[Secure-testing-commits] r3562 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue Mar 7 09:14:27 UTC 2006
Author: joeyh
Date: 2006-03-07 09:14:20 +0000 (Tue, 07 Mar 2006)
New Revision: 3562
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-06 21:14:24 UTC (rev 3561)
+++ data/CVE/list 2006-03-07 09:14:20 UTC (rev 3562)
@@ -1,3 +1,227 @@
+CVE-2006-1049 (Multiple SQL injection vulnerabilities in Joomla! 1.0.7 and earlier ...)
+ TODO: check
+CVE-2006-1048 (Joomla! 1.0.7 and earlier allows attackers to bypass intended access ...)
+ TODO: check
+CVE-2006-1047 (Unspecified vulnerability in the "Remember Me login functionality" in ...)
+ TODO: check
+CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block ...)
+ TODO: check
+CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...)
+ TODO: check
+CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and ...)
+ TODO: check
+CVE-2006-1042 (Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote ...)
+ TODO: check
+CVE-2006-1041 (Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 ...)
+ TODO: check
+CVE-2006-1040 (Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 ...)
+ TODO: check
+CVE-2006-1039 (SAP Web Application Server (WebAS) Kernel before 7.0 allows remote ...)
+ TODO: check
+CVE-2006-1038 (Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and ...)
+ TODO: check
+CVE-2006-1037 (SQL injection vulnerability in the Oracle Diagnostics module 2.2 and ...)
+ TODO: check
+CVE-2006-1036 (Multiple unspecified vulnerabilities in the Oracle Diagnostics module ...)
+ TODO: check
+CVE-2006-1035 (Unspecified vulnerability in the Oracle Diagnostics module 2.2 and ...)
+ TODO: check
+CVE-2006-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning ...)
+ TODO: check
+CVE-2006-1033 (Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS ...)
+ TODO: check
+CVE-2006-1032 (Eval injection vulnerability in the decode function in rpc_decoder.php ...)
+ TODO: check
+CVE-2006-1031 (PHP local file include vulnerability in config/config_inc.php in ...)
+ TODO: check
+CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 ...)
+ TODO: check
+CVE-2006-1029 (The cross-site scripting (XSS) countermeasures in ...)
+ TODO: check
+CVE-2006-1028 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
+ TODO: check
+CVE-2006-1027 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
+ TODO: check
+CVE-2006-1026 (JFacets before 0.2 allows remote attackers to gain privileges as any ...)
+ TODO: check
+CVE-2006-1025 (Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft ...)
+ TODO: check
+CVE-2006-1024 (SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 ...)
+ TODO: check
+CVE-2006-1023 (Directory traversal vulnerability in HP System Management Homepage ...)
+ TODO: check
+CVE-2006-1022 (PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik ...)
+ TODO: check
+CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe ...)
+ TODO: check
+CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas ...)
+ TODO: check
+CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 ...)
+ TODO: check
+CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...)
+ TODO: check
+CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and 5.x, ...)
+ TODO: check
+CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet ...)
+ TODO: check
+CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...)
+ TODO: check
+CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x ...)
+ TODO: check
+CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka ...)
+ TODO: check
+CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly other ...)
+ TODO: check
+CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database files with ...)
+ TODO: check
+CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0, when ...)
+ TODO: check
+CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...)
+ TODO: check
+CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and ...)
+ TODO: check
+CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow ...)
+ TODO: check
+CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard ...)
+ TODO: check
+CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote ...)
+ TODO: check
+CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in ...)
+ TODO: check
+CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall ...)
+ TODO: check
+CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of ...)
+ TODO: check
+CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanParty ...)
+ TODO: check
+CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 ...)
+ TODO: check
+CVE-2006-0999
+ RESERVED
+CVE-2006-0998
+ RESERVED
+CVE-2006-0997
+ RESERVED
+CVE-2006-0996
+ RESERVED
+CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
+ TODO: check
+CVE-2006-0994
+ RESERVED
+CVE-2006-0993
+ RESERVED
+CVE-2006-0992
+ RESERVED
+CVE-2006-0991
+ RESERVED
+CVE-2006-0990
+ RESERVED
+CVE-2006-0989
+ RESERVED
+CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...)
+ TODO: check
+CVE-2006-0987 (The default configuration of ISC BIND, when configured as a caching ...)
+ TODO: check
+CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the "post ...)
+ TODO: check
+CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo ...)
+ TODO: check
+CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 ...)
+ TODO: check
+CVE-2006-0982 (The on-access scanner for McAfee Virex 7.7 for Macintosh, in some ...)
+ TODO: check
+CVE-2006-0981 (Directory traversal vulnerability in e-merge WinAce 2.6 and earlier ...)
+ TODO: check
+CVE-2006-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI ...)
+ TODO: check
+CVE-2006-0979 (Unspecified vulnerability in the local weblog publisher in Nidelven IT ...)
+ TODO: check
+CVE-2006-0978 (Multiple cross-site scripting (XSS) vulnerabilities in the View ...)
+ TODO: check
+CVE-2006-0977 (Craig Morrison Mail Transport System Professional (aka MTS Pro) acts ...)
+ TODO: check
+CVE-2006-0976 (Directory traversal vulnerability in scan_lang_insert.php in Boris ...)
+ TODO: check
+CVE-2006-0975 (Multiple unspecified vulnerabilities in Will Estes and John Millaway ...)
+ TODO: check
+CVE-2006-0974 (Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe ...)
+ TODO: check
+CVE-2006-0973 (SQL injection vulnerability in topics.php in Appalachian State ...)
+ TODO: check
+CVE-2006-0972 (SQL injection vulnerability in news.php in Tony Baird Fantastic News ...)
+ TODO: check
+CVE-2006-0971 (Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b ...)
+ TODO: check
+CVE-2006-0970 (PHP remote file inclusion vulnerability in index.php in one or more ...)
+ TODO: check
+CVE-2006-0969 (PHP remote file inclusion vulnerability in index.php in Top sites de ...)
+ TODO: check
+CVE-2006-0968 (The ncprwsnt service in NCP Network Communication Secure Client 8.11 ...)
+ TODO: check
+CVE-2006-0967 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
+ TODO: check
+CVE-2006-0966 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
+ TODO: check
+CVE-2006-0965 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
+ TODO: check
+CVE-2006-0964 (Client Firewall in NCP Network Communication Secure Client 8.11 Build ...)
+ TODO: check
+CVE-2006-0963 (Multiple buffer overflows in STLport 5.0.2 might allow local users to ...)
+ TODO: check
+CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers to ...)
+ TODO: check
+CVE-2006-0961 (SQL injection vulnerability in Cilem News 1.1 allows remote attackers ...)
+ TODO: check
+CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote ...)
+ TODO: check
+CVE-2006-0959 (SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) ...)
+ TODO: check
+CVE-2006-0958 (Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft ...)
+ TODO: check
+CVE-2006-0957 (Direct static code injection vulnerability in func.inc.php in ...)
+ TODO: check
+CVE-2006-0956 (nuauth in NuFW before 1.0.21 does not properly handle blocking TLS ...)
+ TODO: check
+CVE-2006-0955
+ RESERVED
+CVE-2006-0954
+ RESERVED
+CVE-2006-0953
+ RESERVED
+CVE-2006-0952
+ RESERVED
+CVE-2006-0951
+ RESERVED
+CVE-2006-0950
+ RESERVED
+CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...)
+ TODO: check
+CVE-2006-0948
+ RESERVED
+CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote ...)
+ TODO: check
+CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems ...)
+ TODO: check
+CVE-2006-0945 (PHP remote file include vulnerability in index.php Archangel Weblog ...)
+ TODO: check
+CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2006-0943 (SQL injection vulnerability in the sondages module in index.php in ...)
+ TODO: check
+CVE-2006-0942 (SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and ...)
+ TODO: check
+CVE-2006-0941 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
+ TODO: check
+CVE-2006-0940 (Multiple direct static code injection vulnerabilities in ...)
+ TODO: check
+CVE-2006-0939 (SQL injection vulnerability in DCI-Taskeen 1.03 allows remote ...)
+ TODO: check
+CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and ...)
+ TODO: check
CVE-2006-XXXX [lurker XSS and information disclosure]
- lurker 2.1-1
CVE-2006-XXXX [minor bypass of rssh sanitising]
@@ -130,8 +354,8 @@
TODO: check
CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...)
TODO: check
-CVE-2006-0883
- RESERVED
+CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...)
+ TODO: check
CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...)
NOT-FOR-US: Noah's Classifieds
CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...)
@@ -175,11 +399,11 @@
NOT-FOR-US: InfoVista PortalSE
CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on ...)
NOT-FOR-US: InfoVista PortalSE
-CVE-2006-0861 (Michael Salzer Guestbox 0.6 allows remote attackers to obtain the ...)
+CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versoins before 0.8, allows ...)
NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer ...)
NOT-FOR-US: Michael Salzer Guestbox
-CVE-2006-0859 (Michael Salzer Guestbox 0.6 allows remote attackers to post an admin ...)
+CVE-2006-0859 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows ...)
NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...)
NOT-FOR-US: StarForce Safe'n'Sec Personal
@@ -268,10 +492,10 @@
RESERVED
CVE-2006-0816
RESERVED
-CVE-2006-0815
- RESERVED
-CVE-2006-0814
- RESERVED
+CVE-2006-0815 (NetworkActiv Web Server 3.5.15 allows remote attackers to read script ...)
+ TODO: check
+CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...)
+ TODO: check
CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-complicit ...)
TODO: check
CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server ...)
@@ -314,7 +538,7 @@
NOT-FOR-US: Nokia cell phone
CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...)
NOT-FOR-US: Clever Copy
-CVE-2006-0795 (Unspecified vulnerability in convert.cgi in Quirex 2.0.2 and earlier ...)
+CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 ...)
NOT-FOR-US: Quirex
CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the ...)
NOT-FOR-US: V-webmail
@@ -423,8 +647,7 @@
CVE-2006-0742 [[IA64] die_if_kernel() can return]
RESERVED
- linux-2.6 2.6.15-8
-CVE-2006-0741 [x86_64: Check for bad elf entry address]
- RESERVED
+CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, allows ...)
- linux-2.6 2.6.15-8
CVE-2006-0740
RESERVED
@@ -867,11 +1090,9 @@
RESERVED
CVE-2006-0556
RESERVED
-CVE-2006-0555 [Normal user can panic NFS client with direct I/O]
- RESERVED
+CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial ...)
- linux-2.6 2.6.15-8
-CVE-2006-0554 [XFS ftruncate() bug could expose stale data]
- RESERVED
+CVE-2006-0554 (Linux kernel 2.6 before 2.6.15.5 allows local users to obtain ...)
- linux-2.6 2.6.15-8
CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to ...)
- postgresql-8.1 8.1.3-1
@@ -1163,13 +1384,13 @@
- bomberclone 0.11.6.2-1
CVE-2006-0459
RESERVED
-CVE-2006-0458
- RESERVED
+CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...)
+ TODO: check
CVE-2006-0457
RESERVED
CVE-2006-0456
RESERVED
-CVE-2006-0455 (gpgv in GnuPG 1.4.x before 1.4.2.1, when using unattended signature ...)
+CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature ...)
{DSA-978-1}
- gnupg <unfixed> (bug #353017; bug #353019; bug #354620; medium)
[woody] - gnupg 1.0.6-4woody4
@@ -1324,29 +1545,29 @@
CVE-2006-0395
RESERVED
CVE-2006-0394
- RESERVED
+ REJECTED
CVE-2006-0393
RESERVED
CVE-2006-0392
RESERVED
-CVE-2006-0391
- RESERVED
+CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X ...)
+ TODO: check
CVE-2006-0390
- RESERVED
-CVE-2006-0389
- RESERVED
-CVE-2006-0388
- RESERVED
-CVE-2006-0387
- RESERVED
-CVE-2006-0386
- RESERVED
+ REJECTED
+CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) ...)
+ TODO: check
+CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows ...)
+ TODO: check
+CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, ...)
+ TODO: check
+CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly mount user ...)
+ TODO: check
CVE-2006-0385
RESERVED
-CVE-2006-0384
- RESERVED
-CVE-2006-0383
- RESERVED
+CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file servers to ...)
+ TODO: check
+CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 ...)
+ TODO: check
CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of ...)
TODO: check
CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...)
@@ -2298,8 +2519,7 @@
RESERVED
CVE-2006-0048
RESERVED
-CVE-2006-0047 [freeciv server can be crashed remotely]
- RESERVED
+CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause ...)
- freeciv 2.0.8-1 (medium; bug #355211)
CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows remote ...)
{DSA-966-1}
@@ -4587,8 +4807,8 @@
NOT-FOR-US: Apple AirPort
CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
NOT-FOR-US: Apple Quicktime
-CVE-2005-3712
- RESERVED
+CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 ...)
+ TODO: check
CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
NOT-FOR-US: Apple Quicktime
CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
@@ -4599,8 +4819,8 @@
NOT-FOR-US: Apple Quicktime
CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote ...)
NOT-FOR-US: Apple Quicktime
-CVE-2005-3706
- RESERVED
+CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through ...)
+ TODO: check
CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server ...)
NOT-FOR-US: Mac OS X
CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 ...)
@@ -5613,8 +5833,8 @@
NOT-FOR-US: FlatNuke
CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...)
NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005
-CVE-2005-3359
- RESERVED
+CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...)
+ TODO: check
CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
TODO: check 2.4
@@ -7450,10 +7670,10 @@
- webcalendar 0.9.45-7 (bug #326223; medium)
CVE-2005-2715 (Format string vulnerability in the Java user interface service ...)
NOT-FOR-US: VERITAS NetBackup Data and Business Center
-CVE-2005-2714
- RESERVED
-CVE-2005-2713
- RESERVED
+CVE-2005-2714 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...)
+ TODO: check
+CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...)
+ TODO: check
CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, ...)
TODO: check
CVE-2005-2711
@@ -14423,7 +14643,8 @@
NOT-FOR-US: SurgeFTP
CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
NOT-FOR-US: CubeCart
-CVE-2005-1032 (** DISPUTED ** ...)
+CVE-2005-1032
+ REJECTED
NOT-FOR-US: LiteCommerce
CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
NOT-FOR-US: exoops
@@ -21328,8 +21549,8 @@
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.23-pre7)
CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
NOT-FOR-US: OpenCA
-CVE-2003-0959
- RESERVED
+CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 ...)
+ TODO: check
CVE-2003-0958
RESERVED
CVE-2003-0957
More information about the Secure-testing-commits
mailing list