Author: joeyh Date: 2006-09-18 21:14:36 +0000 (Mon, 18 Sep 2006) New Revision: 4745 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-09-18 20:51:00 UTC (rev 4744) +++ data/CVE/list 2006-09-18 21:14:36 UTC (rev 4745) @@ -1,3 +1,107 @@ +CVE-2006-4843 + RESERVED +CVE-2006-4842 + RESERVED +CVE-2006-4841 + RESERVED +CVE-2006-4840 + RESERVED +CVE-2006-4839 + RESERVED +CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE ...) + TODO: check +CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE ...) + TODO: check +CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows ...) + TODO: check +CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote ...) + TODO: check +CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...) + TODO: check +CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx ...) + TODO: check +CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT ...) + TODO: check +CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before ...) + TODO: check +CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in ...) + TODO: check +CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...) + TODO: check +CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in ...) + TODO: check +CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat ...) + TODO: check +CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed ...) + TODO: check +CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in ...) + TODO: check +CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in ...) + TODO: check +CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check +CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview ...) + TODO: check +CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and ...) + TODO: check +CVE-2006-4819 + RESERVED +CVE-2006-4818 + RESERVED +CVE-2006-4817 + RESERVED +CVE-2006-4816 + RESERVED +CVE-2006-4815 + RESERVED +CVE-2006-4814 + RESERVED +CVE-2006-4813 + RESERVED +CVE-2006-4812 + RESERVED +CVE-2006-4811 + RESERVED +CVE-2006-4810 + RESERVED +CVE-2006-4809 + RESERVED +CVE-2006-4808 + RESERVED +CVE-2006-4807 + RESERVED +CVE-2006-4806 + RESERVED +CVE-2006-4805 + RESERVED +CVE-2006-4804 + RESERVED +CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...) + TODO: check +CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in ...) + TODO: check +CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and ...) + TODO: check +CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...) + TODO: check +CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...) + TODO: check +CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which ...) + TODO: check +CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine ...) + TODO: check +CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums ...) + TODO: check +CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area ...) + TODO: check +CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...) + TODO: check +CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 ...) + TODO: check +CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area ...) + TODO: check CVE-2006-XXXX [linux-ftpd allows chdir to disallowed directories] - linux-ftpd 0.17-22 (low; bug #384454) CVE-2006-XXXX [linux-ftpd does not check return code of setuid] @@ -32,7 +136,7 @@ NOT-FOR-US: Vitrax Premodded phpBB CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...) NOT-FOR-US: Creative Commons Tools ccHost -CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation.PathControl COM ...) +CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation Path Control ...) NOT-FOR-US: DirectAnimation.PathControl CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...) NOT-FOR-US: Cisco @@ -115,7 +219,7 @@ NOT-FOR-US: Jetbox CMS CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote ...) NOT-FOR-US: Jetbox CMS -CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. allow ...) +CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 ...) NOT-FOR-US: CMS.R CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...) - magpierss <unfixed> (unimportant) @@ -130,7 +234,7 @@ TODO: check CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...) TODO: check -CVE-2006-4731 (Directory traversal vulnerability in login.pl in (1) SQL-Ledger before ...) +CVE-2006-4731 (Multiple directory traversal vulnerabilities in (1) login.pl and (2) ...) - sql-ledger 2.6.19-1 CVE-2006-4730 RESERVED @@ -468,44 +572,38 @@ RESERVED CVE-2006-4572 RESERVED -CVE-2006-4571 - RESERVED +CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...) NOTE: MFSA-2006-64 - mozilla <unfixed> (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) - thunderbird 1.5.0.7-1 (high) [sarge] - mozilla-firefox <unfixed> (high) [sarge] - mozilla-thunderbird <unfixed> (high) -CVE-2006-4570 - RESERVED +CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with ...) NOTE: MFSA-2006-63 - thunderbird 1.5.0.7-1 - mozilla <unfixed> -CVE-2006-4569 [firefox popup blocker xss] - RESERVED +CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ...) NOTE: MFSA-2006-62 - firefox 1.5.dfsg+1.5.0.7-1 (low) - xulrunner <unfixed> (low) - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox <unfixed> (low) -CVE-2006-4568 - RESERVED +CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows ...) NOTE: MFSA-2006-61 - mozilla <unfixed> (low) - firefox 1.5.dfsg+1.5.0.7-1 (low) - xulrunner <unfixed> (low) - thunderbird 1.5.0.7-1 [sarge] - mozilla-firefox <unfixed> (low) -CVE-2006-4567 [Spoofing in internal auto update] - RESERVED +CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...) NOTE: MFSA-2006-58 - firefox 1.5.dfsg+1.5.0.7-1 (unimportant) - thunderbird 1.5.0.7-1 (unimportant) [sarge] - mozilla-firefox <unfixed> (unimportant) [sarge] - mozilla-thunderbird <unfixed> (unimportant) NOTE: The internal update mechanism is disabled in Debian -CVE-2006-4566 - RESERVED +CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and ...) NOTE: MFSA-2006-57 - mozilla <unfixed> (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) @@ -513,8 +611,7 @@ - xulrunner <unfixed> (high) [sarge] - mozilla-firefox <unfixed> (high) [sarge] - mozilla-thunderbird <unfixed> (low) -CVE-2006-4565 - RESERVED +CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ...) NOTE: MFSA-2006-57 - mozilla <unfixed> (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) @@ -805,8 +902,8 @@ NOT-FOR-US: Solaris CVE-2006-4438 RESERVED -CVE-2006-4437 - RESERVED +CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to ...) + TODO: check CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...) NOT-FOR-US: Microsoft CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...) @@ -1017,8 +1114,7 @@ RESERVED CVE-2006-4341 REJECTED -CVE-2006-4340 - RESERVED +CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...) NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339 - mozilla <unfixed> (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) @@ -1216,7 +1312,7 @@ - imp4 4.1.3-1 (low; bug #383416) CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...) NOT-FOR-US: IBM AIX -CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...) +CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...) NOTE: MFSA-2006-59 - xulrunner <unfixed> (high) - firefox 1.5.dfsg+1.5.0.7-1 (high) @@ -1241,7 +1337,7 @@ RESERVED CVE-2006-4245 RESERVED -CVE-2006-4244 (Unspecified vulnerability in unspecified versions of SQL-Ledger, ...) +CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...) - sql-ledger 2.6.18-1 (medium; bug #386519) CVE-2006-4243 [linux vserver priviledge escalation in remount code] RESERVED @@ -29865,7 +29961,7 @@ NOT-FOR-US: X-Cart 3.4.3 CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...) NOT-FOR-US: PhotoPost PHP Pro -CVE-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...) +CVE-2004-0238 (Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow ...) - overkill 0.16-7 CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...) NOT-FOR-US: Aprox PHP Portal