thr3ads.net - Secure testing commits - [Secure-testing-commits] r4519

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Aug-07 21:15 UTC
[Secure-testing-commits] r4519 - data/CVE

Author: joeyh
Date: 2006-08-07 21:14:31 +0000 (Mon, 07 Aug 2006)
New Revision: 4519

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-07 19:12:16 UTC (rev 4518)
+++ data/CVE/list	2006-08-07 21:14:31 UTC (rev 4519)
@@ -1,3 +1,97 @@
+CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in
Inter ...)
+	TODO: check
+CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in
toendaCMS ...)
+	TODO: check
+CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl
switches with ...)
+	TODO: check
+CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the
Control ...)
+	TODO: check
+CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec
Brightmail ...)
+	TODO: check
+CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS
SaveWeb ...)
+	TODO: check
+CVE-2006-4011 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar)
1.5.0 and ...)
+	TODO: check
+CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual
War ...)
+	TODO: check
+CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
+	TODO: check
+CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
+	TODO: check
+CVE-2006-4006 (The do_gameinfo functionin BomberClone 0.11.6 and earlier, and
...)
+	TODO: check
+CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2
...)
+	TODO: check
+CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before
4.1.2p2 ...)
+	TODO: check
+CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in
Drupal 4.6 ...)
+	TODO: check
+CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through
...)
+	TODO: check
+CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi
in ...)
+	TODO: check
+CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly
earlier ...)
+	TODO: check
+CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster
(aka ...)
+	TODO: check
+CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in
WoWRoster ...)
+	TODO: check
+CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1
and ...)
+	TODO: check
+CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
+	TODO: check
+CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in
...)
+	TODO: check
+CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf
...)
+	TODO: check
+CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2)
...)
+	TODO: check
+CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad
Vostrykh ...)
+	TODO: check
+CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M.
Jones ...)
+	TODO: check
+CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
+	TODO: check
+CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
+	TODO: check
+CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
+	TODO: check
+CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware
...)
+	TODO: check
+CVE-2006-3984 (PHP remote file inclusion vulnerability in
phpAdsNew/view.inc.php in ...)
+	TODO: check
+CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in
...)
+	TODO: check
+CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in ...)
+	TODO: check
+CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in
Mambo ...)
+	TODO: check
+CVE-2006-3980 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3979
+	RESERVED
+CVE-2006-3978
+	RESERVED
+CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before
...)
+	TODO: check
+CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before
...)
+	TODO: check
+CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows
remote ...)
+	TODO: check
+CVE-2006-3974
+	RESERVED
+CVE-2006-3973
+	RESERVED
+CVE-2006-3972 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2006-XXXX [unspecified security issues in steam]
 	- steam 2.2.16-1
 CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
@@ -22,9 +116,9 @@
 	NOT-FOR-US: Banex PHP MySQL Banner Exchange
 CVE-2006-3962 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: com_bayesiannaivefilter for mambo
-CVE-2006-3961 (Unspecified vulnerability in McAfee Internet Security Suite
2006, ...)
+CVE-2006-3961 (Unspecified vulnerability in McAfee Security Center 6.0.23 for
...)
 	NOT-FOR-US: McAfee
-CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll 1.10
allows ...)
+CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll,
probably ...)
 	NOT-FOR-US: X-Scripts X-Poll
 CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts
X-Protection ...)
 	NOT-FOR-US: X-Scripts X-Protection
@@ -255,7 +349,7 @@
 	NOT-FOR-US: Warzone
 CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP
...)
 	NOT-FOR-US: ipcalc <unfixed> (bug #381469; low)
-CVE-2006-3847 (PHP remote file inclusion vulnerability in ...)
+CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and
possibly ...)
 	NOT-FOR-US: MoSpray
 CVE-2006-3846 (PHP remote file inclusion vulnerability in
extadminmenus.class.php in ...)
 	NOT-FOR-US: MultiBanners
@@ -542,7 +636,7 @@
 	{DSA-1132-1 DSA-1131-1}
 	- apache <unfixed> (medium; bug #380231)
 	- apache2 2.0.55-4.1 (medium; bug #380182)
-CVE-2006-3746 (Buffer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows
remote ...)
+CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows
remote ...)
 	{DSA-1141-1 DSA-1140-1}
 	- gnupg 1.4.5-1 (medium)
 	- gnupg2 1.9.20-2 (medium)
@@ -791,8 +885,8 @@
 	RESERVED
 CVE-2006-3635
 	RESERVED
-CVE-2006-3634
-	RESERVED
+CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic
...)
+	TODO: check
 CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users
to ...)
 	TODO: check
 CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0
...)
@@ -1069,28 +1163,28 @@
 	RESERVED
 CVE-2006-3506
 	RESERVED
-CVE-2006-3505
-	RESERVED
-CVE-2006-3504
-	RESERVED
-CVE-2006-3503
-	RESERVED
-CVE-2006-3502
-	RESERVED
-CVE-2006-3501
-	RESERVED
-CVE-2006-3500
-	RESERVED
-CVE-2006-3499
-	RESERVED
-CVE-2006-3498
-	RESERVED
-CVE-2006-3497
-	RESERVED
-CVE-2006-3496
-	RESERVED
-CVE-2006-3495
-	RESERVED
+CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X
10.4.7 ...)
+	TODO: check
+CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows ...)
+	TODO: check
+CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7
allows ...)
+	TODO: check
+CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows
...)
+	TODO: check
+CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local
users ...)
+	TODO: check
+CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local
users ...)
+	TODO: check
+CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for
Apple ...)
+	TODO: check
+CVE-2006-3497 (Unspecified vulnerability in the &quot;compression state
handling&quot; in Bom ...)
+	TODO: check
+CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote
attackers ...)
+	TODO: check
+CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect
keys ...)
+	TODO: check
 CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy
Zone ...)
 	NOT-FOR-US: Buddy Zone
 CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll
and ...)
@@ -1149,32 +1243,25 @@
 	- freetype 2.2.1-1 (bug #379920; medium)
 CVE-2006-3466
 	REJECTED
-CVE-2006-3465 [libtiff: flaw in custom tag support]
-	RESERVED
+CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF
...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
-CVE-2006-3464 [libtiff: insufficient range checking]
-	RESERVED
+CVE-2006-3464 (Multiple unspecified vulnerabilities in the TIFF library
(libtiff) ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
-CVE-2006-3463 [libtiff: infinite loop was discovered in
EstimateStripByteCounts()]
-	RESERVED
+CVE-2006-3463 (The TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned
short ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
-CVE-2006-3462 [libtiff: NeXT RLE decoder heap overflow]
-	RESERVED
+CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF
library ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
-CVE-2006-3461 [libtiff: heap overflow exists in the PixarLog decoder]
-	RESERVED
+CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF
library ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
-CVE-2006-3460 [libtiff: heap overflow vulnerability was discovered in the jpeg
decoder]
-	RESERVED
+CVE-2006-3460 (Heap-based buffer overflow in the TIFF library (libtiff) before
3.8.2 ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
-CVE-2006-3459 [libtiff: stack buffer overflow via TIFFFetchShortPair()]
-	RESERVED
+CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library
(libtiff) ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
 CVE-2006-3486 (** DISPUTED ** ...)
@@ -1182,8 +1269,8 @@
 	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
 	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
 	NOTE: Only DoS possible, only root can trigger this -> non-issue
-CVE-2006-3457
-	RESERVED
+CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and
the ...)
+	TODO: check
 CVE-2006-3456
 	RESERVED
 CVE-2006-3455
@@ -1876,8 +1963,7 @@
 	RESERVED
 CVE-2006-3124
 	RESERVED
-CVE-2006-3123 [cfs integer overflow]
-	RESERVED
+CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2)
doencrypt ...)
 	{DSA-1138-1}
 	- cfs 1.4.1-17
 CVE-2006-3122
@@ -5918,10 +6004,10 @@
 	NOT-FOR-US: Windows Firewall
 CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the
&quot;failed&quot; functionality ...)
 	NOT-FOR-US: Raindance Web Conferencing Pro
-CVE-2006-1473
-	RESERVED
-CVE-2006-1472
-	RESERVED
+CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and
10.4.7 ...)
+	TODO: check
+CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9
...)
+	TODO: check
 CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in
Apple ...)
 	NOT-FOR-US: Apple
 CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote
attackers ...)
@@ -8481,14 +8567,14 @@
 	NOT-FOR-US: Apple
 CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5,
when ...)
 	NOT-FOR-US: Apple
-CVE-2006-0395
-	RESERVED
+CVE-2006-0395 (The Download Validation in Mail in Mac OS X 10.4 does not
properly ...)
+	TODO: check
 CVE-2006-0394
 	REJECTED
-CVE-2006-0393
-	RESERVED
-CVE-2006-0392
-	RESERVED
+CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted
...)
+	TODO: check
 CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS
X ...)
 	NOT-FOR-US: Apple
 CVE-2006-0390
@@ -14607,8 +14693,8 @@
 	RESERVED
 CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password
...)
 	NOT-FOR-US: Mac OS X
-CVE-2005-2738
-	RESERVED
+CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not
prevent multiple ...)
+	TODO: check
 CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro
5.1 ...)
 	NOT-FOR-US: PhotoPost
 CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and
earlier ...)
@@ -15530,14 +15616,14 @@
 CVE-2005-2531 (OpenVPN before 2.0.1, when running with &quot;verb
0&quot; and without TLS ...)
 	{DSA-851-1}
 	- openvpn 2.0.2-1 (bug #324167; high)
-CVE-2005-2530
-	RESERVED
-CVE-2005-2529
-	RESERVED
+CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple
Mac OS X ...)
+	TODO: check
+CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2
on Apple Mac ...)
+	TODO: check
 CVE-2005-2528
 	RESERVED
-CVE-2005-2527
-	RESERVED
+CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac
OS X ...)
+	TODO: check
 CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to
cause a ...)
 	NOT-FOR-US: MacOS X
 CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file
...)
@@ -17017,8 +17103,8 @@
 	NOT-FOR-US: Apple Airport
 CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote
attackers ...)
 	NOT-FOR-US: Apple Darwin Streaming Server
-CVE-2005-2194
-	RESERVED
+CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before
10.4.2 ...)
+	TODO: check
 CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in
...)
 	NOT-FOR-US: PunBB
 CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in
config/password.txt with ...)
@@ -19102,8 +19188,8 @@
 	NOT-FOR-US: Apple
 CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
 	NOT-FOR-US: Apple
-CVE-2005-1726
-	RESERVED
+CVE-2005-1726 (The CoreGraphics Window Server in Mac OS X 10.4.1 allows local
users ...)
+	TODO: check
 CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local
users ...)
 	NOT-FOR-US: Apple
 CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey
the ...)
@@ -21739,8 +21825,8 @@
 	NOT-FOR-US: IRC Services NickServ
 CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server
6.5.1, ...)
 	NOT-FOR-US: Lotus Domino
-CVE-2005-0985
-	RESERVED
+CVE-2005-0985 (Unspecified vulnerability in the Mac OS X kernel before 10.3.8
allows ...)
+	TODO: check
 CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi
Knight: ...)
 	NOT-FOR-US: Star Wars game
 CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote
attackers to ...)
Secure testing commits - Aug 2006 - r4519 - data/CVE

[Secure-testing-commits] r4519 - data/CVE
