[Secure-testing-commits] r4305 - data/CVE

Joey Hess joeyh at costa.debian.org
Tue Jun 27 09:14:49 UTC 2006


Author: joeyh
Date: 2006-06-27 09:14:34 +0000 (Tue, 27 Jun 2006)
New Revision: 4305

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-06-26 22:28:32 UTC (rev 4304)
+++ data/CVE/list	2006-06-27 09:14:34 UTC (rev 4305)
@@ -1,3 +1,191 @@
+CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web ...)
+	TODO: check
+CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the ...)
+	TODO: check
+CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...)
+	TODO: check
+CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote ...)
+	TODO: check
+CVE-2006-3223
+	RESERVED
+CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 ...)
+	TODO: check
+CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ...)
+	TODO: check
+CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab ...)
+	TODO: check
+CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board ...)
+	TODO: check
+CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board ...)
+	TODO: check
+CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows ...)
+	TODO: check
+CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...)
+	TODO: check
+CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...)
+	TODO: check
+CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ...)
+	TODO: check
+CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote ...)
+	TODO: check
+CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
+	TODO: check
+CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
+	TODO: check
+CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and earlier, when register_globals is ...)
+	TODO: check
+CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP ...)
+	TODO: check
+CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...)
+	TODO: check
+CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...)
+	TODO: check
+CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows ...)
+	TODO: check
+CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically ...)
+	TODO: check
+CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier ...)
+	TODO: check
+CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain ...)
+	TODO: check
+CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...)
+	TODO: check
+CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ...)
+	TODO: check
+CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
+	TODO: check
+CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
+	TODO: check
+CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
+	TODO: check
+CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...)
+	TODO: check
+CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...)
+	TODO: check
+CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows ...)
+	TODO: check
+CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 ...)
+	TODO: check
+CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php ...)
+	TODO: check
+CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and ...)
+	TODO: check
+CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop ...)
+	TODO: check
+CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon ...)
+	TODO: check
+CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS ...)
+	TODO: check
+CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator ...)
+	TODO: check
+CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in Mobile Space ...)
+	TODO: check
+CVE-2006-3182 (Directory traversal vulnerability in index.php in Mobile Space ...)
+	TODO: check
+CVE-2006-3181 (SQL injection vulnerability in index.php in Mobile Space Community 2.0 ...)
+	TODO: check
+CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx ...)
+	TODO: check
+CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...)
+	TODO: check
+CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...)
+	TODO: check
+CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...)
+	TODO: check
+CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 ...)
+	TODO: check
+CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...)
+	TODO: check
+CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...)
+	TODO: check
+CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
+	TODO: check
+CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
+	TODO: check
+CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote ...)
+	TODO: check
+CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 ...)
+	TODO: check
+CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote ...)
+	TODO: check
+CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...)
+	TODO: check
+CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free ...)
+	TODO: check
+CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...)
+	TODO: check
+CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0 ...)
+	TODO: check
+CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...)
+	TODO: check
+CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in ...)
+	TODO: check
+CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...)
+	TODO: check
+CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in Simple File ...)
+	TODO: check
+CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...)
+	TODO: check
+CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions ...)
+	TODO: check
+CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory ...)
+	TODO: check
+CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate ...)
+	TODO: check
+CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...)
+	TODO: check
+CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ...)
+	TODO: check
+CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate ...)
+	TODO: check
+CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and ...)
+	TODO: check
+CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD ...)
+	TODO: check
+CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and ...)
+	TODO: check
+CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum ...)
+	TODO: check
+CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in ...)
+	TODO: check
+CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...)
+	TODO: check
+CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.23 and earlier ...)
+	TODO: check
+CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows ...)
+	TODO: check
+CVE-2006-3144 (PHP remote file inclusion vulnerability in microcms-include.php in IBD ...)
+	TODO: check
+CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...)
+	TODO: check
+CVE-2006-3142 (SQL injection vulnerability in Forum.php in VBZooM 1.11 allows remote ...)
+	TODO: check
+CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...)
+	TODO: check
+CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...)
+	TODO: check
+CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War 1.5.0 ...)
+	TODO: check
+CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory ...)
+	TODO: check
+CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...)
+	TODO: check
+CVE-2006-3136 (Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 ...)
+	TODO: check
+CVE-2006-3135
+	RESERVED
+CVE-2006-3134
+	RESERVED
 CVE-2006-3133
 	RESERVED
 CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in ...)
@@ -104,8 +292,7 @@
 CVE-2006-3100 [termnetd buffer overflow]
 	RESERVED
 	- termnetd 3.3-7 (bug #358028; medium)
-CVE-2006-3085 [linux endless loop in xt_sctp]
-	RESERVED
+CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...)
 	- linux-2.6 2.6.16-15
 CVE-2006-XXXX [webalizer-stonesteps XSS]
 	- webalizer-stonesteps 2.4.1.2-1
@@ -167,9 +354,9 @@
 	NOT-FOR-US: PHORUM
 CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows ...)
 	NOT-FOR-US: Event Registration
-CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0 and ...)
+CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, ...)
 	NOT-FOR-US: SixCMS
-CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0 and ...)
+CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and ...)
 	NOT-FOR-US: SixCMS
 CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...)
 	NOT-FOR-US: Mole Group Ticket Booking Script
@@ -187,7 +374,7 @@
 	NOT-FOR-US: LogiSphere
 CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe ...)
 	NOT-FOR-US: CFXe-CMS
-CVE-2006-3042 (Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 ...)
+CVE-2006-3042 (** DISPUTED ** ...)
 	NOT-FOR-US: ISPConfig
 CVE-2006-3041 (** DISPUTED ** ...)
 	TODO: check
@@ -451,18 +638,18 @@
 	- sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low)
 CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-2918
-	RESERVED
+CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...)
+	TODO: check
 CVE-2006-2917
 	RESERVED
 CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...)
 	- arts 1.5.3-2 (bug #374003; low)
 	[sarge] - arts <not-affected> (Not setuid root in Debian)
 	NOTE: artswrapper is not suid root by default, but README.Debian describes it
-CVE-2006-2915
-	RESERVED
-CVE-2006-2914
-	RESERVED
+CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote ...)
+	TODO: check
+CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...)
+	TODO: check
 CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows ...)
 	NOT-FOR-US: SelectaPix
 CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...)
@@ -1557,16 +1744,14 @@
 	RESERVED
 CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...)
 	- kdebase 4:3.5.2-2 (bug #374002; medium)
-CVE-2006-2448 [linux machine check problem on powerpc]
-	RESERVED
+CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, ...)
 	- linux-2.6 2.6.16-15
 CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...)
 	{DSA-1090-1}
 	- spamassassin 3.1.3-1 (medium)
 CVE-2006-2446
 	RESERVED
-CVE-2006-2445 [linux vuln in check_process_timers (DoS?)]
-	RESERVED
+CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before ...)
 	- linux-2.6 2.6.16-15
 CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel ...)
 	- linux-2.6 2.6.16-15
@@ -1869,10 +2054,10 @@
 	NOTE: it's marked as fixed here.  (Previous versions are vulnerable.)
 CVE-2006-2312 (Unspecified vulnerability in the URI handler in Skype 2.0.*.104 and ...)
 	NOT-FOR-US: Skype
-CVE-2006-2311
-	RESERVED
-CVE-2006-2310
-	RESERVED
+CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...)
+	TODO: check
+CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote ...)
+	TODO: check
 CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain ...)
 	NOT-FOR-US: EServ
 CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...)
@@ -2126,11 +2311,10 @@
 	RESERVED
 CVE-2006-2198
 	RESERVED
-CVE-2006-2197 (Integer overflow in wv2 before 0.2.2 might allow context-dependent ...)
+CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent ...)
 	{DSA-1100}
 	- wv2 0.2.2-6 (medium)
-CVE-2006-2196 [pinball loads levels and compiled plugins from user-controllable locations]
-	RESERVED
+CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain ...)
 	{DSA-1102}
 	- pinball 0.3.1-6
 CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before ...)




More information about the Secure-testing-commits mailing list