Author: joeyh Date: 2006-05-15 09:14:23 +0000 (Mon, 15 May 2006) New Revision: 3954 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-14 17:37:28 UTC (rev 3953) +++ data/CVE/list 2006-05-15 09:14:23 UTC (rev 3954) @@ -1,3 +1,37 @@ +CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...) + TODO: check +CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 ...) + TODO: check +CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 ...) + TODO: check +CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional ...) + TODO: check +CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...) + TODO: check +CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 ...) + TODO: check +CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...) + TODO: check +CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...) + TODO: check +CVE-2006-2350 (SQL injection vulnerability in the inc/elementz.php script in AliPAGER ...) + TODO: check +CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...) + TODO: check +CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in ...) + TODO: check +CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...) + TODO: check +CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows ...) + TODO: check +CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in ...) + TODO: check +CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with ...) + TODO: check +CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...) + TODO: check +CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...) + TODO: check CVE-2006-XXXX [dovecot information disclosure: list .. directory] - dovecot 1.0.beta8-1 (low) [sarge] - dovecot <not-affected> (vulnerability introduced in 1.0) @@ -209,8 +243,8 @@ NOT-FOR-US: Fujitsu NetShelter/FW CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...) NOT-FOR-US: Newsadmin -CVE-2006-2238 - RESERVED +CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime 7.1 allows remote ...) + TODO: check CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...) - awstats 6.5-2 (bug #365909; medium) CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...) @@ -333,7 +367,7 @@ NOT-FOR-US: zenphoto CVE-2006-2185 RESERVED -CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB ...) +CVE-2006-2184 (** DISPUTED ** ...) NOT-FOR-US: PHPKB Knowledge Base CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running ...) NOT-FOR-US: Truecrypt @@ -773,7 +807,7 @@ CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...) NOT-FOR-US: Apple Safari NOTE: PoC exploit does not work with konqueror 4:3.5.2-2 -CVE-2006-1985 (Heap-based buffer overflow in BOMArchiveHelper 10.4 (6.3) Build 312, ...) +CVE-2006-1985 (Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build ...) NOT-FOR-US: BOMArchiveHelper CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X ...) NOT-FOR-US: Mac OS X @@ -1089,7 +1123,7 @@ RESERVED CVE-2006-1855 RESERVED -CVE-2006-1854 (Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager ...) +CVE-2006-1854 (** DISPUTED ** ...) NOT-FOR-US: BluePay Manager CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...) NOT-FOR-US: ModernBill @@ -1885,7 +1919,7 @@ NOT-FOR-US: VSNS Lemon CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in VSNS ...) NOT-FOR-US: VSNS Lemon -CVE-2006-1552 (ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to ...) +CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows ...) NOT-FOR-US: Apple CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...) NOT-FOR-US: PAJAX @@ -2013,7 +2047,7 @@ CVE-2006-1520 RESERVED CVE-2006-1519 - RESERVED + REJECTED CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in MySQL ...) - mysql-dfsg-5.0 5.0.21-1 (bug #365939; medium) - mysql-dfsg-4.1 <unfixed> (bug #365939; medium) @@ -2160,60 +2194,60 @@ RESERVED CVE-2006-1466 RESERVED -CVE-2006-1465 - RESERVED -CVE-2006-1464 - RESERVED -CVE-2006-1463 - RESERVED -CVE-2006-1462 - RESERVED -CVE-2006-1461 - RESERVED -CVE-2006-1460 - RESERVED -CVE-2006-1459 - RESERVED -CVE-2006-1458 - RESERVED -CVE-2006-1457 - RESERVED -CVE-2006-1456 - RESERVED -CVE-2006-1455 - RESERVED -CVE-2006-1454 - RESERVED -CVE-2006-1453 - RESERVED -CVE-2006-1452 - RESERVED -CVE-2006-1451 - RESERVED -CVE-2006-1450 - RESERVED -CVE-2006-1449 - RESERVED -CVE-2006-1448 - RESERVED -CVE-2006-1447 - RESERVED -CVE-2006-1446 - RESERVED -CVE-2006-1445 - RESERVED -CVE-2006-1444 - RESERVED -CVE-2006-1443 - RESERVED -CVE-2006-1442 - RESERVED -CVE-2006-1441 - RESERVED -CVE-2006-1440 - RESERVED -CVE-2006-1439 - RESERVED +CVE-2006-1465 (Buffer overflow in Apple QuickTime 7.1 allows remote attackers to ...) + TODO: check +CVE-2006-1464 (Buffer overflow in Apple QuickTime 7.1 allows remote attackers to ...) + TODO: check +CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime 7.1 allows remote ...) + TODO: check +CVE-2006-1462 (Multiple integer overflows in Apple QuickTime 7.1 allow remote ...) + TODO: check +CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime 7.1 allow remote ...) + TODO: check +CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime 7.1 allow remote ...) + TODO: check +CVE-2006-1459 (Multiple integer overflows in Apple QuickTime 7.1 allow remote ...) + TODO: check +CVE-2006-1458 (Integer overflow in Apple QuickTime Player 7.1 allows remote attackers ...) + TODO: check +CVE-2006-1457 (Safari on Apple Mac OS X 10.4.6, when "Open `safe'' files after ...) + TODO: check +CVE-2006-1456 (Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 ...) + TODO: check +CVE-2006-1455 (QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows ...) + TODO: check +CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime 7.1 allows remote ...) + TODO: check +CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime 7.1 allows remote ...) + TODO: check +CVE-2006-1452 (Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to ...) + TODO: check +CVE-2006-1451 (MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a ...) + TODO: check +CVE-2006-1450 (Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to ...) + TODO: check +CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows ...) + TODO: check +CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-complicit ...) + TODO: check +CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to ...) + TODO: check +CVE-2006-1446 (Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an ...) + TODO: check +CVE-2006-1445 (Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 ...) + TODO: check +CVE-2006-1444 (CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for ...) + TODO: check +CVE-2006-1443 (Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and ...) + TODO: check +CVE-2006-1442 (The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 ...) + TODO: check +CVE-2006-1441 (Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote ...) + TODO: check +CVE-2006-1440 (BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite ...) + TODO: check +CVE-2006-1439 (NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not ...) + TODO: check CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy''s PHP ...) NOT-FOR-US: aphpkb CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the web ...)