thr3ads.net - Secure testing commits - [Secure-testing-commits] r5105

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Dec-11 09:14 UTC
[Secure-testing-commits] r5105 - data/CVE

Author: joeyh
Date: 2006-12-11 09:14:15 +0100 (Mon, 11 Dec 2006)
New Revision: 5105

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-12-10 22:26:18 UTC (rev 5104)
+++ data/CVE/list	2006-12-11 08:14:15 UTC (rev 5105)
@@ -1,4 +1,178 @@
-CVE-2006-6385 [intel NIC driver privilege escalation]
+CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in
DUware ...)
+	TODO: check
+CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier
allows ...)
+	TODO: check
+CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php
in ...)
+	TODO: check
+CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the
MyArticles ...)
+	TODO: check
+CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft
Plesk ...)
+	TODO: check
+CVE-2006-6450 (Multiple SQL injection vulnerabilities in
dagent/downloadreport.asp in ...)
+	TODO: check
+CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under
the ...)
+	TODO: check
+CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and
...)
+	TODO: check
+CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum
Lite ...)
+	TODO: check
+CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional
5.0.4, ...)
+	TODO: check
+CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution
1.1.0 and ...)
+	TODO: check
+CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0,
and ...)
+	TODO: check
+CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS)
Print ...)
+	TODO: check
+CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the
...)
+	TODO: check
+CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x
before ...)
+	TODO: check
+CVE-2006-6440 (Multple unspecified vulnerabilities in Xerox WorkCentre and
WorkCentre ...)
+	TODO: check
+CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x
before ...)
+	TODO: check
+CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x
before ...)
+	TODO: check
+CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before
12.050.03.000, ...)
+	TODO: check
+CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network
controller in ...)
+	TODO: check
+CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro
before ...)
+	TODO: check
+CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox
...)
+	TODO: check
+CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x
before ...)
+	TODO: check
+CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in
Xerox ...)
+	TODO: check
+CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro
...)
+	TODO: check
+CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before ...)
+	TODO: check
+CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x
before ...)
+	TODO: check
+CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x
before ...)
+	TODO: check
+CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro
before ...)
+	TODO: check
+CVE-2006-6426 (PHP remote file inclusion vulnerability in
design/thinkedit/render.php ...)
+	TODO: check
+CVE-2006-6425
+	RESERVED
+CVE-2006-6424
+	RESERVED
+CVE-2006-6423
+	RESERVED
+CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly
handle ...)
+	TODO: check
+CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message
box ...)
+	TODO: check
+CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php
in the ...)
+	TODO: check
+CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content
...)
+	TODO: check
+CVE-2006-6418 (Unspecified vulnerability in the POSIX Threads library
(libpthread) on ...)
+	TODO: check
+CVE-2006-6417 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague
- ...)
+	TODO: check
+CVE-2006-6415 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol
storye ...)
+	TODO: check
+CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11
and ...)
+	TODO: check
+CVE-2006-6412
+	RESERVED
+CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A
allows ...)
+	TODO: check
+CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows
local ...)
+	TODO: check
+CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote
...)
+	TODO: check
+CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote
...)
+	TODO: check
+CVE-2006-6406 (ClamAV 0.88.6 allows remote attackers to bypass virus detection
by ...)
+	TODO: check
+CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers
to ...)
+	TODO: check
+CVE-2006-6404
+	RESERVED
+CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and
...)
+	TODO: check
+CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in
mystats.php in ...)
+	TODO: check
+CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako
viewer ...)
+	TODO: check
+CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher
1.0 ...)
+	TODO: check
+CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios
...)
+	TODO: check
+CVE-2006-6397 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and
...)
+	TODO: check
+CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine
before ...)
+	TODO: check
+CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas
...)
+	TODO: check
+CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin
Publicera ...)
+	TODO: check
+CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio
(aka ...)
+	TODO: check
+CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution
...)
+	TODO: check
+CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution
...)
+	TODO: check
+CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p
Mobile ...)
+	TODO: check
+CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php
in ...)
+	TODO: check
+CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content
Management ...)
+	TODO: check
+CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS
management/tracker ...)
+	TODO: check
+CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before
...)
+	TODO: check
+CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and
...)
+	TODO: check
+CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0
RC3 ...)
+	TODO: check
+CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate
HelpDesk ...)
+	TODO: check
+CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in
Ultimate ...)
+	TODO: check
+CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in
multiple ...)
+	TODO: check
+CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with
...)
+	TODO: check
+CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web
root ...)
+	TODO: check
+CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple
File ...)
+	TODO: check
+CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in
Simple ...)
+	TODO: check
+CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2
allow ...)
+	TODO: check
+CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive
...)
+	TODO: check
+CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in
pbguestbook.php ...)
+	TODO: check
+CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in
JAB ...)
+	TODO: check
+CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in
...)
+	TODO: check
+CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in
Invision ...)
+	TODO: check
+CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute
uses a ...)
+	TODO: check
+CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and
...)
 	- linux-2.6 <not-affected> (Affects only Windows despite other claims)
 CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in
awrate 1.0 ...)
 	TODO: check
@@ -68,13 +242,12 @@
 	RESERVED
 CVE-2006-6335
 	RESERVED
-CVE-2006-6334
-	RESERVED
+CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in
wfica.ocx in ...)
+	TODO: check
 CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns
the ...)
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after
2.6.18)
-CVE-2006-6332 [madwifi code injection]
-	RESERVED
+CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in
...)
 	- madwifi 1:0.9.2+r1842.20061207-1 (high)
 	[etch] - madwifi <no-dsa> (Non-free not supported)
 CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when
$cfg[&quot;enable_file_priority&quot;] is ...)
@@ -141,7 +314,7 @@
 	TODO: check
 CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus
Okul ...)
 	TODO: check
-CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in
kdegraphics3, ...)
+CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in
kdegraphics 3, ...)
 	TODO: check
 CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler
(spoolsv.exe) ...)
 	TODO: check
@@ -278,7 +451,7 @@
 	NOT-FOR-US: Woltlab Burning Board Lite
 CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows
remote ...)
 	TODO: check
-CVE-2006-6235 (A &quot;stack overwrite&quot; vulnerability in GnuPG
(gpg) before 1.2.1 allows ...)
+CVE-2006-6235 (A &quot;stack overwrite&quot; vulnerability in GnuPG
(gpg) 1.x before 1.4.6, 2.x ...)
 	{DSA-1231-1}
 	- gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914)
 	- gnupg2 2.0.0-5.2 (high; bug #401895; bug #401913)
@@ -308,8 +481,8 @@
 	NOT-FOR-US: Google Search Appliance
 CVE-2006-6222
 	RESERVED
-CVE-2006-6221
-	RESERVED
+CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows
remote ...)
+	TODO: check
 CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website
(Recipes ...)
 	NOT-FOR-US: Recipes Complete Website
 CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
@@ -336,7 +509,7 @@
 	NOT-FOR-US: MidiCart ASP Shopping Cart
 CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb
eClassifieds ...)
 	NOT-FOR-US: Enthreallweb eClassifieds
-CVE-2006-6207 (SQL injection vulnerability in products.asp in Evolve shopping
cart ...)
+CVE-2006-6207 (** DISPUTED ** ...)
 	NOT-FOR-US: Evolve Merchant
 CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General
Shopping ...)
 	NOT-FOR-US: WarHound General Shopping Cart
@@ -1057,8 +1230,7 @@
 	RESERVED
 CVE-2006-5875
 	RESERVED
-CVE-2006-5874 [clamav mime64 DoS]
-	RESERVED
+CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers
to ...)
 	{DSA-1232-1}
 	- clamav 0.86-1
 CVE-2006-5873 [l2tpns Heartbeat Packets Buffer Overflow Vulnerability]
@@ -1131,7 +1303,7 @@
 	NOT-FOR-US: Unicore
 CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in
dodosmail.php in ...)
 	NOT-FOR-US: DodosMail
-CVE-2006-5840 (Multiple SQL injection vulnerabilities in Abarcar Realty Portal
allow ...)
+CVE-2006-5840 (** DISPUTED ** ...)
 	NOT-FOR-US: Abarcar Realty Portal
 CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in
PHPAdventure ...)
 	NOT-FOR-US: PHPAdventure
@@ -1282,7 +1454,7 @@
 	NOT-FOR-US: FreeWebshop
 CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0
and 2.0 ...)
 	NOT-FOR-US: Arkoon SSL360
-CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in Mobile
allow ...)
+CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p
Mobile ...)
 	NOT-FOR-US: Mobile
 CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in
admin.tool CMS ...)
 	NOT-FOR-US: admin.tool CMS
@@ -1549,7 +1721,7 @@
 	NOT-FOR-US: Sophos
 CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint
Security ...)
 	NOT-FOR-US: Sophos
-CVE-2006-5645 (Unspecified vulnerability in Sophos Anti-Virus and Endpoint
Security ...)
+CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus
for ...)
 	NOT-FOR-US: Sophos
 CVE-2006-5644
 	RESERVED
@@ -4568,7 +4740,7 @@
 	NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo
 CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game
and NES ...)
 	NOT-FOR-US: NES Game and NES System
-CVE-2006-4286 (PHP remote file inclusion vulnerability in contentpublisher.php
in the ...)
+CVE-2006-4286 (** DISPUTED ** ...)
 	NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo
 CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic
News ...)
 	NOT-FOR-US: Fantastic News
@@ -4656,8 +4828,7 @@
 CVE-2006-4250 [buffer overflow in man-db]
 	RESERVED
 	- man-db 2.4.3-5
-CVE-2006-4249 [plone group creation privilege escalation]
-	RESERVED
+CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1,
when ...)
 	- zope-cmfplone <unfixed> (bug #401796)
 	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
 CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions,
allows ...)
@@ -19279,7 +19450,7 @@
 	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
 CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal
2.3.1 ...)
 	NOT-FOR-US: jportal
-CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA
allows ...)
+CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA,
as ...)
 	NOT-FOR-US: 7-Zip
 CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive
information ...)
 	NOT-FOR-US: PhpMyFaq
@@ -23392,7 +23563,7 @@
 	- tor 0.0.9.10-1 (medium)
 CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2
allow ...)
 	NOT-FOR-US: Duware
-CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1
allow ...)
+CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1,
and ...)
 	NOT-FOR-US: Duware
 CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro
3.0 ...)
 	NOT-FOR-US: Duware
Secure testing commits - Dec 2006 - r5105 - data/CVE

[Secure-testing-commits] r5105 - data/CVE
