[Secure-testing-commits] r3550 - data/CVE
Joey Hess
joeyh at costa.debian.org
Wed Mar 1 09:14:25 UTC 2006
Author: joeyh
Date: 2006-03-01 09:14:18 +0000 (Wed, 01 Mar 2006)
New Revision: 3550
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-28 21:14:25 UTC (rev 3549)
+++ data/CVE/list 2006-03-01 09:14:18 UTC (rev 3550)
@@ -1,3 +1,115 @@
+CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2006-0936 (Free Host Shop Website Generator 3.3 allows remote authenticated users ...)
+ TODO: check
+CVE-2006-0935 (Microsoft Word 2003 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-0934 (Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 ...)
+ TODO: check
+CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote ...)
+ TODO: check
+CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...)
+ TODO: check
+CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2 allows ...)
+ TODO: check
+CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server ...)
+ TODO: check
+CVE-2006-0929 (Directory traversal vulnerability in the IMAP server in ArGoSoft Mail ...)
+ TODO: check
+CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote ...)
+ TODO: check
+CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA ...)
+ TODO: check
+CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt ...)
+ TODO: check
+CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon ...)
+ TODO: check
+CVE-2006-0924 (Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 ...)
+ TODO: check
+CVE-2006-0923 (Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) ...)
+ TODO: check
+CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an ...)
+ TODO: check
+CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in ...)
+ TODO: check
+CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP ...)
+ TODO: check
+CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! ...)
+ TODO: check
+CVE-2006-0918 (Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web browser, ...)
+ TODO: check
+CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences ...)
+ TODO: check
+CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in the ...)
+ TODO: check
+CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 do not properly handle ...)
+ TODO: check
+CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through ...)
+ TODO: check
+CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2006-0911 (NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote ...)
+ TODO: check
+CVE-2006-0910 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL ...)
+ TODO: check
+CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows ...)
+ TODO: check
+CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0905
+ RESERVED
+CVE-2006-0904
+ RESERVED
+CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...)
+ TODO: check
+CVE-2006-0902
+ RESERVED
+CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and ...)
+ TODO: check
+CVE-2006-0900 (nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2006-0899 (Directory traversal vulnerability in index.php in 4Images 1.7.1 and ...)
+ TODO: check
+CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV ...)
+ TODO: check
+CVE-2006-0897 (SQL injection vulnerability in Virtual Program Management Intranet ...)
+ TODO: check
+CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php in ...)
+ TODO: check
+CVE-2006-0895 (NOCC Webmail 1.0 allows remote attackers to obtain the installation ...)
+ TODO: check
+CVE-2006-0894 (Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail ...)
+ TODO: check
+CVE-2006-0893 (NOCC Webmail 1.0 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2006-0892 (NOCC Webmail 1.0 stores e-mail attachments in temporary files with ...)
+ TODO: check
+CVE-2006-0891 (Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow ...)
+ TODO: check
+CVE-2006-0890 (Directory traversal vulnerability in SpeedProject Squeez 5.1, as used ...)
+ TODO: check
+CVE-2006-0889 (Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows ...)
+ TODO: check
+CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation ...)
+ TODO: check
+CVE-2006-0887 (Unspecified vulnerability in PHPLIB 7.4 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV web ...)
+ TODO: check
+CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...)
+ TODO: check
+CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier ...)
+ TODO: check
+CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...)
+ TODO: check
+CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...)
+ TODO: check
CVE-2006-0883
RESERVED
CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...)
@@ -27,7 +139,7 @@
NOTE: only in experimental
CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 ...)
NOT-FOR-US: Mini-Nuke CMS
-CVE-2006-0869 (Directory traversal vulnerability in the "remember me" feature in PHP ...)
+CVE-2006-0869 (Directory traversal vulnerability in the "remember me" feature in ...)
NOT-FOR-US: PHP PEAR LiveUser
CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified Auth ...)
- php-auth <unfixed> (bug #354474)
@@ -304,8 +416,8 @@
TODO: check
CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of ...)
TODO: check
-CVE-2006-0736
- RESERVED
+CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication ...)
+ TODO: check
CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows ...)
TODO: check
CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ...)
@@ -2388,7 +2500,7 @@
NOT-FOR-US: Redakto WCMS
CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and ...)
NOT-FOR-US: RAMSite
-CVE-2005-4486 (SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly ...)
+CVE-2005-4486 (** DISPUTED ** ...)
NOT-FOR-US: Quantum Art
CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 ...)
NOT-FOR-US: ProjectApp
@@ -5872,7 +5984,7 @@
- kernel-source-2.4.27 <not-affected>
CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...)
NOT-FOR-US: Symantec Antivirus
-CVE-2005-3269 (Unspecified "security exposure" in the HTTP Admin interface for Sun ...)
+CVE-2005-3269 (Stack-based buffer overflow in help.cgi in the HTTP administrative ...)
NOT-FOR-US: Sun Java System Directory Server
CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...)
- yiff 2.14.2-8 (bug #334616; low)
@@ -11091,7 +11203,7 @@
NOT-FOR-US: Xitami
CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)
NOT-FOR-US: Annuaire
-CVE-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...)
+CVE-2005-1974 (Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) ...)
NOT-FOR-US: Sun Java
CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...)
NOT-FOR-US: Sun Java
@@ -21134,8 +21246,8 @@
- tcpdump 3.8.1
CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...)
- apache 1.3.29.0.2-5
-CVE-2003-0986
- RESERVED
+CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...)
+ TODO: check
CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1)
@@ -21348,8 +21460,8 @@
CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
{DSA-401}
- hylafax 1:4.1.8-1
-CVE-2003-0885
- RESERVED
+CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have ...)
+ TODO: check
CVE-2003-0884
RESERVED
CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
@@ -21786,7 +21898,7 @@
{DSA-388}
- kdebase 4:3.2
CVE-2003-0691
- RESERVED
+ REJECTED
CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
{DSA-443 DSA-388}
- xfree86 4.3.0-0pre1v2
@@ -22806,8 +22918,8 @@
- nis 3.11
CVE-2003-0250
RESERVED
-CVE-2003-0249
- RESERVED
+CVE-2003-0249 (** DISPUTED ** ...)
+ TODO: check
CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22-pre10)
More information about the Secure-testing-commits
mailing list