Secure testing commits - Nov 2006 - r4965 - data/CVE

Author: joeyh
Date: 2006-11-15 09:14:20 +0100 (Wed, 15 Nov 2006)
New Revision: 4965

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-13 21:59:24 UTC (rev 4964)
+++ data/CVE/list	2006-11-15 08:14:20 UTC (rev 4965)
@@ -1,4 +1,134 @@
-CVE-2006-5864 [gv "ps_gettext()" Buffer Overflow Vulnerability]
+CVE-2006-5884 (Multiple unspecified vulnerabilities in DirectAnimation ActiveX
...)
+	TODO: check
+CVE-2006-5883 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10
allow ...)
+	TODO: check
+CVE-2006-5882 (Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless
device ...)
+	TODO: check
+CVE-2006-5881 (SQL injection vulnerability in cl_CatListing.asp in Dynamic
Dataworx ...)
+	TODO: check
+CVE-2006-5880 (SQL injection vulnerability on the subMenu page in switch.asp in
Munch ...)
+	TODO: check
+CVE-2006-5879 (SQL injection vulnerability in default1.asp in ASPPortal 4.0.0
beta ...)
+	TODO: check
+CVE-2006-5878 (Cross-site Request Forgery (CSRF) vulnerability in Trac before
0.10.1 ...)
+	TODO: check
+CVE-2006-5877
+	RESERVED
+CVE-2006-5876
+	RESERVED
+CVE-2006-5875
+	RESERVED
+CVE-2006-5874
+	RESERVED
+CVE-2006-5873
+	RESERVED
+CVE-2006-5872
+	RESERVED
+CVE-2006-5871
+	RESERVED
+CVE-2006-5870
+	RESERVED
+CVE-2006-5869
+	RESERVED
+CVE-2006-5868
+	RESERVED
+CVE-2006-5867
+	RESERVED
+CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php
for ...)
+	TODO: check
+CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php for
Script ...)
+	TODO: check
+CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for
...)
+	TODO: check
+CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of
the web ...)
+	TODO: check
+CVE-2006-5861 (The Independent Management Architecture (IMA) service
(ImaSrv.exe) in ...)
+	TODO: check
+CVE-2006-5860
+	RESERVED
+CVE-2006-5859
+	RESERVED
+CVE-2006-5858
+	RESERVED
+CVE-2006-5857
+	RESERVED
+CVE-2006-5856
+	RESERVED
+CVE-2006-5855
+	RESERVED
+CVE-2006-5854
+	RESERVED
+CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in
Immediacy ...)
+	TODO: check
+CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL
before ...)
+	TODO: check
+CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to
create ...)
+	TODO: check
+CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for
Windows ...)
+	TODO: check
+CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in
...)
+	TODO: check
+CVE-2006-5848 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac
0.10 ...)
+	TODO: check
+CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in
FreeWebshop ...)
+	TODO: check
+CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop
2.2.2 ...)
+	TODO: check
+CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in
Speedywiki 2.0 ...)
+	TODO: check
+CVE-2006-5844 (Speedywiki 2.0 allows remote attackers to obtain the full path
of the ...)
+	TODO: check
+CVE-2006-5843 (Cross-site scripting (XSS) vulnerability in index.php in
Speedywiki ...)
+	TODO: check
+CVE-2006-5842 (The keystore file in Unicore Client before 5.6 build 5, when
running ...)
+	TODO: check
+CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in
dodosmail.php in ...)
+	TODO: check
+CVE-2006-5840 (Multiple SQL injection vulnerabilities in Abarcar Realty Portal
allow ...)
+	TODO: check
+CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in
PHPAdventure ...)
+	TODO: check
+CVE-2006-5838 (PHP remote file inclusion vulnerability in
lib/class.Database.php in ...)
+	TODO: check
+CVE-2006-5837 (Static code injection vulnerability in chat_panel.php in the
...)
+	TODO: check
+CVE-2006-5836 (The fpathconf syscall function in bsd/kern/kern_descrip.c in the
...)
+	TODO: check
+CVE-2006-5835 (The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus
Notes ...)
+	TODO: check
+CVE-2006-5834 (Directory traversal vulnerability in general.php in OpenSolution
...)
+	TODO: check
+CVE-2006-5833 (gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not
require ...)
+	TODO: check
+CVE-2006-5832 (All In One Control Panel (AIOCP) 1.3.007 and earlier allows
remote ...)
+	TODO: check
+CVE-2006-5831 (PHP remote file inclusion vulnerability in admin/code/index.php
in All ...)
+	TODO: check
+CVE-2006-5830 (Multiple cross-site scripting (XSS) vulnerabilities in All In
One ...)
+	TODO: check
+CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control
Panel ...)
+	TODO: check
+CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP
...)
+	TODO: check
+CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server
3.23.1.1 ...)
+	TODO: check
+CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako
...)
+	TODO: check
+CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1
allows ...)
+	TODO: check
+CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
+	TODO: check
+CVE-2006-5822
+	RESERVED
+CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1
function in ...)
+	TODO: check
+CVE-2006-5820
+	RESERVED
+CVE-2006-5819
+	RESERVED
+CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c
for GNU ...)
 	- gv 1:3.6.2-2 (medium; bug #398292)
 CVE-2006-XXXX [track CSRF vulnerability]
 	- trac 0.10.1-1
@@ -66,7 +196,7 @@
 	- elog 2.6.2+r1754-1 (medium; bug #392016)
 CVE-2006-5790 (Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2
and ...)
 	- elog 2.6.2+r1754-1 (medium; bug #392016)
-CVE-2006-5789 (WarFTPd 1.82.00-RC11 allows remote authenticated users to cause
a ...)
+CVE-2006-5789 (War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote
authenticated ...)
 	NOT-FOR-US: WarFTPd
 CVE-2006-5788 (PHP remote file inclusion vulnerability in (1) index.php and (2)
...)
 	NOT-FOR-US: IPrimal Forums
@@ -80,8 +210,8 @@
 	NOT-FOR-US: SAP Web Application Server
 CVE-2006-5783 (** DISPUTED ** ...)
 	NOTE: irreproducible firefox issue
-CVE-2006-5782
-	RESERVED
+CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM)
does not ...)
+	TODO: check
 CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine
0.3.2 ...)
 	NOT-FOR-US: iodine
 CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server
5.2 ...)
@@ -296,8 +426,8 @@
 	RESERVED
 CVE-2006-5681
 	RESERVED
-CVE-2006-5680
-	RESERVED
+CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and
before ...)
+	TODO: check
 CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1
allows ...)
 	- kfreebsd-5 <unfixed>
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
@@ -706,8 +836,8 @@
 	NOT-FOR-US: RIM BlackBerry Enterprise Server
 CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly
...)
 	NOT-FOR-US: XchangeBoard
-CVE-2006-5487
-	RESERVED
+CVE-2006-5487 (Directory traversal vulnerability in Marshal MailMarshal SMTP
5.x, ...)
+	TODO: check
 CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java
System ...)
 	NOT-FOR-US: Sun Java System Messaging Server
 CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg
...)
@@ -785,8 +915,8 @@
 	- xulrunner <unfixed> (high)
 	- mozilla-firefox <removed> (high)
 	- mozilla-thunderbird <removed> (medium)
-CVE-2006-5461
-	RESERVED
+CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of
netlink ...)
+	TODO: check
 CVE-2006-XXXX [diffmon information leakage]
 	- diffmon 20020222-2.2 (bug #382132)
 CVE-2006-5460 (** DISPUTED ** ...)
@@ -1345,8 +1475,8 @@
 	NOT-FOR-US: Adobe
 CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator
password in ...)
 	NOT-FOR-US: Adobe
-CVE-2006-5198
-	RESERVED
+CVE-2006-5198 (The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software
...)
+	TODO: check
 CVE-2006-5197 (PDshopPro stores sensitive information under the web root with
...)
 	NOT-FOR-US: PDshopPro
 CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem
allows ...)
@@ -2169,7 +2299,7 @@
 	{DSA-1200-1}
 	- qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313)
 	- qt4-x11 4.2.1-1 (bug #394192)
-CVE-2006-4810 (Buffer overflow in the (1) texi2dvi and (2) texindex commands in
texinfo 4.8 ...)
+CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as
used ...)
 	TODO: check
 CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before
1.2.1, ...)
 	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
@@ -2423,16 +2553,16 @@
 	NOT-FOR-US: Microsoft Word
 CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager
...)
 	NOT-FOR-US: Microsoft Word
-CVE-2006-4691
-	RESERVED
+CVE-2006-4691 (Buffer overflow in the Workstation service in Microsoft Windows
2000 ...)
+	TODO: check
 CVE-2006-4690
 	RESERVED
-CVE-2006-4689
-	RESERVED
-CVE-2006-4688
-	RESERVED
-CVE-2006-4687
-	RESERVED
+CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service
for ...)
+	TODO: check
+CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in
Microsoft ...)
+	TODO: check
+CVE-2006-4687 (Microsoft Internet Explorer 5.01 through 6 allows remote
attackers to ...)
+	TODO: check
 CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language
Transformations ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML
Core ...)
@@ -3453,10 +3583,10 @@
 	[sarge] - mozilla-thunderbird <unfixed> (low)
 	NOTE: On Sarge this is only a DoS, not code injection
 	- thunderbird 1.5.0.7-1 (low)
-CVE-2006-4252
-	RESERVED
-CVE-2006-4251
-	RESERVED
+CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might
allow ...)
+	TODO: check
 CVE-2006-4250
 	RESERVED
 CVE-2006-4249 [plone group creation privilege escalation]
@@ -5321,8 +5451,8 @@
 	RESERVED
 CVE-2006-3446
 	RESERVED
-CVE-2006-3445
-	RESERVED
+CVE-2006-3445 (Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and
Server 2003 ...)
+	TODO: check
 CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft
Windows ...)