[Secure-testing-commits] r4139 - data/CVE
Joey Hess
joeyh at costa.debian.org
Mon Jun 5 09:15:07 UTC 2006
Author: joeyh
Date: 2006-06-05 09:14:50 +0000 (Mon, 05 Jun 2006)
New Revision: 4139
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-06-05 09:04:37 UTC (rev 4138)
+++ data/CVE/list 2006-06-05 09:14:50 UTC (rev 4139)
@@ -1,3 +1,323 @@
+CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...)
+ TODO: check
+CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss iCM 7.0 ...)
+ TODO: check
+CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...)
+ TODO: check
+CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...)
+ TODO: check
+CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...)
+ TODO: check
+CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...)
+ TODO: check
+CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...)
+ TODO: check
+CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...)
+ TODO: check
+CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...)
+ TODO: check
+CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...)
+ TODO: check
+CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...)
+ TODO: check
+CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...)
+ TODO: check
+CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...)
+ TODO: check
+CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...)
+ TODO: check
+CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if ...)
+ TODO: check
+CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...)
+ TODO: check
+CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
+ TODO: check
+CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...)
+ TODO: check
+CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
+ TODO: check
+CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
+ TODO: check
+CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode ...)
+ TODO: check
+CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
+ TODO: check
+CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and ...)
+ TODO: check
+CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...)
+ TODO: check
+CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...)
+ TODO: check
+CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
+ TODO: check
+CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...)
+ TODO: check
+CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...)
+ TODO: check
+CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...)
+ TODO: check
+CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne ...)
+ TODO: check
+CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does ...)
+ TODO: check
+CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps ...)
+ TODO: check
+CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not ...)
+ TODO: check
+CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...)
+ TODO: check
+CVE-2006-2769 (The HTTP Inspect preprocessor in Snort 2.4.0 through 2.4.4 allows ...)
+ TODO: check
+CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...)
+ TODO: check
+CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottomanpath 1.1.2, when ...)
+ TODO: check
+CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet ...)
+ TODO: check
+CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in ...)
+ TODO: check
+CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows ...)
+ TODO: check
+CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows remote ...)
+ TODO: check
+CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in ...)
+ TODO: check
+CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, ...)
+ TODO: check
+CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nForum 0.91 allows ...)
+ TODO: check
+CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...)
+ TODO: check
+CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 ...)
+ TODO: check
+CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows ...)
+ TODO: check
+CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads ...)
+ TODO: check
+CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before ...)
+ TODO: check
+CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x ...)
+ TODO: check
+CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...)
+ TODO: check
+CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image ...)
+ TODO: check
+CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query ...)
+ TODO: check
+CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable Image ...)
+ TODO: check
+CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in core.php ...)
+ TODO: check
+CVE-2006-2747 (Directory traversal vulnerability in index.php in PhpMyDesktop|arcade ...)
+ TODO: check
+CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F at cile ...)
+ TODO: check
+CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F at cile ...)
+ TODO: check
+CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in ...)
+ TODO: check
+CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with ...)
+ TODO: check
+CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 ...)
+ TODO: check
+CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 ...)
+ TODO: check
+CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow ...)
+ TODO: check
+CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns ...)
+ TODO: check
+CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a ...)
+ TODO: check
+CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote ...)
+ TODO: check
+CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...)
+ TODO: check
+CVE-2006-2735 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote ...)
+ TODO: check
+CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security ...)
+ TODO: check
+CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and ...)
+ TODO: check
+CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier ...)
+ TODO: check
+CVE-2006-2730 (PHP remote file inclusion vulnerability in admin/lib_action_step.php ...)
+ TODO: check
+CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...)
+ TODO: check
+CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...)
+ TODO: check
+CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers to ...)
+ TODO: check
+CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d ...)
+ TODO: check
+CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 ...)
+ TODO: check
+CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...)
+ TODO: check
+CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...)
+ TODO: check
+CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows ...)
+ TODO: check
+CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT ...)
+ TODO: check
+CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows remote ...)
+ TODO: check
+CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all accounts ...)
+ TODO: check
+CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server account's ...)
+ TODO: check
+CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client and ...)
+ TODO: check
+CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a ...)
+ TODO: check
+CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) ...)
+ TODO: check
+CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not ...)
+ TODO: check
+CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates ...)
+ TODO: check
+CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server before ...)
+ TODO: check
+CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and ...)
+ TODO: check
+CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same ...)
+ TODO: check
+CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate ...)
+ TODO: check
+CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows ...)
+ TODO: check
+CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not ...)
+ TODO: check
+CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...)
+ TODO: check
+CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...)
+ TODO: check
+CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM) before ...)
+ TODO: check
+CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL ...)
+ TODO: check
+CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...)
+ TODO: check
+CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows ...)
+ TODO: check
+CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 ...)
+ TODO: check
+CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog ...)
+ TODO: check
+CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 ...)
+ TODO: check
+CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 ...)
+ TODO: check
+CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro ...)
+ TODO: check
+CVE-2006-2693 (Directory traversal vulnerability in admin_hacks_list.php in Nivisec ...)
+ TODO: check
+CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before ...)
+ TODO: check
+CVE-2006-2691 (Unspecified "information leakage" vulnerabilities in aMuleWeb for ...)
+ TODO: check
+CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably ...)
+ TODO: check
+CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 ...)
+ TODO: check
+CVE-2006-2688 (SQL injection vulnerability in the employees node (class.employee.inc) ...)
+ TODO: check
+CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC ...)
+ TODO: check
+CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow ...)
+ TODO: check
+CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...)
+ TODO: check
+CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS ...)
+ TODO: check
+CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS ...)
+ TODO: check
+CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in Back-End ...)
+ TODO: check
+CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pro ...)
+ TODO: check
+CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo ...)
+ TODO: check
+CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...)
+ TODO: check
+CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News ...)
+ TODO: check
+CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...)
+ TODO: check
+CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly ...)
+ TODO: check
+CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads ...)
+ TODO: check
+CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and ...)
+ TODO: check
+CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in Bulletin ...)
+ TODO: check
+CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One ...)
+ TODO: check
+CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote attackers to ...)
+ TODO: check
+CVE-2006-2670 (Cross-site scripting (XSS) vulnerability in ChatPat 1.0 allows remote ...)
+ TODO: check
+CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping ...)
+ TODO: check
+CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 ...)
+ TODO: check
+CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2 and ...)
+ TODO: check
+CVE-2006-2666 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-2665 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote ...)
+ TODO: check
+CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 ...)
+ TODO: check
+CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from memory ...)
+ TODO: check
+CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2006-2660
+ RESERVED
+CVE-2006-2658
+ RESERVED
+CVE-2006-2657
+ RESERVED
+CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...)
+ TODO: check
+CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...)
+ TODO: check
+CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for ...)
+ TODO: check
+CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier ...)
+ TODO: check
+CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation ...)
+ TODO: check
+CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in ...)
+ TODO: check
+CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...)
+ TODO: check
+CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ...)
+ TODO: check
+CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX 5.1, ...)
+ TODO: check
+CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows ...)
+ TODO: check
+CVE-2006-2645 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...)
+ TODO: check
CVE-2006-XXXX [libxine buffer overflow in the HTTP header parser]
- xine-lib <unfixed> (bug #369876; medium)
CVE-2006-XXXX [libxine1 overflow via a specially-crafted AVI file]
@@ -13,9 +333,9 @@
- mysql <unfixed> (bug #369754; medium)
- mysql-dfsg-5.0 <unfixed> (bug #369735; medium)
- mysql-dfsg-4.1 <unfixed> (medium)
-CVE-2006-2659 [courier DoS]
+CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause ...)
- courier 0.53.2-1 (bug #368834)
-CVE-2006-2656 [tiffsplit buffer overflow]
+CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...)
- tiff 3.8.2-3 (bug #369819; medium)
CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...)
NOT-FOR-US: Monster Top List
@@ -78,7 +398,7 @@
NOT-FOR-US: Russcom.Ping
CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 ...)
NOT-FOR-US: Sun Solaris
-CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox before 1.8.0, and Netscape 7.2 ...)
+CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other ...)
NOTE: Installation path disclosure is uninteresting on Debian systems.
NOTE: The profile path might be more sensitive, but exploit that
NOTE: requires another, real security bug.
@@ -348,7 +668,8 @@
- serendipity <itp> (bug #312413)
CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote ...)
NOT-FOR-US: IntelliTampe
-CVE-2006-2493 (Integer overflow in the read_lwfn function in FreeType before 2.2 ...)
+CVE-2006-2493
+ REJECTED
- freetype 2.2.1-1
CVE-2005-1755 (PHP remote code injection vulnerability in poll_vote.php in PHP Poll ...)
NOT-FOR-US: PHP Poll Creator
@@ -465,8 +786,8 @@
CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...)
{DSA-1062-1}
- kphone 1:4.2-3 (bug #337830; medium)
-CVE-2006-2439
- RESERVED
+CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote ...)
+ TODO: check
CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the ...)
NOT-FOR-US: Caucho
CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for ...)
@@ -764,10 +1085,10 @@
RESERVED
CVE-2006-2310
RESERVED
-CVE-2006-2309
- RESERVED
-CVE-2006-2308
- RESERVED
+CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...)
+ TODO: check
CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before ...)
NOT-FOR-US: Webiste Banker
CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
@@ -1048,7 +1369,7 @@
NOT-FOR-US: Golden FTP Server Pro
CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow remote ...)
NOT-FOR-US: CyberBuild
-CVE-2006-2178 (Mulitiple cross-site scripting (XSS) vulnerabilities in CyberBuild ...)
+CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild ...)
NOT-FOR-US: CyberBuild
CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 ...)
NOT-FOR-US: geoBlog
@@ -1584,7 +1905,7 @@
NOT-FOR-US: SibSoft CommuniMail
CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...)
NOT-FOR-US: Smarter Scripts IntelliLink Pro
-CVE-2006-1942 (Mozilla Firefox 1.5.0.2, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon ...)
+CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, ...)
TODO: check
NOTE: pkg-mozilla-maintainers are preparing a big security release, I've pinged them
NOTE: to ask about this issue
@@ -2764,8 +3085,7 @@
- mysql-dfsg-4.1 <unfixed> (bug #365939; low)
- mysql-dfsg <unfixed> (bug #365939; low)
- mysql <unfixed> (bug #365939; low)
-CVE-2006-1515 [typespeed buffer overflow]
- RESERVED
+CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4 and ...)
{DSA-1084-1}
- typespeed 0.4.4-10
CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi ...)
@@ -3550,9 +3870,9 @@
RESERVED
CVE-2006-1176
RESERVED
-CVE-2006-1175
- RESERVED
-CVE-2006-1174 (useradd in shadow-utils before 4.0.3 does not provide a required ...)
+CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for ...)
+ TODO: check
+CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions ...)
- shadow 1:4.0.15-10 (low)
CVE-2006-1173
RESERVED
@@ -8883,8 +9203,8 @@
- phpmyadmin <unfixed> (unimportant)
CVE-2005-3620
RESERVED
-CVE-2005-3619
- RESERVED
+CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface ...)
+ TODO: check
CVE-2005-3618
RESERVED
CVE-2005-3617
@@ -8928,7 +9248,7 @@
CVE-2005-3598
RESERVED
CVE-2005-3597
- RESERVED
+ REJECTED
CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote ...)
NOT-FOR-US: ASPKnowledgebase
CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank ...)
@@ -14657,7 +14977,7 @@
NOT-FOR-US: IceWarp Web Mail
CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...)
NOT-FOR-US: Mac OS X
-CVE-2002-1897 (MyWebServer 1.0.2 allows remote attackers to cause a denial of service ...)
+CVE-2002-1897 (MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a ...)
NOT-FOR-US: MyWebserver
CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...)
- alsaplayer 0.99.72-1
@@ -20095,7 +20415,7 @@
TODO: 2.4.27 seems to be unaffected, check back with kernel patch tracker
TODO: check, when this was fixed in 2.6
CVE-2005-0528 [mremap kernel issue]
- RESERVED
+ REJECTED
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
TODO: Fixed for Woody, check 2.4 and 2.6
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
@@ -20187,8 +20507,7 @@
NOT-FOR-US: Arkeia Server Backup
CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...)
- curl 7.13.0-2
-CVE-2005-0489
- RESERVED
+CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...)
- cfengine2 2.1.8-1
@@ -21770,8 +22089,7 @@
CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
- linux-2.6 <not-affected>
- kernel-source-2.4.27 2.4.27-10 (bug #308584)
-CVE-2005-0136
- RESERVED
+CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has ...)
TODO: Check, when this was fixed upstream
TODO: Check, whether 2.4 is affected
[sarge] - kernel-source-2.6.8 2.6.8-14
@@ -23055,8 +23373,7 @@
CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
{DSA-616-1}
- netkit-telnet-ssl 0.17.24+0.1-6
-CVE-2004-0997
- RESERVED
+CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in Linux ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
{DSA-610-1}
@@ -25072,8 +25389,7 @@
RESERVED
CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
NOT-FOR-US: SGI IRIX
-CVE-2004-0138
- RESERVED
+CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
NOT-FOR-US: IRIX init
More information about the Secure-testing-commits
mailing list