thr3ads.net - Secure testing commits - [Secure-testing-commits] r4776

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Sep-28 09:15 UTC
[Secure-testing-commits] r4776 - data/CVE

Author: joeyh
Date: 2006-09-28 09:14:33 +0000 (Thu, 28 Sep 2006)
New Revision: 4776

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-28 05:57:07 UTC (rev 4775)
+++ data/CVE/list	2006-09-28 09:14:33 UTC (rev 4776)
@@ -1,3 +1,143 @@
+CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS
before ...)
+	TODO: check
+CVE-2006-5070 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in the Indexed Search
2.9.0 ...)
+	TODO: check
+CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in
...)
+	TODO: check
+CVE-2006-5067 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in
DanPHPSupport ...)
+	TODO: check
+CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php
in ...)
+	TODO: check
+CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog
1.4 ...)
+	TODO: check
+CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows
remote ...)
+	TODO: check
+CVE-2006-5062 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in ...)
+	TODO: check
+CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom
...)
+	TODO: check
+CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in
WWWthreads ...)
+	TODO: check
+CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call
of Duty ...)
+	TODO: check
+CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in
Ktools.net ...)
+	TODO: check
+CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial
...)
+	TODO: check
+CVE-2006-5055 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum
1 ...)
+	TODO: check
+CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php
in ...)
+	TODO: check
+CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when
running ...)
+	TODO: check
+CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows
remote ...)
+	TODO: check
+CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley
BusyBox ...)
+	TODO: check
+CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds)
component ...)
+	TODO: check
+CVE-2006-5048 (Unspecified vulnerability in Security Images
(com_securityimages) ...)
+	TODO: check
+CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2
...)
+	TODO: check
+CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3
and ...)
+	TODO: check
+CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt)
1.22.07 and ...)
+	TODO: check
+CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess
component ...)
+	TODO: check
+CVE-2006-5043 (Unspecified vulnerability in JoomlaBoard (com_joomlaboard) 1.1.1
and ...)
+	TODO: check
+CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and
earlier ...)
+	TODO: check
+CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly ...)
+	TODO: check
+CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has
...)
+	TODO: check
+CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events)
for ...)
+	TODO: check
+CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version
01_02_07, ...)
+	TODO: check
+CVE-2006-5037 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5036 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul
Smith ...)
+	TODO: check
+CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer
Services vCAP ...)
+	TODO: check
+CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul
Smith ...)
+	TODO: check
+CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in
PHPartenaire ...)
+	TODO: check
+CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php
in ...)
+	TODO: check
+CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in
exV2 ...)
+	TODO: check
+CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning
Board ...)
+	TODO: check
+CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php
in ...)
+	TODO: check
+CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote
attackers ...)
+	TODO: check
+CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP
Scanner ...)
+	TODO: check
+CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP
Scanner ...)
+	TODO: check
+CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP
Scanner ...)
+	TODO: check
+CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and
earlier ...)
+	TODO: check
+CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php
in ...)
+	TODO: check
+CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun
RedBLoG ...)
+	TODO: check
+CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState
0.4 ...)
+	TODO: check
+CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext
in an ...)
+	TODO: check
+CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava
Gyula and ...)
+	TODO: check
+CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in
Szava ...)
+	TODO: check
+CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2
allows ...)
+	TODO: check
+CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows
...)
+	TODO: check
+CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on
x64 ...)
+	TODO: check
+CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before
20060925 ...)
+	TODO: check
+CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0
and ...)
+	TODO: check
+CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0
allows ...)
+	TODO: check
+CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0
allows ...)
+	TODO: check
+CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0
allows ...)
+	TODO: check
+CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and
5.3.0 ...)
+	TODO: check
+CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows
local ...)
+	TODO: check
+CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0
and ...)
+	TODO: check
+CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0
and ...)
+	TODO: check
+CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0
and ...)
+	TODO: check
+CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0
...)
+	TODO: check
 CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server
5.05 ...)
 	NOT-FOR-US: WS_FTP
 CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1,
and ...)
@@ -156,8 +296,7 @@
 	TODO: check
 CVE-2006-4925
 	RESERVED
-CVE-2006-4924 [openssh DoS]
-	RESERVED
+CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH
protocol, ...)
 	- openssh <unfixed> (low)
 CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in
eSyndiCat ...)
 	NOT-FOR-US: eSyndiCat Portal System
@@ -499,7 +638,7 @@
 	NOT-FOR-US: SharpReader
 CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin
Pasero ...)
 	NOT-FOR-US: RSSOwl
-CVE-2006-4759 (** DISPUTED ** ...)
+CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory
pathname ...)
 	NOT-FOR-US: PunBB
 CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00,
which ...)
 	- phpbb2 <unfixed> (bug #388120)
@@ -635,8 +774,8 @@
 	RESERVED
 CVE-2006-4695
 	RESERVED
-CVE-2006-4694
-	RESERVED
+CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
+	TODO: check
 CVE-2006-4693
 	RESERVED
 CVE-2006-4692
@@ -783,7 +922,7 @@
 CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server
...)
 	TODO: check
 CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with
exponent ...)
-	{DSA-1782-1}
+	{DSA-1182-1}
 	NOTE: GNUTLS-SA-2006-4
 	- gnutls13 1.4.4-1 (high)
 	- gnutls12 <unfixed> (high)
@@ -1246,7 +1385,7 @@
 CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki
1.9.4 ...)
 	- tikiwiki 1.9.4+dfsg2-3
 CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions,
creates ...)
-	{DSA-1776-1 DSA-1775-1}
+	{DSA-1176-1 DSA-1175-1}
 	- isakmpd 20041012-4 (bug #385894; medium)
 CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
 	NOT-FOR-US: OpenBSD
@@ -1453,7 +1592,7 @@
 	[sarge] - mozilla-firefox <unfixed> (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
 CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before
0.9.8c, ...)
-	{DSA-1774-1 DSA-1773-1}
+	{DSA-1174-1 DSA-1173-1}
 	- openssl 0.9.8b-3 (medium)
 	- openssl097 0.9.7i-2 (medium)
 	- openssl096 <removed>
@@ -1676,7 +1815,7 @@
 	RESERVED
 	- linux-2.6 2.6.17-9
 CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in
the JIM ...)
-	{DSA-1777-1}
+	{DSA-1177-1}
 	NOT-FOR-US: JIM component for Joomla or Mambo
 CVE-2006-4241 (PHP remote file inclusion vulnerability in
processor/reporter.sql.php ...)
 	NOT-FOR-US: Reporter Mambo component (com_reporter)
@@ -1993,11 +2132,11 @@
 CVE-2006-4097
 	RESERVED
 CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote
attackers to ...)
-	{DSA-1772-1}
+	{DSA-1172-1}
 	- bind <not-affected> (Not vulnerable according to CERT advisory)
 	- bind9 1:9.3.2-P1-1 (medium; bug #386245)
 CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote
attackers ...)
-	{DSA-1772-1}
+	{DSA-1172-1}
 	- bind <not-affected> (Not vulnerable according to CERT advisory)
 	- bind9 1:9.3.2-P1-1 (medium; bug #386245)
 CVE-2006-4094
@@ -2011,7 +2150,7 @@
 CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster
2.2 ...)
 	NOT-FOR-US: Webligo BlogHoster
 CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76
and ...)
-	{DSA-1779-1}
+	{DSA-1179-1}
 	- alsaplayer 0.99.76-9 (medium; bug #382842)
 CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in
CivicSpace ...)
 	NOT-FOR-US: CivicSpace
@@ -2206,10 +2345,10 @@
 CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
 	NOT-FOR-US: Knusperleicht Faq
 CVE-2006-4006 (The do_gameinfo function in BomberClone 0.11.6 and earlier, and
...)
-	{DSA-1780-1}
+	{DSA-1180-1}
 	- bomberclone 0.11.7-1 (bug #382082; medium)
 CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause
a ...)
-	{DSA-1780-1}
+	{DSA-1180-1}
 	- bomberclone 0.11.7-1 (bug #382082; medium)
 CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2
...)
 	NOT-FOR-US: vbPortal
@@ -2881,7 +3020,7 @@
 CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted
...)
 	- firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
 	[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
-CVE-2006-3730 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote
...)
+CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP
SP2 ...)
 	NOT-FOR-US: MSIE
 CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with
Office ...)
 	NOT-FOR-US: MSIE
@@ -3442,7 +3581,7 @@
 CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote
...)
 	- linux-2.6 2.6.17-6
 CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers
to ...)
-	{DSA-1778-1}
+	{DSA-1178-1}
 	- freetype 2.2.1-5 (bug #379920; medium)
 	- libxfont 1:1.2.0-2 (medium; bug #383353)
 	[sarge] - xfree86 <unfixed> (medium)
Secure testing commits - Sep 2006 - r4776 - data/CVE

[Secure-testing-commits] r4776 - data/CVE
