[Secure-testing-commits] r3263 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue Jan 10 21:14:42 UTC 2006
Author: joeyh
Date: 2006-01-10 21:14:35 +0000 (Tue, 10 Jan 2006)
New Revision: 3263
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-10 21:05:16 UTC (rev 3262)
+++ data/CVE/list 2006-01-10 21:14:35 UTC (rev 3263)
@@ -1,3 +1,61 @@
+CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 ...)
+ TODO: check
+CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows ...)
+ TODO: check
+CVE-2006-0158 (SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS ...)
+ TODO: check
+CVE-2006-0157 (settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows ...)
+ TODO: check
+CVE-2006-0156 (Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows ...)
+ TODO: check
+CVE-2006-0155 (Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and ...)
+ TODO: check
+CVE-2006-0154 (SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 ...)
+ TODO: check
+CVE-2006-0153 (427BB 2.2 and 2.2.1 verifies authentication credentials based on the ...)
+ TODO: check
+CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and ...)
+ TODO: check
+CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT ...)
+ TODO: check
+CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason ...)
+ TODO: check
+CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with ...)
+ TODO: check
+CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test script ...)
+ TODO: check
+CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used in ...)
+ TODO: check
+CVE-2006-0145 (The lseek system call in kernfs in NetBSD 1.6 through 2.1 does not ...)
+ TODO: check
+CVE-2006-0144 (Unspecified vulnerability in go-pear.php in PHP PEAR 0.2.2 allows ...)
+ TODO: check
+CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote ...)
+ TODO: check
+CVE-2006-0142 (Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda ...)
+ TODO: check
+CVE-2006-0141 (Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote ...)
+ TODO: check
+CVE-2006-0140 (Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 ...)
+ TODO: check
+CVE-2006-0139 (The send-private-message functionality (send-private-message.asp) in ...)
+ TODO: check
+CVE-2005-4641 (SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote ...)
+ TODO: check
+CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll Software 0.4 ...)
+ TODO: check
+CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST ...)
+ TODO: check
+CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow remote ...)
+ TODO: check
+CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, ...)
+ TODO: check
+CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows ...)
+ TODO: check
CVE-2006-0162 [clamav upx heap overflow]
- clamav 0.88-1
CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...)
@@ -149,11 +207,10 @@
NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
NOT-FOR-US: phpoutsourcing Zorum Forum
-CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
+CVE-2005-4618 (Off-by-one buffer overflow in sysctl in the Linux Kernel 2.6 before ...)
- linux-2.6 <unfixed>
NOTE: Added patch tracker template
-CVE-2006-0083 [smstools logging format string issue]
- RESERVED
+CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools ...)
{DSA-930-1}
- smstools <unfixed> (bug #347221; medium)
CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...)
@@ -281,10 +338,10 @@
NOT-FOR-US: TUGZip
CVE-2005-4593 (PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and ...)
NOT-FOR-US: phpDocumentor
-CVE-2005-4592
- RESERVED
-CVE-2005-4591
- RESERVED
+CVE-2005-4592 (Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows ...)
+ TODO: check
+CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, ...)
+ TODO: check
CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on ...)
NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the ...)
@@ -830,10 +887,10 @@
NOT-FOR-US: Webglimpse
CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when ...)
NOT-FOR-US: toendaCMS
-CVE-2005-4352
- RESERVED
-CVE-2005-4351
- RESERVED
+CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and Linux ...)
+ TODO: check
+CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up ...)
+ TODO: check
CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 ...)
NOT-FOR-US: WBEM Services
CVE-2005-4349 (** DISPUTED ** ...)
@@ -2607,7 +2664,7 @@
RESERVED
CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...)
NOT-FOR-US: McAfee
-CVE-2005-3656 (Multiple format string vulnerabilities in mod_auth_pgsql before 2.0.3, ...)
+CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in ...)
- libapache2-mod-auth-pgsql <unfixed>
- libapache-mod-auth-pgsql <not-affected> (Does not contain the vulnerable ap_log_rerror() function)
CVE-2005-3655
@@ -2857,8 +2914,7 @@
NOT-FOR-US: Tonio Gallery
CVE-2005-3541
RESERVED
-CVE-2005-3540 [buffer overflow in petris]
- RESERVED
+CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to ...)
{DSA-929-1}
- petris <unfixed>
CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier ...)
@@ -3568,10 +3624,10 @@
NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005
CVE-2005-3359
RESERVED
-CVE-2005-3358 (Linux kernel 2.6.x, possibly before 2.6.11, allows local users to ...)
+CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
TODO: check 2.4
-CVE-2005-3357 (mod_ssl in Apache 2.0.53 and 2.1.9, when configured with an SSL vhost ...)
+CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
TODO: check
CVE-2005-3356
RESERVED
@@ -5292,8 +5348,8 @@
NOT-FOR-US: OpenTTD
CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
NOT-FOR-US: OpenTTD
-CVE-2005-2762
- RESERVED
+CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in ...)
+ TODO: check
CVE-2005-2760
RESERVED
CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton ...)
@@ -6863,8 +6919,8 @@
NOT-FOR-US: Novell
CVE-2005-2345
RESERVED
-CVE-2005-2344
- RESERVED
+CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) ...)
+ TODO: check
CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for ...)
TODO: check
CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote attackers to ...)
@@ -11389,7 +11445,7 @@
CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
- phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway)
CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
- {DSA-934-1}
+ {DSA-934-1}
[sarge] - pound 1.8.2-1sarge1
- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
CVE-2005-1390
@@ -12734,7 +12790,7 @@
NOT-FOR-US: Interspire ArticleLive
CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...)
NOT-FOR-US: Vortex Portal
-CVE-2005-0879 (PHP remote code injection vulnerability in (1) content.php and (2) ...)
+CVE-2005-0879 (PHP remote file include vulnerability in (1) content.php and (2) ...)
NOT-FOR-US: Vortex Portal
CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...)
NOT-FOR-US: MercuryBoard
More information about the Secure-testing-commits
mailing list