[Secure-testing-commits] r4887 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Oct 26 21:14:33 UTC 2006
Author: joeyh
Date: 2006-10-26 21:14:31 +0000 (Thu, 26 Oct 2006)
New Revision: 4887
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-10-26 17:03:46 UTC (rev 4886)
+++ data/CVE/list 2006-10-26 21:14:31 UTC (rev 4887)
@@ -1,3 +1,107 @@
+CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen ...)
+ TODO: check
+CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...)
+ TODO: check
+CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH ...)
+ TODO: check
+CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book ...)
+ TODO: check
+CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab ...)
+ TODO: check
+CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent ...)
+ TODO: check
+CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 ...)
+ TODO: check
+CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote ...)
+ TODO: check
+CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...)
+ TODO: check
+CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...)
+ TODO: check
+CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX ...)
+ TODO: check
+CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control ...)
+ TODO: check
+CVE-2006-5500 (Multiple SQL injection vulnerabilities in the checkUser function in ...)
+ TODO: check
+CVE-2006-5499 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity ...)
+ TODO: check
+CVE-2006-5498 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2006-5497 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5496 (Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason ...)
+ TODO: check
+CVE-2006-5495 (Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS ...)
+ TODO: check
+CVE-2006-5494 (Multiple PHP remote file inclusion vulnerabilities in ...)
+ TODO: check
+CVE-2006-5493 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5492 (Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 ...)
+ TODO: check
+CVE-2006-5491 (Multiple SQL injection vulnerabilities in include/index.php in ...)
+ TODO: check
+CVE-2006-5490 (Multiple SQL injection vulnerabilities in Segue Content Management ...)
+ TODO: check
+CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before ...)
+ TODO: check
+CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly ...)
+ TODO: check
+CVE-2006-5487
+ RESERVED
+CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...)
+ TODO: check
+CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg ...)
+ TODO: check
+CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...)
+ TODO: check
+CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
+ TODO: check
+CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
+ TODO: check
+CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 ...)
+ TODO: check
+CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in Castor 1.1.1 ...)
+ TODO: check
+CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...)
+ TODO: check
+CVE-2006-5478 (Stack-based buffer overflow in the BuildRedirectURL function in the ...)
+ TODO: check
+CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form ...)
+ TODO: check
+CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...)
+ TODO: check
+CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...)
+ TODO: check
+CVE-2006-5474 (The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 ...)
+ TODO: check
+CVE-2006-5473 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer ...)
+ TODO: check
+CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php ...)
+ TODO: check
+CVE-2006-5470
+ RESERVED
+CVE-2006-5469
+ RESERVED
+CVE-2006-5468
+ RESERVED
+CVE-2006-5467
+ RESERVED
+CVE-2006-5466
+ RESERVED
+CVE-2006-5465
+ RESERVED
+CVE-2006-5464
+ RESERVED
+CVE-2006-5463
+ RESERVED
+CVE-2006-5462
+ RESERVED
+CVE-2006-5461
+ RESERVED
CVE-2006-XXXX [diffmon information leakage]
- diffmon 20020222-2.2 (bug #382132)
CVE-2006-XXXX [postgres DoSs]
@@ -167,8 +271,8 @@
TODO: check
CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and ...)
TODO: check
-CVE-2006-5382
- RESERVED
+CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and ...)
+ TODO: check
CVE-2003-1307 (** DISPUTED ** ...)
TODO: check
CVE-2006-XXXX [unspecified steam cache vulnerability]
@@ -1366,7 +1470,7 @@
CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...)
- php4 <not-affected>
- php5 <unfixed> (bug #391586)
-CVE-2006-4811 (Integer overflow in Qt, as used in the KDE khtml library, kdelibs ...)
+CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 ...)
- qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313)
- qt4-x11 4.2.1-1 (bug #394192)
CVE-2006-4810
@@ -1882,8 +1986,7 @@
RESERVED
CVE-2006-4574
RESERVED
-CVE-2006-4573 [GNU Screen UTF-8 Character Handling Vulnerabilities]
- RESERVED
+CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining characters ...)
- screen <unfixed> (bug #395225; medium)
CVE-2006-4572
RESERVED
@@ -2060,10 +2163,10 @@
RESERVED
CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...)
NOT-FOR-US: Novell GroupWise
-CVE-2006-4510
- RESERVED
-CVE-2006-4509
- RESERVED
+CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP service in ...)
+ TODO: check
+CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest function in ...)
+ TODO: check
CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and ...)
- tor 0.1.1.23-1
CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...)
@@ -2583,7 +2686,7 @@
NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla!
CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...)
NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo
-CVE-2006-4280 (PHP remote file inclusion vulnerability in anjel.index.php in ANJEL ...)
+CVE-2006-4280 (** DISPUTED ** ...)
NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo
CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...)
NOT-FOR-US: XennoBB
@@ -2831,8 +2934,8 @@
CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and ...)
- kfreebsd-5 <unfixed> (bug #391289; low)
[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
-CVE-2006-4177
- RESERVED
+CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory ...)
+ TODO: check
CVE-2006-4176
RESERVED
CVE-2006-4175
@@ -4494,8 +4597,8 @@
NOT-FOR-US: Symantec
CVE-2006-3456
RESERVED
-CVE-2006-3455
- RESERVED
+CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate ...)
+ TODO: check
CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...)
NOT-FOR-US: Symantec
CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...)
@@ -27589,7 +27692,7 @@
- moodle 1.4.3-1
CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...)
- moodle 1.4.3-1
-CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in (1) calendar.php ...)
+CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor ...)
NOT-FOR-US: PHP-Calendar
CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...)
NOT-FOR-US: WHM AutoPilot
More information about the Secure-testing-commits
mailing list