[Secure-testing-commits] r4871 - data/CVE
Joey Hess
joeyh at costa.debian.org
Mon Oct 23 21:14:27 UTC 2006
Author: joeyh
Date: 2006-10-23 21:14:25 +0000 (Mon, 23 Oct 2006)
New Revision: 4871
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-23 20:00:27 UTC (rev 4870)
+++ data/CVE/list 2006-10-23 21:14:25 UTC (rev 4871)
@@ -1,3 +1,163 @@
+CVE-2006-5460 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
+ TODO: check
+CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
+ TODO: check
+CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ...)
+ TODO: check
+CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...)
+ TODO: check
+CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...)
+ TODO: check
+CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...)
+ TODO: check
+CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...)
+ TODO: check
+CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...)
+ TODO: check
+CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...)
+ TODO: check
+CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote ...)
+ TODO: check
+CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights ...)
+ TODO: check
+CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web ...)
+ TODO: check
+CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino ...)
+ TODO: check
+CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...)
+ TODO: check
+CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel ...)
+ TODO: check
+CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...)
+ TODO: check
+CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...)
+ TODO: check
+CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...)
+ TODO: check
+CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
+ TODO: check
+CVE-2006-5439 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
+ TODO: check
+CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
+ TODO: check
+CVE-2006-5437 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e ...)
+ TODO: check
+CVE-2006-5435 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 ...)
+ TODO: check
+CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...)
+ TODO: check
+CVE-2006-5432 (Multiple direct static code injection vulnerabilities in ...)
+ TODO: check
+CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in ...)
+ TODO: check
+CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
+ TODO: check
+CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...)
+ TODO: check
+CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's ...)
+ TODO: check
+CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...)
+ TODO: check
+CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal ...)
+ TODO: check
+CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote ...)
+ TODO: check
+CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial ...)
+ TODO: check
+CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in ...)
+ TODO: check
+CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel ...)
+ TODO: check
+CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute ...)
+ TODO: check
+CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...)
+ TODO: check
+CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php ...)
+ TODO: check
+CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple ...)
+ TODO: check
+CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 ...)
+ TODO: check
+CVE-2006-5415 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to ...)
+ TODO: check
+CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 ...)
+ TODO: check
+CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when ...)
+ TODO: check
+CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web ...)
+ TODO: check
+CVE-2006-5410 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management ...)
+ TODO: check
+CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ...)
+ TODO: check
+CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket ...)
+ TODO: check
+CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure ...)
+ TODO: check
+CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver ...)
+ TODO: check
+CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec ...)
+ TODO: check
+CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec ...)
+ TODO: check
+CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...)
+ TODO: check
+CVE-2006-5401 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in ...)
+ TODO: check
+CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...)
+ TODO: check
+CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...)
+ TODO: check
+CVE-2006-5397
+ RESERVED
+CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...)
+ TODO: check
+CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)
+ TODO: check
+CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an ...)
+ TODO: check
+CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ...)
+ TODO: check
+CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock ...)
+ TODO: check
+CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2006-5390 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and ...)
+ TODO: check
+CVE-2006-5387 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm ...)
+ TODO: check
+CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...)
+ TODO: check
+CVE-2006-5384 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and ...)
+ TODO: check
+CVE-2006-5382
+ RESERVED
+CVE-2003-1307 (** DISPUTED ** ...)
+ TODO: check
VE-2006-XXXX [unspecified steam cache vulnerability]
- steam 2.2.31-1
[sarge] - steam <not-affected> (Sarge version doesn't implement caching)
@@ -304,6 +464,7 @@
CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in FreeForum ...)
TODO: check
CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote ...)
+ {DSA-1196-1 DSA-1196-1}
- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and ...)
NOTE: This issues depends on the stack of selected authentication modules, while
@@ -499,9 +660,9 @@
NOT-FOR-US: OlateDownload
CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)]
- libgsf 1.14.2-1
-CVE-2006-5143 (Stack-based buffer overflow in the Backup Agent RPC Server ...)
+CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 ...)
NOT-FOR-US: Backup Agent RPC Server
-CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserver Backup R11.5 ...)
+CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 ...)
NOT-FOR-US: CA BrightStor ARCserver Backup
CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. ...)
NOT-FOR-US: Open Geo Targeting (aka geotarget)
@@ -836,6 +997,7 @@
CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to bypass ...)
NOT-FOR-US: Symantec
CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6 before ...)
+ {DSA-1197-1}
- python2.5 2.5-1 (bug #391589)
- python2.4 2.4.3-9 (bug #391589)
- python2.3 2.3.5-16 (bug #393053)
@@ -955,8 +1117,8 @@
RESERVED
CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device ...)
NOT-FOR-US: Symantec AntiVirus
-CVE-2006-4926
- RESERVED
+CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and ...)
+ TODO: check
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...)
NOT-FOR-US: SISCO OSI stack for Windows
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
@@ -1194,8 +1356,7 @@
CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...)
- php4 <not-affected>
- php5 <unfixed> (bug #391586)
-CVE-2006-4811 [qt pixmap overflow]
- RESERVED
+CVE-2006-4811 (Integer overflow in Qt, as used in the KDE khtml library, kdelibs ...)
- qt-x11-free 3:3.3.7-1 (bug #394192: bug #394313)
- qt4-x11 <unfixed> (bug #394192)
CVE-2006-4810
@@ -2647,6 +2808,7 @@
CVE-2006-4183
RESERVED
CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions ...)
+ {DSA-1196-1 DSA-1196-1}
- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-4181
RESERVED
@@ -19066,8 +19228,8 @@
- kernel-source-2.4.27 2.4.27-11 (medium)
CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
NOT-FOR-US: Greasemonkey
-CVE-2005-2454
- RESERVED
+CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses insecure ...)
+ TODO: check
CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
NOT-FOR-US: NetworkActiv Web Server
CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...)
@@ -20667,7 +20829,7 @@
NOT-FOR-US: Real Estate Management Software
CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
- mediawiki 1.4.9 (bug #276057)
-CVE-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a ...)
+CVE-2004-2151 (Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a ...)
NOT-FOR-US: Chatman
CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...)
NOT-FOR-US: INTELLIPEER Email Server
@@ -26804,7 +26966,7 @@
NOT-FOR-US: Microsoft SQL Server
CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...)
- wordpress 1.2.2-1.1
-CVE-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through 0.6 ...)
+CVE-2004-1558 (Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 ...)
NOT-FOR-US: YahooPOPS
CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...)
NOT-FOR-US: MyWebServer
More information about the Secure-testing-commits
mailing list