[Secure-testing-commits] r4747 - data/CVE
Joey Hess
joeyh at costa.debian.org
Wed Sep 20 09:14:24 UTC 2006
Author: joeyh
Date: 2006-09-20 09:14:23 +0000 (Wed, 20 Sep 2006)
New Revision: 4747
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-19 21:07:35 UTC (rev 4746)
+++ data/CVE/list 2006-09-20 09:14:23 UTC (rev 4747)
@@ -1,3 +1,114 @@
+CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in ...)
+ TODO: check
+CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web ...)
+ TODO: check
+CVE-2006-4896 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1+, and ...)
+ TODO: check
+CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in ...)
+ TODO: check
+CVE-2006-4893 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ ...)
+ TODO: check
+CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams ...)
+ TODO: check
+CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and ...)
+ TODO: check
+CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn ...)
+ TODO: check
+CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop ...)
+ TODO: check
+CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan Enterprise ...)
+ TODO: check
+CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and ...)
+ TODO: check
+CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...)
+ TODO: check
+CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...)
+ TODO: check
+CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts Charon ...)
+ TODO: check
+CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David Bennett ...)
+ TODO: check
+CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett PHP-Post ...)
+ TODO: check
+CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett ...)
+ TODO: check
+CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 ...)
+ TODO: check
+CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow remote ...)
+ TODO: check
+CVE-2006-4875 (Unrestricted file upload vulnerability in ...)
+ TODO: check
+CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS ...)
+ TODO: check
+CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan ...)
+ TODO: check
+CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan ...)
+ TODO: check
+CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, ...)
+ TODO: check
+CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php in ...)
+ TODO: check
+CVE-2006-4868 (Stack-based buffer overflow in Microsoft Internet Explorer 6.0 on ...)
+ TODO: check
+CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and earlier ...)
+ TODO: check
+CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in ...)
+ TODO: check
+CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All Enthusiast ...)
+ TODO: check
+CVE-2006-4863 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows remote ...)
+ TODO: check
+CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi ...)
+ TODO: check
+CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) ...)
+ TODO: check
+CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in the ...)
+ TODO: check
+CVE-2006-4858 (PHP remote file inclusion vulnerability in install.serverstat.php in ...)
+ TODO: check
+CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page) in ...)
+ TODO: check
+CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller ...)
+ TODO: check
+CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...)
+ TODO: check
+CVE-2006-4854
+ REJECTED
+ TODO: check
+CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02 through ...)
+ TODO: check
+CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 ...)
+ TODO: check
+CVE-2006-4851 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4850 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...)
+ TODO: check
+CVE-2006-4848 (Multiple PHP remote file inclusion vulnerabilities in Brian Fraval ...)
+ TODO: check
+CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix ...)
+ TODO: check
+CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced ...)
+ TODO: check
+CVE-2006-4845 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
CVE-2006-4843
RESERVED
CVE-2006-4842
@@ -328,8 +439,8 @@
RESERVED
CVE-2006-4685
RESERVED
-CVE-2006-4684
- RESERVED
+CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 ...)
+ TODO: check
CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive ...)
TODO: check
CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...)
@@ -680,8 +791,8 @@
NOT-FOR-US: OpenVMS
CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss ...)
NOT-FOR-US: CMS Frogss
-CVE-2006-4535
- RESERVED
+CVE-2006-4535 (The Linux kernel 2.6.10 through 2.6.15 allows local users to cause a ...)
+ TODO: check
CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...)
NOT-FOR-US: Microsoft
CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 ...)
@@ -1127,16 +1238,16 @@
- openssl 0.9.8b-3 (medium)
- openssl097 0.9.7i-2 (medium)
- openssl096 <removed>
-CVE-2006-4338
- RESERVED
-CVE-2006-4337
- RESERVED
-CVE-2006-4336
- RESERVED
-CVE-2006-4335
- RESERVED
-CVE-2006-4334
- RESERVED
+CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent ...)
+ TODO: check
+CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in ...)
+ TODO: check
+CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows ...)
+ TODO: check
+CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH ...)
+ TODO: check
+CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...)
+ TODO: check
CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows ...)
{DSA-1171}
- wireshark 0.99.2-5.1 (low; bug #384529)
@@ -1333,8 +1444,8 @@
RESERVED
CVE-2006-4247
RESERVED
-CVE-2006-4246
- RESERVED
+CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read ...)
+ TODO: check
CVE-2006-4245
RESERVED
CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...)
@@ -2164,7 +2275,7 @@
CVE-2006-3867
RESERVED
CVE-2006-3866
- RESERVED
+ REJECTED
CVE-2006-3865
RESERVED
CVE-2006-3864
@@ -6002,8 +6113,8 @@
CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff ...)
{DSA-1091-1}
- tiff 3.8.2-4 (bug #371064; medium)
-CVE-2006-2191
- RESERVED
+CVE-2006-2191 (** DISPUTED ** ...)
+ TODO: check
CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in ...)
NOT-FOR-US: OpenWebMail
CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 ...)
@@ -26255,7 +26366,7 @@
NOT-FOR-US: ASP Calendar
CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...)
NOT-FOR-US: Attachment Mod for phpBB
-CVE-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac OS X ...)
+CVE-2004-1398 (Format string vulnerability in prelink.c in kextload in Apple OS X, as ...)
NOT-FOR-US: MacOSX
CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...)
- usemod-wiki 1.0-6
More information about the Secure-testing-commits
mailing list