thr3ads.net - Secure testing commits - [Secure-testing-commits] r3996

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-May-20 09:15 UTC
[Secure-testing-commits] r3996 - data/CVE

Author: joeyh
Date: 2006-05-20 09:14:23 +0000 (Sat, 20 May 2006)
New Revision: 3996

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-05-20 08:16:13 UTC (rev 3995)
+++ data/CVE/list	2006-05-20 09:14:23 UTC (rev 3996)
@@ -1,3 +1,71 @@
+CVE-2006-2492 (Buffer overflow in Microsoft Word XP and Word 2003 allows ...)
+	TODO: check
+CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and
(2) ...)
+	TODO: check
+CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix
IP ...)
+	TODO: check
+CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and
2.x ...)
+	TODO: check
+CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac
WebOS ...)
+	TODO: check
+CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews
1.2.1 ...)
+	TODO: check
+CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and
earlier ...)
+	TODO: check
+CVE-2006-2485 (PHP remote file inclusion vulnerability in
includes/class_template.php ...)
+	TODO: check
+CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in
IceWarp ...)
+	TODO: check
+CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in
...)
+	TODO: check
+CVE-2006-2482
+	RESERVED
+CVE-2006-2481
+	RESERVED
+CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit
...)
+	TODO: check
+CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not
verify ...)
+	TODO: check
+CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect
users to ...)
+	TODO: check
+CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative
...)
+	TODO: check
+CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web
document ...)
+	TODO: check
+CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and
(2) ...)
+	TODO: check
+CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106
and ...)
+	TODO: check
+CVE-2006-2473 (Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki
0.78 ...)
+	TODO: check
+CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0,
8.1 ...)
+	TODO: check
+CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4,
7.0 ...)
+	TODO: check
+CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration
...)
+	TODO: check
+CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0
up to ...)
+	TODO: check
+CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic
Server 8.1 ...)
+	TODO: check
+CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to
SP7 ...)
+	TODO: check
+CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows
remote ...)
+	TODO: check
+CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute
arbitrary ...)
+	TODO: check
+CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4
and ...)
+	TODO: check
+CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before
Service ...)
+	TODO: check
+CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly
set ...)
+	TODO: check
+CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when ...)
+	TODO: check
+CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion
6.00.307 and ...)
+	TODO: check
 CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and
...)
 	- libextractor 0.5.14-1
 CVE-2006-2457
@@ -29,6 +97,7 @@
 CVE-2006-2444
 	RESERVED
 CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions,
which ...)
+	{DSA-1062-1}
 	- kphone 1:4.2-3 (bug #337830; medium)
 CVE-2006-2439
 	RESERVED
@@ -275,7 +344,7 @@
 	TODO: check
 CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in
AngelineCMS ...)
 	TODO: check
-CVE-2006-2327 (Integer overflow in the DPRPCNLM.NLM NDPS/iPrint module in
Novell ...)
+CVE-2006-2327 (Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM)
...)
 	TODO: check
 CVE-2006-2326 (Directory traversal vulnerability in index.php in
OnlyScript.info ...)
 	TODO: check
@@ -305,8 +374,8 @@
 	RESERVED
 CVE-2006-2313
 	RESERVED
-CVE-2006-2312
-	RESERVED
+CVE-2006-2312 (Unspecified vulnerability in the URI handler in Skype 2.0.*.104
and ...)
+	TODO: check
 CVE-2006-2311
 	RESERVED
 CVE-2006-2310
@@ -321,7 +390,7 @@
 	NOT-FOR-US: EPublisherPro
 CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS
allow ...)
 	NOT-FOR-US: Jadu
-CVE-2006-2304 (Buffer overflow in DPRPCW32.DLL in Novell Client 4.83 SP3, 4.90
SP2 ...)
+CVE-2006-2304 (Multiple integer overflows in the DPRPC library (DPRPCW32.DLL)
in ...)
 	NOT-FOR-US: Novell software for Windows
 CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client
5.04 ...)
 	NOT-FOR-US: Windows ICQ client
@@ -457,7 +526,7 @@
 	NOT-FOR-US: Fujitsu NetShelter/FW
 CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1
allows ...)
 	NOT-FOR-US: Newsadmin
-CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime 7.1 allows remote
...)
+CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows
remote ...)
 	TODO: check
 CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics
updates are ...)
 	{DSA-1058-1}
@@ -526,6 +595,7 @@
 CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and
earlier ...)
 	NOT-FOR-US: 4images
 CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of
service ...)
+	{DSA-1065-1}
 	- hostapd 1:0.5.0-1 (bug #365897; high)
 	[sarge] - hostapd <unfixed> (bug #365897; high)
 CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier
allows ...)
@@ -582,7 +652,7 @@
 	NOT-FOR-US: zenphoto
 CVE-2006-2185
 	RESERVED
-CVE-2006-2184 (** DISPUTED ** ...)
+CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB
...)
 	NOT-FOR-US: PHPKB Knowledge Base
 CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when
running ...)
 	NOT-FOR-US: Truecrypt
@@ -738,6 +808,7 @@
 CVE-2006-2111 (Microsoft Internet Explorer 6.0 on Windows XP SP2, and possibly
other ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and
2.1.x ...)
+	{DSA-1060-1}
 	TODO: check
 CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str
...)
 	TODO: check
@@ -1259,6 +1330,7 @@
 CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for
&quot;Script ...)
 	NOT-FOR-US: Webplus (aka talentsoft) Web+Shop
 CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated
users ...)
+	{DSA-1066-1}
 	- phpbb2 <unfixed> (bug #365533; medium)
 CVE-2006-1895 (Direct static code injection vulnerability in
includes/template.php in ...)
 	- phpbb2 <not-affected> (bug #365535)
@@ -1338,8 +1410,8 @@
 	RESERVED
 CVE-2006-1857
 	RESERVED
-CVE-2006-1856
-	RESERVED
+CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do
not ...)
+	TODO: check
 CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes
certain ...)
 	TODO: check
 CVE-2006-1854 (** DISPUTED ** ...)
@@ -2424,21 +2496,21 @@
 	RESERVED
 CVE-2006-1466
 	RESERVED
-CVE-2006-1465 (Buffer overflow in Apple QuickTime 7.1 allows remote attackers
to ...)
+CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote
attackers ...)
 	TODO: check
-CVE-2006-1464 (Buffer overflow in Apple QuickTime 7.1 allows remote attackers
to ...)
+CVE-2006-1464 (Buffer overflow in Apple QuickTime before 7.1 allows remote
attackers ...)
 	TODO: check
-CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime 7.1 allows remote
...)
+CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows
remote ...)
 	TODO: check
-CVE-2006-1462 (Multiple integer overflows in Apple QuickTime 7.1 allow remote
...)
+CVE-2006-1462 (Multiple integer overflows in Apple QuickTime before 7.1 allow
remote ...)
 	TODO: check
-CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime 7.1 allow remote
...)
+CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime before 7.1 allow
remote ...)
 	TODO: check
-CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime 7.1 allow remote
...)
+CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime before 7.1 allow
remote ...)
 	TODO: check
-CVE-2006-1459 (Multiple integer overflows in Apple QuickTime 7.1 allow remote
...)
+CVE-2006-1459 (Multiple integer overflows in Apple QuickTime before 7.1 allow
remote ...)
 	TODO: check
-CVE-2006-1458 (Integer overflow in Apple QuickTime Player 7.1 allows remote
attackers ...)
+CVE-2006-1458 (Integer overflow in Apple QuickTime Player before 7.1 allows
remote ...)
 	TODO: check
 CVE-2006-1457 (Safari on Apple Mac OS X 10.4.6, when &quot;Open
`safe'' files after ...)
 	TODO: check
@@ -2446,9 +2518,9 @@
 	TODO: check
 CVE-2006-1455 (QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6
allows ...)
 	TODO: check
-CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime 7.1 allows remote
...)
+CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows
remote ...)
 	TODO: check
-CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime 7.1 allows remote
...)
+CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime before 7.1 allows
...)
 	TODO: check
 CVE-2006-1452 (Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up
to ...)
 	TODO: check
@@ -3739,6 +3811,7 @@
 CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows
remote ...)
 	NOT-FOR-US: Easy Forum
 CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial
of ...)
+	{DSA-1061-1}
 	- popfile 0.22.4-1 (bug #354464; medium)
 CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS
1.3a5 ...)
 	NOT-FOR-US: runCMS
@@ -5850,8 +5923,8 @@
 	NOTE: Woody affected only, according to BTS fixed in Sarge.
 CVE-2006-0060
 	RESERVED
-CVE-2006-0059
-	RESERVED
+CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP
(RFC ...)
+	TODO: check
 CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6
allows ...)
 	{DSA-1015-1}
 	- sendmail 8.13.6-1 (bug #358440; high)
@@ -6196,8 +6269,8 @@
 	RESERVED
 CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to
cause a ...)
 	- evolution <unfixed>
-CVE-2006-0039
-	RESERVED
+CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for
Linux ...)
+	TODO: check
 CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for
Linux ...)
 	- linux-2.6 2.6.16-1
 CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper
(netfilter/ip_nat_helper_pptp.c) in ...)
@@ -7794,8 +7867,8 @@
 CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before
...)
 	{DSA-1018-1 DSA-1017-1}
 	- linux-2.6 2.6.14-3 (medium)
-CVE-2005-3782
-	RESERVED
+CVE-2005-3782 (Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the
&quot;Name and ...)
+	TODO: check
 CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version
3, with ...)
 	NOT-FOR-US: Linksys hardware
 CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via
a ...)
@@ -8179,6 +8252,7 @@
 CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known
as ...)
 	NOT-FOR-US: Dynix WebPac
 CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows,
...)
+	{DSA-1064-1}
 	- cscope <unfixed> (bug #340177; medium)
 	NOTE: Sarge and Woody are affected
 CVE-2005-XXXX [unsafe file permissions in vpnc]
@@ -10947,6 +11021,7 @@
 CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for
...)
 	NOT-FOR-US: AutoLinks Pro
 CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not
properly ...)
+	{DSA-1063-1}
 	- phpgroupware 0.9.16.009-1 (bug #340094; medium)
 	- egroupware 1.0.0.009.dfsg-3-4 (bug #340495; medium)
 	[woody] - phpgroupware <not-affected> (fudforum not included until
0.9.16)
@@ -12604,7 +12679,7 @@
 	NOT-FOR-US: PHPPageProtect
 CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in
MooseGallery ...)
 	NOT-FOR-US: MooseGallery
-CVE-2005-2330 (Directory traversal vulnerability in update.php in osCommerce
2.2 ...)
+CVE-2005-2330 (Directory traversal vulnerability in extras/update.php in
osCommerce 2.2 ...)
 	NOT-FOR-US: osCommerce
 CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
3.5.0, ...)
 	NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
Secure testing commits - May 2006 - r3996 - data/CVE

[Secure-testing-commits] r3996 - data/CVE
