[Secure-testing-commits] r4363 - data/CVE
Joey Hess
joeyh at costa.debian.org
Mon Jul 10 21:14:29 UTC 2006
Author: joeyh
Date: 2006-07-10 21:14:27 +0000 (Mon, 10 Jul 2006)
New Revision: 4363
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-07-09 19:48:22 UTC (rev 4362)
+++ data/CVE/list 2006-07-10 21:14:27 UTC (rev 4363)
@@ -1,10 +1,222 @@
+CVE-2006-3457
+ RESERVED
+CVE-2006-3456
+ RESERVED
+CVE-2006-3455
+ RESERVED
+CVE-2006-3454
+ RESERVED
+CVE-2006-3453
+ RESERVED
+CVE-2006-3452
+ RESERVED
+CVE-2006-3451
+ RESERVED
+CVE-2006-3450
+ RESERVED
+CVE-2006-3449
+ RESERVED
+CVE-2006-3448
+ RESERVED
+CVE-2006-3447
+ RESERVED
+CVE-2006-3446
+ RESERVED
+CVE-2006-3445
+ RESERVED
+CVE-2006-3444
+ RESERVED
+CVE-2006-3443
+ RESERVED
+CVE-2006-3442
+ RESERVED
+CVE-2006-3441
+ RESERVED
+CVE-2006-3440
+ RESERVED
+CVE-2006-3439
+ RESERVED
+CVE-2006-3438
+ RESERVED
+CVE-2006-3437
+ RESERVED
+CVE-2006-3436
+ RESERVED
+CVE-2006-3435
+ RESERVED
+CVE-2006-3434
+ RESERVED
+CVE-2006-3433
+ RESERVED
+CVE-2006-3432
+ RESERVED
+CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...)
+ TODO: check
+CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...)
+ TODO: check
+CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
+ TODO: check
+CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
+ TODO: check
+CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server ...)
+ TODO: check
+CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and ...)
+ TODO: check
+CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, ...)
+ TODO: check
+CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before ...)
+ TODO: check
+CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows ...)
+ TODO: check
+CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and ...)
+ TODO: check
+CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in ...)
+ TODO: check
+CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes ...)
+ TODO: check
+CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor's ...)
+ TODO: check
+CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or ...)
+ TODO: check
+CVE-2006-3416 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the "OR" ...)
+ TODO: check
+CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...)
+ TODO: check
+CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on ...)
+ TODO: check
+CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall ...)
+ TODO: check
+CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys ...)
+ TODO: check
+CVE-2006-3410 (Tor before 0.1.1.20 creates "internal circuits" primarily consisting ...)
+ TODO: check
+CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to ...)
+ TODO: check
+CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor ...)
+ TODO: check
+CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or ...)
+ TODO: check
+CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 ...)
+ TODO: check
+CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in ...)
+ TODO: check
+CVE-2006-3403
+ RESERVED
+CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...)
+ TODO: check
+CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: ...)
+ TODO: check
+CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake ...)
+ TODO: check
+CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki ...)
+ TODO: check
+CVE-2006-3398 (The "change password forms" in Taskjitsu before 2.0.1 includes ...)
+ TODO: check
+CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu ...)
+ TODO: check
+CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in ...)
+ TODO: check
+CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX ...)
+ TODO: check
+CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP ...)
+ TODO: check
+CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...)
+ TODO: check
+CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path ...)
+ TODO: check
+CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 ...)
+ TODO: check
+CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation ...)
+ TODO: check
+CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 ...)
+ TODO: check
+CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News ...)
+ TODO: check
+CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to ...)
+ TODO: check
+CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent ...)
+ TODO: check
+CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...)
+ TODO: check
+CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 ...)
+ TODO: check
+CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 ...)
+ TODO: check
+CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code ...)
+ TODO: check
+CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 ...)
+ TODO: check
+CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 ...)
+ TODO: check
+CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...)
+ TODO: check
+CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...)
+ TODO: check
+CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...)
+ TODO: check
+CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...)
+ TODO: check
+CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 ...)
+ TODO: check
+CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit ...)
+ TODO: check
+CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document ...)
+ TODO: check
+CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root ...)
+ TODO: check
+CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with ...)
+ TODO: check
+CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with ...)
+ TODO: check
+CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web ...)
+ TODO: check
+CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow ...)
+ TODO: check
+CVE-2006-3365 (mail/index.php in V3 Chat allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in ...)
+ TODO: check
+CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...)
+ TODO: check
+CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager in ...)
+ TODO: check
+CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...)
+ TODO: check
+CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...)
+ TODO: check
+CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 ...)
+ TODO: check
+CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) ...)
+ TODO: check
+CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...)
+ TODO: check
+CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...)
+ TODO: check
+CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
+ TODO: check
+CVE-2006-3352 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and ...)
+ TODO: check
CVE-2006-XXXX [trac: reStructuredText breach of privacy and denial of service]
- trac 0.9.6-1
-CVE-2006-3458 [information disclosure vulnerability in Zope2]
+CVE-2006-3458 (Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and ...)
- zope2.7 <unfixed> (bug #377285; medium)
- zope2.8 <unfixed> (bug #377277; medium)
- zope2.9 <unfixed> (bug #377286; medium)
-CVE-2006-3404 [gimp: Buffer overrun in XCF reading code]
+CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c ...)
- gimp 2.2.11-3.1 (bug #377049; medium)
CVE-2006-3350
RESERVED
@@ -34,8 +246,8 @@
NOT-FOR-US: Atlassian
CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: cPanel (not the Chinese language tool in Debian)
-CVE-2006-3336
- RESERVED
+CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the ...)
+ TODO: check
CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...)
NOT-FOR-US: HP-UX
CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...)
@@ -208,7 +420,7 @@
NOT-FOR-US: Woltlab Burning Board
CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board ...)
NOT-FOR-US: Woltlab Burning Board
-CVE-2006-3253 (Cross-site scripting (XSS) vulnerability in member.php in vBulletin ...)
+CVE-2006-3253 (** DISPUTED ** ...)
NOT-FOR-US: vBulletin
CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic ...)
NOT-FOR-US: Algorithmic Research PrivateWire VPN
@@ -348,11 +560,11 @@
NOT-FOR-US: CMS Faethon
CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator ...)
NOT-FOR-US: ASP Stats Generator
-CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in Mobile Space ...)
+CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts ...)
NOT-FOR-US: Mobile Space Community
-CVE-2006-3182 (Directory traversal vulnerability in index.php in Mobile Space ...)
+CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile ...)
NOT-FOR-US: Mobile Space Community
-CVE-2006-3181 (SQL injection vulnerability in index.php in Mobile Space Community 2.0 ...)
+CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space ...)
NOT-FOR-US: Mobile Space Community
CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx ...)
NOT-FOR-US: Confixx Pro
@@ -397,7 +609,7 @@
NOT-FOR-US: SmartSiteCMS
CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...)
NOT-FOR-US: SaphpLesson
-CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in Simple File ...)
+CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple ...)
NOT-FOR-US: Simple File Manager
CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...)
NOT-FOR-US: Sun ONE/iPlanet Messaging Server
@@ -445,7 +657,7 @@
NOT-FOR-US: phpMyDirectory
CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...)
NOT-FOR-US: Edge eCommerce Shop
-CVE-2006-3136 (Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 ...)
+CVE-2006-3136 (** DISPUTED ** ...)
NOT-FOR-US: Nucleus
CVE-2006-3135
RESERVED
@@ -530,7 +742,7 @@
NOT-FOR-US: iPostMX
CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic ...)
NOT-FOR-US: Calendarix Basic
-CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Reader before 7.0.8 have ...)
+CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader ...)
NOT-FOR-US: Adobe Reader
CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass ...)
NOT-FOR-US: PhpMyFactures
@@ -2001,8 +2213,8 @@
CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature ...)
- gdm <unfixed> (bug #375281; medium)
[sarge] - gdm <not-affected> (Vulnerable code has only been introduced with 2.8)
-CVE-2006-2451
- RESERVED
+CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...)
+ TODO: check
CVE-2006-2450
RESERVED
CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...)
@@ -5127,8 +5339,8 @@
RESERVED
CVE-2006-1177
RESERVED
-CVE-2006-1176
- RESERVED
+CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...)
+ TODO: check
CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for ...)
NOT-FOR-US: WeOnlyDo! SFTP
CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions ...)
@@ -6968,7 +7180,7 @@
NOT-FOR-US: SleeperChat
CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat ...)
NOT-FOR-US: SleeperChat
-CVE-2006-0414 (Tor 0.1.1.10-alpha and earlier allows remote attackers to identify ...)
+CVE-2006-0414 (Tor before 0.1.1.20 allows remote attackers to identify hidden ...)
- tor 0.1.1.11-alpha-1 (bug #349283)
CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow ...)
NOT-FOR-US: NewsPHP
More information about the Secure-testing-commits
mailing list