thr3ads.net - Secure testing commits - [Secure-testing-commits] r4548

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Aug-10 09:15 UTC
[Secure-testing-commits] r4548 - data/CVE

Author: joeyh
Date: 2006-08-10 09:14:48 +0000 (Thu, 10 Aug 2006)
New Revision: 4548

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-09 21:19:40 UTC (rev 4547)
+++ data/CVE/list	2006-08-10 09:14:48 UTC (rev 4548)
@@ -1,3 +1,93 @@
+CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function
in ...)
+	TODO: check
+CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)
+	TODO: check
+CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine
Aquino ...)
+	TODO: check
+CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a
...)
+	TODO: check
+CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php
in ...)
+	TODO: check
+CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in
Microsoft ...)
+	TODO: check
+CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry
Sheiko ...)
+	TODO: check
+CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber
Script ...)
+	TODO: check
+CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba
Godor ...)
+	TODO: check
+CVE-2006-4062 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4061 (PHP remote file inclusion vulnerability in index.php in Thomas
Pequet ...)
+	TODO: check
+CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in
Visual ...)
+	TODO: check
+CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED
...)
+	TODO: check
+CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in
Simplog ...)
+	TODO: check
+CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in
Mitch ...)
+	TODO: check
+CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication
process ...)
+	TODO: check
+CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf
Noehring ...)
+	TODO: check
+CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME
Download ...)
+	TODO: check
+CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php
in ME ...)
+	TODO: check
+CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey
Web ...)
+	TODO: check
+CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey
Web ...)
+	TODO: check
+CVE-2006-4050 (PHP remote file inclusion vulnerability in
auto_check_renewals.php in ...)
+	TODO: check
+CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray
Server ...)
+	TODO: check
+CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP
...)
+	TODO: check
+CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and
...)
+	TODO: check
+CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player
2.6.0pre6 ...)
+	TODO: check
+CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff
News ...)
+	TODO: check
+CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php
in Brad ...)
+	TODO: check
+CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote
...)
+	TODO: check
+CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in
myWebland ...)
+	TODO: check
+CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a
...)
+	TODO: check
+CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in
myWebland ...)
+	TODO: check
+CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in
GaesteChaos ...)
+	TODO: check
+CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in
eintragen.php ...)
+	TODO: check
+CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows
remote ...)
+	TODO: check
+CVE-2006-4036 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos
0.48c ...)
+	TODO: check
+CVE-2006-4034 (PHP remote file inclusion vulnerability in
include/html/config.php in ...)
+	TODO: check
+CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and
...)
+	TODO: check
+CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME)
...)
+	TODO: check
+CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local
user to ...)
+	TODO: check
+CVE-2006-4030
+	RESERVED
+CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and
1.38.1 ...)
+	TODO: check
+CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4
have ...)
+	TODO: check
+CVE-2006-4027
+	RESERVED
 CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
 	- realtime-lsm 0.8.7-2 (bug #382161; low)
 	NOTE: only to user 1017 or group 1001 and only while root is building the
module
@@ -19,7 +109,7 @@
 	- php4 <unfixed> (medium; bug #382261)
 CVE-2006-4019
 	RESERVED
-CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in Clam
AntiVirus ...)
+CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...)
 	- clamav 0.88.4-1 (high; bug #382004; bug #382007)
 CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in
Inter ...)
 	NOT-FOR-US: Inter Network Marketing (INM) CMS G3
@@ -97,8 +187,8 @@
 	NOT-FOR-US: Mambo Gallery Manager for Mambo
 CVE-2006-3980 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Mambo Gallery Manager for Mambo
-CVE-2006-3979
-	RESERVED
+CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...)
+	TODO: check
 CVE-2006-3978
 	RESERVED
 CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before
...)
@@ -1032,7 +1122,7 @@
 	NOT-FOR-US: Jetbox CMS
 CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox
CMS ...)
 	NOT-FOR-US: Jetbox CMS
-CVE-2006-3583 (Sessiln fixation vulnerability in Jetbox CMS 2.1 SR1 allows
remote attackers ...)
+CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows
remote ...)
 	NOT-FOR-US: Jetbox CMS
 CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and
...)
 	- adplug 2.0.1-1 (bug #378279; medium)
@@ -1060,7 +1150,7 @@
 	NOT-FOR-US: Papoo
 CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module
in ...)
 	- drupal <not-affected> (webform module is not in Debian Drupal 4.5
package)
-CVE-2006-3569 (Unspecified vulnerability in IBM Data ONTAP 7.1 and 7.1.0.1,
when used ...)
+CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through
7.0.4P8D9, ...)
 	NOT-FOR-US: IBM Data ONTAP
 CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in
guestbook.php ...)
 	NOT-FOR-US: Fantastic Guestbook
@@ -1260,7 +1350,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not
...)
 	NOT-FOR-US: Dell Openmanage CD
-CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1
before 4.1.21 and ...)
+CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1
before ...)
 	{DSA-1112}
 	TODO: check
 CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote
...)
@@ -1308,9 +1398,9 @@
 	NOT-FOR-US: Adobe acrobat
 CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has
insecure ...)
 	NOT-FOR-US: Adobe acrobat
-CVE-2006-3451 (Microsoft Internet Explorer does not properly handle chained
Cascading Style ...)
+CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage
...)
 	NOT-FOR-US: Microsoft
-CVE-2006-3450 (Unspecified vulnerability in Microsoft Internet Explorer 6
allows ...)
+CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute
...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through
2003, ...)
 	NOT-FOR-US: Microsoft
@@ -1994,8 +2084,7 @@
 CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2)
doencrypt ...)
 	{DSA-1138-1}
 	- cfs 1.4.1-17
-CVE-2006-3122
-	RESERVED
+CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP server
2.0pl5 ...)
 	{DSA-1143-1}
 CVE-2006-3121
 	RESERVED
@@ -2077,12 +2166,10 @@
 	NOT-FOR-US: EZGallery
 CVE-2006-3086 (Buffer overflow in Microsoft Hyperlink Object Library
(hlink.dll) ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-3084 [krb5 priviledge escalation]
-	RESERVED
+CVE-2006-3084 (The (1) ftpd and (2) ksu programs in MIT Kerberos 5 (krb5) up to
1.5, ...)
 	{DSA-1146-1}
 	- krb5 1.4.3-9 (medium)
-CVE-2006-3083 [krb5 priviledge escalation]
-	RESERVED
+CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in MIT Kerberos 5
(krb5) up ...)
 	{DSA-1146-1}
 	- krb5 1.4.3-9 (medium)
 CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier
versions, ...)
@@ -2226,7 +2313,7 @@
 CVE-2006-3018 (Unspecified vulnerability in the session extension functionality
in ...)
 	- php5 5.1.4-0.1 (medium)
 	- php4 <unfixed> (medium)
-CVE-2006-3017 (zend_hash.c in PHP before 5.1.3 can cause the internal
zend_hash_del ...)
+CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3
and 5.x ...)
 	- php5 5.1.4-0.1 (medium)
 	- php4 <unfixed> (medium; bug #381998)
 CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has
unknown ...)
@@ -3507,7 +3594,7 @@
 	NOT-FOR-US: Squirrelcart
 CVE-2006-2482
 	RESERVED
-CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.3 patch
4 ...)
+CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch
4 ...)
 	NOT-FOR-US: VMware ESX 
 CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit
...)
 	- dia 0.95.0-4 (bug #368202; low)
Secure testing commits - Aug 2006 - r4548 - data/CVE

[Secure-testing-commits] r4548 - data/CVE
