Secure testing commits - Apr 2006 - r3757 - data/CVE

Author: joeyh
Date: 2006-04-05 21:14:23 +0000 (Wed, 05 Apr 2006)
New Revision: 3757

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-04-05 20:42:36 UTC (rev 3756)
+++ data/CVE/list	2006-04-05 21:14:23 UTC (rev 3757)
@@ -1,10 +1,97 @@
+CVE-2006-1628
+	RESERVED
+CVE-2006-1627
+	RESERVED
+CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2, and earlier allows
remote ...)
+	TODO: check
+CVE-2006-1625 (Cross-site scripting (XSS) vulnerability in
inc/functions_post.php in ...)
+	TODO: check
+CVE-2006-1624 (The default configuration of syslogd in the Linux sysklogd
package ...)
+	TODO: check
+CVE-2006-1623 (Unspecified vulnerability in main.php in an unspecified
"file created ...)
+	TODO: check
+CVE-2006-1622 (Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit
...)
+	TODO: check
+CVE-2006-1621 (Directory traversal vulnerability in
admin/folders/saveuploadfiles.asp ...)
+	TODO: check
+CVE-2006-1620 (admin/accounts/AccountActions.asp in Hosting Controller 2002 RC
1 ...)
+	TODO: check
+CVE-2006-1619 (IBM WebSphere Application Server 4.0.1 through 4.0.3 allows
remote ...)
+	TODO: check
+CVE-2006-1618 (Format string vulnerability in the (1) Con_message and (2)
conPrintf ...)
+	TODO: check
+CVE-2006-1617 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced
Poll ...)
+	TODO: check
+CVE-2006-1616 (Multiple SQL injection vulnerabilities in Advanced Poll 2.02
allow ...)
+	TODO: check
+CVE-2006-1613 (Multiple SQL injection vulnerabilities in aWebNews 1.0 allow
remote ...)
+	TODO: check
+CVE-2006-1612 (Multiple cross-site scripting (XSS) vulnerabilities in
visview.php in ...)
+	TODO: check
+CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before
1.1.5.22 ...)
+	TODO: check
+CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in
SQuery ...)
+	TODO: check
+CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA,
XFIT/S/ZGN, ...)
+	TODO: check
+CVE-2006-1608
+	RESERVED
+CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS
before ...)
+	TODO: check
+CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS
before ...)
+	TODO: check
+CVE-2006-1605 (Unspecified vulnerability in the image module in Exponent CMS
before ...)
+	TODO: check
+CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has
...)
+	TODO: check
+CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB
...)
+	TODO: check
+CVE-2006-1602 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1
4/04 ...)
+	TODO: check
+CVE-2006-1600 (SQL injection vulnerability in category.php in PhpWebGallery
1.4.1 ...)
+	TODO: check
+CVE-2006-1599 (Unspecified vulnerability in VCEngine.php in v-creator before
...)
+	TODO: check
+CVE-2006-1598 (AN HTTPD 1.42n, and possibly other versions before 1.42p, allows
...)
+	TODO: check
+CVE-2006-1597
+	RESERVED
+CVE-2006-1596 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-1595 (Cross-site scripting (XSS) vulnerability in
document/rqmkhtml.php in ...)
+	TODO: check
+CVE-2006-1594 (Multiple directory traversal vulnerabilities in
document/rqmkhtml.php ...)
+	TODO: check
+CVE-2006-1593 (The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ...)
+	TODO: check
+CVE-2006-1592 (Buffer overflow in the is_client_wad_ok function in w_wad.cpp
for (1) ...)
+	TODO: check
+CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help
winhlp32.exe ...)
+	TODO: check
+CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage
...)
+	TODO: check
+CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows
local ...)
+	TODO: check
+CVE-2006-1588 (The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does
not ...)
+	TODO: check
+CVE-2006-1587 (NetBSD 1.6 up to 3.0, when a user has "set
record" in .mailrc with the ...)
+	TODO: check
+CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to
overwrite ...)
+	TODO: check
 CVE-2006-XXXX [openvpn missing setenv sanitising]
 	- openvpn <unfixed> (bug #360559; medium)
 CVE-2006-1614 [clamav 0.88.1 integer overflow]
+	RESERVED
+	{DSA-1024-1}
 	- clamav 0.88.1-1
 CVE-2006-1630 [clamav 0.88.1 fix possible crash in cli_bitset_test()]
+	{DSA-1024-1}
 	- clamav 0.88.1-1
 CVE-2006-1615 [clamav 0.88.1 format string flaws]
+	RESERVED
+	{DSA-1024-1}
 	- clamav 0.88.1-1
 CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt
SiteMan ...)
 	NOT-FOR-US: Egypt SiteMan
@@ -363,18 +450,18 @@
 	RESERVED
 CVE-2006-1439
 	RESERVED
-CVE-2006-1438
-	RESERVED
+CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in
Andy''s PHP ...)
+	TODO: check
 CVE-2006-1437
 	RESERVED
 CVE-2006-1436
 	RESERVED
-CVE-2006-1435
-	RESERVED
-CVE-2006-1434
-	RESERVED
-CVE-2006-1433
-	RESERVED
+CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in
...)
+	TODO: check
+CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in
...)
+	TODO: check
+CVE-2006-1433 (Annuaire (Directory) 1.0 allows remote attackers to obtain
sensitive ...)
+	TODO: check
 CVE-2006-1432 (fusionZONE couponZONE 4.2 allows remote attackers to obtain the
full ...)
 	NOT-FOR-US: fusionZONE couponZONE
 CVE-2006-1431 (Cross-site scripting (XSS) vulnerability in local.cfm in
fusionZONE ...)
@@ -808,7 +895,7 @@
 	NOTE: Discussion has shown that the revamp patch doesn''t fix new
vulnerabilities
 CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP
Blog ...)
 	NOT-FOR-US: Simple PHP Blog 
-CVE-2006-1242 (Certain Linux 2.4 and 2.6 kernels increment the IP ID field
after ...)
+CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x
before ...)
 	- linux-2.6 2.6.16-4
 CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and
(3) ...)
 	- firebird2 <not-affected> (Not setuid in Debian)
@@ -1210,8 +1297,7 @@
 	- samba 3.0.22-1
 	[woody] - samba <not-affected>
 	[sarge] - samba <not-affected>
-CVE-2006-1058
-	RESERVED
+CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords,
which ...)
 	- busybox <unfixed> (low; bug #360578)
 CVE-2006-1057
 	RESERVED
@@ -2316,8 +2402,8 @@
 	RESERVED
 CVE-2006-0560
 	RESERVED
-CVE-2006-0559
-	RESERVED
+CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee
WebShield ...)
+	TODO: check
 CVE-2006-0558
 	RESERVED
 CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does
not ...)
@@ -2769,8 +2855,8 @@
 CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote
...)
 	{DSA-989-1}
 	- zoph 0.5-1 (bug #350717)
-CVE-2006-0401
-	RESERVED
+CVE-2006-0401 (Unspecified vulnerability in Mac OS X before 10.4.6, when
running on ...)
+	TODO: check
 CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote
attackers ...)
 	NOT-FOR-US: Apple
 CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or
CoreTypes ...)
@@ -3754,8 +3840,8 @@
 	- libimager-perl <unfixed> (bug #359661)
 CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and
earlier, ...)
 	- mailman <unfixed> (bug #358892)
-CVE-2006-0051 [kaffeine ram buffer overflow]
-	RESERVED
+CVE-2006-0051 (Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2
through ...)
+	{DSA-1023-1}
 	- kaffeine 0.8-1
 CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite
arbitrary ...)
 	{DSA-1013-1}