[Secure-testing-commits] r4972 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Sat Nov 18 09:14:22 CET 2006
Author: joeyh
Date: 2006-11-18 09:14:20 +0100 (Sat, 18 Nov 2006)
New Revision: 4972
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-11-16 18:13:25 UTC (rev 4971)
+++ data/CVE/list 2006-11-18 08:14:20 UTC (rev 4972)
@@ -1,3 +1,181 @@
+CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless ...)
+ TODO: check
+CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in Verity ...)
+ TODO: check
+CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm ...)
+ TODO: check
+CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ...)
+ TODO: check
+CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions before ...)
+ TODO: check
+CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows ...)
+ TODO: check
+CVE-2006-5965
+ RESERVED
+CVE-2006-5964
+ RESERVED
+CVE-2006-5963
+ RESERVED
+CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow ...)
+ TODO: check
+CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...)
+ TODO: check
+CVE-2006-5960 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-5959 (SQL injection vulnerability in browse.asp in A+ Store E-Commerce ...)
+ TODO: check
+CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART ...)
+ TODO: check
+CVE-2006-5957 (Multiple SQL injection vulnerabilities in INFINICART allow remote ...)
+ TODO: check
+CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) ...)
+ TODO: check
+CVE-2006-5955 (SQL injection vulnerability in listings.asp in 20/20 DataShed (aka ...)
+ TODO: check
+CVE-2006-5954 (SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier ...)
+ TODO: check
+CVE-2006-5953 (SQL injection vulnerability in viewcart.asp in Evolve shopping cart ...)
+ TODO: check
+CVE-2006-5952 (SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 ...)
+ TODO: check
+CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 ...)
+ TODO: check
+CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and ...)
+ TODO: check
+CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta ...)
+ TODO: check
+CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php in ...)
+ TODO: check
+CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP Server ...)
+ TODO: check
+CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP ...)
+ TODO: check
+CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager ...)
+ TODO: check
+CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)
+ TODO: check
+CVE-2006-5943 (Multiple SQL injection vulnerabilities in inventory/display/imager.asp ...)
+ TODO: check
+CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2006-5941
+ RESERVED
+CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...)
+ TODO: check
+CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...)
+ TODO: check
+CVE-2006-5938 (Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote ...)
+ TODO: check
+CVE-2006-5937 (Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 ...)
+ TODO: check
+CVE-2006-5936 (SQL injection vulnerability in dept.asp in SiteXpress E-Commerce ...)
+ TODO: check
+CVE-2006-5935 (SQL injection vulnerability in index.php in ShopSystems 4.0 and ...)
+ TODO: check
+CVE-2006-5934 (SQL injection vulnerability in admin/default.asp in Estate Agent ...)
+ TODO: check
+CVE-2006-5933 (SQL injection vulnerability in update.asp in UltraSite 1.0 allows ...)
+ TODO: check
+CVE-2006-5932 (Kahua before 0.7, when running multiple applications under a single ...)
+ TODO: check
+CVE-2006-5931 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...)
+ TODO: check
+CVE-2006-5930 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...)
+ TODO: check
+CVE-2006-5929 (PHP remote file inclusion vulnerability in firepjs.php in ...)
+ TODO: check
+CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler ...)
+ TODO: check
+CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal ...)
+ TODO: check
+CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru before ...)
+ TODO: check
+CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed ...)
+ TODO: check
+CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP ...)
+ TODO: check
+CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac ...)
+ TODO: check
+CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php ...)
+ TODO: check
+CVE-2006-5920 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5919 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid ...)
+ TODO: check
+CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article Manager ...)
+ TODO: check
+CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to bypass ...)
+ TODO: check
+CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in ...)
+ TODO: check
+CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows ...)
+ TODO: check
+CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1) cause a ...)
+ TODO: check
+CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has ...)
+ TODO: check
+CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware ...)
+ TODO: check
+CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware ...)
+ TODO: check
+CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And Research ...)
+ TODO: check
+CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user function in ...)
+ TODO: check
+CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php in ...)
+ TODO: check
+CVE-2006-5906 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the database ...)
+ TODO: check
+CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 ...)
+ TODO: check
+CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to ...)
+ TODO: check
+CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to perform ...)
+ TODO: check
+CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP ...)
+ TODO: check
+CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the ...)
+ TODO: check
+CVE-2006-5899 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 ...)
+ TODO: check
+CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...)
+ TODO: check
+CVE-2006-5896
+ RESERVED
+CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in EncapsCMS ...)
+ TODO: check
+CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68 and ...)
+ TODO: check
+CVE-2006-5893 (Multiple PHP remote file inclusion vulnerabilities in iWonder Designs ...)
+ TODO: check
+CVE-2006-5892 (SQL injection vulnerability in MoreInfo.asp in The Net Guys ...)
+ TODO: check
+CVE-2006-5891 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...)
+ TODO: check
+CVE-2006-5890 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...)
+ TODO: check
+CVE-2006-5889 (SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 ...)
+ TODO: check
+CVE-2006-5888 (SQL injection vulnerability in viewarticle.asp in Superfreaker Studios ...)
+ TODO: check
+CVE-2006-5887 (SQL injection vulnerability in CampusNewsDetails.asp in Dynamic ...)
+ TODO: check
+CVE-2006-5886 (SQL injection vulnerability in propertysdetails.asp in Dynamic ...)
+ TODO: check
+CVE-2006-5885 (SQL injection vulnerability in Products.asp in NuStore 1.0 allows ...)
+ TODO: check
+CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x ...)
+ TODO: check
CVE-2006-XXXX [chetcpasswd multiple vulnerabilities]
- chetcpasswd <unfixed> (bug #394454)
NOTE: I've filed a removal bug, this doesn't have a security perspective
@@ -131,8 +309,8 @@
TODO: check
CVE-2006-5820
RESERVED
-CVE-2006-5819
- RESERVED
+CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server ...)
+ TODO: check
CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...)
- gv 1:3.6.2-2 (medium; bug #398292)
CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before ...)
@@ -188,8 +366,8 @@
CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in ...)
- openssh <unfixed> (unimportant)
NOTE: Not a direct vulnerability
-CVE-2006-5793
- RESERVED
+CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in ...)
+ TODO: check
CVE-2006-XXXX [obexpushd arbitrary command execution]
- obexpushd 0.4+svn10-1 (bug #397297; medium)
CVE-2006-XXXX [motion insecure tempfile creation]
@@ -2558,7 +2736,7 @@
NOT-FOR-US: Microsoft Word
CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager ...)
NOT-FOR-US: Microsoft Word
-CVE-2006-4691 (Buffer overflow in the Workstation service in Microsoft Windows 2000 ...)
+CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function in ...)
NOT-FOR-US: Microsoft
CVE-2006-4690
RESERVED
@@ -2821,7 +2999,7 @@
CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining characters ...)
{DSA-1202-1}
- screen 4.0.3-0.1 (bug #395225; medium)
-CVE-2006-4572 (Multiple unspecified vulnerabilities in netfilter for IPv6 code in ...)
+CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows ...)
TODO: check
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...)
{DSA-1210 DSA-1192-1 DSA-1191-1}
@@ -3221,8 +3399,8 @@
RESERVED
CVE-2006-4414
RESERVED
-CVE-2006-4413
- RESERVED
+CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for certain ...)
+ TODO: check
CVE-2006-4412
RESERVED
CVE-2006-4411
@@ -23735,7 +23913,7 @@
NOT-FOR-US: phpbb attachment mod
CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
NOT-FOR-US: Photopost
-CVE-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...)
+CVE-2005-1628 (apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows ...)
NOT-FOR-US: WebAPP
CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...)
- viewglob 2.0.1-1
More information about the Secure-testing-commits
mailing list