[Secure-testing-commits] r3252 - data/CVE
Joey Hess
joeyh at costa.debian.org
Mon Jan 9 21:14:39 UTC 2006
Author: joeyh
Date: 2006-01-09 21:14:25 +0000 (Mon, 09 Jan 2006)
New Revision: 3252
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-09 18:34:23 UTC (rev 3251)
+++ data/CVE/list 2006-01-09 21:14:25 UTC (rev 3252)
@@ -1,13 +1,159 @@
+CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares ...)
+ TODO: check
+CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...)
+ TODO: check
+CVE-2006-0135 (SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 ...)
+ TODO: check
+CVE-2006-0134 (Cross-site scripting (XSS) vulnerability in register.php in ...)
+ TODO: check
+CVE-2006-0133 (Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow ...)
+ TODO: check
+CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 ...)
+ TODO: check
+CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...)
+ TODO: check
+CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...)
+ TODO: check
+CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before ...)
+ TODO: check
+CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of Rockliffe ...)
+ TODO: check
+CVE-2006-0126 (rxvt-unicode before 6.3, on certain platforms that use openpty and ...)
+ TODO: check
+CVE-2006-0125 (Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows ...)
+ TODO: check
+CVE-2006-0124 (Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum ...)
+ TODO: check
+CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote ...)
+ TODO: check
+CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in ...)
+ TODO: check
+CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server before ...)
+ TODO: check
+CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...)
+ TODO: check
+CVE-2006-0119 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...)
+ TODO: check
+CVE-2006-0118 (Unspecified vulnerability in IBM Lotus Notes and Domino Server before ...)
+ TODO: check
+CVE-2006-0117 (Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 ...)
+ TODO: check
+CVE-2006-0116 (Cross-site scripting vulnerability search.inetstore in iNETstore ...)
+ TODO: check
+CVE-2006-0115 (Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug ...)
+ TODO: check
+CVE-2006-0114 (The vCard functions in Joomla! 1.0.5 use predictable sequential IDs ...)
+ TODO: check
+CVE-2006-0113 (Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in Enhanced ...)
+ TODO: check
+CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media ...)
+ TODO: check
+CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...)
+ TODO: check
+CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...)
+ TODO: check
+CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows ...)
+ TODO: check
+CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to ...)
+ TODO: check
+CVE-2006-0105
+ RESERVED
+CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier ...)
+ TODO: check
+CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/anyuser.hash and (2) ...)
+ TODO: check
+CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...)
+ TODO: check
+CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 ...)
+ TODO: check
+CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local ...)
+ TODO: check
+CVE-2006-0099 (PHP remote file include vulnerability in (1) ...)
+ TODO: check
+CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and ...)
+ TODO: check
+CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in ...)
+ TODO: check
+CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
+ TODO: check
+CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
+ TODO: check
+CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
+ TODO: check
+CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP ...)
+ TODO: check
+CVE-2006-0092 (SQL injection vulnerability in index.php in SiteSuite CMS allows ...)
+ TODO: check
+CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...)
+ TODO: check
+CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...)
+ TODO: check
+CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha ...)
+ TODO: check
+CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in ...)
+ TODO: check
+CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation ...)
+ TODO: check
+CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote ...)
+ TODO: check
+CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ...)
+ TODO: check
+CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel before ...)
+ TODO: check
+CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...)
+ TODO: check
+CVE-2005-4633 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
+ TODO: check
+CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0 and ...)
+ TODO: check
+CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...)
+ TODO: check
+CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 allows ...)
+ TODO: check
+CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ...)
+ TODO: check
+CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...)
+ TODO: check
+CVE-2005-4626 (The default configuration of Recruitment Software installs ...)
+ TODO: check
+CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...)
+ TODO: check
+CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows ...)
+ TODO: check
+CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote ...)
+ TODO: check
+CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page in ...)
+ TODO: check
+CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to ...)
+ TODO: check
+CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
+ TODO: check
+CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
+ TODO: check
CVE-2006-0083 [smstools logging format string issue]
+ RESERVED
+ {DSA-930-1}
- smstools <unfixed> (bug #347221; medium)
-CVE-2006-0106 [wine SETABORTPROC code execution via WMF]
+CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...)
{CVE-2005-4560}
- wine <unfixed> (bug #346197; medium)
-CVE-2006-0082 [Format string issue in imagemagick]
+CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c ...)
- imagemagick <unfixed> (bug #345876)
CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
- b2evolution 0.9.1b-4 (bug #344000)
-CVE-2006-0081 (The ialmrnt5 display driver in Intel Graphics Accelerator Driver ...)
+CVE-2006-0081 (ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics ...)
NOT-FOR-US: Intel
CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and ...)
NOT-FOR-US: vBulletin
@@ -45,8 +191,8 @@
NOT-FOR-US: VEGO Web Forum
CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...)
NOT-FOR-US: CubeCart
-CVE-2006-0063
- RESERVED
+CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when ...)
+ TODO: check
CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...)
NOT-FOR-US: cSupport
CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows ...)
@@ -100,7 +246,7 @@
RESERVED
CVE-2006-0054
RESERVED
-CVE-2005-4604 (Buffer overflow in MTink allows local users to execute arbitrary code ...)
+CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package allows ...)
- mtink <not-affected> (mtink not installed SUID root)
CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB ...)
NOT-FOR-US: MyBB
@@ -309,7 +455,7 @@
NOT-FOR-US: PHP-Fusion
CVE-2005-4515 (SQL injection vulnerability in WebDB 1.1 and earlier allows remote ...)
NOT-FOR-US: WebDB
-CVE-2005-4514 (The encapsulation script mechanism in Webwasher CSM Appliance Suite ...)
+CVE-2005-4514 (** DISPUTED ** ...)
NOT-FOR-US: Webwasher
CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows ...)
NOT-FOR-US: WANDSOFT e-SEARCH
@@ -1239,8 +1385,8 @@
NOT-FOR-US: SugarCRM
CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...)
NOT-FOR-US: SugarCRM
-CVE-2005-4085
- RESERVED
+CVE-2005-4085 (Buffer overflow in BlueCoat WinProxy before 6.1a allows remote ...)
+ TODO: check
CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...)
NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...)
@@ -2069,7 +2215,7 @@
NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...)
NOT-FOR-US: IPUpdate
-CVE-2005-3779 (Unknown vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 ...)
+CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 ...)
NOT-FOR-US: HP-UX
CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...)
NOT-FOR-US: MyBB
@@ -2400,8 +2546,8 @@
RESERVED
CVE-2006-0001
RESERVED
-CVE-2005-3714
- RESERVED
+CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before Firmware ...)
+ TODO: check
CVE-2005-3713
RESERVED
CVE-2005-3712
@@ -2448,12 +2594,12 @@
RESERVED
CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...)
NOT-FOR-US: McAfee
-CVE-2005-3656
- RESERVED
+CVE-2005-3656 (Multiple format string vulnerabilities in mod_auth_pgsql before 2.0.3, ...)
+ TODO: check
CVE-2005-3655
RESERVED
-CVE-2005-3654
- RESERVED
+CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...)
+ TODO: check
CVE-2005-3653
RESERVED
CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 ...)
@@ -2509,25 +2655,26 @@
RESERVED
CVE-2005-3628 [further xpdf overflow check]
RESERVED
+ {DSA-932-1 DSA-931-1}
- kdegraphics 3.5.0-3
- xpdf 3.01-4
-CVE-2005-3627 [xpdf buffer overflow]
- RESERVED
+CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...)
+ {DSA-932-1 DSA-931-1}
- poppler 0.4.3-2
- kdegraphics 3.5.0-3
- xpdf 3.01-4
-CVE-2005-3626 [xpdf null pointer dos]
- RESERVED
+CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
+ {DSA-932-1 DSA-931-1}
- poppler 0.4.3-2
- kdegraphics 3.5.0-3
- xpdf 3.01-4
-CVE-2005-3625 [xpdf endless loop]
- RESERVED
+CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
+ {DSA-932-1 DSA-931-1}
- poppler 0.4.3-2
- kdegraphics 3.5.0-3
- xpdf 3.01-4
-CVE-2005-3624 [xpdf heap overflow]
- RESERVED
+CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
+ {DSA-932-1 DSA-931-1}
- poppler 0.4.3-2
- kdegraphics 3.5.0-3
- xpdf 3.01-4
@@ -2698,13 +2845,12 @@
RESERVED
CVE-2005-3540 [buffer overflow in petris]
RESERVED
+ {DSA-929-1}
- petris <unfixed>
-CVE-2005-3539 [hylafax notify missing input sanitising]
- RESERVED
+CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier ...)
- hylafax 2:4.2.4-2
NOTE: First patch had regressions
-CVE-2005-3538 [hylafax hfaxd PAM breakage]
- RESERVED
+CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts ...)
- hylafax 2:4.2.4-1
CVE-2005-3537 (A "missing request validation" error in phpBB 2 before 2.0.18 allows ...)
{DSA-925-1}
@@ -3410,8 +3556,8 @@
CVE-2005-3358 (Linux kernel 2.6.x, possibly before 2.6.11, allows local users to ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
TODO: check 2.4
-CVE-2005-3357
- RESERVED
+CVE-2005-3357 (mod_ssl in Apache 2.0.53 and 2.1.9, when configured with an SSL vhost ...)
+ TODO: check
CVE-2005-3356
RESERVED
CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...)
@@ -3965,6 +4111,7 @@
CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
NOT-FOR-US: ALZip
CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function ...)
+ {DSA-932-1 DSA-931-1}
- xpdf 3.01-3 (bug #342281; bug #342337; medium)
- gpdf 2.10.0-1 (bug #342286; medium)
- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
@@ -3976,6 +4123,7 @@
- libextractor 0.5.8-1 (medium)
- cupsys 1.1.23-13 (unimportant)
CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...)
+ {DSA-932-1 DSA-931-1}
- xpdf 3.01-3 (bug #342281; bug #342337; medium)
- gpdf 2.10.0-1 (bug #342286; medium)
- pdftohtml <unfixed> (bug #342289; medium)
@@ -3988,6 +4136,7 @@
- libextractor 0.5.8-1 (medium)
- cupsys 1.1.23-13 (unimportant)
CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
+ {DSA-932-1 DSA-931-1}
- xpdf 3.01-3 (bug #342281; bug #342337; medium)
- gpdf 2.10.0-1 (bug #342286; medium)
- pdftohtml <unfixed> (bug #342289; medium)
@@ -4004,8 +4153,8 @@
NOT-FOR-US: Qualcomm WorldMail IMAP Server
CVE-2005-3188
RESERVED
-CVE-2005-3187
- RESERVED
+CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a ...)
+ TODO: check
CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...)
{DSA-913-1 DSA-911-1}
- gtk+2.0 2.6.10-2 (bug #339431; medium)
@@ -5234,7 +5383,7 @@
{DSA-826-1}
NOTE: see http://www.open-security.org/advisories/13
- helix-player 1.0.6-1 (bug #330364; high)
-CVE-2005-2709 (sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a ...)
+CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 ...)
- linux-2.6 2.6.14-3
NOTE: Send to Horms as usual
CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on ...)
More information about the Secure-testing-commits
mailing list