[Secure-testing-commits] r3619 - data/CVE

Wed Mar 15 21:14:29 UTC 2006

Author: joeyh
Date: 2006-03-15 21:14:22 +0000 (Wed, 15 Mar 2006)
New Revision: 3619

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-03-15 12:12:03 UTC (rev 3618)
+++ data/CVE/list	2006-03-15 21:14:22 UTC (rev 3619)
@@ -1,3 +1,37 @@
+CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...)
+	TODO: check
+CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...)
+	TODO: check
+CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...)
+	TODO: check
+CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...)
+	TODO: check
+CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...)
+	TODO: check
+CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...)
+	TODO: check
+CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in create.php in ...)
+	TODO: check
+CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 ...)
+	TODO: check
+CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
+	TODO: check
+CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is ...)
+	TODO: check
+CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 ...)
+	TODO: check
+CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
+	TODO: check
+CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows ...)
+	TODO: check
+CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager ...)
+	TODO: check
+CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 ...)
+	TODO: check
+CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service ...)
+	TODO: check
+CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...)
+	TODO: check
 CVE-2006-XXXX [Insufficient filename sanitising in darcsweb]
 	- darcsweb 0.15-1
 CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for Mac ...)
@@ -258,7 +292,7 @@
 	NOT-FOR-US: Woltlab Burning Board
 CVE-2006-1096 (** DISPUTED ** ...)
 	NOT-FOR-US: NZ Ecommerce
-CVE-2006-1095 (Unspecified vulnerability in the FileSession object in Mod_python ...)
+CVE-2006-1095 (Directory traversal vulnerability in the FileSession object in ...)
 	NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out
 	NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged
 CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for ...)
@@ -695,7 +729,7 @@
 CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV ...)
 	{DSA-996-1}
 	- libcrypt-cbc-perl 2.17-1
-CVE-2006-0897 (SQL injection vulnerability in Virtual Program Management Intranet ...)
+CVE-2006-0897 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php in ...)
 	TODO: check
@@ -1018,7 +1052,7 @@
 	RESERVED
 CVE-2006-0744
 	RESERVED
-CVE-2006-0743 (Unspecified vulnerability in LocalSyslogAppender in Apache log4net ...)
+CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache log4net ...)
 	TODO: check
 CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux ...)
 	- linux-2.6 2.6.15-8
@@ -1909,16 +1943,16 @@
 	- zoph 0.5-1 (bug #350717)
 CVE-2006-0401
 	RESERVED
-CVE-2006-0400
-	RESERVED
-CVE-2006-0399
-	RESERVED
-CVE-2006-0398
-	RESERVED
-CVE-2006-0397
-	RESERVED
-CVE-2006-0396
-	RESERVED
+CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers ...)
+	TODO: check
+CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
+	TODO: check
+CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
+	TODO: check
+CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
+	TODO: check
+CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5 and ...)
+	TODO: check
 CVE-2006-0395
 	RESERVED
 CVE-2006-0394
@@ -3913,7 +3947,7 @@
 	NOT-FOR-US: Solaris
 CVE-2005-4132 (Unspecified &quot;security leak&quot; vulnerability in Contenido before 4.6.4, ...)
 	NOT-FOR-US: Contenido
-CVE-2005-4131 (** UNVERIFIABLE, PRERELEASE ** ...)
+CVE-2005-4131 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
 	NOT-FOR-US: Excel
 CVE-2005-4130 (** UNVERIFIABLE, PRERELEASE ** ...)
 	TODO: Once dislosed, check, whether this affects Helix
@@ -4227,6 +4261,7 @@
 CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...)
 	NOT-FOR-US: HP Systems Insight Manager
 CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...)
+	{DSA-1002-1}
 	- webcalendar 1.0.2-1 (bug #342090)
 CVE-2005-3981 (** DISPUTED ** ...)
 	NOT-FOR-US: Windows
@@ -4367,14 +4402,14 @@
 	RESERVED
 CVE-2006-0032
 	RESERVED
-CVE-2006-0031
-	RESERVED
-CVE-2006-0030
-	RESERVED
-CVE-2006-0029
-	RESERVED
-CVE-2006-0028
-	RESERVED
+CVE-2006-0031 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
+	TODO: check
+CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
+	TODO: check
+CVE-2006-0029 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
+	TODO: check
+CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
+	TODO: check
 CVE-2006-0027
 	RESERVED
 CVE-2006-0026
@@ -4394,6 +4429,7 @@
 CVE-2006-0018
 	REJECTED
 CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers to ...)
+	{DSA-1002-1}
 	- webcalendar 1.0.2-1 (bug #341208; medium)
 CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Kadu
@@ -4418,6 +4454,7 @@
 CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users ...)
 	- nufw 1.0.16-1 (bug #341544; medium)
 CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow ...)
+	{DSA-1002-1}
 	- webcalendar 1.0.2-1 (bug #341208; medium)
 CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ...)
 	NOT-FOR-US: PHPAlbum
@@ -5156,8 +5193,8 @@
 	RESERVED
 CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-0009
-	RESERVED
+CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other ...)
+	TODO: check
 CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean ...)
 	TODO: check
 CVE-2006-0007
@@ -19318,7 +19355,7 @@
 	- php4 4:4.3.10-1
 CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...)
 	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771)
-CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...)
+CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, ...)
 	- bugzilla 2.16.7-2
 CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...)
 	NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors


