thr3ads.net - Secure testing commits - [Secure-testing-commits] r3976

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-May-19 09:15 UTC
[Secure-testing-commits] r3976 - data/CVE

Author: joeyh
Date: 2006-05-19 09:14:24 +0000 (Fri, 19 May 2006)
New Revision: 3976

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-05-19 06:27:25 UTC (rev 3975)
+++ data/CVE/list	2006-05-19 09:14:24 UTC (rev 3976)
@@ -1,3 +1,209 @@
+CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and
...)
+	TODO: check
+CVE-2006-2457
+	RESERVED
+CVE-2006-2456
+	RESERVED
+CVE-2006-2455
+	RESERVED
+CVE-2006-2454
+	RESERVED
+CVE-2006-2453
+	RESERVED
+CVE-2006-2452
+	RESERVED
+CVE-2006-2451
+	RESERVED
+CVE-2006-2450
+	RESERVED
+CVE-2006-2449
+	RESERVED
+CVE-2006-2448
+	RESERVED
+CVE-2006-2447
+	RESERVED
+CVE-2006-2446
+	RESERVED
+CVE-2006-2445
+	RESERVED
+CVE-2006-2444
+	RESERVED
+CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions,
which ...)
+	TODO: check
+CVE-2006-2439
+	RESERVED
+CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the
...)
+	TODO: check
+CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc)
for ...)
+	TODO: check
+CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative
fix) ...)
+	TODO: check
+CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server
5.0.2 ...)
+	TODO: check
+CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier
...)
+	TODO: check
+CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server
6.0.2, ...)
+	TODO: check
+CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier
cumulative fix) ...)
+	TODO: check
+CVE-2006-2431 (Unspecified vulnerability in IBM WebSphere Application Server
5.0.2 ...)
+	TODO: check
+CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and
earlier, ...)
+	TODO: check
+CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server
6.0.2, ...)
+	TODO: check
+CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to
execute ...)
+	TODO: check
+CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav
1.0.3h ...)
+	TODO: check
+CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK
1.5.0_6 ...)
+	TODO: check
+CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php
in ...)
+	TODO: check
+CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and
...)
+	TODO: check
+CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php
in ...)
+	TODO: check
+CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail
addresses, ...)
+	TODO: check
+CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20
allows ...)
+	TODO: check
+CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0,
allows ...)
+	TODO: check
+CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in
Directory ...)
+	TODO: check
+CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions
of ...)
+	TODO: check
+CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x
before ...)
+	TODO: check
+CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and
earlier ...)
+	TODO: check
+CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat
2.0 ...)
+	TODO: check
+CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0
allows ...)
+	TODO: check
+CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN
revision ...)
+	TODO: check
+CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in
...)
+	TODO: check
+CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium
SVN ...)
+	TODO: check
+CVE-2006-2409 (Format string vulnerability in the raydium_console_line_add
function ...)
+	TODO: check
+CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310
allow ...)
+	TODO: check
+CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX
...)
+	TODO: check
+CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in ...)
+	TODO: check
+CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in
...)
+	TODO: check
+CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts
RadLance ...)
+	TODO: check
+CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-2402 (Buffer overflow in the changeRegistration function in
servernet.cpp ...)
+	TODO: check
+CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2
and ...)
+	TODO: check
+CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2
and ...)
+	TODO: check
+CVE-2006-2399 (Stack-based buffer overflow in the ...)
+	TODO: check
+CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5
and ...)
+	TODO: check
+CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos
1.5 and ...)
+	TODO: check
+CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows
remote ...)
+	TODO: check
+CVE-2006-2395 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live
...)
+	TODO: check
+CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows
remote ...)
+	TODO: check
+CVE-2006-2392 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows
remote ...)
+	TODO: check
+CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2
allows ...)
+	TODO: check
+CVE-2006-2389
+	RESERVED
+CVE-2006-2388
+	RESERVED
+CVE-2006-2387
+	RESERVED
+CVE-2006-2386
+	RESERVED
+CVE-2006-2385
+	RESERVED
+CVE-2006-2384
+	RESERVED
+CVE-2006-2383
+	RESERVED
+CVE-2006-2382
+	RESERVED
+CVE-2006-2381
+	RESERVED
+CVE-2006-2380
+	RESERVED
+CVE-2006-2379
+	RESERVED
+CVE-2006-2378
+	RESERVED
+CVE-2006-2377
+	RESERVED
+CVE-2006-2376
+	RESERVED
+CVE-2006-2375
+	RESERVED
+CVE-2006-2374
+	RESERVED
+CVE-2006-2373
+	RESERVED
+CVE-2006-2372
+	RESERVED
+CVE-2006-2371
+	RESERVED
+CVE-2006-2370
+	RESERVED
+CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as
AdderLink ...)
+	TODO: check
+CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys
(aka ...)
+	TODO: check
+CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys
(aka ...)
+	TODO: check
+CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the
-r ...)
+	TODO: check
+CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra
...)
+	TODO: check
+CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation
feature in ...)
+	TODO: check
+CVE-2006-2363 (SQL injection vulnerability in the weblinks option
(weblinks.html.php) ...)
+	TODO: check
+CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software
...)
+	TODO: check
+CVE-2006-2361 (PHP remote file inclusion vulnerability in
pafiledb_constants.php in ...)
+	TODO: check
+CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for
phpBB ...)
+	TODO: check
+CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the
Chart ...)
+	TODO: check
+CVE-2006-2192
+	RESERVED
+CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite
files and ...)
+	TODO: check
+CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Yet ...)
+	TODO: check
+CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP
Image ...)
+	TODO: check
+CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet
Another PHP ...)
+	TODO: check
 CVE-2006-XXXX [vnc server authentication bypass]
 	- vnc4 4.1.1+X4.3.0-10 (high)
 	NOTE: mail to bugtraq implies 4.0 is not vulnerable
@@ -420,7 +626,7 @@
 CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x
before ...)
 	- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
 	- nagios2 2.3-1 (bug #366683; medium)
-CVE-2006-2161 (Buffer overflow in TZipBuilder 1.79.03.01 allows remote
attackers to ...)
+CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01 and (2) Abakt
0.9.2 and ...)
 	TODO: check
 CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network
Loginphp ...)
 	TODO: check
@@ -891,8 +1097,8 @@
 	NOT-FOR-US: RechnungsZentrale
 CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer
(aka ...)
 	NOT-FOR-US: RechnungsZentrale
-CVE-2006-1953
-	RESERVED
+CVE-2006-1953 (Directory traversal vulnerability in Caucho Resin 3.0.17 and
3.0.18 ...)
+	TODO: check
 CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for
Windows ...)
 	NOT-FOR-US: WinAgents TFTP Server for Windows
 CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1
and ...)
@@ -1130,8 +1336,8 @@
 	RESERVED
 CVE-2006-1856
 	RESERVED
-CVE-2006-1855
-	RESERVED
+CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes
certain ...)
+	TODO: check
 CVE-2006-1854 (** DISPUTED ** ...)
 	NOT-FOR-US: BluePay Manager
 CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and
earlier ...)
@@ -2048,8 +2254,8 @@
 	NOTE: MFSA2006-20 says exploitability has not been confirmed.
 	NOTE: Thunderbird is potentially affected as well, but not in the
 	NOTE: default configuration.
-CVE-2006-1528
-	RESERVED
+CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial
of ...)
+	TODO: check
 CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows
remote ...)
 	- linux-2.6 2.6.16-12 (low)
 CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X
server ...)
@@ -2670,7 +2876,7 @@
 	- sa-exim 4.2.1-1 (bug #345071; bug #356301)
 CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail
before 4.3 ...)
 	NOT-FOR-US: Winmail
-CVE-2006-1249 (** UNVERIFIABLE, PRERELEASE ** ...)
+CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and
iTunes ...)
 	NOT-FOR-US: Apple Quicktime
 CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11,
and ...)
 	NOT-FOR-US: HP-UX 
@@ -3840,7 +4046,7 @@
 	NOT-FOR-US: Geeklog
 CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3
allows ...)
 	NOT-FOR-US: PhpTagCool
-CVE-2006-2440 [imagemagick: array index overflow in DisplayImageCommand]
+CVE-2006-2440 (Heap-based buffer overflow in the libMagick componet of
ImageMagick ...)
 	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
 CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom
...)
 	NOT-FOR-US: My Blog
@@ -4069,7 +4275,7 @@
 CVE-2006-XXXX [dpkg-sig: insecure temp file bug]
 	- dpkg-sig 0.13 (bug #352723; low)
 	[sarge] - dpkg-sig <no-dsa> (Only affected in debug mode)
-CVE-2006-2441 [pioneers meta-server DoS]
+CVE-2006-2441 (Pioneers meta-server before 0.9.55, when the server-console is
not ...)
 	- pioneers 0.9.55-1 (bug #351986; medium)
 	[sarge] - gnocatan <not-affected> (Not exploitable in Sarge per
maintainer)
 CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in
...)
@@ -5248,7 +5454,7 @@
 	NOT-FOR-US: Illustrate dBpowerAMP Music Converter
 CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with
RMI ...)
 	NOT-FOR-US: BEA WebLogic Server
-CVE-2006-2443 [knowledgetree information disclosure]
+CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates
environment.php with ...)
 	- knowledgetree <unfixed> (bug #348306; medium)
 CVE-2006-XXXX [php5 response splitting]
 	- php5 5.1.2-1 (bug #347894)
@@ -10314,7 +10520,8 @@
 CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta
through ...)
 	{DSA-863-1}
 	- xine-lib 1.0.1-1.4 (bug #332919; bug #333682; medium)
-CVE-2005-2965 (graphviz before 2.2.1 allows local users to overwrite arbitrary
files ...)
+CVE-2005-2965
+	REJECTED
 	{DSA-857-1}
 	- graphviz 2.2.1-1sarge1 (bug #336985; low) 
 CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows
attackers ...)
@@ -10576,7 +10783,7 @@
 	NOT-FOR-US: Rediff BOL)
 CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server
as an ...)
 	NOT-FOR-US: Free SMTP Server
-CVE-2005-2856 (Stack-based buffer overflow in WinACE UNACEV2.DLL third-party
...)
+CVE-2005-2856 (Stack-based buffer overflow in the WinACE UNACEV2.DLL
third-party ...)
 	NOT-FOR-US: ALZip
 CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified
NewsBoard ...)
 	NOT-FOR-US: Unclassified Newsboard
Secure testing commits - May 2006 - r3976 - data/CVE

[Secure-testing-commits] r3976 - data/CVE
