[Secure-testing-commits] r4162 - data/CVE
Joey Hess
joeyh at costa.debian.org
Wed Jun 7 21:14:27 UTC 2006
Author: joeyh
Date: 2006-06-07 21:14:23 +0000 (Wed, 07 Jun 2006)
New Revision: 4162
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-06-07 09:14:24 UTC (rev 4161)
+++ data/CVE/list 2006-06-07 21:14:23 UTC (rev 4162)
@@ -1,4 +1,208 @@
-CVE-2006-2842 [squirrelmail remote file inclusion]
+CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...)
+ TODO: check
+CVE-2006-2898 (Unspecified vulnerability in the IAX2 channel driver (chan_iax2) for ...)
+ TODO: check
+CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...)
+ TODO: check
+CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change ...)
+ TODO: check
+CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to ...)
+ TODO: check
+CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey ...)
+ TODO: check
+CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...)
+ TODO: check
+CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...)
+ TODO: check
+CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for ...)
+ TODO: check
+CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, ...)
+ TODO: check
+CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost ...)
+ TODO: check
+CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig ...)
+ TODO: check
+CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and ...)
+ TODO: check
+CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...)
+ TODO: check
+CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...)
+ TODO: check
+CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows ...)
+ TODO: check
+CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ ...)
+ TODO: check
+CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ...)
+ TODO: check
+CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...)
+ TODO: check
+CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages ...)
+ TODO: check
+CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine ...)
+ TODO: check
+CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier ...)
+ TODO: check
+CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and ...)
+ TODO: check
+CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...)
+ TODO: check
+CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...)
+ TODO: check
+CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has ...)
+ TODO: check
+CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber ...)
+ TODO: check
+CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 ...)
+ TODO: check
+CVE-2006-2871 (PHP remote file inclusion vulnerability in include/common.php in ...)
+ TODO: check
+CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in ...)
+ TODO: check
+CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 ...)
+ TODO: check
+CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 ...)
+ TODO: check
+CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta ...)
+ TODO: check
+CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in ...)
+ TODO: check
+CVE-2006-2865 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes ...)
+ TODO: check
+CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in ...)
+ TODO: check
+CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...)
+ TODO: check
+CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and ...)
+ TODO: check
+CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 ...)
+ TODO: check
+CVE-2006-2859 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds ...)
+ TODO: check
+CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows ...)
+ TODO: check
+CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib ...)
+ TODO: check
+CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows remote ...)
+ TODO: check
+CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows ...)
+ TODO: check
+CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal ...)
+ TODO: check
+CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ...)
+ TODO: check
+CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject ...)
+ TODO: check
+CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP ...)
+ TODO: check
+CVE-2006-2849 (PHP remote file inclusion vulnerability in includes/webdav/server.php ...)
+ TODO: check
+CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change the ...)
+ TODO: check
+CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows ...)
+ TODO: check
+CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate ...)
+ TODO: check
+CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows ...)
+ TODO: check
+CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow ...)
+ TODO: check
+CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote ...)
+ TODO: check
+CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ...)
+ TODO: check
+CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) ...)
+ TODO: check
+CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module ...)
+ TODO: check
+CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for ...)
+ TODO: check
+CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book ...)
+ TODO: check
+CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple Technologies ...)
+ TODO: check
+CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote attackers ...)
+ TODO: check
+CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in ...)
+ TODO: check
+CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in ...)
+ TODO: check
+CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module ...)
+ TODO: check
+CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under ...)
+ TODO: check
+CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent ...)
+ TODO: check
+CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before ...)
+ TODO: check
+CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote ...)
+ TODO: check
+CVE-2006-2827 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library ...)
+ TODO: check
+CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir ...)
+ TODO: check
+CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 ...)
+ TODO: check
+CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive ...)
+ TODO: check
+CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac ...)
+ TODO: check
+CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts ...)
+ TODO: check
+CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog ...)
+ TODO: check
+CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in Barnraiser ...)
+ TODO: check
+CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in Cameron ...)
+ TODO: check
+CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows remote ...)
+ TODO: check
+CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes ...)
+ TODO: check
+CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions ...)
+ TODO: check
+CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart ...)
+ TODO: check
+CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico ...)
+ TODO: check
+CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior ...)
+ TODO: check
+CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR ...)
+ TODO: check
+CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to ...)
+ TODO: check
+CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka Apache ...)
+ TODO: check
+CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and ...)
+ TODO: check
+CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum ...)
+ TODO: check
+CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ...)
+ TODO: check
+CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS ...)
+ TODO: check
+CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass ...)
+ TODO: check
+CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the password ...)
+ TODO: check
+CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature in ...)
+ TODO: check
+CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
+ TODO: check
+CVE-2006-2842 (** DISPUTED ** ...)
- squirrelmail <unfixed> (unimportant)
NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [XSS vulnerability in dokuwikis's "Fullname" and "E-Mail" fields]
@@ -9,7 +213,7 @@
- webalizer 2.01.10-29
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...)
NOT-FOR-US: vBulletin
-CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss iCM 7.0 ...)
+CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss ...)
NOT-FOR-US: Goss iCM
CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...)
NOT-FOR-US: PHP ManualMaker
@@ -149,11 +353,11 @@
TODO: check
CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...)
TODO: check
-CVE-2006-2769 (The HTTP Inspect preprocessor in Snort 2.4.0 through 2.4.4 allows ...)
+CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...)
TODO: check
CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...)
TODO: check
-CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottomanpath 1.1.2, when ...)
+CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...)
TODO: check
CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet ...)
TODO: check
@@ -645,7 +849,7 @@
NOT-FOR-US: Xtreme Topsites
CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors ...)
NOT-FOR-US: Xtreme Topsites
-CVE-2006-2542 (xmcdconfig in Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and ...)
+CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb ...)
{DSA-1086-1}
TODO: check sarge and woody
- xmcd 2.6-17.2 (bug #366816; medium)
@@ -852,8 +1056,7 @@
RESERVED
CVE-2006-2448
RESERVED
-CVE-2006-2447 [spamd --vpopmail/--paranoid remote command execution bug]
- RESERVED
+CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...)
- spamassassin 3.1.3-1 (medium)
CVE-2006-2446
RESERVED
@@ -4586,7 +4789,7 @@
NOT-FOR-US: Calcium
CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation ...)
NOT-FOR-US: Invision Power Board
-CVE-2006-0887 (Unspecified vulnerability in PHPLIB 7.4 allows remote attackers to ...)
+CVE-2006-0887 (Eval injection vulnerability in sessions.inc in PHP Base Library ...)
NOT-FOR-US: PHPLIB
CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV web ...)
NOT-FOR-US: DEV web management system
@@ -4768,7 +4971,7 @@
NOT-FOR-US: MUTE
CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word ...)
NOT-FOR-US: NJStar
-CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71 ...)
+CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ...)
{DSA-1031-1 DSA-1030-1 DSA-1029-1}
- libphp-adodb 4.72-0.1 (bug #358872; medium)
- moodle <unfixed> (bug #360396; medium)
@@ -9885,7 +10088,7 @@
NOT-FOR-US: Ringtail CaseBook
CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail ...)
NOT-FOR-US: Ringtail CaseBook
-CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe Tutorial Manager ...)
+CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe.net Tutorials ...)
NOT-FOR-US: PHPCafe Tutorial Manager
CVE-2005-3477 (Multiple interpretation error in the image upload handling code in ...)
NOT-FOR-US: Invision Gallery
@@ -15457,8 +15660,8 @@
NOT-FOR-US: Microsoft
CVE-2005-1977
RESERVED
-CVE-2005-1976
- RESERVED
+CVE-2005-1976 (Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets ...)
+ TODO: check
CVE-2002-1782 (The default configuration of University of Washington IMAP daemon ...)
- uw-imap <unfixed> (bug #315499; low)
CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
More information about the Secure-testing-commits
mailing list