[Secure-testing-commits] r4063 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue May 23 21:14:35 UTC 2006
Author: joeyh
Date: 2006-05-23 21:14:30 +0000 (Tue, 23 May 2006)
New Revision: 4063
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-23 18:56:38 UTC (rev 4062)
+++ data/CVE/list 2006-05-23 21:14:30 UTC (rev 4063)
@@ -1,3 +1,127 @@
+CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2006-2549
+ RESERVED
+CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...)
+ TODO: check
+CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with Informix ...)
+ TODO: check
+CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic Server ...)
+ TODO: check
+CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites ...)
+ TODO: check
+CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with ...)
+ TODO: check
+CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors ...)
+ TODO: check
+CVE-2006-2542 (xmcdconfig in Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and ...)
+ TODO: check
+CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows ...)
+ TODO: check
+CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive ...)
+ TODO: check
+CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, ...)
+ TODO: check
+CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote ...)
+ TODO: check
+CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and ...)
+ TODO: check
+CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links Script ...)
+ TODO: check
+CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers to ...)
+ TODO: check
+CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other support ...)
+ TODO: check
+CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) ...)
+ TODO: check
+CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...)
+ TODO: check
+CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users identity ...)
+ TODO: check
+CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
+ TODO: check
+CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...)
+ TODO: check
+CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in ...)
+ TODO: check
+CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy ...)
+ TODO: check
+CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote ...)
+ TODO: check
+CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier ...)
+ TODO: check
+CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro ...)
+ TODO: check
+CVE-2006-2522 (Dayfox Blog 2.0 and ealier stores user credentials in ...)
+ TODO: check
+CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory ...)
+ TODO: check
+CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier ...)
+ TODO: check
+CVE-2006-2519 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows ...)
+ TODO: check
+CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard Edition, ...)
+ TODO: check
+CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is ...)
+ TODO: check
+CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox ...)
+ TODO: check
+CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with ...)
+ TODO: check
+CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun Java ...)
+ TODO: check
+CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition, EUR ...)
+ TODO: check
+CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote authenticated ...)
+ TODO: check
+CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission form in ...)
+ TODO: check
+CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com Short ...)
+ TODO: check
+CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish ...)
+ TODO: check
+CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...)
+ TODO: check
+CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
+ TODO: check
+CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to execute ...)
+ TODO: check
+CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier ...)
+ TODO: check
+CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote ...)
+ TODO: check
+CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) ...)
+ TODO: check
+CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...)
+ TODO: check
+CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in ...)
+ TODO: check
+CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News ...)
+ TODO: check
+CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers to ...)
+ TODO: check
+CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 ...)
+ TODO: check
+CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote ...)
+ TODO: check
+CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry Manager ...)
+ TODO: check
+CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote ...)
+ TODO: check
+CVE-2006-2493 (Integer overflow in the read_lwfn function in FreeType before 2.2 ...)
+ TODO: check
+CVE-2005-1755 (PHP remote code injection vulnerability in poll_vote.php in PHP Poll ...)
+ TODO: check
+CVE-2005-1754 (JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, ...)
+ TODO: check
+CVE-2005-1753 (ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache ...)
+ TODO: check
+CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows remote ...)
+ TODO: check
CVE-2006-2492 (Buffer overflow in Microsoft Word XP and Word 2003 allows ...)
NOT-FOR-US: Microsoft
CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...)
@@ -398,7 +522,7 @@
RESERVED
CVE-2006-2308
RESERVED
-CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS allows ...)
+CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before ...)
NOT-FOR-US: Webiste Banker
CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
NOT-FOR-US: EPublisherPro
@@ -665,8 +789,8 @@
NOT-FOR-US: zenphoto
CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain ...)
NOT-FOR-US: zenphoto
-CVE-2006-2185
- RESERVED
+CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password ...)
+ TODO: check
CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB ...)
NOT-FOR-US: PHPKB Knowledge Base
CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running ...)
@@ -714,7 +838,7 @@
CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...)
- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
- nagios2 2.3-1 (bug #366683; medium)
-CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01 and (2) Abakt 0.9.2 and ...)
+CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and ...)
NOT-FOR-US: TZipBuilder/Abakt
CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ...)
NOT-FOR-US: Russcom
@@ -943,7 +1067,7 @@
NOT-FOR-US: Invision
CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...)
NOT-FOR-US: Avant
-CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.06 allows ...)
+CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows ...)
NOT-FOR-US: Only on Windows
CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...)
NOT-FOR-US: Microsoft
@@ -1420,17 +1544,15 @@
- linux-2.6 2.6.16-10
CVE-2006-1862
RESERVED
-CVE-2006-1861
- RESERVED
+CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote ...)
+ TODO: check
CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows ...)
- linux-2.6 2.6.16-14
CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before ...)
- linux-2.6 <unfixed>
-CVE-2006-1858 [SCTP: Respect the real chunk length when walking parameters]
- RESERVED
+CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause ...)
- linux-2.6 2.6.16-14
-CVE-2006-1857 [SCTP: Validate the parameter length in HB-ACK chunk]
- RESERVED
+CVE-2006-1857 (Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote ...)
- linux-2.6 2.6.16-14
CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do not ...)
TODO: check
@@ -2373,8 +2495,8 @@
- linux-2.6 2.6.16-7
CVE-2006-1521
RESERVED
-CVE-2006-1520
- RESERVED
+CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework library ...)
+ TODO: check
CVE-2006-1519
REJECTED
CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in MySQL ...)
@@ -4123,8 +4245,8 @@
- thunderbird 1.5.0.2-1 (high)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
- xulrunner 1.8.0.1-9
-CVE-2006-0747
- RESERVED
+CVE-2006-0747 (integer underflow in Freetype before 2.2 allows remote attackers to ...)
+ TODO: check
CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
{DSA-1008-1}
- kdegraphics 3.5.0-3
@@ -4166,7 +4288,7 @@
CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...)
- wordpress <unfixed>
NOTE: This may very well be a non-issue
-CVE-2006-0732 (Unspecified vulnerability in SAP Business Connector 4.6 and 4.7 allows ...)
+CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 ...)
NOT-FOR-US: SAP Business Connector
CVE-2006-0731 (Unspecified vulnerability in SAP Business Connector Core Fix 7 and ...)
NOT-FOR-US: SAP Business Connector
More information about the Secure-testing-commits
mailing list