Author: joeyh
Date: 2006-09-25 09:14:29 +0000 (Mon, 25 Sep 2006)
New Revision: 4763
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-09-24 21:45:09 UTC (rev 4762)
+++ data/CVE/list 2006-09-25 09:14:29 UTC (rev 4763)
@@ -1,3 +1,115 @@
+CVE-2006-4979 (Direct static code injection vulnerability in
cfgphpquiz/install.php ...)
+ TODO: check
+CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout
PhpQuiz 1.2 ...)
+ TODO: check
+CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) ...)
+ TODO: check
+CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote
...)
+ TODO: check
+CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain
...)
+ TODO: check
+CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08
allows ...)
+ TODO: check
+CVE-2006-4973 (Cross-site scripting (XSS) vulnerability in Default.aspx in
Perpetual ...)
+ TODO: check
+CVE-2006-4972 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2006-4971 (MyBB (aka MyBulletinBoard) allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2006-4970 (PHP remote file inclusion vulnerability in enc/content.php in
WAHM ...)
+ TODO: check
+CVE-2006-4969 (Multiple PHP remote file inclusion vulnerabilities in WAHM
E-Commerce ...)
+ TODO: check
+CVE-2006-4968 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4967 (Multiple cross-site scripting (XSS) vulnerabilities in NextAge
Cart ...)
+ TODO: check
+CVE-2006-4966 (PHP remote file inclusion vulnerability in inc/ifunctions.php in
...)
+ TODO: check
+CVE-2006-4965 (Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers
to ...)
+ TODO: check
+CVE-2006-4964 (Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76
before ...)
+ TODO: check
+CVE-2006-4963 (Directory traversal vulnerability in index.php in Exponent CMS
0.96.3 ...)
+ TODO: check
+CVE-2006-4962 (Directory traversal vulnerability in pbd_engine.php in Php Blue
Dragon ...)
+ TODO: check
+CVE-2006-4961 (SQL injection vulnerability in the GetModuleConfig function in
...)
+ TODO: check
+CVE-2006-4960 (Cross-site scripting (XSS) vulnerability in index.php Php Blue
Dragon ...)
+ TODO: check
+CVE-2006-4959 (Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3
allows ...)
+ TODO: check
+CVE-2006-4958 (Cross-site scripting (XSS) vulnerability in Sun Secure Global
Desktop ...)
+ TODO: check
+CVE-2006-4957 (SQL injection vulnerability in the GetMember function in
functions.php ...)
+ TODO: check
+CVE-2006-4956 (Cross-site scripting (XSS) vulnerability in the updateuser
servlet in ...)
+ TODO: check
+CVE-2006-4955 (Directory traversal vulnerability in the downloadfile servlet in
Neon ...)
+ TODO: check
+CVE-2006-4954 (The updateuser servlet in Neon WebMail for Java before 5.08 does
not ...)
+ TODO: check
+CVE-2006-4953 (Multiple SQL injection vulnerabilities in Neon WebMail for Java
before ...)
+ TODO: check
+CVE-2006-4952 (The updatemail servlet in Neon WebMail for Java before 5.08
allows ...)
+ TODO: check
+CVE-2006-4951 (Neon WebMail for Java before 5.08 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco
IAD2430, ...)
+ TODO: check
+CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site
...)
+ TODO: check
+CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP
Server ...)
+ TODO: check
+CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7
Search ...)
+ TODO: check
+CVE-2006-4946 (PHP remote file inclusion vulnerability in
include/startup.inc.php in ...)
+ TODO: check
+CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway
(aka ...)
+ TODO: check
+CVE-2006-4944 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the
session ...)
+ TODO: check
+CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or
(2) ...)
+ TODO: check
+CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle
before ...)
+ TODO: check
+CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote
...)
+ TODO: check
+CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates
trace ...)
+ TODO: check
+CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of
...)
+ TODO: check
+CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting
level to ...)
+ TODO: check
+CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module
instance id ...)
+ TODO: check
+CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly
handle ...)
+ TODO: check
+CVE-2006-4934
+ RESERVED
+CVE-2006-4933
+ RESERVED
+CVE-2006-4932
+ RESERVED
+CVE-2006-4931
+ RESERVED
+CVE-2006-4930
+ RESERVED
+CVE-2006-4929
+ RESERVED
+CVE-2006-4928
+ RESERVED
+CVE-2006-4927
+ RESERVED
+CVE-2006-4926
+ RESERVED
+CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and
earlier, ...)
+ TODO: check
+CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly
2.6.12 and ...)
+ TODO: check
CVE-2006-4925
RESERVED
CVE-2006-4924
@@ -46,17 +158,18 @@
RESERVED
CVE-2006-4902
RESERVED
-CVE-2006-4901
- RESERVED
-CVE-2006-4900
- RESERVED
-CVE-2006-4899
- RESERVED
+CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and
r8 up ...)
+ TODO: check
+CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA)
eTrust ...)
+ TODO: check
+CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust
Security ...)
+ TODO: check
CVE-2006-4898 (PHP remote file inclusion vulnerability in
include/phpxd/phpXD.php in ...)
NOT-FOR-US: guanxiCRM
CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the
web ...)
NOT-FOR-US: CMtextS
-CVE-2006-4896 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1+,
and ...)
+CVE-2006-4896
+ REJECTED
- moodle 1.6.2-1 (bug #387177)
CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers
to ...)
NOT-FOR-US: IDevSpot NexieAffiliate
@@ -112,7 +225,7 @@
NOT-FOR-US: AEDating
CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php
in ...)
NOT-FOR-US: phpunity.postcard
-CVE-2006-4868 (Stack-based buffer overflow in Microsoft Internet Explorer 6.0
on ...)
+CVE-2006-4868 (Stack-based buffer overflow in the Vector Graphics Rendering
engine ...)
NOT-FOR-US: Microsoft
CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and
earlier ...)
NOT-FOR-US: GNUTurk
@@ -285,7 +398,7 @@
NOT-FOR-US: AlphaMail
CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain
sensitive ...)
- moodle 1.6.2-1 (low)
-CVE-2006-4785 (SQL injection vulnerability in Moodle 1.6.1 and earlier allows
remote ...)
+CVE-2006-4785 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and
...)
- moodle 1.6.2-1 (medium; bug #387177)
CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle
1.6.1 ...)
- moodle 1.6.2-1 (low)
@@ -621,6 +734,7 @@
CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server
...)
TODO: check
CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with
exponent ...)
+ {DSA-1782-1}
NOTE: GNUTLS-SA-2006-4
- gnutls13 1.4.4-1 (high)
- gnutls12 <unfixed> (high)
@@ -1465,7 +1579,8 @@
NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
- cscope 15.5+cvs20060902-1 (low; bug #385893)
-CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to
cause a ...)
+CVE-2006-4261
+ REJECTED
- xulrunner <unfixed>
- firefox <unfixed>
- mozilla <unfixed>