[Secure-testing-commits] r4672 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Mon Sep 4 21:00:57 UTC 2006
Author: stef-guest
Date: 2006-09-04 21:00:56 +0000 (Mon, 04 Sep 2006)
New Revision: 4672
Modified:
data/CVE/list
Log:
"automatic" update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-03 20:26:19 UTC (rev 4671)
+++ data/CVE/list 2006-09-04 21:00:56 UTC (rev 4672)
@@ -1,3 +1,179 @@
+CVE-2006-4521
+ RESERVED
+CVE-2006-4520
+ RESERVED
+CVE-2006-4519
+ RESERVED
+CVE-2006-4518
+ RESERVED
+CVE-2006-4517
+ RESERVED
+CVE-2006-4516
+ RESERVED
+CVE-2006-4515
+ RESERVED
+CVE-2006-4514
+ RESERVED
+CVE-2006-4513
+ RESERVED
+CVE-2006-4512
+ RESERVED
+CVE-2006-4511
+ RESERVED
+CVE-2006-4510
+ RESERVED
+CVE-2006-4509
+ RESERVED
+CVE-2006-4508 (Unspecified vulnerability in Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x ...)
+ TODO: check
+CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...)
+ TODO: check
+CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...)
+ TODO: check
+CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...)
+ TODO: check
+CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to ...)
+ TODO: check
+CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows ...)
+ TODO: check
+CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...)
+ TODO: check
+CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 ...)
+ TODO: check
+CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...)
+ TODO: check
+CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for ...)
+ TODO: check
+CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in ...)
+ TODO: check
+CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows ...)
+ TODO: check
+CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar ...)
+ TODO: check
+CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ...)
+ TODO: check
+CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows ...)
+ TODO: check
+CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before ...)
+ TODO: check
+CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before ...)
+ TODO: check
+CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill ...)
+ TODO: check
+CVE-2006-4488 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web ...)
+ TODO: check
+CVE-2006-4486 (Unspecified vulnerability in PHP before 5.1.6, when running on a ...)
+ TODO: check
+CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...)
+ TODO: check
+CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
+ TODO: check
+CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
+ TODO: check
+CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...)
+ TODO: check
+CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...)
+ TODO: check
+CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...)
+ TODO: check
+CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...)
+ TODO: check
+CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ...)
+ TODO: check
+CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...)
+ TODO: check
+CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
+ TODO: check
+CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...)
+ TODO: check
+CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
+ TODO: check
+CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...)
+ TODO: check
+CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...)
+ TODO: check
+CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...)
+ TODO: check
+CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...)
+ TODO: check
+CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...)
+ TODO: check
+CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
+ TODO: check
+CVE-2006-4467 (Interpretation conflict in Simple Machines Forum (SMF) 1.1RCx before ...)
+ TODO: check
+CVE-2006-4466 (Interpretation conflict in Joomla! before 1.0.11 does not properly ...)
+ TODO: check
+CVE-2006-4465 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...)
+ TODO: check
+CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in ...)
+ TODO: check
+CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...)
+ TODO: check
+CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...)
+ TODO: check
+CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
+ TODO: check
+CVE-2006-4459
+ RESERVED
+CVE-2006-4458 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...)
+ TODO: check
+CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard ...)
+ TODO: check
+CVE-2006-4455 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...)
+ TODO: check
+CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 ...)
+ TODO: check
+CVE-2006-4452 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows ...)
+ TODO: check
+CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, ...)
+ TODO: check
+CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in ...)
+ TODO: check
+CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...)
+ TODO: check
+CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...)
+ TODO: check
+CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...)
+ TODO: check
+CVE-2006-4445 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for ...)
+ TODO: check
+CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...)
+ TODO: check
+CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
+ TODO: check
+CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System ...)
+ TODO: check
+CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System ...)
+ TODO: check
+CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure ...)
+ TODO: check
+CVE-2006-4438
+ RESERVED
+CVE-2006-4437
+ RESERVED
+CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...)
+ TODO: check
+CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...)
+ TODO: check
+CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2006-XXXX [tikiwiki security issue in jhot.php]
- tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
@@ -5,6 +181,7 @@
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
NOT-FOR-US: OpenBSD
CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...)
+ {DSA-1164}
- sendmail 8.13.8-1 (bug #385054; medium)
CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...)
- php4 4:4.4.4-1 (low)
@@ -278,8 +455,8 @@
NOT-FOR-US: Solaris
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...)
NOT-FOR-US: Solaris
-CVE-2006-4305
- RESERVED
+CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote ...)
+ TODO: check
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1 and ...)
NOT-FOR-US: FreeBSD NetBSD
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
@@ -407,8 +584,8 @@
RESERVED
CVE-2006-4245
RESERVED
-CVE-2006-4244
- RESERVED
+CVE-2006-4244 (Unspecified vulnerability in unspecified versions of SQL-Ledger allow ...)
+ TODO: check
CVE-2006-4243
RESERVED
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...)
@@ -505,6 +682,7 @@
CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in ...)
NOT-FOR-US: Wheatblog
CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or ...)
+ {DSA-1162}
- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
- libmusicbrainz-2.0 <removed> (medium; bug #383031)
CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS ...)
@@ -514,7 +692,7 @@
CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) ...)
- binutils 2.17-1 (low)
[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
-CVE-2005-4807 (Stack-based buffer overflow in messages.c in the GNU as (gas) ...)
+CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c in ...)
- binutils 2.17-1 (low)
[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access ...)
@@ -626,8 +804,7 @@
RESERVED
CVE-2006-4147
RESERVED
-CVE-2006-4146 [GDB "DWARF" Buffer Overflow Vulnerabilities]
- RESERVED
+CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and DWARF2 ...)
- gdb <unfixed>
CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel ...)
- linux-2.6 2.6.17-7
@@ -638,7 +815,7 @@
NOT-FOR-US: Virtual War (VWar)
CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 ...)
NOT-FOR-US: Virtual War (VWar)
-CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor 5.3.2.609 ...)
+CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor before ...)
NOT-FOR-US: IPCheck Server Monitor
CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...)
NOT-FOR-US: Solaris
@@ -1342,6 +1519,7 @@
{DSA-1128}
- heartbeat 1.2.4-13 (bug #379904)
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
+ {DSA-1166}
- cheesetracker 0.9.9-6 (bug #380364; low)
CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4 ...)
NOT-FOR-US: Perl in Red Hat Enterprise Linux 4
@@ -1355,6 +1533,7 @@
- thunderbird <unfixed> (unimportant)
[sarge] - mozilla-thunderbird <not-affected> (unimportant)
CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
+ {DSA-1161}
NOTE: MFSA-2006-55
- mozilla <unfixed> (high)
- xulrunner 1.8.0.5-1 (high)
@@ -1371,7 +1550,7 @@
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <not-affected>
CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
- {DSA-1160 DSA-1159}
+ {DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-53
- mozilla <unfixed> (medium)
- xulrunner 1.8.0.5-1 (medium)
@@ -1380,7 +1559,7 @@
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <removed> (medium)
CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
- {DSA-1160 DSA-1159}
+ {DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-52
- mozilla <unfixed> (medium)
- xulrunner 1.8.0.5-1 (medium)
@@ -1388,7 +1567,7 @@
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
- thunderbird 1.5.0.5-1
CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
- {DSA-1160 DSA-1159}
+ {DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-51
- mozilla <unfixed> (high)
- xulrunner 1.8.0.5-1 (high)
@@ -1397,7 +1576,7 @@
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <removed> (medium)
CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...)
- {DSA-1160 DSA-1159}
+ {DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-50
- mozilla <unfixed> (high)
- xulrunner 1.8.0.5-1 (high)
@@ -1406,7 +1585,7 @@
- thunderbird 1.5.0.5-1 (medium)
- mozilla-thunderbird <removed> (medium)
CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...)
- {DSA-1160 DSA-1159}
+ {DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-50
- mozilla <unfixed> (high)
- xulrunner 1.8.0.5-1 (high)
@@ -2884,9 +3063,10 @@
- mozilla <not-affected> (SunSolve claims it is only in 3.11; latest released is 3.10)
CVE-2006-3126 [unspecivied vulnerability in capi4hylafax in mgetty mode]
RESERVED
+ {DSA-1165}
- capi4hylafax 1:01.03.00.99.svn.300-3
-CVE-2006-3125 [getrinet index underflows]
- RESERVED
+CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows ...)
+ {DSA-1163}
- getrinet 0.7.10-1
CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...)
{DSA-1158}
@@ -3139,7 +3319,7 @@
NOT-FOR-US: phpBannerExchange
CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...)
NOT-FOR-US: phpBannerExchange
-CVE-2006-3011 (The error_log function in basic_functions.c in PHP 5.1.4 and 4.4.2 ...)
+CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and ...)
- php4 4:4.4.4-1 (low)
- php5 5.1.6-1 (low)
[sarge] - php4 <no-dsa> (Safe mode not supported)
@@ -7987,7 +8167,7 @@
NOT-FOR-US: UkiBoard
CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...)
NOT-FOR-US: DCI-Design Dawaween
-CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and 5.x, ...)
+CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x ...)
NOT-FOR-US: c-client
CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet ...)
NOT-FOR-US: Windows
@@ -13632,7 +13812,7 @@
NOT-FOR-US: Invision Gallery
CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and ...)
NOT-FOR-US: OpenVMS
-CVE-2005-3475 (Hasbani Web Server allows remote attackers to cause a denial of ...)
+CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a ...)
NOT-FOR-US: Hasbani Web Server
CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...)
NOT-FOR-US: XCP DRM
More information about the Secure-testing-commits
mailing list