thr3ads.net - Secure testing commits - [Secure-testing-commits] r4672

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Sep-04 21:01 UTC
[Secure-testing-commits] r4672 - data/CVE

Author: stef-guest
Date: 2006-09-04 21:00:56 +0000 (Mon, 04 Sep 2006)
New Revision: 4672

Modified:
   data/CVE/list
Log:
"automatic" update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-03 20:26:19 UTC (rev 4671)
+++ data/CVE/list	2006-09-04 21:00:56 UTC (rev 4672)
@@ -1,3 +1,179 @@
+CVE-2006-4521
+	RESERVED
+CVE-2006-4520
+	RESERVED
+CVE-2006-4519
+	RESERVED
+CVE-2006-4518
+	RESERVED
+CVE-2006-4517
+	RESERVED
+CVE-2006-4516
+	RESERVED
+CVE-2006-4515
+	RESERVED
+CVE-2006-4514
+	RESERVED
+CVE-2006-4513
+	RESERVED
+CVE-2006-4512
+	RESERVED
+CVE-2006-4511
+	RESERVED
+CVE-2006-4510
+	RESERVED
+CVE-2006-4509
+	RESERVED
+CVE-2006-4508 (Unspecified vulnerability in Tor 0.1.0.x before 0.1.0.18 and
0.1.1.x ...)
+	TODO: check
+CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF)
in the ...)
+	TODO: check
+CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows
local ...)
+	TODO: check
+CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows
remote ...)
+	TODO: check
+CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0
allows ...)
+	TODO: check
+CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass
authentication ...)
+	TODO: check
+CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS
1.0 ...)
+	TODO: check
+CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in
ezPortal/ztml ...)
+	TODO: check
+CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings
for ...)
+	TODO: check
+CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in
...)
+	TODO: check
+CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1
allows ...)
+	TODO: check
+CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in
IwebNegar ...)
+	TODO: check
+CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user''s home
directory with ...)
+	TODO: check
+CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for
Windows ...)
+	TODO: check
+CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG
before ...)
+	TODO: check
+CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office
before ...)
+	TODO: check
+CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill
...)
+	TODO: check
+CVE-2006-4488 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the
web ...)
+	TODO: check
+CVE-2006-4486 (Unspecified vulnerability in PHP before 5.1.6, when running on a
...)
+	TODO: check
+CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and
attack ...)
+	TODO: check
+CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
+	TODO: check
+CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
+	TODO: check
+CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and
(2) ...)
+	TODO: check
+CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before
5.1.5 ...)
+	TODO: check
+CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in
nuked.php ...)
+	TODO: check
+CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in
Visual ...)
+	TODO: check
+CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual
Shapers ...)
+	TODO: check
+CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual
Shapers ...)
+	TODO: check
+CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11,
related ...)
+	TODO: check
+CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups
...)
+	TODO: check
+CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
+	TODO: check
+CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before
1.0.11, ...)
+	TODO: check
+CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11
allow ...)
+	TODO: check
+CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11
allows ...)
+	TODO: check
+CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS
is ...)
+	TODO: check
+CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11
allows ...)
+	TODO: check
+CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11,
related ...)
+	TODO: check
+CVE-2006-4467 (Interpretation conflict in Simple Machines Forum (SMF) 1.1RCx
before ...)
+	TODO: check
+CVE-2006-4466 (Interpretation conflict in Joomla! before 1.0.11 does not
properly ...)
+	TODO: check
+CVE-2006-4465 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd
edition, ...)
+	TODO: check
+CVE-2006-4463 (SQL injection vulnerability in the administrator control panel
in ...)
+	TODO: check
+CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict
access to ...)
+	TODO: check
+CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not
properly ...)
+	TODO: check
+CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook
before ...)
+	TODO: check
+CVE-2006-4459
+	RESERVED
+CVE-2006-4458 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard
2.1.4 ...)
+	TODO: check
+CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in
phpECard ...)
+	TODO: check
+CVE-2006-4455 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in
HLstats ...)
+	TODO: check
+CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18
...)
+	TODO: check
+CVE-2006-4452 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0
allows ...)
+	TODO: check
+CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is
enabled, ...)
+	TODO: check
+CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in
...)
+	TODO: check
+CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact
2.2, ...)
+	TODO: check
+CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload,
...)
+	TODO: check
+CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM
object ...)
+	TODO: check
+CVE-2006-4445 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0
for ...)
+	TODO: check
+CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in
AlstraSoft ...)
+	TODO: check
+CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook
before ...)
+	TODO: check
+CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System
...)
+	TODO: check
+CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System
...)
+	TODO: check
+CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with
insecure ...)
+	TODO: check
+CVE-2006-4438
+	RESERVED
+CVE-2006-4437
+	RESERVED
+CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote
...)
+	TODO: check
+CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including
Mozilla ...)
+	TODO: check
+CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a
denial ...)
+	TODO: check
 CVE-2006-XXXX [tikiwiki security issue in jhot.php]
 	- tikiwiki 1.9.4+dfsg2-3
 CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions,
creates ...)
@@ -5,6 +181,7 @@
 CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
 	NOT-FOR-US: OpenBSD
 CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows
remote ...)
+	{DSA-1164}
 	- sendmail 8.13.8-1 (bug #385054; medium)
 CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the
character set ...)
 	- php4 4:4.4.4-1 (low)
@@ -278,8 +455,8 @@
 	NOT-FOR-US: Solaris
 CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821
...)
 	NOT-FOR-US: Solaris
-CVE-2006-4305
-	RESERVED
+CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows
remote ...)
+	TODO: check
 CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1
and ...)
 	NOT-FOR-US: FreeBSD NetBSD
 CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun
...)
@@ -407,8 +584,8 @@
 	RESERVED
 CVE-2006-4245
 	RESERVED
-CVE-2006-4244
-	RESERVED
+CVE-2006-4244 (Unspecified vulnerability in unspecified versions of SQL-Ledger
allow ...)
+	TODO: check
 CVE-2006-4243
 	RESERVED
 CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in
the JIM ...)
@@ -505,6 +682,7 @@
 CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php
in ...)
 	NOT-FOR-US: Wheatblog
 CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or
...)
+	{DSA-1162}
 	- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
 	- libmusicbrainz-2.0 <removed> (medium; bug #383031)
 CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta
CMS ...)
@@ -514,7 +692,7 @@
 CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as
(gas) ...)
 	- binutils 2.17-1 (low)
 	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched
configurations)
-CVE-2005-4807 (Stack-based buffer overflow in messages.c in the GNU as (gas)
...)
+CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c
in ...)
 	- binutils 2.17-1 (low)
 	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched
configurations)
 CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access
...)
@@ -626,8 +804,7 @@
 	RESERVED
 CVE-2006-4147
 	RESERVED
-CVE-2006-4146 [GDB "DWARF" Buffer Overflow Vulnerabilities]
-	RESERVED
+CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and DWARF2 ...)
 	- gdb <unfixed>
 CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux
kernel ...)
 	- linux-2.6 2.6.17-7
@@ -638,7 +815,7 @@
 	NOT-FOR-US: Virtual War (VWar)
 CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar)
1.5.0 ...)
 	NOT-FOR-US: Virtual War (VWar)
-CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor
5.3.2.609 ...)
+CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor
before ...)
 	NOT-FOR-US: IPCheck Server Monitor
 CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a
denial of ...)
 	NOT-FOR-US: Solaris
@@ -1342,6 +1519,7 @@
 	{DSA-1128}
 	- heartbeat 1.2.4-13 (bug #379904)
 CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal
function in ...)
+	{DSA-1166}
 	- cheesetracker 0.9.9-6 (bug #380364; low)
 CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise
Linux 4 ...)
 	NOT-FOR-US: Perl in Red Hat Enterprise Linux 4
@@ -1355,6 +1533,7 @@
 	- thunderbird <unfixed> (unimportant)
 	[sarge] - mozilla-thunderbird <not-affected> (unimportant)
 CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
+	{DSA-1161}
 	NOTE: MFSA-2006-55
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.5-1 (high)
@@ -1371,7 +1550,7 @@
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <not-affected>
 CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
-	{DSA-1160 DSA-1159}
+	{DSA-1161 DSA-1160 DSA-1159}
 	NOTE: MFSA-2006-53
 	- mozilla <unfixed> (medium)
 	- xulrunner 1.8.0.5-1 (medium)
@@ -1380,7 +1559,7 @@
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <removed> (medium)
 CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows
...)
-	{DSA-1160 DSA-1159}
+	{DSA-1161 DSA-1160 DSA-1159}
 	NOTE: MFSA-2006-52
 	- mozilla <unfixed> (medium)
 	- xulrunner 1.8.0.5-1 (medium)
@@ -1388,7 +1567,7 @@
 	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
 	- thunderbird 1.5.0.5-1
 CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
-	{DSA-1160 DSA-1159}
+	{DSA-1161 DSA-1160 DSA-1159}
 	NOTE: MFSA-2006-51
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.5-1 (high)
@@ -1397,7 +1576,7 @@
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <removed> (medium)
 CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla
Firefox ...)
-	{DSA-1160 DSA-1159}
+	{DSA-1161 DSA-1160 DSA-1159}
 	NOTE: MFSA-2006-50
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.5-1 (high)
@@ -1406,7 +1585,7 @@
 	- thunderbird 1.5.0.5-1 (medium)
 	- mozilla-thunderbird <removed> (medium)
 CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5,
Thunderbird ...)
-	{DSA-1160 DSA-1159}
+	{DSA-1161 DSA-1160 DSA-1159}
 	NOTE: MFSA-2006-50
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.5-1 (high)
@@ -2884,9 +3063,10 @@
 	- mozilla <not-affected> (SunSolve claims it is only in 3.11; latest
released is 3.10)
 CVE-2006-3126 [unspecivied vulnerability in capi4hylafax in mgetty mode]
 	RESERVED
+	{DSA-1165}
 	- capi4hylafax 1:01.03.00.99.svn.300-3
-CVE-2006-3125 [getrinet index underflows]
-	RESERVED
+CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier
allows ...)
+	{DSA-1163}
 	- getrinet 0.7.10-1
 CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper
before ...)
 	{DSA-1158}
@@ -3139,7 +3319,7 @@
 	NOT-FOR-US: phpBannerExchange
 CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0
Update 6 ...)
 	NOT-FOR-US: phpBannerExchange
-CVE-2006-3011 (The error_log function in basic_functions.c in PHP 5.1.4 and
4.4.2 ...)
+CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4
and ...)
 	- php4 4:4.4.4-1 (low)
 	- php5 5.1.6-1 (low)
 	[sarge] - php4 <no-dsa> (Safe mode not supported)
@@ -7987,7 +8167,7 @@
 	NOT-FOR-US: UkiBoard
 CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween
1.03 ...)
 	NOT-FOR-US: DCI-Design Dawaween
-CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and
5.x, ...)
+CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP before 4.4.4
and 5.x ...)
 	NOT-FOR-US: c-client
 CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet
...)
 	NOT-FOR-US: Windows
@@ -13632,7 +13812,7 @@
 	NOT-FOR-US: Invision Gallery
 CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2,
and ...)
 	NOT-FOR-US: OpenVMS
-CVE-2005-3475 (Hasbani Web Server allows remote attackers to cause a denial of
...)
+CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to
cause a ...)
 	NOT-FOR-US: Hasbani Web Server
 CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software
hides any ...)
 	NOT-FOR-US: XCP DRM
Secure testing commits - Sep 2006 - r4672 - data/CVE

[Secure-testing-commits] r4672 - data/CVE
