[Secure-testing-commits] r3323 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Jan 19 21:14:33 UTC 2006
Author: joeyh
Date: 2006-01-19 21:14:24 +0000 (Thu, 19 Jan 2006)
New Revision: 3323
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-19 14:29:08 UTC (rev 3322)
+++ data/CVE/list 2006-01-19 21:14:24 UTC (rev 3323)
@@ -1,5 +1,201 @@
-CVE-2006-0223 (Unspecified vulnerability in Shanghai TopCMM 123 Flash Chat Server ...)
+CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog ...)
TODO: check
+CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) ...)
+ TODO: check
+CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when ...)
+ TODO: check
+CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in ...)
+ TODO: check
+CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) ...)
+ TODO: check
+CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse the p ...)
+ TODO: check
+CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, which ...)
+ TODO: check
+CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 ...)
+ TODO: check
+CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows ...)
+ TODO: check
+CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows ...)
+ TODO: check
+CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote ...)
+ TODO: check
+CVE-2006-0308 (PHP remote file include vulnerability in HTMLtonuke.php in HTMLtoNuke ...)
+ TODO: check
+CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer ...)
+ TODO: check
+CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common Component in ...)
+ TODO: check
+CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...)
+ TODO: check
+CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...)
+ TODO: check
+CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...)
+ TODO: check
+CVE-2006-0301
+ RESERVED
+CVE-2006-0300
+ RESERVED
+CVE-2006-0299
+ RESERVED
+CVE-2006-0298
+ RESERVED
+CVE-2006-0297
+ RESERVED
+CVE-2006-0296
+ RESERVED
+CVE-2006-0295
+ RESERVED
+CVE-2006-0294
+ RESERVED
+CVE-2006-0293
+ RESERVED
+CVE-2006-0292
+ RESERVED
+CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
+ TODO: check
+CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...)
+ TODO: check
+CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
+ TODO: check
+CVE-2006-0288 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
+ TODO: check
+CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
+ TODO: check
+CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
+ TODO: check
+CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...)
+ TODO: check
+CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
+ TODO: check
+CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...)
+ TODO: check
+CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
+ TODO: check
+CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 ...)
+ TODO: check
+CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 ...)
+ TODO: check
+CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
+ TODO: check
+CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
+ TODO: check
+CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
+ TODO: check
+CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
+ TODO: check
+CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
+ TODO: check
+CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
+ TODO: check
+CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle ...)
+ TODO: check
+CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle ...)
+ TODO: check
+CVE-2006-0271 (Unspecified vulnerability in the Upgrade & Downgrade component of ...)
+ TODO: check
+CVE-2006-0270 (Unspecified vulnerability in the TDE Wallet component of Oracle ...)
+ TODO: check
+CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle ...)
+ TODO: check
+CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...)
+ TODO: check
+CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle ...)
+ TODO: check
+CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle ...)
+ TODO: check
+CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server ...)
+ TODO: check
+CVE-2006-0264 (Unspecified vulnerability in the Net Listener component of Oracle ...)
+ TODO: check
+CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...)
+ TODO: check
+CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...)
+ TODO: check
+CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server ...)
+ TODO: check
+CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...)
+ TODO: check
+CVE-2006-0259 (Multiple unspecified vulnerabilities in the Data Pump component of ...)
+ TODO: check
+CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of ...)
+ TODO: check
+CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of ...)
+ TODO: check
+CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle ...)
+ TODO: check
+CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 ...)
+ TODO: check
+CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...)
+ TODO: check
+CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in "Blue ...)
+ TODO: check
+CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote ...)
+ TODO: check
+CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic ...)
+ TODO: check
+CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...)
+ TODO: check
+CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog ...)
+ TODO: check
+CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 ...)
+ TODO: check
+CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula ...)
+ TODO: check
+CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...)
+ TODO: check
+CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart ...)
+ TODO: check
+CVE-2006-0244 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote ...)
+ TODO: check
+CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 ...)
+ TODO: check
+CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows ...)
+ TODO: check
+CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...)
+ TODO: check
+CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...)
+ TODO: check
+CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 ...)
+ TODO: check
+CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...)
+ TODO: check
+CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...)
+ TODO: check
+CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...)
+ TODO: check
+CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)
+ TODO: check
+CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in microBlog 2.0 RC-10 allows ...)
+ TODO: check
+CVE-2006-0232
+ RESERVED
+CVE-2006-0231
+ RESERVED
+CVE-2006-0230
+ RESERVED
+CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow ...)
+ TODO: check
+CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ...)
+ TODO: check
+CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, ...)
+ TODO: check
+CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) ...)
+ TODO: check
+CVE-2006-0225
+ RESERVED
+CVE-2006-0224
+ RESERVED
+CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...)
+ TODO: check
+CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat ...)
+ TODO: check
CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...)
TODO: check
CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon ...)
@@ -10,7 +206,7 @@
TODO: check
CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
TODO: check
-CVE-2006-0217 (Cross-site scripting (XSS) vulnerability in item.pl in Ultimate ...)
+CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...)
TODO: check
CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows ...)
TODO: check
@@ -28,7 +224,7 @@
TODO: check
CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...)
TODO: check
-CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1 allow ...)
+CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when ...)
- php5 5.1.2-1
- php4 4:4.4.2-1
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...)
@@ -570,8 +766,7 @@
RESERVED
CVE-2006-0045
RESERVED
-CVE-2006-0044 [albatross code execution]
- RESERVED
+CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web application ...)
{DSA-942-1}
- albatross 1.33-1
CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to ...)
@@ -766,7 +961,7 @@
NOT-FOR-US: Tangora Portal
CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 ...)
NOT-FOR-US: Syntax CMS
-CVE-2005-4495 (SQL injection vulnerability in index.cfm in SpireMedia mx7 allows ...)
+CVE-2005-4495 (** DISPUTED ** ...)
NOT-FOR-US: SpireMedia
CVE-2005-4494 (Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier ...)
NOT-FOR-US: SPIP
@@ -1001,7 +1196,7 @@
NOT-FOR-US: Liferay Portal Professional
CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in ...)
NOT-FOR-US: Libertas Enterprise CMS
-CVE-2005-4398 (Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier ...)
+CVE-2005-4398 (** DISPUTED ** ...)
NOT-FOR-US: lemoon
CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote ...)
NOT-FOR-US: iCMS
@@ -1039,7 +1234,7 @@
NOT-FOR-US: Caravel CMS
CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...)
NOT-FOR-US: Bitweaver
-CVE-2005-4379 (Cross-site scripting (XSS) vulnerability in my_groups.php in Bitweaver ...)
+CVE-2005-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 ...)
NOT-FOR-US: Bitweaver
CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and ...)
NOT-FOR-US: Baseline CMS
@@ -1061,7 +1256,7 @@
NOT-FOR-US: Acidcat
CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows ...)
NOT-FOR-US: Acuity CMS
-CVE-2005-4368 (roundcube webmail allows remote attackers to obtain the full path of ...)
+CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ...)
NOT-FOR-US: roundcube webmail
CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in ...)
NOT-FOR-US: DRZES HMS
@@ -2369,7 +2564,7 @@
NOT-FOR-US: Cisco hardware
CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...)
NOT-FOR-US: Belkin hardware
-CVE-2005-3801 (PasswordSafe 1.x and 2.x allows local users to test possible ...)
+CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test ...)
NOT-FOR-US: PasswordSafe
TODO: the problem might affect mypasswordsafe
CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak ...)
@@ -2874,10 +3069,10 @@
- linux-2.6 <unfixed> (low)
- kernel-source-2.4.27 <unfixed> (low)
NOTE: Really hard to fix design limitation, no fix to be expected soon
-CVE-2005-3659
- RESERVED
-CVE-2005-3658
- RESERVED
+CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before ...)
+ TODO: check
+CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x ...)
+ TODO: check
CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...)
NOT-FOR-US: McAfee
CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in ...)
@@ -3917,8 +4112,7 @@
- tkdiff 1:4.0.2-2 (low)
CVE-2005-3342
RESERVED
-CVE-2005-3340 [tuxpaint insecure tempfile]
- RESERVED
+CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and ...)
{DSA-941-1}
- tuxpaint 1:0.9.15b-1 (low)
CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier ...)
@@ -4282,7 +4476,7 @@
CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
{DSA-889-1}
- enigmail 2:0.93-1 (bug #335731; medium)
-CVE-2005-3253 (Avaya Wireless Access Points (AP) AP-3 through AP-6 2.5 to 2.5.4, and ...)
+CVE-2005-3253 (Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to ...)
NOT-FOR-US: Avaya Wireless Access Points
CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...)
- snort <not-affected> (Vulnerable code was introduced later, see bug #334606)
@@ -4543,7 +4737,7 @@
- mediawiki 1.4.11-1 (bug #332408; unknown)
CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...)
- mediawiki 1.4.9
-CVE-2005-3164 (Hitachi Cosminexus Application Server has unknown impact and attack ...)
+CVE-2005-3164 (Hitachi Cosminexus Application Server does not properly handle when a ...)
NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
- polipo <unfixed> (bug #332411; medium)
@@ -4623,8 +4817,7 @@
NOT-FOR-US: Address Add Plugin for Squirrelmail
CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...)
NOT-FOR-US: lucidCMS
-CVE-2005-3126 [antiword insecure temp files]
- RESERVED
+CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) ...)
{DSA-945-1}
- antiword 0.35-2 (low)
CVE-2005-3125
@@ -15181,7 +15374,7 @@
NOT-FOR-US: Cisco
CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...)
NOT-FOR-US: FormMail.php != nms-formmail
-CVE-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows remote ...)
+CVE-2004-1430 (SQL injection vulnerability in the show_stats module in Arcade.php in ...)
NOT-FOR-US: Arcade.php
CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...)
NOT-FOR-US: ArGoSoft
More information about the Secure-testing-commits
mailing list