Secure testing commits - Oct 2006 - r4871 - data/CVE

Author: joeyh
Date: 2006-10-23 21:14:25 +0000 (Mon, 23 Oct 2006)
New Revision: 4871

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-10-23 20:00:27 UTC (rev 4870)
+++ data/CVE/list	2006-10-23 21:14:25 UTC (rev 4871)
@@ -1,3 +1,163 @@
+CVE-2006-5460 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in
Download-Engine ...)
+	TODO: check
+CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton
Design ...)
+	TODO: check
+CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and
...)
+	TODO: check
+CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in
editversions.cgi in ...)
+	TODO: check
+CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x
before ...)
+	TODO: check
+CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla
2.18.x ...)
+	TODO: check
+CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and
HP-UX ...)
+	TODO: check
+CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in
TorrentFlux 2.1 ...)
+	TODO: check
+CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive
Cinema ...)
+	TODO: check
+CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote ...)
+	TODO: check
+CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital
Rights ...)
+	TODO: check
+CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web
...)
+	TODO: check
+CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft
Casino ...)
+	TODO: check
+CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...)
+	TODO: check
+CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel
...)
+	TODO: check
+CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive
Mathematics ...)
+	TODO: check
+CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP
...)
+	TODO: check
+CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in
Comdev Web ...)
+	TODO: check
+CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in
Comdev ...)
+	TODO: check
+CVE-2006-5439 (PHP remote file inclusion vulnerability in adminfoot.php in
Comdev ...)
+	TODO: check
+CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in
Comdev ...)
+	TODO: check
+CVE-2006-5437 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ
1.0.e ...)
+	TODO: check
+CVE-2006-5435 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News
1.16 ...)
+	TODO: check
+CVE-2006-5433 (PHP remote file inclusion vulnerability in
modules/guestbook/index.php ...)
+	TODO: check
+CVE-2006-5432 (Multiple direct static code injection vulnerabilities in ...)
+	TODO: check
+CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php
in ...)
+	TODO: check
+CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search
functionality ...)
+	TODO: check
+CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry
Nauta BRIM ...)
+	TODO: check
+CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a
client''s ...)
+	TODO: check
+CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in
Php AMX ...)
+	TODO: check
+CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in
LoCal ...)
+	TODO: check
+CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote
...)
+	TODO: check
+CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006
trial ...)
+	TODO: check
+CVE-2006-5423 (PHP remote file inclusion vulnerability in
admin/admin_module.php in ...)
+	TODO: check
+CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in
Lodel ...)
+	TODO: check
+CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute
...)
+	TODO: check
+CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in
University of ...)
+	TODO: check
+CVE-2006-5418 (PHP remote file inclusion vulnerability in
archive/archive_topic.php ...)
+	TODO: check
+CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by
multiple ...)
+	TODO: check
+CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5
...)
+	TODO: check
+CVE-2006-5415 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users
to ...)
+	TODO: check
+CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod
3.0.0 ...)
+	TODO: check
+CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when ...)
+	TODO: check
+CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free
Web ...)
+	TODO: check
+CVE-2006-5410 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS
management ...)
+	TODO: check
+CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the
wireless ...)
+	TODO: check
+CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in
osTicket ...)
+	TODO: check
+CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with
insecure ...)
+	TODO: check
+CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device
driver ...)
+	TODO: check
+CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec
...)
+	TODO: check
+CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in
Symantec ...)
+	TODO: check
+CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli
3.0.1 ...)
+	TODO: check
+CVE-2006-5401 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in
...)
+	TODO: check
+CVE-2006-5399 (PHP remote file inclusion vulnerability in
classes/Import_MM.class.php ...)
+	TODO: check
+CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1
allows ...)
+	TODO: check
+CVE-2006-5397
+	RESERVED
+CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel
before ...)
+	TODO: check
+CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)
+	TODO: check
+CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an
...)
+	TODO: check
+CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ...)
+	TODO: check
+CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock
...)
+	TODO: check
+CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2006-5390 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain
...)
+	TODO: check
+CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and
...)
+	TODO: check
+CVE-2006-5387 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in
NuralStorm ...)
+	TODO: check
+CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php
in the ...)
+	TODO: check
+CVE-2006-5384 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and
...)
+	TODO: check
+CVE-2006-5382
+	RESERVED
+CVE-2003-1307 (** DISPUTED ** ...)
+	TODO: check
 VE-2006-XXXX [unspecified steam cache vulnerability]
 	- steam 2.2.31-1
 	[sarge] - steam <not-affected> (Sarge version doesn''t implement
caching)
@@ -304,6 +464,7 @@
 CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in
FreeForum ...)
 	TODO: check
 CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote
...)
+	{DSA-1196-1 DSA-1196-1}
 	- clamav 0.88.5-1 (high; bug #393445)
 CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms
and ...)
 	NOTE: This issues depends on the stack of selected authentication modules,
while
@@ -499,9 +660,9 @@
 	NOT-FOR-US: OlateDownload
 CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)]
 	- libgsf 1.14.2-1
-CVE-2006-5143 (Stack-based buffer overflow in the Backup Agent RPC Server ...)
+CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5
SP1 ...)
 	NOT-FOR-US: Backup Agent RPC Server
-CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserver Backup
R11.5 ...)
+CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup
R11.5 ...)
 	NOT-FOR-US: CA BrightStor ARCserver Backup
 CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin
A. ...)
 	NOT-FOR-US: Open Geo Targeting (aka geotarget)
@@ -836,6 +997,7 @@
 CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to
bypass ...)
 	NOT-FOR-US: Symantec
 CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6
before ...)
+	{DSA-1197-1}
 	- python2.5 2.5-1 (bug #391589)
 	- python2.4 2.4.3-9 (bug #391589)
 	- python2.3 2.3.5-16 (bug #393053)
@@ -955,8 +1117,8 @@
 	RESERVED
 CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device
...)
 	NOT-FOR-US: Symantec AntiVirus
-CVE-2006-4926
-	RESERVED
+CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK
(KLICK.SYS) and ...)
+	TODO: check
 CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and
earlier, ...)
 	NOT-FOR-US: SISCO OSI stack for Windows
 CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly
2.6.12 and ...)
@@ -1194,8 +1356,7 @@
 CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows
remote ...)
 	- php4 <not-affected>
 	- php5 <unfixed> (bug #391586)
-CVE-2006-4811 [qt pixmap overflow]
-	RESERVED
+CVE-2006-4811 (Integer overflow in Qt, as used in the KDE khtml library,
kdelibs ...)
 	- qt-x11-free 3:3.3.7-1 (bug #394192: bug #394313)
 	- qt4-x11 <unfixed> (bug #394192)
 CVE-2006-4810
@@ -2647,6 +2808,7 @@
 CVE-2006-4183
 	RESERVED
 CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions
...)
+	{DSA-1196-1 DSA-1196-1}
 	- clamav 0.88.5-1 (high; bug #393445)
 CVE-2006-4181
 	RESERVED
@@ -19066,8 +19228,8 @@
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read
...)
 	NOT-FOR-US: Greasemonkey
-CVE-2005-2454
-	RESERVED
+CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses
insecure ...)
+	TODO: check
 CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web
Server ...)
 	NOT-FOR-US: NetworkActiv Web Server
 CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of
...)
@@ -20667,7 +20829,7 @@
 	NOT-FOR-US: Real Estate Management Software
 CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in
''raw'' page output mode for ...)
 	- mediawiki 1.4.9 (bug #276057)
-CVE-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a
...)
+CVE-2004-2151 (Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a
...)
 	NOT-FOR-US: Chatman
 CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays
different ...)
 	NOT-FOR-US: INTELLIPEER Email Server
@@ -26804,7 +26966,7 @@
 	NOT-FOR-US: Microsoft SQL Server
 CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress
1.2 ...)
 	- wordpress 1.2.2-1.1
-CVE-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through
0.6 ...)
+CVE-2004-1558 (Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS)
0.4 ...)
 	NOT-FOR-US: YahooPOPS
 CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass
authentication, ...)
 	NOT-FOR-US: MyWebServer