thr3ads.net - Secure testing commits - [Secure-testing-commits] r4387

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Jul-14 21:14 UTC
[Secure-testing-commits] r4387 - data/CVE

Author: joeyh
Date: 2006-07-14 21:14:20 +0000 (Fri, 14 Jul 2006)
New Revision: 4387

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-07-14 08:16:35 UTC (rev 4386)
+++ data/CVE/list	2006-07-14 21:14:20 UTC (rev 4387)
@@ -1,3 +1,127 @@
+CVE-2006-3590 (Unspecified vulnerability in mso.dll, as used by Microsoft
PowerPoint ...)
+	TODO: check
+CVE-2006-3589
+	RESERVED
+CVE-2006-3588 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0
allows ...)
+	TODO: check
+CVE-2006-3587 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0
allows ...)
+	TODO: check
+CVE-2006-3586
+	RESERVED
+CVE-2006-3585
+	RESERVED
+CVE-2006-3584
+	RESERVED
+CVE-2006-3583
+	RESERVED
+CVE-2006-3582 (Multiple stack-based buffer overflows in AdPlug 2.0 and earlier
allow ...)
+	TODO: check
+CVE-2006-3581 (Multiple stack-based buffer overflows in AdPlug 2.0 and earlier
allow ...)
+	TODO: check
+CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator
before ...)
+	TODO: check
+CVE-2006-3579 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView
2.50 up ...)
+	TODO: check
+CVE-2006-3578 (Directory traversal vulnerability in Fujitsu ServerView 2.50 up
to ...)
+	TODO: check
+CVE-2006-3577 (SQL injection vulnerability in index.php in LifeType 1.0.5
allows ...)
+	TODO: check
+CVE-2006-3576 (SQL injection vulnerability in Search.PHP in SenseSites
CommonSense ...)
+	TODO: check
+CVE-2006-3575 (Unknown vulnerability in the Buffer Overflow Protection in
McAfee ...)
+	TODO: check
+CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi
...)
+	TODO: check
+CVE-2006-3573 (Format string vulnerability in agl_text.cpp in Milan Mimica
Sparklet ...)
+	TODO: check
+CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3
and ...)
+	TODO: check
+CVE-2006-3571 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module
in ...)
+	TODO: check
+CVE-2006-3569 (Unspecified vulnerability in IBM Data ONTAP 7.1 and 7.1.0.1,
when used ...)
+	TODO: check
+CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in
guestbook.php ...)
+	TODO: check
+CVE-2006-3567 (Cross-site scripting (XSS) vulnerability in the web
administration ...)
+	TODO: check
+CVE-2006-3566 (search.results.php in HiveMail 3.1 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2006-3565 (SQL injection vulnerability in search.results.php in HiveMail
3.1 and ...)
+	TODO: check
+CVE-2006-3564 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail
1.3 ...)
+	TODO: check
+CVE-2006-3563 (Cross-site scripting (XSS) vulnerability in gallery/thumb.php in
...)
+	TODO: check
+CVE-2006-3562 (PHP remote file inclusion vulnerabilities in plume cms 1.0.4
allow ...)
+	TODO: check
+CVE-2006-3561 (BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and
...)
+	TODO: check
+CVE-2006-3560 (SQL injection vulnerability in topics.php in Blue Dojo Graffiti
Forums ...)
+	TODO: check
+CVE-2006-3559 (Multiple SQL injection vulnerabilities in Arif Supriyanto
auraCMS 1.62 ...)
+	TODO: check
+CVE-2006-3558 (Multiple cross-site scripting (XSS) vulnerabilities in Arif
Supriyanto ...)
+	TODO: check
+CVE-2006-3557 (MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the
web root ...)
+	TODO: check
+CVE-2006-3556 (PHP remote file inclusion vulnerability in extcalendar.php in
Mohamed ...)
+	TODO: check
+CVE-2006-3555 (Multiple cross-site scripting (XSS) vulnerabilities in
submit.php in ...)
+	TODO: check
+CVE-2006-3554 (Directory traversal vulnerability in index.php in MKPortal 1.0.1
Final ...)
+	TODO: check
+CVE-2006-3553 (PlaNet Concept planetNews allows remote attackers to bypass ...)
+	TODO: check
+CVE-2006-3552 (Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and ...)
+	TODO: check
+CVE-2006-3551 (NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59,
and ...)
+	TODO: check
+CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5
Networks ...)
+	TODO: check
+CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through
3.0.10 ...)
+	TODO: check
+CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
+	TODO: check
+CVE-2006-3547 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-3546 (Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote
...)
+	TODO: check
+CVE-2006-3545 (** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows
remote ...)
+	TODO: check
+CVE-2006-3544 (Multiple SQL injection vulnerabilities in Invision Power Board
(IPB) ...)
+	TODO: check
+CVE-2006-3543 (Multiple SQL injection vulnerabilities in Invision Power Board
(IPB) ...)
+	TODO: check
+CVE-2006-3542 (Multiple cross-site scripting (XSS) vulnerabilities in Garry
Glendown ...)
+	TODO: check
+CVE-2006-3541 (SQL injection vulnerability in Meine Links (aka My Links) in
Kyberna ...)
+	TODO: check
+CVE-2006-3540 (Check Point Zone Labs ZoneAlarm Internet Security Suite
6.5.722.000, ...)
+	TODO: check
+CVE-2006-3539 (Multiple cross-site scripting (XSS) vulnerabilities in
DKScript.com ...)
+	TODO: check
+CVE-2006-3538 (Multiple cross-site scripting (XSS) vulnerabilities in demo.php
in ...)
+	TODO: check
+CVE-2006-3537 (PHP remote file inclusion vulnerability in index.php in Randshop
...)
+	TODO: check
+CVE-2006-3536 (Direct static code injection vulnerability in
code/class_db_text.php ...)
+	TODO: check
+CVE-2006-3535 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP
before ...)
+	TODO: check
+CVE-2006-3534 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP
before ...)
+	TODO: check
+CVE-2006-3533 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot
1.30 RC2 ...)
+	TODO: check
+CVE-2006-3532 (PHP file inclusion vulnerability in includes/edit_new.php in
Pivot ...)
+	TODO: check
+CVE-2006-3531 (includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier
creates ...)
+	TODO: check
+CVE-2006-3530 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb
under ...)
+	TODO: check
 CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May
10, ...)
 	NOT-FOR-US: Juniper JUNOS
 CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in
Simpleboard ...)
@@ -151,10 +275,10 @@
 	RESERVED
 CVE-2006-3454
 	RESERVED
-CVE-2006-3453
-	RESERVED
-CVE-2006-3452
-	RESERVED
+CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote
attackers ...)
+	TODO: check
+CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has
insecure ...)
+	TODO: check
 CVE-2006-3451
 	RESERVED
 CVE-2006-3450
@@ -249,8 +373,7 @@
 	NOT-FOR-US: QTOFileManager
 CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in ...)
 	NOT-FOR-US: QTOFileManager
-CVE-2006-3403 [samba tcon dos]
-	RESERVED
+CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22
allows remote ...)
 	- samba <unfixed>
 CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote
attackers ...)
 	NOT-FOR-US: VirtuaStore
@@ -806,8 +929,8 @@
 	NOT-FOR-US: Edge eCommerce Shop
 CVE-2006-3136 (** DISPUTED ** ...)
 	NOT-FOR-US: Nucleus
-CVE-2006-3135
-	RESERVED
+CVE-2006-3135 (Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build
008, and ...)
+	TODO: check
 CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as
used by ...)
 	NOT-FOR-US: GraceNote ActiveX Control
 CVE-2006-3133
@@ -964,7 +1087,7 @@
 	NOT-FOR-US: 5 Star Review
 CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows
remote ...)
 	NOT-FOR-US: P.A.I.D
-CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel allows remote ...)
+CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004
allows remote ...)
 	NOT-FOR-US: Microsoft Excel
 CVE-2006-3058
 	RESERVED
@@ -1060,7 +1183,7 @@
 	NOT-FOR-US: phpBannerExchange
 CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0
Update 6 ...)
 	NOT-FOR-US: phpBannerExchange
-CVE-2006-3011 (The error_log function in PHP 5.1.4 and 4.4.2 allows local users
to ...)
+CVE-2006-3011 (The error_log function in basic_functions.c in PHP 5.1.4 and
4.4.2 ...)
 	TODO: check
 CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP
...)
 	NOT-FOR-US: Microsoft Internet Explore
@@ -2490,8 +2613,8 @@
 	NOT-FOR-US: OZJournals
 CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2,
Office ...)
 	TODO: check
-CVE-2006-2388
-	RESERVED
+CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-complicit
...)
+	TODO: check
 CVE-2006-2387
 	RESERVED
 CVE-2006-2386
@@ -3397,7 +3520,7 @@
 	NOT-FOR-US: dForum
 CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet
Explorer, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2006-1991 (The substr_compare function in string.c in PHP 4.4.2 and 5.1.2
allows ...)
+CVE-2006-1991 (The substr_compare function in string.c in PHP 5.1.2 allows ...)
 	- php4 <not-affected> (substr_compare does not exist in PHP 4.4.2)
 	- php5 5.1.4-0.1 (bug #365312; medium)
 CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP
4.4.2 and ...)
@@ -4618,7 +4741,7 @@
 	- python2.4 <unfixed>
 CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3
and ...)
 	NOT-FOR-US: EzASPSite
-CVE-2006-1540 (Microsoft Office 2002 (aka Office XP) allows user-complicit
attackers ...)
+CVE-2006-1540 (MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office
2003 ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-1539 (Multiple buffer overflows in the checkscores function in
scores.c in ...)
 	- bsdgames 2.17-6 (bug #361160)
@@ -5174,24 +5297,24 @@
 	RESERVED
 CVE-2006-1310
 	RESERVED
-CVE-2006-1309
-	RESERVED
-CVE-2006-1308
-	RESERVED
+CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-complicit
attackers to ...)
+	TODO: check
+CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004
allows ...)
+	TODO: check
 CVE-2006-1307
 	RESERVED
-CVE-2006-1306
-	RESERVED
+CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-complicit
attackers to ...)
+	TODO: check
 CVE-2006-1305
 	RESERVED
-CVE-2006-1304
-	RESERVED
+CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
+	TODO: check
 CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet
Explorer ...)
 	TODO: check
-CVE-2006-1302
-	RESERVED
-CVE-2006-1301
-	RESERVED
+CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
+	TODO: check
+CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-complicit
attackers to ...)
+	TODO: check
 CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000
SP4, ...)
 	TODO: check
 CVE-2006-1299
@@ -10662,7 +10785,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in
Korean ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-0007 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2,
Office ...)
+CVE-2006-0007 (Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office
2003 SP1 ...)
 	TODO: check
 CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in
...)
 	NOT-FOR-US: Microsoft
Secure testing commits - Jul 2006 - r4387 - data/CVE

[Secure-testing-commits] r4387 - data/CVE
