[Secure-testing-commits] r3497 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Feb 16 09:14:39 UTC 2006
Author: joeyh
Date: 2006-02-16 09:14:24 +0000 (Thu, 16 Feb 2006)
New Revision: 3497
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-16 08:46:31 UTC (rev 3496)
+++ data/CVE/list 2006-02-16 09:14:24 UTC (rev 3497)
@@ -1,6 +1,139 @@
+CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in My Blog before 1.65 allows ...)
+ TODO: check
+CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE ...)
+ TODO: check
+CVE-2006-0733 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-0732 (Unspecified vulnerability in SAP Business Connector 4.6 and 4.7 allows ...)
+ TODO: check
+CVE-2006-0731 (Unspecified vulnerability in SAP Business Connector Core Fix 7 and ...)
+ TODO: check
+CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...)
+ TODO: check
+CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 ...)
+ TODO: check
+CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and ...)
+ TODO: check
+CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis ...)
+ TODO: check
+CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke ...)
+ TODO: check
+CVE-2006-0725 (PHP remote file include vulnerability in prepend.php in Plume CMS ...)
+ TODO: check
+CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when ...)
+ TODO: check
+CVE-2006-0723 (preview.php in Reamday Enterprises Magic News Lite 1.2.3, when ...)
+ TODO: check
+CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when ...)
+ TODO: check
+CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a ...)
+ TODO: check
+CVE-2006-0720
+ RESERVED
+CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds ...)
+ TODO: check
+CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya ...)
+ TODO: check
+CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote ...)
+ TODO: check
+CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote ...)
+ TODO: check
+CVE-2006-0714 (Directory traversal vulnerability in the installation file ...)
+ TODO: check
+CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote ...)
+ TODO: check
+CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly ...)
+ TODO: check
+CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl ...)
+ TODO: check
+CVE-2006-0710 (Double-free vulnerability in isode.eddy in Isode M-Vault Server 11.3 ...)
+ TODO: check
+CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow ...)
+ TODO: check
+CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows ...)
+ TODO: check
+CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in Gästebuch ...)
+ TODO: check
+CVE-2006-0705 (Format string vulnerability in a logging function as used by various ...)
+ TODO: check
+CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a "bespoke error ...)
+ TODO: check
+CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown ...)
+ TODO: check
+CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ...)
+ TODO: check
+CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list ...)
+ TODO: check
+CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission ...)
+ TODO: check
+CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki ...)
+ TODO: check
+CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote ...)
+ TODO: check
+CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, ...)
+ TODO: check
+CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote ...)
+ TODO: check
+CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which ...)
+ TODO: check
+CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove ...)
+ TODO: check
+CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...)
+ TODO: check
+CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL ...)
+ TODO: check
+CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that ...)
+ TODO: check
+CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software ...)
+ TODO: check
+CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in ...)
+ TODO: check
+CVE-2006-0688 (PHP remote file include vulnerability in application.php in ...)
+ TODO: check
+CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo ...)
+ TODO: check
+CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and ...)
+ TODO: check
+CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control ...)
+ TODO: check
+CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 ...)
+ TODO: check
+CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control ...)
+ TODO: check
+CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system ...)
+ TODO: check
+CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...)
+ TODO: check
+CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...)
+ TODO: check
+CVE-2006-0679
+ RESERVED
+CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...)
+ TODO: check
+CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 ...)
+ TODO: check
+CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...)
+ TODO: check
+CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ...)
+ TODO: check
+CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 ...)
+ TODO: check
+CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 ...)
+ TODO: check
+CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote ...)
+ TODO: check
CVE-2006-XXXX [honeyd info leak]
- honeyd <unfixed> (bug filed)
CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows ...)
+ {DSA-977-1}
- heimdal <unfixed>
CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 ...)
NOT-FOR-US: PHP-Nuke
@@ -22,8 +155,8 @@
NOT-FOR-US: PwsPHP
CVE-2006-0667
RESERVED
-CVE-2006-0666
- RESERVED
+CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels ...)
+ TODO: check
CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
- mantis 0.19.4-3
[woody] - mantis <not-affected> (Complete rewrite in 0.19)
@@ -34,7 +167,7 @@
NOT-FOR-US: Lotus Domino
CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...)
NOT-FOR-US: Lotus Domino
-CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in SmE GB Host 1.21 and SmE ...)
+CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 ...)
NOT-FOR-US: SmE GB Host
CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and ...)
NOT-FOR-US: FarsiNews
@@ -226,6 +359,7 @@
CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and ...)
NOT-FOR-US: Clever Copy
CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and ...)
+ {DSA-977-1}
- heimdal <unfixed>
CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 ...)
NOT-FOR-US: Hosting Controller
@@ -283,8 +417,8 @@
RESERVED
CVE-2006-0554
RESERVED
-CVE-2006-0553
- RESERVED
+CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to ...)
+ TODO: check
CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...)
@@ -346,7 +480,7 @@
- evolution 2.2.3-4 (low)
[sarge] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
[woody] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
-CVE-2006-0527 (Unspecified vulnerability in Berkeley Internet Name Domain (BIND) on ...)
+CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, ...)
NOTE: CVE says, "due to the lack of relevant details from the vendor, it is not
NOTE: known whether this is a duplicate of an existing CVE or a brand-new issue that
NOTE: applies to BIND on other operating systems."
@@ -578,8 +712,7 @@
RESERVED
CVE-2006-0456
RESERVED
-CVE-2006-0455 [buggy return codes in gpg's sig verification code]
- RESERVED
+CVE-2006-0455 (gpgv in GnuPG 1.4.x before 1.4.2.1, when using unattended signature ...)
- gnupg <unfixed> (bug #353017; medium)
NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html indicates that
NOTE: *all* versions are affected because gpg --verify is also affected
@@ -587,12 +720,12 @@
- linux-2.6 2.6.15-5
[sarge] - kernel-source-2.6.8 <not-affected>
[sarge] - kernel-source-2.4.27 <not-affected>
-CVE-2006-0453
- RESERVED
-CVE-2006-0452
- RESERVED
-CVE-2006-0451
- RESERVED
+CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote ...)
+ TODO: check
+CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0 ...)
+ TODO: check
+CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory Server ...)
+ TODO: check
CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of ...)
- phpbb2 <unfixed> (unimportant)
NOTE: As discussed with the phpbb maintainers; this is only a lack of feature
@@ -678,7 +811,7 @@
NOT-FOR-US: BEA WebLogic
CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...)
NOT-FOR-US: BEA WebLogic
-CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows local users to ...)
+CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit ...)
- unzip <unfixed> (medium; bug #349794)
NOTE: The scope of this issue is currently unclear, medium for now, but might be
NOTE: less severe
@@ -756,8 +889,8 @@
RESERVED
CVE-2006-0383
RESERVED
-CVE-2006-0382
- RESERVED
+CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of ...)
+ TODO: check
CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...)
NOT-FOR-US: pf on Free BSD and Open BSD
CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel ...)
@@ -3193,8 +3326,8 @@
NOT-FOR-US: Microsoft
CVE-2006-0022
RESERVED
-CVE-2006-0021
- RESERVED
+CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows ...)
+ TODO: check
CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Internet ...)
NOT-FOR-US: Microsoft
CVE-2006-0018
@@ -3266,7 +3399,7 @@
CVE-2005-3929 (Directory traversal vulnerability in the create function in ...)
NOT-FOR-US: Xaraya
NOTE: xarMLSXML2PHPBackend.php, 'nuff said
-CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.3.0 allows local users to execute ...)
+CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users ...)
NOT-FOR-US: QNX
CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and ...)
NOT-FOR-US: GuppY
@@ -3956,8 +4089,8 @@
RESERVED
CVE-2006-0014
RESERVED
-CVE-2006-0013
- RESERVED
+CVE-2006-0013 (Buffer overflow in the Web Client service for Microsoft Windows XP SP1 ...)
+ TODO: check
CVE-2006-0012
RESERVED
CVE-2006-0011
@@ -3966,16 +4099,16 @@
NOT-FOR-US: Microsoft
CVE-2006-0009
RESERVED
-CVE-2006-0008
- RESERVED
+CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean ...)
+ TODO: check
CVE-2006-0007
RESERVED
-CVE-2006-0006
- RESERVED
-CVE-2006-0005
- RESERVED
-CVE-2006-0004
- RESERVED
+CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in ...)
+ TODO: check
+CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player ...)
+ TODO: check
+CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with ...)
+ TODO: check
CVE-2006-0003
RESERVED
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 200 through 2003, ...)
@@ -5071,8 +5204,7 @@
CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary files ...)
{DSA-927-1}
- tkdiff 1:4.0.2-2 (low)
-CVE-2005-3342 [insecure temp file in noweb]
- RESERVED
+CVE-2005-3342 (noweb 2.10c and earlier allows local users to overwrite arbitrary ...)
{DSA-968-1}
- noweb 2.10c-3.2 (low)
CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and ...)
@@ -5712,7 +5844,7 @@
- polipo <unfixed> (bug #332411; medium)
CVE-2005-3162
REJECTED
-CVE-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows ...)
+CVE-2005-3161 (Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 ...)
NOT-FOR-US: PHP-Fusion
CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...)
NOT-FOR-US: PHP-Fusion
@@ -6055,10 +6187,10 @@
NOT-FOR-US: AIX
CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...)
NOT-FOR-US: Opera
-CVE-2005-3058
- RESERVED
-CVE-2005-3057
- RESERVED
+CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS ...)
+ TODO: check
+CVE-2005-3057 (Unspecified vulnerability in the FTP component in FortiGate 2.8, ...)
+ TODO: check
CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ]
RESERVED
- twiki 20040902-2 (bug #330733; high)
@@ -6855,8 +6987,8 @@
RESERVED
CVE-2005-2713
RESERVED
-CVE-2005-2712
- RESERVED
+CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, ...)
+ TODO: check
CVE-2005-2711
RESERVED
CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...)
@@ -7232,10 +7364,10 @@
NOT-FOR-US: ECW Shop
CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...)
NOT-FOR-US: Novell GroupWise
-CVE-2005-2619
- RESERVED
-CVE-2005-2618
- RESERVED
+CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly ...)
+ TODO: check
+CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...)
+ TODO: check
CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
NOT-FOR-US: MS IE
CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
More information about the Secure-testing-commits
mailing list