[Secure-testing-commits] r4455 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue Jul 25 21:14:31 UTC 2006
Author: joeyh
Date: 2006-07-25 21:14:28 +0000 (Tue, 25 Jul 2006)
New Revision: 4455
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-07-25 19:30:50 UTC (rev 4454)
+++ data/CVE/list 2006-07-25 21:14:28 UTC (rev 4455)
@@ -1,3 +1,203 @@
+CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...)
+ TODO: check
+CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
+ TODO: check
+CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list ...)
+ TODO: check
+CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...)
+ TODO: check
+CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite ...)
+ TODO: check
+CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog ...)
+ TODO: check
+CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine) ...)
+ TODO: check
+CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh ...)
+ TODO: check
+CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in ...)
+ TODO: check
+CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine ...)
+ TODO: check
+CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in ...)
+ TODO: check
+CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh ...)
+ TODO: check
+CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...)
+ TODO: check
+CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory ...)
+ TODO: check
+CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) ...)
+ TODO: check
+CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions ...)
+ TODO: check
+CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 ...)
+ TODO: check
+CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...)
+ TODO: check
+CVE-2006-3819
+ RESERVED
+CVE-2006-3818
+ RESERVED
+CVE-2006-3817
+ RESERVED
+CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...)
+ TODO: check
+CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in an ...)
+ TODO: check
+CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
+ TODO: check
+CVE-2006-3813
+ RESERVED
+CVE-2006-3812
+ RESERVED
+CVE-2006-3811
+ RESERVED
+CVE-2006-3810
+ RESERVED
+CVE-2006-3809
+ RESERVED
+CVE-2006-3808
+ RESERVED
+CVE-2006-3807
+ RESERVED
+CVE-2006-3806
+ RESERVED
+CVE-2006-3805
+ RESERVED
+CVE-2006-3804
+ RESERVED
+CVE-2006-3803
+ RESERVED
+CVE-2006-3802
+ RESERVED
+CVE-2006-3801
+ RESERVED
+CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...)
+ TODO: check
+CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL ...)
+ TODO: check
+CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...)
+ TODO: check
+CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...)
+ TODO: check
+CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...)
+ TODO: check
+CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...)
+ TODO: check
+CVE-2006-3794 (SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart ...)
+ TODO: check
+CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth ...)
+ TODO: check
+CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in ...)
+ TODO: check
+CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...)
+ TODO: check
+CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...)
+ TODO: check
+CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) ...)
+ TODO: check
+CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow ...)
+ TODO: check
+CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 ...)
+ TODO: check
+CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka ...)
+ TODO: check
+CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox ...)
+ TODO: check
+CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the ...)
+ TODO: check
+CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...)
+ TODO: check
+CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...)
+ TODO: check
+CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent ...)
+ TODO: check
+CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web ...)
+ TODO: check
+CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on ...)
+ TODO: check
+CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to ...)
+ TODO: check
+CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot ...)
+ TODO: check
+CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...)
+ TODO: check
+CVE-2006-3775 (SQL injection vulnerability in class_session.php in MyBB (aka ...)
+ TODO: check
+CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the ...)
+ TODO: check
+CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum ...)
+ TODO: check
+CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login ...)
+ TODO: check
+CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...)
+ TODO: check
+CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber ...)
+ TODO: check
+CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and ...)
+ TODO: check
+CVE-2006-3768
+ RESERVED
+CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in Darren's $5 Script Archive ...)
+ TODO: check
+CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to ...)
+ TODO: check
+CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher ...)
+ TODO: check
+CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new ...)
+ TODO: check
+CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...)
+ TODO: check
+CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to ...)
+ TODO: check
+CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/function_post.php in ...)
+ TODO: check
+CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
+ TODO: check
+CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...)
+ TODO: check
+CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) ...)
+ TODO: check
+CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and ...)
+ TODO: check
+CVE-2006-3755 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3754 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3753 (setcookie.php for tthe administration login in Professional Home Page ...)
+ TODO: check
+CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional ...)
+ TODO: check
+CVE-2006-3751 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash ...)
+ TODO: check
+CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap ...)
+ TODO: check
+CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-3747
+ RESERVED
+CVE-2006-3746
+ RESERVED
+CVE-2006-3745
+ RESERVED
+CVE-2006-3744
+ RESERVED
+CVE-2006-3743
+ RESERVED
+CVE-2006-3742
+ RESERVED
+CVE-2006-3741
+ RESERVED
+CVE-2006-3740
+ RESERVED
+CVE-2006-3739
+ RESERVED
+CVE-2006-3738
+ RESERVED
CVE-2006-XXXX [htdig: several unspecified security problems]
- htdig 1:3.2.0b6-1
CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it]
@@ -129,8 +329,8 @@
RESERVED
CVE-2006-3677
RESERVED
-CVE-2006-3676
- RESERVED
+CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...)
+ TODO: check
CVE-2006-3675
RESERVED
CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
@@ -156,9 +356,9 @@
[sarge] - squirrelmail <no-dsa> (Operation with registers_globals not supported)
CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 ...)
NOT-FOR-US: Sun Solaris
-CVE-2006-3663 (Finjan Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a ...)
+CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...)
NOT-FOR-US: Finjan Appliance
-CVE-2006-3662 (SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote ...)
+CVE-2006-3662 (** DISPUTED ** ...)
NOT-FOR-US: ATutor
CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews ...)
NOT-FOR-US: CuteNews
@@ -769,7 +969,7 @@
TODO: check
CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...)
TODO: check
-CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager in ...)
+CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager, as used ...)
TODO: check
CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...)
TODO: check
More information about the Secure-testing-commits
mailing list