[Secure-testing-commits] r4857 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue Oct 17 21:14:36 UTC 2006
Author: joeyh
Date: 2006-10-17 21:14:35 +0000 (Tue, 17 Oct 2006)
New Revision: 4857
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-17 20:47:45 UTC (rev 4856)
+++ data/CVE/list 2006-10-17 21:14:35 UTC (rev 4857)
@@ -1,4 +1,196 @@
-CVE-2006-5295 [clamav buffer overflow]
+CVE-2006-5326 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5325 (Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz ...)
+ TODO: check
+CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM ...)
+ TODO: check
+CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
+ TODO: check
+CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow ...)
+ TODO: check
+CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before ...)
+ TODO: check
+CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans ...)
+ TODO: check
+CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows ...)
+ TODO: check
+CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine ...)
+ TODO: check
+CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows ...)
+ TODO: check
+CVE-2006-5316 (registroTL stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL ...)
+ TODO: check
+CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre ...)
+ TODO: check
+CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated ...)
+ TODO: check
+CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax ...)
+ TODO: check
+CVE-2006-5311 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5310 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5309 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference ...)
+ TODO: check
+CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK ...)
+ TODO: check
+CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals ...)
+ TODO: check
+CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr ...)
+ TODO: check
+CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS ...)
+ TODO: check
+CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to ...)
+ TODO: check
+CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...)
+ TODO: check
+CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in ...)
+ TODO: check
+CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 ...)
+ TODO: check
+CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...)
+ TODO: check
+CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...)
+ TODO: check
+CVE-2006-5296 (Buffer overflow in Microsoft Office 2003 PowerPoint allows ...)
+ TODO: check
+CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
+ TODO: check
+CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+ TODO: check
+CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in ...)
+ TODO: check
+CVE-2006-5291 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of ...)
+ TODO: check
+CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 ...)
+ TODO: check
+CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a ...)
+ TODO: check
+CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 ...)
+ TODO: check
+CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 ...)
+ TODO: check
+CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...)
+ TODO: check
+CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen ...)
+ TODO: check
+CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 ...)
+ TODO: check
+CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and ...)
+ TODO: check
+CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n at board ...)
+ TODO: check
+CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...)
+ TODO: check
+CVE-2006-5279
+ RESERVED
+CVE-2006-5278
+ RESERVED
+CVE-2006-5277
+ RESERVED
+CVE-2006-5276
+ RESERVED
+CVE-2006-5275
+ RESERVED
+CVE-2006-5274
+ RESERVED
+CVE-2006-5273
+ RESERVED
+CVE-2006-5272
+ RESERVED
+CVE-2006-5271
+ RESERVED
+CVE-2006-5270
+ RESERVED
+CVE-2006-5269
+ RESERVED
+CVE-2006-5268
+ RESERVED
+CVE-2006-5267
+ RESERVED
+CVE-2006-5266
+ RESERVED
+CVE-2006-5265
+ RESERVED
+CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper ...)
+ TODO: check
+CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in ...)
+ TODO: check
+CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and ...)
+ TODO: check
+CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 ...)
+ TODO: check
+CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2 ...)
+ TODO: check
+CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in ...)
+ TODO: check
+CVE-2006-5258 (Unspecified vulnerability in the spell checking component of Asbru Web ...)
+ TODO: check
+CVE-2006-5257 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5256 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5255 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5254 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in Dayana ...)
+ TODO: check
+CVE-2006-5252 (PHP remote file inclusion vulnerability in includes/core.lib.php in ...)
+ TODO: check
+CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a ...)
+ TODO: check
+CVE-2006-5250 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in ...)
+ TODO: check
+CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow ...)
+ TODO: check
+CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other critical ...)
+ TODO: check
+CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and gain ...)
+ TODO: check
+CVE-2006-5244 (Multilple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
+ TODO: check
+CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
+ TODO: check
+CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management System (CMS) ...)
+ TODO: check
+CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
+ TODO: check
+CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php in ...)
+ TODO: check
+CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 ...)
+ TODO: check
+CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue Smiley ...)
+ TODO: check
+CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before 4.46 ...)
+ TODO: check
+CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x allows ...)
+ TODO: check
+CVE-2006-5235 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...)
+ TODO: check
+CVE-2006-5234 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version ...)
+ TODO: check
+CVE-2006-5232 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, ...)
+ TODO: check
+CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in FreeForum ...)
+ TODO: check
+CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote ...)
- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and ...)
TODO: check
@@ -43,8 +235,8 @@
NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...)
NOT-FOR-US: Trend Micro OfficeScan
-CVE-2006-5210
- RESERVED
+CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1 ...)
+ TODO: check
CVE-2006-5209 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Admin Topic Action Logging Mod for phpBB
CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow ...)
@@ -272,7 +464,7 @@
NOT-FOR-US: SyntaxCMS
CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x ...)
NOT-FOR-US: vBulletin
-CVE-2006-5103 (PHP remote file inclusion vulnerability in index2.php in bbsNew 2.0.1 ...)
+CVE-2006-5103 (PHP remote file inclusion vulnerability in admin/index2.php in bbsNew ...)
NOT-FOR-US: bbsNew
CVE-2006-5102 (PHP remote file inclusion vulnerability in include/editfunc.inc.php in ...)
NOT-FOR-US: Newswriter SW
@@ -821,12 +1013,12 @@
NOT-FOR-US: Claroline
CVE-2006-4843
RESERVED
-CVE-2006-4842
- RESERVED
+CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...)
+ TODO: check
CVE-2006-4841
RESERVED
CVE-2006-4840
- RESERVED
+ REJECTED
CVE-2006-4839
RESERVED
CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE ...)
@@ -879,8 +1071,8 @@
RESERVED
CVE-2006-4814
RESERVED
-CVE-2006-4813
- RESERVED
+CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel ...)
+ TODO: check
CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...)
- php4 <not-affected>
- php5 <unfixed>
@@ -1137,7 +1329,7 @@
NOT-FOR-US: Microsoft
CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for ...)
NOT-FOR-US: Microsoft Word
-CVE-2006-4692 (The Windows Object Packager in Microsoft Windows XP SP1 and SP2 and ...)
+CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager ...)
NOT-FOR-US: Microsoft Word
CVE-2006-4691
RESERVED
@@ -1563,8 +1755,8 @@
RESERVED
CVE-2006-4517
RESERVED
-CVE-2006-4516
- RESERVED
+CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...)
+ TODO: check
CVE-2006-4515
RESERVED
CVE-2006-4514
@@ -1950,8 +2142,8 @@
- openssl 0.9.8c-2 (bug #389940)
- openssl097 0.9.7k-2
- openssl096 <removed>
-CVE-2006-4342
- RESERVED
+CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, ...)
+ TODO: check
CVE-2006-4341
REJECTED
CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
@@ -2333,8 +2525,7 @@
NOT-FOR-US: SmartLine DeviceLock
CVE-2006-4183
RESERVED
-CVE-2006-4182 [clamav buffer overflow]
- RESERVED
+CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions ...)
- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-4181
RESERVED
@@ -2392,8 +2583,8 @@
NOT-FOR-US: pearlabs mafia moblog
CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka threaded ...)
NOT-FOR-US: Invision Power Board (IPB)
-CVE-2006-4154
- RESERVED
+CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x ...)
+ TODO: check
CVE-2006-4153
RESERVED
CVE-2006-4152
@@ -2863,7 +3054,7 @@
NOT-FOR-US: Microsoft
CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet ...)
NOT-FOR-US: Microsoft
-CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows 2000 SP4, Server 2003 ...)
+CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and ...)
NOT-FOR-US: Microsoft
CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 ...)
NOT-FOR-US: N1 Grid Engine
@@ -3022,7 +3213,7 @@
REJECTED
CVE-2006-3865
RESERVED
-CVE-2006-3864 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
+CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and ...)
NOT-FOR-US: Microsoft
CVE-2006-3863
RESERVED
@@ -3580,13 +3771,13 @@
NOT-FOR-US: Microsoft Internet Security and Acceleration Server
CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...)
NOT-FOR-US: Microsoft
-CVE-2006-3650 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
+CVE-2006-3650 (Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not ...)
NOT-FOR-US: Microsoft
CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK ...)
NOT-FOR-US: Microsoft
CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and ...)
NOT-FOR-US: Microsoft
-CVE-2006-3647 (Unspecified vulnerability in Microsoft Word 2000, 2002, Office 2003, ...)
+CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and ...)
NOT-FOR-US: Microsoft
CVE-2006-3646
RESERVED
@@ -4046,7 +4237,7 @@
RESERVED
CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework ...)
NOT-FOR-US: Microsoft
-CVE-2006-3435 (Unspecified vulnerability in PowerPoint in Microsoft Office 2003 ...)
+CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X ...)
NOT-FOR-US: Microsoft
CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
NOT-FOR-US: Microsoft
@@ -23263,7 +23454,7 @@
NOT-FOR-US: Advanced Poll
CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll ...)
NOT-FOR-US: Advanced Poll
-CVE-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to execute ...)
+CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 ...)
NOT-FOR-US: Advanced Poll
CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...)
NOT-FOR-US: MERCUR Mailserver
More information about the Secure-testing-commits
mailing list