thr3ads.net - Secure testing commits - [Secure-testing-commits] r4930

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Nov-07 21:14 UTC
[Secure-testing-commits] r4930 - data/CVE

Author: joeyh
Date: 2006-11-07 21:14:37 +0100 (Tue, 07 Nov 2006)
New Revision: 4930

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-07 19:42:05 UTC (rev 4929)
+++ data/CVE/list	2006-11-07 20:14:37 UTC (rev 4930)
@@ -1,3 +1,257 @@
+CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-5776 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5775 (Cross-site scripting (XSS) vulnerability in profile.php in
FunkBoard ...)
+	TODO: check
+CVE-2006-5774 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System
before ...)
+	TODO: check
+CVE-2006-5773 (Directory traversal vulnerability in index.php in FreeWebshop
2.2.1 ...)
+	TODO: check
+CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in
FreeWebshop ...)
+	TODO: check
+CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0
and 2.0 ...)
+	TODO: check
+CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in Mobile
allow ...)
+	TODO: check
+CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in
admin.tool CMS ...)
+	TODO: check
+CVE-2006-5768 (Multiple PHP remote file inclusion vulnerabilities in Cyberfolio
2.0 ...)
+	TODO: check
+CVE-2006-5767 (PHP remote file inclusion vulnerability in includes/xhtml.php in
Drake ...)
+	TODO: check
+CVE-2006-5766 (PHP remote file inclusion vulnerability in volume.php in Article
...)
+	TODO: check
+CVE-2006-5765 (SQL injection vulnerability in rss.php in Article Script 1.6.3
and ...)
+	TODO: check
+CVE-2006-5764 (PHP remote file inclusion vulnerability in contact.php in Free
File ...)
+	TODO: check
+CVE-2006-5763 (Multiple PHP remote file inclusion vulnerabilities in Free File
...)
+	TODO: check
+CVE-2006-5762 (PHP remote file inclusion vulnerability in forgot_pass.php in
Free ...)
+	TODO: check
+CVE-2006-5761 (Cross-site scripting (XSS) vulnerability in index.php in Rhadrix
...)
+	TODO: check
+CVE-2006-5760 (Multiple PHP remote file inclusion vulnerabilities in
phpDynaSite ...)
+	TODO: check
+CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows
remote ...)
+	TODO: check
+CVE-2006-5758 (Microsoft Windows 2000 through 2000 SP4 and Windows XP through
SP2 ...)
+	TODO: check
+CVE-2006-5757 (Race condition in the __find_get_block_slow function in the
ISO9660 ...)
+	TODO: check
+CVE-2006-5756
+	RESERVED
+CVE-2006-5755
+	RESERVED
+CVE-2006-5754
+	RESERVED
+CVE-2006-5753
+	RESERVED
+CVE-2006-5752
+	RESERVED
+CVE-2006-5751
+	RESERVED
+CVE-2006-5750
+	RESERVED
+CVE-2006-5749
+	RESERVED
+CVE-2006-5748
+	RESERVED
+CVE-2006-5747
+	RESERVED
+CVE-2006-5746 (The console in AirMagnet Enterprise does not properly validate
the ...)
+	TODO: check
+CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the
...)
+	TODO: check
+CVE-2006-5744 (Multiple SQL injection vulnerabilities in Highwall Enterprise
and ...)
+	TODO: check
+CVE-2006-5743 (Multiple cross-site scripting (XSS) vulnerabilities in Highwall
...)
+	TODO: check
+CVE-2006-5742 (The AirMagnet Enterprise console and Remote Sensor console
(Laptop) in ...)
+	TODO: check
+CVE-2006-5741 (Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet
...)
+	TODO: check
+CVE-2006-5739 (PHP remote file inclusion vulnerability in cpadmin/cpa_index.php
in ...)
+	TODO: check
+CVE-2006-5738 (Multiple SQL injection vulnerabilities in PunBB before 1.2.14
allow ...)
+	TODO: check
+CVE-2006-5737 (PunBB uses a predictable cookie_seed value that can be derived
from ...)
+	TODO: check
+CVE-2006-5736 (SQL injection vulnerability in search.php in PunBB before
1.2.14, when ...)
+	TODO: check
+CVE-2006-5735 (Directory traversal vulnerability in include/common.php in PunBB
...)
+	TODO: check
+CVE-2006-5734 (Multiple PHP remote file inclusion vulnerabilities in ATutor
1.5.3.2 ...)
+	TODO: check
+CVE-2006-5733 (Directory traversal vulnerability in error.php in PostNuke 0.763
and ...)
+	TODO: check
+CVE-2006-5732 (SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7
and ...)
+	TODO: check
+CVE-2006-5731 (Directory traversal vulnerability in classes/index.php in
Lithium CMS ...)
+	TODO: check
+CVE-2006-5730 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5729 (Yazd Discussion Forum before 3.0 beta does not properly manage
forum ...)
+	TODO: check
+CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote ...)
+	TODO: check
+CVE-2006-5727 (PHP remote file inclusion vulnerability in
admin/controls/cart.php in ...)
+	TODO: check
+CVE-2006-5726 (alloccgblk in the UFS filesystem in Solaris 10 allows local
users to ...)
+	TODO: check
+CVE-2006-5725 (The SSL server in AEP Smartgate 4.3b allows remote attackers to
...)
+	TODO: check
+CVE-2006-5724 (Heap-based buffer overflow the &quot;Answering
Service&quot; function in ICQ ...)
+	TODO: check
+CVE-2006-5723 (SQL injection vulnerability in DataparkSearch Engine 4.42 and
earlier ...)
+	TODO: check
+CVE-2006-5722 (Multiple PHP remote file inclusion vulnerabilities in Segue CMS
1.5.9 ...)
+	TODO: check
+CVE-2006-5721 (The \Device\SandBox driver in Outpost Firewall PRO 4.0
(964.582.059) ...)
+	TODO: check
+CVE-2006-5720 (SQL injection vulnerability in modules/journal/search.php in the
...)
+	TODO: check
+CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in
BytesFall ...)
+	TODO: check
+CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in
phpMyAdmin ...)
+	TODO: check
+CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend
Google ...)
+	TODO: check
+CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews
2.1 ...)
+	TODO: check
+CVE-2006-5715 (Easy File Sharing (EFS) Easy Address Book 1.2, when run on an
NTFS ...)
+	TODO: check
+CVE-2006-5714 (Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS
file ...)
+	TODO: check
+CVE-2006-5713 (Cross-site scripting (XSS) vulnerability in Easy File Sharing
(EFS) ...)
+	TODO: check
+CVE-2006-5712 (Cross-site scripting (XSS) vulnerability in Mirapoint WebMail
allows ...)
+	TODO: check
+CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows
remote ...)
+	TODO: check
+CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in
Darwin ...)
+	TODO: check
+CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies
MDaemon ...)
+	TODO: check
+CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient
in ...)
+	TODO: check
+CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro
1.4.1 and ...)
+	TODO: check
+CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow
local ...)
+	TODO: check
+CVE-2006-5705 (Directory traversal vulnerability in plugins/wp-db-backup.php in
...)
+	TODO: check
+CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security
T6533G06 ...)
+	TODO: check
+CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in
tiki-featured_link.php in ...)
+	TODO: check
+CVE-2006-5702 (Tikiwiki 1.9.5 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel
...)
+	TODO: check
+CVE-2006-5700
+	RESERVED
+CVE-2006-5699
+	RESERVED
+CVE-2006-5698
+	RESERVED
+CVE-2006-5697
+	RESERVED
+CVE-2006-5696
+	RESERVED
+CVE-2006-5695
+	RESERVED
+CVE-2006-5694
+	RESERVED
+CVE-2006-5693
+	RESERVED
+CVE-2006-5692
+	RESERVED
+CVE-2006-5691
+	RESERVED
+CVE-2006-5690
+	RESERVED
+CVE-2006-5689
+	RESERVED
+CVE-2006-5688
+	RESERVED
+CVE-2006-5687
+	RESERVED
+CVE-2006-5686
+	RESERVED
+CVE-2006-5685
+	RESERVED
+CVE-2006-5684
+	RESERVED
+CVE-2006-5683
+	RESERVED
+CVE-2006-5682
+	RESERVED
+CVE-2006-5681
+	RESERVED
+CVE-2006-5680
+	RESERVED
+CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1
allows ...)
+	TODO: check
+CVE-2006-5678 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager
2.0.0p8 and ...)
+	TODO: check
+CVE-2006-5676 (SQL injection vulnerability in consult/classement.php in
Uni-Vert ...)
+	TODO: check
+CVE-2006-5675 (Multiple unspecified vulnerabilities in Pentaho Business
Intelligence ...)
+	TODO: check
+CVE-2006-5674 (Multiple PHP remote file inclusion vulnerabilities in miniBB
2.0.2 and ...)
+	TODO: check
+CVE-2006-5673 (PHP remote file inclusion vulnerability in bb_func_txt.php in
miniBB ...)
+	TODO: check
+CVE-2006-5672 (PHP remote file inclusion vulnerability in web/init_mysource.php
in ...)
+	TODO: check
+CVE-2006-5671 (PHP remote file inclusion vulnerability in contact.php in Free
Image ...)
+	TODO: check
+CVE-2006-5670 (PHP remote file inclusion vulnerability in forgot_pass.php in
Free ...)
+	TODO: check
+CVE-2006-5669 (PHP remote file inclusion vulnerability in
gestion/savebackup.php in ...)
+	TODO: check
+CVE-2006-5668 (Unspecified vulnerability in Ampache 3.3.2 and earlier, when
...)
+	TODO: check
+CVE-2006-5667 (Multiple PHP remote file inclusion vulnerabilities in P-Book
1.17 and ...)
+	TODO: check
+CVE-2006-5666 (SQL injection vulnerability in includes/menu.inc.php in E-Annu
1.0 ...)
+	TODO: check
+CVE-2006-5665 (PHP remote file inclusion vulnerability in
admin/modules_data.php in ...)
+	TODO: check
+CVE-2006-5664 (The installation script in IBM Informix Dynamic Server 10.00,
Informix ...)
+	TODO: check
+CVE-2006-5663 (IBM Informix Dynamic Server 10.00, Informix Client Software ...)
+	TODO: check
+CVE-2006-5662 (SQL injection vulnerability in easy notesManager (eNM) 0.0.1
allows ...)
+	TODO: check
+CVE-2006-5661 (Cross-site scripting (XSS) vulnerability in nquser.php in
VIRtech ...)
+	TODO: check
+CVE-2006-5660 (Cisco Security Agent Management Center (CSAMC) 5.1 before
5.1.0.79 ...)
+	TODO: check
+CVE-2006-5659 (PAM_extern before 0.2 sends a password as a command line
argument, ...)
+	TODO: check
+CVE-2006-5658 (BlooMooWeb ActiveX control (AidemATL.dll) allows remote
attackers to ...)
+	TODO: check
+CVE-2006-5657 (Multiple off-by-one errors in src/text.c in Vilistextum before
2.6.9 ...)
+	TODO: check
+CVE-2006-5656 (Memory leak in the push_align function in src/util.c in
Vilistextum ...)
+	TODO: check
+CVE-2006-5655 (SQL injection vulnerability in index.php in OpenDocMan 1.2p3
allows ...)
+	TODO: check
+CVE-2006-5654 (Unspecified vulnerability in the Network Security Services (NSS)
in ...)
+	TODO: check
+CVE-2006-5653 (Cross-site scripting (XSS) vulnerability in the errorHTML
function in ...)
+	TODO: check
+CVE-2006-5652 (Cross-site scripting (XSS) vulnerability in Sun iPlanet
Messaging ...)
+	TODO: check
+CVE-2006-5651
+	RESERVED
+CVE-2006-5650
+	RESERVED
 CVE-2006-XXXX [phpmyadmin XSS (PMASA-2006-6)]
 	- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
 	[sarge]	- phpmyadmin <not-affected> (Vulnerable code not present)
@@ -71,7 +325,7 @@
 	TODO: check
 CVE-2006-5617 (Directory traversal vulnerability in index.php in Thepeak File
Upload ...)
 	TODO: check
-CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as use in SUSE
Linux ...)
+CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE
Linux ...)
 	TODO: check
 CVE-2006-5615 (PHP remote file inclusion vulnerability in publish.php in
Textpattern ...)
 	TODO: check
@@ -195,7 +449,7 @@
 	TODO: check
 CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and
5.0 ...)
 	NOT-FOR-US: Cisco Security Agent 
-CVE-2006-5552 (Heap-based buffer overflow in RevilloC MailServer 1.21 and
earlier ...)
+CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21
and ...)
 	TODO: check
 CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might
allow ...)
 	TODO: check
@@ -353,7 +607,7 @@
 	NOT-FOR-US: Castor
 CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows
remote ...)
 	NOT-FOR-US: Novell eDirectory
-CVE-2006-5478 (Stack-based buffer overflow in the BuildRedirectURL function in
the ...)
+CVE-2006-5478 (Multiple stack-based buffer overflows in Novell eDirectory 8.8.x
...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form
...)
 	- drupal <unfixed> (low)
@@ -377,13 +631,11 @@
 	- wireshark 0.99.4-1 (bug #396258; medium)
 CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to
cause a ...)
 	TODO: check
-CVE-2006-5466 [rpm heap overflow in changelog parsing]
-	RESERVED
+CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in
librpm ...)
 	- rpm 4.4.1-11 (low)
 	NOTE: This needs further investigation, most probably a non-issue, pinged
maintainer
 	NOTE: [sarge] - rpm <no-dsa> (You need to trust the RPMs you''re
installing)
-CVE-2006-5465 [php htmlentities() and htmlspecialchars() buffer overflow]
-	RESERVED
+CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to
execute ...)
 	- php4 4:4.4.4-4 (high; bug #396764)
 	- php5 5.1.6-6 (high; bug #396766)
 CVE-2006-5464
@@ -530,8 +782,8 @@
 	NOT-FOR-US: PHPRecipeBook
 CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1
allows ...)
 	NOT-FOR-US: Simplog
-CVE-2006-5397
-	RESERVED
+CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11
1.0.2 ...)
+	TODO: check
 CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel
before ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)
@@ -1775,17 +2027,13 @@
 	- qt4-x11 4.2.1-1 (bug #394192)
 CVE-2006-4810
 	RESERVED
-CVE-2006-4809 [imlib2 vulnerability]
-	RESERVED
+CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before
1.2.1, ...)
 	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
-CVE-2006-4808 [imlib2 vulnerability]
-	RESERVED
+CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before
1.2.1, and ...)
 	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
-CVE-2006-4807 [imlib2 vulnerability]
-	RESERVED
+CVE-2006-4807 (loader_tga.c in imlib2 before 1.2.1, and possibly other
versions, ...)
 	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
-CVE-2006-4806 [imlib2 vulnerability]
-	RESERVED
+CVE-2006-4806 (Multiple integer overflows in imlib2 allow user-assisted remote
...)
 	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
 CVE-2006-4805 (epan/dissectors/packet-xot.c in the XOT dissector
(dissect_xot_pdu) in ...)
 	{DSA-1201-1}
@@ -2294,8 +2542,8 @@
 CVE-2006-4573 (Multiple unspecified vulnerabilities in the &quot;utf8
combining characters ...)
 	{DSA-1202-1}
 	- screen 4.0.3-0.1 (bug #395225; medium)
-CVE-2006-4572
-	RESERVED
+CVE-2006-4572 (Multiple unspecified vulnerabilities in netfilter for IPv6 code
in ...)
+	TODO: check
 CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7,
...)
 	{DSA-1192-1 DSA-1191-1}
 	NOTE: MFSA-2006-64
@@ -2447,8 +2695,8 @@
 CVE-2006-XXXX [hostapd dos]
 	- hostapd 1:0.5.4-1
 	[sarge] - hostapd <not-affected> (Vulnerable code not present)
-CVE-2006-4521
-	RESERVED
+CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so
NMAS ...)
+	TODO: check
 CVE-2006-4520
 	RESERVED
 CVE-2006-4519
@@ -3015,7 +3263,7 @@
 	NOT-FOR-US: Jelsoft vBulletin
 CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php
in the ...)
 	NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo
-CVE-2006-4269 (PHP remote file inclusion vulnerability in admin.x-shop.php in
the ...)
+CVE-2006-4269 (** DISPUTED ** ...)
 	NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla!
 CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart
3.0.11 ...)
 	NOT-FOR-US: CubeCart
@@ -3489,7 +3737,7 @@
 	NOT-FOR-US: SAPID Blog
 CVE-2006-4062 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: SAPID Shop 
-CVE-2006-4061 (PHP remote file inclusion vulnerability in index.php in Thomas
Pequet ...)
+CVE-2006-4061 (** DISPUTED ** ...)
 	NOT-FOR-US: phpPrintAnalyzer
 CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in
Visual ...)
 	NOT-FOR-US: Visual Events Calendar
@@ -24226,7 +24474,7 @@
 	NOT-FOR-US: Novell portmapper
 CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton
Internet ...)
 	NOT-FOR-US: Symantec Norton Internet Security
-CVE-2003-1148 (PHP remote file inclusion vulnerability in (1) config.inc.php
and (2) ...)
+CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre
DEZELUS ...)
 	NOT-FOR-US: Les Visiteurs
 CVE-2003-1147
 	REJECTED
Secure testing commits - Nov 2006 - r4930 - data/CVE

[Secure-testing-commits] r4930 - data/CVE
