[Secure-testing-commits] r3518 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue Feb 21 09:15:11 UTC 2006
Author: joeyh
Date: 2006-02-21 09:14:56 +0000 (Tue, 21 Feb 2006)
New Revision: 3518
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-20 14:05:51 UTC (rev 3517)
+++ data/CVE/list 2006-02-21 09:14:56 UTC (rev 3518)
@@ -1,3 +1,161 @@
+CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...)
+ TODO: check
+CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows ...)
+ TODO: check
+CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote ...)
+ TODO: check
+CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word ...)
+ TODO: check
+CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71 ...)
+ TODO: check
+CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed ...)
+ TODO: check
+CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to ...)
+ TODO: check
+CVE-2006-0803
+ RESERVED
+CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module ...)
+ TODO: check
+CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for PostNuke ...)
+ TODO: check
+CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows remote ...)
+ TODO: check
+CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to conduct ...)
+ TODO: check
+CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in ...)
+ TODO: check
+CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to caues a denial of ...)
+ TODO: check
+CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...)
+ TODO: check
+CVE-2006-0795 (Unspecified vulnerability in convert.cgi in Quirex 2.0.2 and earlier ...)
+ TODO: check
+CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct ...)
+ TODO: check
+CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in preferences.personal.php ...)
+ TODO: check
+CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in DreamCost ...)
+ TODO: check
+CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-0789 (Certain unspecified Kyocera printers have a default "admin" account ...)
+ TODO: check
+CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that allows ...)
+ TODO: check
+CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and ...)
+ TODO: check
+CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 ...)
+ TODO: check
+CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 ...)
+ TODO: check
+CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers ...)
+ TODO: check
+CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe ...)
+ TODO: check
+CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier ...)
+ TODO: check
+CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and ...)
+ TODO: check
+CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in ...)
+ TODO: check
+CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums ...)
+ TODO: check
+CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier ...)
+ TODO: check
+CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 ...)
+ TODO: check
+CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts ...)
+ TODO: check
+CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 ...)
+ TODO: check
+CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession library ...)
+ TODO: check
+CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - ...)
+ TODO: check
+CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic - Container ...)
+ TODO: check
+CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as used ...)
+ TODO: check
+CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in ...)
+ TODO: check
+CVE-2006-0769 (Unspecified vulnerability in in.rexecd in Solaris 10 allows local ...)
+ TODO: check
+CVE-2006-0768 (Kadu 0.4.3 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, ...)
+ TODO: check
+CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ...)
+ TODO: check
+CVE-2006-0764 (The Authentication, Authorization, and Accounting (AAA) capability in ...)
+ TODO: check
+CVE-2006-0763 (Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in ...)
+ TODO: check
+CVE-2006-0762 (WinAbility Folder Guard 4.11 allows local users to gain unauthorized ...)
+ TODO: check
+CVE-2006-0761 (Buffer overflow in BlackBerry Attachment Service in Research in Motion ...)
+ TODO: check
+CVE-2006-0760 (LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive ...)
+ TODO: check
+CVE-2006-0759 (Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier ...)
+ TODO: check
+CVE-2006-0758 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...)
+ TODO: check
+CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier ...)
+ TODO: check
+CVE-2006-0756 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-0755 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-0754 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP Service ...)
+ TODO: check
+CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet ...)
+ TODO: check
+CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in ...)
+ TODO: check
+CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers (SSB) ...)
+ TODO: check
+CVE-2006-0749
+ RESERVED
+CVE-2006-0748
+ RESERVED
+CVE-2006-0747
+ RESERVED
+CVE-2006-0746
+ RESERVED
+CVE-2006-0745
+ RESERVED
+CVE-2006-0744
+ RESERVED
+CVE-2006-0743
+ RESERVED
+CVE-2006-0742
+ RESERVED
+CVE-2006-0741
+ RESERVED
+CVE-2006-0740
+ RESERVED
+CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow ...)
+ TODO: check
+CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-0736
+ RESERVED
+CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows ...)
+ TODO: check
+CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ...)
+ TODO: check
+CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows ...)
+ TODO: check
CVE-2006-XXXX [sa-exim: deletion of files]
- sa-exim <unfixed> (bug #345071)
CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand]
@@ -2,7 +160,7 @@
- imagemagick 6:6.2.4.5-0.6 (bug #345595)
-CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in My Blog before 1.65 allows ...)
+CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...)
NOT-FOR-US: My Blog
CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE ...)
NOT-FOR-US: Half-Life
-CVE-2006-0733 (** DISPUTED ** ...)
+CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...)
- wordpress <unfixed>
@@ -118,8 +276,8 @@
NOTE: powerd supposedly normally comes with sysvinit, but not in debian
CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...)
- webgui <itp> (bug #139749)
-CVE-2006-0679
- RESERVED
+CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account module in ...)
+ TODO: check
CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...)
NOTE: Only vulnerable when compiled with asserts
- postgresql <unfixed> (unimportant)
@@ -161,7 +319,7 @@
NOT-FOR-US: Sony Ericsson
CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to ...)
- bluez-hcidump <unfixed> (bug #351881)
-CVE-2006-0669 (Multiple SQL injection vulnerabilities in archive.asp in GA's Forum ...)
+CVE-2006-0669 (** DISPUTED ** ...)
NOT-FOR-US: Forum Light
CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...)
NOT-FOR-US: PwsPHP
@@ -714,8 +872,8 @@
NOT-FOR-US: AndoNET Blog
CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in ...)
NOT-FOR-US: ExpressionEngine
-CVE-2006-0460
- RESERVED
+CVE-2006-0460 (Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote ...)
+ TODO: check
CVE-2006-0459
RESERVED
CVE-2006-0458
@@ -2111,8 +2269,8 @@
- nfs-user-server 2.2beta47-22 (high; bug #350020)
NOTE: nfs-utils (kernel NFS server) is not affected
NOTE: (it uses PATH_MAX for the buffer passed to realpath).
-CVE-2006-0042
- RESERVED
+CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) ...)
+ TODO: check
CVE-2006-0041
RESERVED
CVE-2006-0040
@@ -2964,7 +3122,7 @@
NOT-FOR-US: SugarCRM
CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...)
NOT-FOR-US: SugarCRM
-CVE-2005-4085 (Buffer overflow in BlueCoat WinProxy before 6.1a allows remote ...)
+CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web ...)
NOT-FOR-US: BlueCoat WinProxy
CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...)
NOT-FOR-US: phpBB eXtreme Styles module
@@ -3089,7 +3247,7 @@
NOT-FOR-US: aMember
CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers ...)
NOT-FOR-US: SimpleBBS
-CVE-2005-4026 (search.php in Geeklog 1.4.0 Beta 1 and earlier allows remote attackers ...)
+CVE-2005-4026 (search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before ...)
NOT-FOR-US: Geeklog
CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect ...)
NOT-FOR-US: Help Desk Reloaded Free Help Desk
@@ -4108,7 +4266,7 @@
RESERVED
CVE-2006-0014
RESERVED
-CVE-2006-0013 (Buffer overflow in the Web Client service for Microsoft Windows XP SP1 ...)
+CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft ...)
TODO: check
CVE-2006-0012
RESERVED
@@ -10896,7 +11054,7 @@
{DSA-804-2}
- kdelibs 4:3.4.2-1 (bug #319016; medium)
CVE-2005-1919
- RESERVED
+ REJECTED
CVE-2005-1918
RESERVED
CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
@@ -20875,8 +21033,8 @@
RESERVED
CVE-2003-0957
RESERVED
-CVE-2003-0956
- RESERVED
+CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel ...)
+ TODO: check
CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
NOT-FOR-US: OpenBSD
CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
More information about the Secure-testing-commits
mailing list