[Secure-testing-commits] r4331 - data/CVE

Joey Hess joeyh at costa.debian.org
Mon Jul 3 09:14:30 UTC 2006


Author: joeyh
Date: 2006-07-03 09:14:28 +0000 (Mon, 03 Jul 2006)
New Revision: 4331

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-07-03 01:46:16 UTC (rev 4330)
+++ data/CVE/list	2006-07-03 09:14:28 UTC (rev 4331)
@@ -1,3 +1,51 @@
+CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...)
+	TODO: check
+CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...)
+	TODO: check
+CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...)
+	TODO: check
+CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after displaying ...)
+	TODO: check
+CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL ...)
+	TODO: check
+CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL Classifieds ...)
+	TODO: check
+CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal ...)
+	TODO: check
+CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz dating ...)
+	TODO: check
+CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote ...)
+	TODO: check
+CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...)
+	TODO: check
+CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...)
+	TODO: check
+CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...)
+	TODO: check
+CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...)
+	TODO: check
+CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...)
+	TODO: check
+CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...)
+	TODO: check
+CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...)
+	TODO: check
+CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...)
+	TODO: check
+CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote ...)
+	TODO: check
+CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 ...)
+	TODO: check
+CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an unspecified ...)
+	TODO: check
+CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an unspecified ...)
+	TODO: check
+CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft ...)
+	TODO: check
+CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and ...)
+	TODO: check
+CVE-2006-3311
+	RESERVED
 CVE-2006-XXXX [several setuid privledge escalations]
 	- xbase-clients 1:7.1.ds-2
 	- xtrans 1.0.0-6
@@ -69,7 +117,7 @@
 	NOT-FOR-US: aeDating
 CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and ...)
 	NOT-FOR-US: H-Sphere
-CVE-2006-3277 (Unspecified vulnerability in the SMTP service of MailEnable Standard ...)
+CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier, Professional ...)
 	NOT-FOR-US: MailEnable
 CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and ...)
 	NOT-FOR-US: Helix DNA Server
@@ -87,8 +135,8 @@
 	NOT-FOR-US: THoRCMS
 CVE-2006-3269 (PHP remote file inclusion vulnerability in includes/functions_cms.php ...)
 	NOT-FOR-US: THoRCMS
-CVE-2006-3268
-	RESERVED
+CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell ...)
+	TODO: check
 CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core Technologies ...)
 	NOT-FOR-US: Infinite Core Technologies
 CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite ...)
@@ -391,16 +439,15 @@
 	RESERVED
 CVE-2006-3119
 	RESERVED
-CVE-2006-3118
-	RESERVED
-CVE-2006-3117
-	RESERVED
+CVE-2006-3118 (spread uses a temporary file with a static filename based on the port ...)
+	TODO: check
+CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org 1.1.x up to 1.1.5 and ...)
 	{DSA-1104}
 	- openoffice.org 2.0.3-1
-CVE-2006-3116
-	RESERVED
-CVE-2006-3115
-	RESERVED
+CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 ...)
+	TODO: check
+CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...)
+	TODO: check
 CVE-2006-3114
 	RESERVED
 CVE-2006-3113
@@ -601,7 +648,7 @@
 	NOT-FOR-US: phpCMS
 CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...)
 	- php5 5.1.4-0.1 (medium)
-CVE-2006-3017 (Unspecified vulnerability in PHP before 5.1.3 can prevent a variable ...)
+CVE-2006-3017 (zend_hash.c in PHP before 5.1.3 can cause the internal zend_hash_del ...)
 	- php5 5.1.4-0.1 (medium)
 CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
 	- php5 5.1.4-0.1 (medium)
@@ -780,8 +827,8 @@
 	RESERVED
 CVE-2006-2935
 	RESERVED
-CVE-2006-2934
-	RESERVED
+CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...)
+	TODO: check
 CVE-2006-2933
 	RESERVED
 CVE-2006-2932
@@ -1442,7 +1489,7 @@
 CVE-2006-2658
 	RESERVED
 CVE-2006-2657
-	RESERVED
+	REJECTED
 CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...)
 	NOT-FOR-US: FreeBSD
 CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...)
@@ -2483,12 +2530,10 @@
 CVE-2006-2200 (Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to ...)
 	- libmms 0.2-5 (bug #374577; medium)
 	- mimms 2.0.0-1 (bug #374577; medium)
-CVE-2006-2199
-	RESERVED
+CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x up ...)
 	{DSA-1104}
 	- openoffice.org 2.0.3-1
-CVE-2006-2198
-	RESERVED
+CVE-2006-2198 (OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows ...)
 	{DSA-1104}
 	- openoffice.org 2.0.3-1
 CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent ...)
@@ -4376,17 +4421,17 @@
 	RESERVED
 CVE-2006-1472
 	RESERVED
-CVE-2006-1471 (Format string vulnerability in launchd in Apple Mac OS X 10.4 up to ...)
+CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in Apple ...)
 	TODO: check
 CVE-2006-1470 (OpenLDAP Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to ...)
 	- openldap2 <not-affected> (Vulnerable code not present)
 	- openldap2.2 <unfixed> (medium)
 CVE-2006-1469 (Stack-based buffer overflow ImageIO in Apple Mac OS X 10.4 up to ...)
 	TODO: check
-CVE-2006-1468 (Unspecified vulnerability in AFP server in Apple Mac OS X 10.4 up to ...)
+CVE-2006-1468 (Unspecified vulnerability in Apple File Protocol (AFP) server in Apple ...)
 	TODO: check
-CVE-2006-1467
-	RESERVED
+CVE-2006-1467 (Integer overflow in the AAC file parsing code in Apple iTunes before ...)
+	TODO: check
 CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects ...)
 	NOT-FOR-US: Apple
 CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...)
@@ -5687,7 +5732,7 @@
 	NOT-FOR-US: DEV web management system
 CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...)
 	NOT-FOR-US: CuteNews
-CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier ...)
+CVE-2006-0884 (The WYSIWYG rendering engine (&quot;rich mail&quot; editor) in Mozilla ...)
 	{DSA-1051-1 DSA-1046-1}
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- thunderbird 1.5.0.2-1
@@ -7724,7 +7769,8 @@
 	NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms
 CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...)
 	NOT-FOR-US: ActiveCampaign SupportTrio
-CVE-2005-4633 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
+CVE-2005-4633
+	REJECTED
 	NOT-FOR-US: phpoutsourcing Zorum Forum 
 CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0 and ...)
 	NOT-FOR-US: Vote!Pro




More information about the Secure-testing-commits mailing list