[Secure-testing-commits] r4930 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Nov 7 21:14:39 CET 2006
Author: joeyh
Date: 2006-11-07 21:14:37 +0100 (Tue, 07 Nov 2006)
New Revision: 4930
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-11-07 19:42:05 UTC (rev 4929)
+++ data/CVE/list 2006-11-07 20:14:37 UTC (rev 4930)
@@ -1,3 +1,257 @@
+CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to ...)
+ TODO: check
+CVE-2006-5776 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5775 (Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard ...)
+ TODO: check
+CVE-2006-5774 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before ...)
+ TODO: check
+CVE-2006-5773 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 ...)
+ TODO: check
+CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop ...)
+ TODO: check
+CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 ...)
+ TODO: check
+CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in Mobile allow ...)
+ TODO: check
+CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS ...)
+ TODO: check
+CVE-2006-5768 (Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 ...)
+ TODO: check
+CVE-2006-5767 (PHP remote file inclusion vulnerability in includes/xhtml.php in Drake ...)
+ TODO: check
+CVE-2006-5766 (PHP remote file inclusion vulnerability in volume.php in Article ...)
+ TODO: check
+CVE-2006-5765 (SQL injection vulnerability in rss.php in Article Script 1.6.3 and ...)
+ TODO: check
+CVE-2006-5764 (PHP remote file inclusion vulnerability in contact.php in Free File ...)
+ TODO: check
+CVE-2006-5763 (Multiple PHP remote file inclusion vulnerabilities in Free File ...)
+ TODO: check
+CVE-2006-5762 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...)
+ TODO: check
+CVE-2006-5761 (Cross-site scripting (XSS) vulnerability in index.php in Rhadrix ...)
+ TODO: check
+CVE-2006-5760 (Multiple PHP remote file inclusion vulnerabilities in phpDynaSite ...)
+ TODO: check
+CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote ...)
+ TODO: check
+CVE-2006-5758 (Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 ...)
+ TODO: check
+CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...)
+ TODO: check
+CVE-2006-5756
+ RESERVED
+CVE-2006-5755
+ RESERVED
+CVE-2006-5754
+ RESERVED
+CVE-2006-5753
+ RESERVED
+CVE-2006-5752
+ RESERVED
+CVE-2006-5751
+ RESERVED
+CVE-2006-5750
+ RESERVED
+CVE-2006-5749
+ RESERVED
+CVE-2006-5748
+ RESERVED
+CVE-2006-5747
+ RESERVED
+CVE-2006-5746 (The console in AirMagnet Enterprise does not properly validate the ...)
+ TODO: check
+CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the ...)
+ TODO: check
+CVE-2006-5744 (Multiple SQL injection vulnerabilities in Highwall Enterprise and ...)
+ TODO: check
+CVE-2006-5743 (Multiple cross-site scripting (XSS) vulnerabilities in Highwall ...)
+ TODO: check
+CVE-2006-5742 (The AirMagnet Enterprise console and Remote Sensor console (Laptop) in ...)
+ TODO: check
+CVE-2006-5741 (Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet ...)
+ TODO: check
+CVE-2006-5739 (PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in ...)
+ TODO: check
+CVE-2006-5738 (Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow ...)
+ TODO: check
+CVE-2006-5737 (PunBB uses a predictable cookie_seed value that can be derived from ...)
+ TODO: check
+CVE-2006-5736 (SQL injection vulnerability in search.php in PunBB before 1.2.14, when ...)
+ TODO: check
+CVE-2006-5735 (Directory traversal vulnerability in include/common.php in PunBB ...)
+ TODO: check
+CVE-2006-5734 (Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 ...)
+ TODO: check
+CVE-2006-5733 (Directory traversal vulnerability in error.php in PostNuke 0.763 and ...)
+ TODO: check
+CVE-2006-5732 (SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and ...)
+ TODO: check
+CVE-2006-5731 (Directory traversal vulnerability in classes/index.php in Lithium CMS ...)
+ TODO: check
+CVE-2006-5730 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5729 (Yazd Discussion Forum before 3.0 beta does not properly manage forum ...)
+ TODO: check
+CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote ...)
+ TODO: check
+CVE-2006-5727 (PHP remote file inclusion vulnerability in admin/controls/cart.php in ...)
+ TODO: check
+CVE-2006-5726 (alloccgblk in the UFS filesystem in Solaris 10 allows local users to ...)
+ TODO: check
+CVE-2006-5725 (The SSL server in AEP Smartgate 4.3b allows remote attackers to ...)
+ TODO: check
+CVE-2006-5724 (Heap-based buffer overflow the "Answering Service" function in ICQ ...)
+ TODO: check
+CVE-2006-5723 (SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier ...)
+ TODO: check
+CVE-2006-5722 (Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 ...)
+ TODO: check
+CVE-2006-5721 (The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) ...)
+ TODO: check
+CVE-2006-5720 (SQL injection vulnerability in modules/journal/search.php in the ...)
+ TODO: check
+CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall ...)
+ TODO: check
+CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin ...)
+ TODO: check
+CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google ...)
+ TODO: check
+CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 ...)
+ TODO: check
+CVE-2006-5715 (Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS ...)
+ TODO: check
+CVE-2006-5714 (Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file ...)
+ TODO: check
+CVE-2006-5713 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...)
+ TODO: check
+CVE-2006-5712 (Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows ...)
+ TODO: check
+CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote ...)
+ TODO: check
+CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in Darwin ...)
+ TODO: check
+CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon ...)
+ TODO: check
+CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient in ...)
+ TODO: check
+CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and ...)
+ TODO: check
+CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...)
+ TODO: check
+CVE-2006-5705 (Directory traversal vulnerability in plugins/wp-db-backup.php in ...)
+ TODO: check
+CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 ...)
+ TODO: check
+CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in ...)
+ TODO: check
+CVE-2006-5702 (Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel ...)
+ TODO: check
+CVE-2006-5700
+ RESERVED
+CVE-2006-5699
+ RESERVED
+CVE-2006-5698
+ RESERVED
+CVE-2006-5697
+ RESERVED
+CVE-2006-5696
+ RESERVED
+CVE-2006-5695
+ RESERVED
+CVE-2006-5694
+ RESERVED
+CVE-2006-5693
+ RESERVED
+CVE-2006-5692
+ RESERVED
+CVE-2006-5691
+ RESERVED
+CVE-2006-5690
+ RESERVED
+CVE-2006-5689
+ RESERVED
+CVE-2006-5688
+ RESERVED
+CVE-2006-5687
+ RESERVED
+CVE-2006-5686
+ RESERVED
+CVE-2006-5685
+ RESERVED
+CVE-2006-5684
+ RESERVED
+CVE-2006-5683
+ RESERVED
+CVE-2006-5682
+ RESERVED
+CVE-2006-5681
+ RESERVED
+CVE-2006-5680
+ RESERVED
+CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...)
+ TODO: check
+CVE-2006-5678 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and ...)
+ TODO: check
+CVE-2006-5676 (SQL injection vulnerability in consult/classement.php in Uni-Vert ...)
+ TODO: check
+CVE-2006-5675 (Multiple unspecified vulnerabilities in Pentaho Business Intelligence ...)
+ TODO: check
+CVE-2006-5674 (Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and ...)
+ TODO: check
+CVE-2006-5673 (PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB ...)
+ TODO: check
+CVE-2006-5672 (PHP remote file inclusion vulnerability in web/init_mysource.php in ...)
+ TODO: check
+CVE-2006-5671 (PHP remote file inclusion vulnerability in contact.php in Free Image ...)
+ TODO: check
+CVE-2006-5670 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...)
+ TODO: check
+CVE-2006-5669 (PHP remote file inclusion vulnerability in gestion/savebackup.php in ...)
+ TODO: check
+CVE-2006-5668 (Unspecified vulnerability in Ampache 3.3.2 and earlier, when ...)
+ TODO: check
+CVE-2006-5667 (Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and ...)
+ TODO: check
+CVE-2006-5666 (SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 ...)
+ TODO: check
+CVE-2006-5665 (PHP remote file inclusion vulnerability in admin/modules_data.php in ...)
+ TODO: check
+CVE-2006-5664 (The installation script in IBM Informix Dynamic Server 10.00, Informix ...)
+ TODO: check
+CVE-2006-5663 (IBM Informix Dynamic Server 10.00, Informix Client Software ...)
+ TODO: check
+CVE-2006-5662 (SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows ...)
+ TODO: check
+CVE-2006-5661 (Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech ...)
+ TODO: check
+CVE-2006-5660 (Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 ...)
+ TODO: check
+CVE-2006-5659 (PAM_extern before 0.2 sends a password as a command line argument, ...)
+ TODO: check
+CVE-2006-5658 (BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to ...)
+ TODO: check
+CVE-2006-5657 (Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 ...)
+ TODO: check
+CVE-2006-5656 (Memory leak in the push_align function in src/util.c in Vilistextum ...)
+ TODO: check
+CVE-2006-5655 (SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows ...)
+ TODO: check
+CVE-2006-5654 (Unspecified vulnerability in the Network Security Services (NSS) in ...)
+ TODO: check
+CVE-2006-5653 (Cross-site scripting (XSS) vulnerability in the errorHTML function in ...)
+ TODO: check
+CVE-2006-5652 (Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging ...)
+ TODO: check
+CVE-2006-5651
+ RESERVED
+CVE-2006-5650
+ RESERVED
CVE-2006-XXXX [phpmyadmin XSS (PMASA-2006-6)]
- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -71,7 +325,7 @@
TODO: check
CVE-2006-5617 (Directory traversal vulnerability in index.php in Thepeak File Upload ...)
TODO: check
-CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as use in SUSE Linux ...)
+CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux ...)
TODO: check
CVE-2006-5615 (PHP remote file inclusion vulnerability in publish.php in Textpattern ...)
TODO: check
@@ -195,7 +449,7 @@
TODO: check
CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 ...)
NOT-FOR-US: Cisco Security Agent
-CVE-2006-5552 (Heap-based buffer overflow in RevilloC MailServer 1.21 and earlier ...)
+CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and ...)
TODO: check
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...)
TODO: check
@@ -353,7 +607,7 @@
NOT-FOR-US: Castor
CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...)
NOT-FOR-US: Novell eDirectory
-CVE-2006-5478 (Stack-based buffer overflow in the BuildRedirectURL function in the ...)
+CVE-2006-5478 (Multiple stack-based buffer overflows in Novell eDirectory 8.8.x ...)
NOT-FOR-US: Novell eDirectory
CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form ...)
- drupal <unfixed> (low)
@@ -377,13 +631,11 @@
- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...)
TODO: check
-CVE-2006-5466 [rpm heap overflow in changelog parsing]
- RESERVED
+CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm ...)
- rpm 4.4.1-11 (low)
NOTE: This needs further investigation, most probably a non-issue, pinged maintainer
NOTE: [sarge] - rpm <no-dsa> (You need to trust the RPMs you're installing)
-CVE-2006-5465 [php htmlentities() and htmlspecialchars() buffer overflow]
- RESERVED
+CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...)
- php4 4:4.4.4-4 (high; bug #396764)
- php5 5.1.6-6 (high; bug #396766)
CVE-2006-5464
@@ -530,8 +782,8 @@
NOT-FOR-US: PHPRecipeBook
CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...)
NOT-FOR-US: Simplog
-CVE-2006-5397
- RESERVED
+CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 ...)
+ TODO: check
CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...)
NOT-FOR-US: Sun Solaris
CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)
@@ -1775,17 +2027,13 @@
- qt4-x11 4.2.1-1 (bug #394192)
CVE-2006-4810
RESERVED
-CVE-2006-4809 [imlib2 vulnerability]
- RESERVED
+CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, ...)
- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
-CVE-2006-4808 [imlib2 vulnerability]
- RESERVED
+CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and ...)
- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
-CVE-2006-4807 [imlib2 vulnerability]
- RESERVED
+CVE-2006-4807 (loader_tga.c in imlib2 before 1.2.1, and possibly other versions, ...)
- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
-CVE-2006-4806 [imlib2 vulnerability]
- RESERVED
+CVE-2006-4806 (Multiple integer overflows in imlib2 allow user-assisted remote ...)
- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4805 (epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in ...)
{DSA-1201-1}
@@ -2294,8 +2542,8 @@
CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining characters ...)
{DSA-1202-1}
- screen 4.0.3-0.1 (bug #395225; medium)
-CVE-2006-4572
- RESERVED
+CVE-2006-4572 (Multiple unspecified vulnerabilities in netfilter for IPv6 code in ...)
+ TODO: check
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...)
{DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-64
@@ -2447,8 +2695,8 @@
CVE-2006-XXXX [hostapd dos]
- hostapd 1:0.5.4-1
[sarge] - hostapd <not-affected> (Vulnerable code not present)
-CVE-2006-4521
- RESERVED
+CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS ...)
+ TODO: check
CVE-2006-4520
RESERVED
CVE-2006-4519
@@ -3015,7 +3263,7 @@
NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...)
NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo
-CVE-2006-4269 (PHP remote file inclusion vulnerability in admin.x-shop.php in the ...)
+CVE-2006-4269 (** DISPUTED ** ...)
NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla!
CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...)
NOT-FOR-US: CubeCart
@@ -3489,7 +3737,7 @@
NOT-FOR-US: SAPID Blog
CVE-2006-4062 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: SAPID Shop
-CVE-2006-4061 (PHP remote file inclusion vulnerability in index.php in Thomas Pequet ...)
+CVE-2006-4061 (** DISPUTED ** ...)
NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual ...)
NOT-FOR-US: Visual Events Calendar
@@ -24226,7 +24474,7 @@
NOT-FOR-US: Novell portmapper
CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...)
NOT-FOR-US: Symantec Norton Internet Security
-CVE-2003-1148 (PHP remote file inclusion vulnerability in (1) config.inc.php and (2) ...)
+CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS ...)
NOT-FOR-US: Les Visiteurs
CVE-2003-1147
REJECTED
More information about the Secure-testing-commits
mailing list