thr3ads.net - Secure testing commits - [Secure-testing-commits] r4316

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Jun-29 09:15 UTC
[Secure-testing-commits] r4316 - data/CVE

Author: joeyh
Date: 2006-06-29 09:14:29 +0000 (Thu, 29 Jun 2006)
New Revision: 4316

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-06-29 07:08:20 UTC (rev 4315)
+++ data/CVE/list	2006-06-29 09:14:29 UTC (rev 4316)
@@ -1,3 +1,169 @@
+CVE-2006-3310
+	RESERVED
+CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout
Portal ...)
+	TODO: check
+CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS
...)
+	TODO: check
+CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine
...)
+	TODO: check
+CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring
funtion ...)
+	TODO: check
+CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau
...)
+	TODO: check
+CVE-2006-3304 (SQL injection vulnerability in cp.php in DeluxeBB 1.07 and
earlier ...)
+	TODO: check
+CVE-2006-3303 (Multiple cross-site scripting (XSS) vulnerabilities in pm.php in
...)
+	TODO: check
+CVE-2006-3302 (PHP remote file inclusion vulnerability in mod_cbsms.php in
CBSMS ...)
+	TODO: check
+CVE-2006-3301 (Multiple cross-site scripting (XSS) vulnerabilities in
phpQLAdmin ...)
+	TODO: check
+CVE-2006-3300 (PHP remote file inclusion vulnerability in
sms_config/gateway.php in ...)
+	TODO: check
+CVE-2006-3299 (Cross-site scripting (XSS) vulnerability in index.php in Usenet
Script ...)
+	TODO: check
+CVE-2006-3298 (Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers
to ...)
+	TODO: check
+CVE-2006-3297 (Cross-site scripting (XSS) vulnerability in error.php in
UebiMiau ...)
+	TODO: check
+CVE-2006-3296 (SQL injection vulnerability in view.php in Open Guestbook 0.5
allows ...)
+	TODO: check
+CVE-2006-3295 (Cross-site scripting (XSS) vulnerability in header.php in Open
...)
+	TODO: check
+CVE-2006-3294 (PHP remote file inclusion vulnerability in
mod_cbsms_messages.php in ...)
+	TODO: check
+CVE-2006-3293 (parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows
remote ...)
+	TODO: check
+CVE-2006-3292 (SQL injection vulnerability in the Search gadget in Jaws 0.6.2
allows ...)
+	TODO: check
+CVE-2006-3291 (The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used
on ...)
+	TODO: check
+CVE-2006-3290 (HTTP server in Cisco Wireless Control System (WCS) for Linux and
...)
+	TODO: check
+CVE-2006-3289 (Cross-site scripting (XSS) vulnerability in the login page of
the HTTP ...)
+	TODO: check
+CVE-2006-3288 (Unspecified vulnerability in the TFTP server in Cisco Wireless
Control ...)
+	TODO: check
+CVE-2006-3287 (Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1)
and ...)
+	TODO: check
+CVE-2006-3286 (The internal database in Cisco Wireless Control System (WCS) for
Linux ...)
+	TODO: check
+CVE-2006-3285 (The internal database in Cisco Wireless Control System (WCS) for
Linux ...)
+	TODO: check
+CVE-2006-3284 (Cross-site scripting (XSS) vulnerability in Dating Agent PRO
4.7.1 ...)
+	TODO: check
+CVE-2006-3283 (SQL injection vulnerability in Dating Agent PRO 4.7.1 allows
remote ...)
+	TODO: check
+CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-3281 (Microsoft Internet Explorer 6.0 allows remote user-complicit
attackers ...)
+	TODO: check
+CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0
allows ...)
+	TODO: check
+CVE-2006-3279 (Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows
remote ...)
+	TODO: check
+CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta
1 and ...)
+	TODO: check
+CVE-2006-3277 (Unspecified vulnerability in the SMTP service of MailEnable
Standard ...)
+	TODO: check
+CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0
and ...)
+	TODO: check
+CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and
...)
+	TODO: check
+CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when
run on ...)
+	TODO: check
+CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some
Chess 1.5 ...)
+	TODO: check
+CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in
Some ...)
+	TODO: check
+CVE-2006-3271 (Multiple SQL injection vulnerabilities in Softbiz Dating 1.0
allow ...)
+	TODO: check
+CVE-2006-3270 (SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1
allows ...)
+	TODO: check
+CVE-2006-3269 (PHP remote file inclusion vulnerability in
includes/functions_cms.php ...)
+	TODO: check
+CVE-2006-3268
+	RESERVED
+CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core
Technologies ...)
+	TODO: check
+CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive
Lite ...)
+	TODO: check
+CVE-2006-3265 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo
...)
+	TODO: check
+CVE-2006-3263 (SQL injection vulnerability in the Weblinks module
(weblinks.php) in ...)
+	TODO: check
+CVE-2006-3262 (SQL injection vulnerability in the Weblinks module
(weblinks.php) in ...)
+	TODO: check
+CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control
...)
+	TODO: check
+CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook
1.02 ...)
+	TODO: check
+CVE-2006-3259 (Multiple cross-site scripting (XSS) vulnerabilities in e107
0.7.5 ...)
+	TODO: check
+CVE-2006-3258 (Multiple cross-site scripting (XSS) vulnerabilities in
index.html in ...)
+	TODO: check
+CVE-2006-3257 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
1.7.7 ...)
+	TODO: check
+CVE-2006-3256 (SQL injection vulnerability in report.php in Woltlab Burning
Board ...)
+	TODO: check
+CVE-2006-3255 (SQL injection vulnerability in showmods.php in Woltlab Burning
Board ...)
+	TODO: check
+CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning
Board ...)
+	TODO: check
+CVE-2006-3253 (Cross-site scripting (XSS) vulnerability in member.php in
vBulletin ...)
+	TODO: check
+CVE-2006-3252 (Buffer overflow in the Online Registration Facility for
Algorithmic ...)
+	TODO: check
+CVE-2006-3251 (Heap-based buffer overflow in the array_push function in
hashcash.c ...)
+	TODO: check
+CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows
...)
+	TODO: check
+CVE-2006-3249 (SQL injection vulnerability in search.php in Phorum 5.1.14 and
earlier ...)
+	TODO: check
+CVE-2006-3248 (SQL injection vulnerability in calendar.php in Codewalkers PHP
Event ...)
+	TODO: check
+CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php
in ...)
+	TODO: check
+CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH
Deaf ...)
+	TODO: check
+CVE-2006-3245 (Multiple cross-site scripting (XSS) vulnerabilities in
activatemember ...)
+	TODO: check
+CVE-2006-3244 (Multiple SQL injection vulnerabilities in Anthill 0.2.6 and
earlier ...)
+	TODO: check
+CVE-2006-3243 (SQL injection vulnerability in usercp.php in MyBB
(MyBulletinBoard) ...)
+	TODO: check
+CVE-2006-3242 (Stack-based buffer overflow in the browse_get_namespace function
in ...)
+	TODO: check
+CVE-2006-3241 (Cross-site scripting (XSS) vulnerability in messages.php in
XennoBB ...)
+	TODO: check
+CVE-2006-3240 (Cross-site scripting (XSS) vulnerability in classes/ui.class.php
in ...)
+	TODO: check
+CVE-2006-3239 (SQL injection vulnerability in message.php in VBZooM 1.11 and
earlier ...)
+	TODO: check
+CVE-2006-3238 (Multiple SQL injection vulnerabilities in VBZooM 1.00 and
earlier ...)
+	TODO: check
+CVE-2006-3237 (Cross-site scripting (XSS) vulnerability in index.php in
Enterprise ...)
+	TODO: check
+CVE-2006-3236 (Multiple SQL injection vulnerabilities in thinkWMS 1.0 and
earlier ...)
+	TODO: check
+CVE-2006-3235 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-3234 (Multiple SQL injection vulnerabilities in index.php in FineShop
3.0 ...)
+	TODO: check
+CVE-2006-3233 (Cross-site scripting (XSS) vulnerability in openwebmail-read.pl
in ...)
+	TODO: check
+CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server
before ...)
+	TODO: check
+CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server
before ...)
+	TODO: check
+CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in
Azureus ...)
+	TODO: check
+CVE-2006-3229 (Cross-site scripting (XSS) vulnerability in OpenWebMail (OWM)
2.52, ...)
+	TODO: check
+CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23,
including ...)
+	TODO: check
 CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web
...)
 	NOT-FOR-US: Internet Explorer
 CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses
the ...)
@@ -6,8 +172,8 @@
 	NOT-FOR-US: Sun ONE Application Server
 CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote
...)
 	NOT-FOR-US: Apple Safari
-CVE-2006-3223
-	RESERVED
+CVE-2006-3223 (Format string vulnerability in CA Integrated Threat Management
(ITM), ...)
+	TODO: check
 CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80
MR12 ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1
and ...)
@@ -186,8 +352,8 @@
 	TODO: check
 CVE-2006-3135
 	RESERVED
-CVE-2006-3134
-	RESERVED
+CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as
used by ...)
+	TODO: check
 CVE-2006-3133
 	RESERVED
 CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in ...)
@@ -438,8 +604,8 @@
 	NOT-FOR-US: phpBannerExchange
 CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0
Update 6 ...)
 	NOT-FOR-US: phpBannerExchange
-CVE-2006-3011
-	RESERVED
+CVE-2006-3011 (The error_log function in PHP 5.1.4 and 4.4.2 allows local users
to ...)
+	TODO: check
 CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP
...)
 	NOT-FOR-US: Microsoft Internet Explore
 CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote
attackers to ...)
@@ -2305,8 +2471,7 @@
 	NOT-FOR-US: Invision Gallery
 CVE-2006-2201 (Unspecified vulnerability in CA Resource Initialization Manager
...)
 	NOT-FOR-US: CA Resource Initialization Manager
-CVE-2006-2200 [mimms/libmms bufferoverflows in mms / mmsh parsers]
-	RESERVED
+CVE-2006-2200 (Stack-based buffer overflow in MiMMS 0.0.9 allows remote
attackers to ...)
 	- libmms 0.2-5 (bug #374577; medium)
 	- mimms 2.0.0-1 (bug #374577; medium)
 CVE-2006-2199
@@ -3635,7 +3800,7 @@
 	NOT-FOR-US: Jupiter CMS
 CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
 	- phpmyadmin 4:2.8.0.3-1 (bug #362567)
-CVE-2006-1677 (MAXdev MD-Pro 1.0.73 and 1.0.72 allows remote attackers to
obtain the ...)
+CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions
before ...)
 	NOT-FOR-US: MAXdev MD-Pro
 CVE-2006-1676 (SQL injection vulnerability in the display function in the
Topics ...)
 	NOT-FOR-US: MAXdev MD-Pro
@@ -4198,16 +4363,15 @@
 	RESERVED
 CVE-2006-1472
 	RESERVED
-CVE-2006-1471
-	RESERVED
-CVE-2006-1470 [openldap assert dos]
-	RESERVED
+CVE-2006-1471 (Format string vulnerability in launchd in Apple Mac OS X 10.4 up
to ...)
+	TODO: check
+CVE-2006-1470 (OpenLDAP Apple Mac OS X 10.4 up to 10.4.6 allows remote
attackers to ...)
 	- openldap2 <not-affected> (Vulnerable code not present)
 	- openldap2.2 <unfixed> (medium)
-CVE-2006-1469
-	RESERVED
-CVE-2006-1468
-	RESERVED
+CVE-2006-1469 (Stack-based buffer overflow ImageIO in Apple Mac OS X 10.4 up to
...)
+	TODO: check
+CVE-2006-1468 (Unspecified vulnerability in AFP server in Apple Mac OS X 10.4
up to ...)
+	TODO: check
 CVE-2006-1467
 	RESERVED
 CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the
WebObjects ...)
@@ -5819,7 +5983,7 @@
 	- thunderbird 1.5.0.2-1 (high)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
 	- xulrunner 1.8.0.1-9
-CVE-2006-0747 (integer underflow in Freetype before 2.2 allows remote attackers
to ...)
+CVE-2006-0747 (Integer underflow in Freetype before 2.2 allows remote attackers
to ...)
 	{DSA-1095-1}
 	- freetype 2.2.1-1 (medium)
 CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches
from xpdf ...)
@@ -6590,8 +6754,7 @@
 	- irssi-text <not-affected> (Only 0.8.10rc versions are affected)
 CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3)
keyctl ...)
 	- linux-2.6 <unfixed>
-CVE-2006-0456 [kernel: strlen_user() DoS on s390]
-	RESERVED
+CVE-2006-0456 (The strnlen_user function in Linux kernel before 2.6.16 on IBM
S/390 ...)
 	{DSA-1103}
 	- linux-2.6 2.6.16-1
 CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature
...)
Secure testing commits - Jun 2006 - r4316 - data/CVE

[Secure-testing-commits] r4316 - data/CVE
