-1
CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving and ...)
@@ -4059,8 +4129,7 @@
- libextractor 0.5.9-1
- pdfkit.framework 0.8-4
- pdftohtml <unfixed>
-CVE-2005-3623 [Incorrect ACLs only read-only NFS shares]
- RESERVED
+CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR ...)
[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
- linux-2.6 2.6.14-7
CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...)
@@ -4317,9 +4386,9 @@
NOT-FOR-US: F-Prot Antivirus
CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before ...)
NOT-FOR-US: WebSphere
-CVE-2005-3497 (SQL injection vulnerability in process_signup.php in PHP Handicapper ...)
+CVE-2005-3497 (** DISPUTED ** ...)
NOT-FOR-US: PHP Handicapper
-CVE-2005-3496 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Handicapper ...)
+CVE-2005-3496 (Cross-site scripting (XSS) vulnerability in PHP Handicapper allows ...)
NOT-FOR-US: PHP Handicapper
CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass ...)
NOT-FOR-US: Ar-blog
@@ -5400,8 +5469,8 @@
CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote ...)
- ethereal 0.10.13-1 (bug #334880; medium)
NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
-CVE-2005-3240
- RESERVED
+CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-complicit ...)
+ TODO: check
CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
NOT-FOR-US: Solaris
CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and ...)
More information about the Secure-testing-commits
mailing list