[Secure-testing-commits] r3219 - data/CVE

Joey Hess joeyh at costa.debian.org
Wed Jan 4 09:14:25 UTC 2006 

Author: joeyh
Date: 2006-01-04 09:14:19 +0000 (Wed, 04 Jan 2006)
New Revision: 3219

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-04 04:48:25 UTC (rev 3218)
+++ data/CVE/list	2006-01-04 09:14:19 UTC (rev 3219)
@@ -1,6 +1,68 @@
+CVE-2006-0081 (The ialmrnt5 display driver in Intel Graphics Accelerator Driver ...)
+	TODO: check
+CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and ...)
+	TODO: check
+CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 ...)
+	TODO: check
+CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software ...)
+	TODO: check
+CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...)
+	TODO: check
+CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
+	TODO: check
+CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and ...)
+	TODO: check
+CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote ...)
+	TODO: check
+CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...)
+	TODO: check
+CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote ...)
+	TODO: check
+CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid ...)
+	TODO: check
+CVE-2006-0070 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk ...)
+	TODO: check
+CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows ...)
+	TODO: check
+CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 ...)
+	TODO: check
+CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows ...)
+	TODO: check
+CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...)
+	TODO: check
+CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...)
+	TODO: check
+CVE-2006-0063
+	RESERVED
+CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...)
+	TODO: check
+CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows ...)
+	TODO: check
+CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and ...)
+	TODO: check
+CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier ...)
+	TODO: check
+CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows ...)
+	TODO: check
+CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote ...)
+	TODO: check
+CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ...)
+	TODO: check
+CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12, ...)
+	TODO: check
+CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows ...)
+	TODO: check
+CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...)
+	TODO: check
+CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...)
+	TODO: check
 CVE-2006-XXXX [libmail-audit-perl: insecure /tmp handling]
 	- libmail-audit-perl <unfixed> (bug #344029)
-CVE-2005-4605 [kernel procfs information leak]
+CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...)
 	- linux-2.6 2.6.15-1
 	- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
 	NOTE: Sarge 2.6.8 status yet unclear
@@ -26,7 +88,7 @@
 	RESERVED
 CVE-2006-0054
 	RESERVED
-CVE-2005-4604 (Buffer overflow in MTink allows remote attackers to execute arbitrary ...)
+CVE-2005-4604 (Buffer overflow in MTink allows local users to execute arbitrary code ...)
 	- mtink <not-affected> (mtink not installed SUID root)
 CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB ...)
 	NOT-FOR-US: MyBB
@@ -140,7 +202,7 @@
 	RESERVED
 CVE-2005-4561
 	RESERVED
-CVE-2005-4560 (Microsoft Windows allows remote attackers to execute arbitrary code ...)
+CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in ...)
 	NOT-FOR-US: Windows
 CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...)
 	NOT-FOR-US: IceWarp Web Mail
@@ -310,7 +372,7 @@
 	NOT-FOR-US: OpenEdit
 CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier ...)
 	NOT-FOR-US: OpenCms
-CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.16.7 through ...)
+CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9 through ...)
 	- bugzilla 2.18 (bug #329387; low)
 	NOTE: The vulnerable script has been removed in the 2.18 upstream release
 	[woody] - bugzilla <unfixed>

More information about the Secure-testing-commits mailing list