thr3ads.net - Secure testing commits - [Secure-testing-commits] r4379

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Jul-12 06:55 UTC
[Secure-testing-commits] r4379 - data/CVE

Author: joeyh
Date: 2006-07-12 21:14:21 +0000 (Wed, 12 Jul 2006)
New Revision: 4379

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-07-12 20:54:31 UTC (rev 4378)
+++ data/CVE/list	2006-07-12 21:14:21 UTC (rev 4379)
@@ -1,4 +1,144 @@
-CVE-2006-3486 [mysql off-by-one non-issue]
+CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May
10, ...)
+	TODO: check
+CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in
Simpleboard ...)
+	TODO: check
+CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in
BosClassifieds ...)
+	TODO: check
+CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in
guestbook.php ...)
+	TODO: check
+CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0
Final ...)
+	TODO: check
+CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324
allows ...)
+	TODO: check
+CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows
remote ...)
+	TODO: check
+CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift
MIMEsweeper for ...)
+	TODO: check
+CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-3520 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The
Banner ...)
+	TODO: check
+CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon
Portal ...)
+	TODO: check
+CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in
RW::Download, ...)
+	TODO: check
+CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote
...)
+	TODO: check
+CVE-2006-3515 (SQL injection vulnerability in the loginADP function in
ajaxp.php in ...)
+	TODO: check
+CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
cause ...)
+	TODO: check
+CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft
Internet ...)
+	TODO: check
+CVE-2006-3509
+	RESERVED
+CVE-2006-3508
+	RESERVED
+CVE-2006-3507
+	RESERVED
+CVE-2006-3506
+	RESERVED
+CVE-2006-3505
+	RESERVED
+CVE-2006-3504
+	RESERVED
+CVE-2006-3503
+	RESERVED
+CVE-2006-3502
+	RESERVED
+CVE-2006-3501
+	RESERVED
+CVE-2006-3500
+	RESERVED
+CVE-2006-3499
+	RESERVED
+CVE-2006-3498
+	RESERVED
+CVE-2006-3497
+	RESERVED
+CVE-2006-3496
+	RESERVED
+CVE-2006-3495
+	RESERVED
+CVE-2006-3494 (Multiple SQL injection vulnerabilities in Buddy Zone 1.0.1 allow
...)
+	TODO: check
+CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll
and ...)
+	TODO: check
+CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in
MICO ...)
+	TODO: check
+CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier
allows ...)
+	TODO: check
+CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions,
Internet ...)
+	TODO: check
+CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions,
Internet ...)
+	TODO: check
+CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in
...)
+	TODO: check
+CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with
...)
+	TODO: check
+CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some
Chess ...)
+	TODO: check
+CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor
before ...)
+	TODO: check
+CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web
document ...)
+	TODO: check
+CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...)
+	TODO: check
+CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10
allow ...)
+	TODO: check
+CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
+	TODO: check
+CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block
...)
+	TODO: check
+CVE-2006-3478 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker
CommuniGate ...)
+	TODO: check
+CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in ...)
+	TODO: check
+CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free
QBoard 1.1 ...)
+	TODO: check
+CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard
PRO ...)
+	TODO: check
+CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before
1.8.2.2 ...)
+	TODO: check
+CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote
attackers to ...)
+	TODO: check
+CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not
...)
+	TODO: check
+CVE-2006-3469
+	RESERVED
+CVE-2006-3468
+	RESERVED
+CVE-2006-3467
+	RESERVED
+CVE-2006-3466
+	RESERVED
+CVE-2006-3465
+	RESERVED
+CVE-2006-3464
+	RESERVED
+CVE-2006-3463
+	RESERVED
+CVE-2006-3462
+	RESERVED
+CVE-2006-3461
+	RESERVED
+CVE-2006-3460
+	RESERVED
+CVE-2006-3459
+	RESERVED
+CVE-2006-3486 (Off-by-one buffer overflow in the ...)
 	- mysql-dfsg-5.0 <unfixed> (unimportant)
 	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
 	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
@@ -512,7 +652,7 @@
 	NOT-FOR-US: cjGuestbook
 CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in
cjGuestbook ...)
 	NOT-FOR-US: cjGuestbook
-CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and earlier, when
register_globals is ...)
+CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0,
when ...)
 	NOT-FOR-US: Ralf Image Gallery
 CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows
XP ...)
 	NOT-FOR-US: Microsoft Windows
@@ -769,6 +909,7 @@
 CVE-2006-3083
 	RESERVED
 CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier
versions, ...)
+	{DSA-1107}
 	- gnupg 1.4.3-2 (bug #375052; low)
 	- gnupg2 1.9.20-1.1 (bug #375053; low)
 CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and
5.1.x ...)
@@ -1082,8 +1223,8 @@
 	RESERVED
 CVE-2006-2937
 	RESERVED
-CVE-2006-2936
-	RESERVED
+CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel
2.6.x up ...)
+	TODO: check
 CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)
 	TODO: check
 CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for
Linux ...)
@@ -1123,8 +1264,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0
stores ...)
 	TODO: check
-CVE-2006-2917
-	RESERVED
+CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate
...)
+	TODO: check
 CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or
later ...)
 	- arts 1.5.3-2 (bug #374003; low)
 	[sarge] - arts <not-affected> (Not setuid root in Debian)
@@ -2345,8 +2486,8 @@
 	NOT-FOR-US: EMC Retrospect
 CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2
allows ...)
 	NOT-FOR-US: OZJournals
-CVE-2006-2389
-	RESERVED
+CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2,
Office ...)
+	TODO: check
 CVE-2006-2388
 	RESERVED
 CVE-2006-2387
@@ -2379,8 +2520,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft
...)
 	NOT-FOR-US: Microsoft
-CVE-2006-2372
-	RESERVED
+CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows
2000 ...)
+	TODO: check
 CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service
...)
 	NOT-FOR-US: Microsoft
 CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS)
in ...)
@@ -2805,6 +2946,7 @@
 	{DSA-1099-1 DSA-1098-1}
 	- horde3 3.1.1-3
 CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not
check ...)
+	{DSA-1106}
 	- ppp 2.4.4rel-1 (medium)
 CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf
in libtiff ...)
 	{DSA-1091-1}
@@ -5016,12 +5158,12 @@
 	RESERVED
 CVE-2006-1317
 	RESERVED
-CVE-2006-1316
-	RESERVED
-CVE-2006-1315
-	RESERVED
-CVE-2006-1314
-	RESERVED
+CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2,
Office ...)
+	TODO: check
+CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000
SP4, XP ...)
+	TODO: check
+CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS
driver) in ...)
+	TODO: check
 CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6
on ...)
 	NOT-FOR-US: Microsoft JScript
 CVE-2006-1312
@@ -5048,8 +5190,8 @@
 	RESERVED
 CVE-2006-1301
 	RESERVED
-CVE-2006-1300
-	RESERVED
+CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000
SP4, ...)
+	TODO: check
 CVE-2006-1299
 	RESERVED
 CVE-2006-1298 (Format string vulnerability in the Job Engine service
(bengine.exe) in ...)
@@ -6364,7 +6506,7 @@
 	NOT-FOR-US: MusOX DF
 CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in
CPG-Nuke ...)
 	NOT-FOR-US: CPG-Nuke 
-CVE-2006-0725 (PHP remote file include vulnerability in prepend.php in Plume
CMS ...)
+CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume
CMS ...)
 	NOT-FOR-US: Plume CMS
 CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when
...)
 	NOT-FOR-US: Reamday Enterprises Magic News Lite
@@ -9704,8 +9846,8 @@
 	- perl 5.8.7-9 (bug #341542; medium)
 CVE-2006-0034 (Heap-based buffer overflow in the
CRpcIoManagerServer::BuildContext ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-0033
-	RESERVED
+CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2,
Office ...)
+	TODO: check
 CVE-2006-0032
 	RESERVED
 CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and
2003, ...)
@@ -9718,8 +9860,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote
...)
 	NOT-FOR-US: Microsoft
-CVE-2006-0026
-	RESERVED
+CVE-2006-0026 (Buffer overflow in Microsoft Internet Information Services (IIS)
5.0, ...)
+	TODO: check
 CVE-2006-0025 (Stack-based buffer overflow in Microsoft Windows Media Player 9
and 10 ...)
 	NOT-FOR-US: Microsoft Windows Media Player
 CVE-2006-0024 (Multiple unspecified vulnerabilities in Adobe Flash Player
8.0.22.0 ...)
@@ -10518,8 +10660,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in
Korean ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-0007
-	RESERVED
+CVE-2006-0007 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2,
Office ...)
+	TODO: check
 CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in
...)
 	NOT-FOR-US: Microsoft
 CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media
Player ...)
Secure testing commits - Jul 2006 - r4379 - data/CVE

[Secure-testing-commits] r4379 - data/CVE
