[Secure-testing-commits] r4776 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Sep 28 09:14:37 UTC 2006
Author: joeyh
Date: 2006-09-28 09:14:33 +0000 (Thu, 28 Sep 2006)
New Revision: 4776
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-09-28 05:57:07 UTC (rev 4775)
+++ data/CVE/list 2006-09-28 09:14:33 UTC (rev 4776)
@@ -1,3 +1,143 @@
+CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...)
+ TODO: check
+CVE-2006-5070 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in the Indexed Search 2.9.0 ...)
+ TODO: check
+CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in ...)
+ TODO: check
+CVE-2006-5067 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport ...)
+ TODO: check
+CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ...)
+ TODO: check
+CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 ...)
+ TODO: check
+CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote ...)
+ TODO: check
+CVE-2006-5062 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in ...)
+ TODO: check
+CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom ...)
+ TODO: check
+CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads ...)
+ TODO: check
+CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty ...)
+ TODO: check
+CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net ...)
+ TODO: check
+CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial ...)
+ TODO: check
+CVE-2006-5055 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 ...)
+ TODO: check
+CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php in ...)
+ TODO: check
+CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
+ TODO: check
+CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...)
+ TODO: check
+CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox ...)
+ TODO: check
+CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component ...)
+ TODO: check
+CVE-2006-5048 (Unspecified vulnerability in Security Images (com_securityimages) ...)
+ TODO: check
+CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 ...)
+ TODO: check
+CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and ...)
+ TODO: check
+CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and ...)
+ TODO: check
+CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component ...)
+ TODO: check
+CVE-2006-5043 (Unspecified vulnerability in JoomlaBoard (com_joomlaboard) 1.1.1 and ...)
+ TODO: check
+CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...)
+ TODO: check
+CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly ...)
+ TODO: check
+CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has ...)
+ TODO: check
+CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events) for ...)
+ TODO: check
+CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, ...)
+ TODO: check
+CVE-2006-5037 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5036 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith ...)
+ TODO: check
+CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer Services vCAP ...)
+ TODO: check
+CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith ...)
+ TODO: check
+CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire ...)
+ TODO: check
+CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in ...)
+ TODO: check
+CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 ...)
+ TODO: check
+CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board ...)
+ TODO: check
+CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php in ...)
+ TODO: check
+CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers ...)
+ TODO: check
+CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
+ TODO: check
+CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
+ TODO: check
+CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
+ TODO: check
+CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier ...)
+ TODO: check
+CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php in ...)
+ TODO: check
+CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG ...)
+ TODO: check
+CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 ...)
+ TODO: check
+CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext in an ...)
+ TODO: check
+CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava Gyula and ...)
+ TODO: check
+CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in Szava ...)
+ TODO: check
+CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows ...)
+ TODO: check
+CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows ...)
+ TODO: check
+CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 ...)
+ TODO: check
+CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 ...)
+ TODO: check
+CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and ...)
+ TODO: check
+CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows ...)
+ TODO: check
+CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows ...)
+ TODO: check
+CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows ...)
+ TODO: check
+CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 ...)
+ TODO: check
+CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local ...)
+ TODO: check
+CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and ...)
+ TODO: check
+CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and ...)
+ TODO: check
+CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and ...)
+ TODO: check
+CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 ...)
+ TODO: check
CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 ...)
NOT-FOR-US: WS_FTP
CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and ...)
@@ -156,8 +296,7 @@
TODO: check
CVE-2006-4925
RESERVED
-CVE-2006-4924 [openssh DoS]
- RESERVED
+CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...)
- openssh <unfixed> (low)
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...)
NOT-FOR-US: eSyndiCat Portal System
@@ -499,7 +638,7 @@
NOT-FOR-US: SharpReader
CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...)
NOT-FOR-US: RSSOwl
-CVE-2006-4759 (** DISPUTED ** ...)
+CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory pathname ...)
NOT-FOR-US: PunBB
CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...)
- phpbb2 <unfixed> (bug #388120)
@@ -635,8 +774,8 @@
RESERVED
CVE-2006-4695
RESERVED
-CVE-2006-4694
- RESERVED
+CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
+ TODO: check
CVE-2006-4693
RESERVED
CVE-2006-4692
@@ -783,7 +922,7 @@
CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...)
TODO: check
CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent ...)
- {DSA-1782-1}
+ {DSA-1182-1}
NOTE: GNUTLS-SA-2006-4
- gnutls13 1.4.4-1 (high)
- gnutls12 <unfixed> (high)
@@ -1246,7 +1385,7 @@
CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 ...)
- tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
- {DSA-1776-1 DSA-1775-1}
+ {DSA-1176-1 DSA-1175-1}
- isakmpd 20041012-4 (bug #385894; medium)
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
NOT-FOR-US: OpenBSD
@@ -1453,7 +1592,7 @@
[sarge] - mozilla-firefox <unfixed> (high)
[sarge] - mozilla-thunderbird <unfixed> (high)
CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...)
- {DSA-1774-1 DSA-1773-1}
+ {DSA-1174-1 DSA-1173-1}
- openssl 0.9.8b-3 (medium)
- openssl097 0.9.7i-2 (medium)
- openssl096 <removed>
@@ -1676,7 +1815,7 @@
RESERVED
- linux-2.6 2.6.17-9
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...)
- {DSA-1777-1}
+ {DSA-1177-1}
NOT-FOR-US: JIM component for Joomla or Mambo
CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...)
NOT-FOR-US: Reporter Mambo component (com_reporter)
@@ -1993,11 +2132,11 @@
CVE-2006-4097
RESERVED
CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to ...)
- {DSA-1772-1}
+ {DSA-1172-1}
- bind <not-affected> (Not vulnerable according to CERT advisory)
- bind9 1:9.3.2-P1-1 (medium; bug #386245)
CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...)
- {DSA-1772-1}
+ {DSA-1172-1}
- bind <not-affected> (Not vulnerable according to CERT advisory)
- bind9 1:9.3.2-P1-1 (medium; bug #386245)
CVE-2006-4094
@@ -2011,7 +2150,7 @@
CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 ...)
NOT-FOR-US: Webligo BlogHoster
CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and ...)
- {DSA-1779-1}
+ {DSA-1179-1}
- alsaplayer 0.99.76-9 (medium; bug #382842)
CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace ...)
NOT-FOR-US: CivicSpace
@@ -2206,10 +2345,10 @@
CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
NOT-FOR-US: Knusperleicht Faq
CVE-2006-4006 (The do_gameinfo function in BomberClone 0.11.6 and earlier, and ...)
- {DSA-1780-1}
+ {DSA-1180-1}
- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause a ...)
- {DSA-1780-1}
+ {DSA-1180-1}
- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2 ...)
NOT-FOR-US: vbPortal
@@ -2881,7 +3020,7 @@
CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted ...)
- firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
-CVE-2006-3730 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
+CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 ...)
NOT-FOR-US: MSIE
CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...)
NOT-FOR-US: MSIE
@@ -3442,7 +3581,7 @@
CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote ...)
- linux-2.6 2.6.17-6
CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...)
- {DSA-1778-1}
+ {DSA-1178-1}
- freetype 2.2.1-5 (bug #379920; medium)
- libxfont 1:1.2.0-2 (medium; bug #383353)
[sarge] - xfree86 <unfixed> (medium)
More information about the Secure-testing-commits
mailing list