thr3ads.net - Secure testing commits - [Secure-testing-commits] r3824

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Apr-18 09:15 UTC
[Secure-testing-commits] r3824 - data/CVE

Author: joeyh
Date: 2006-04-18 09:14:24 +0000 (Tue, 18 Apr 2006)
New Revision: 3824

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-04-18 07:25:44 UTC (rev 3823)
+++ data/CVE/list	2006-04-18 09:14:24 UTC (rev 3824)
@@ -1,3 +1,79 @@
+CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe
Gallery ...)
+	TODO: check
+CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in
phpLinks ...)
+	TODO: check
+CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and
earlier ...)
+	TODO: check
+CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in
FarsiNews ...)
+	TODO: check
+CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1
allows ...)
+	TODO: check
+CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX
0.9.1 ...)
+	TODO: check
+CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in
...)
+	TODO: check
+CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in
warforge.NEWS ...)
+	TODO: check
+CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS
1.0, ...)
+	TODO: check
+CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1,
3.5.2, and ...)
+	TODO: check
+CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in
register.php in ...)
+	TODO: check
+CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a
denial of ...)
+	TODO: check
+CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2
and ...)
+	TODO: check
+CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web
document root ...)
+	TODO: check
+CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA
allow ...)
+	TODO: check
+CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB
0.5.5 ...)
+	TODO: check
+CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain
...)
+	TODO: check
+CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in
Lifetype ...)
+	TODO: check
+CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox
2.3.3 ...)
+	TODO: check
+CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in
Musicbox ...)
+	TODO: check
+CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14
allows ...)
+	TODO: check
+CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1
allows ...)
+	TODO: check
+CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in
phpMyAdmin ...)
+	TODO: check
+CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+	TODO: check
+CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in planetsearchplus.php
in ...)
+	TODO: check
+CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS
1.0.6 ...)
+	TODO: check
+CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows
remote ...)
+	TODO: check
+CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows
local ...)
+	TODO: check
+CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links
...)
+	TODO: check
+CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi
in UPDI ...)
+	TODO: check
+CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly
...)
+	TODO: check
+CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier
allows ...)
+	TODO: check
+CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable
Standard ...)
+	TODO: check
+CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4
...)
+	TODO: check
+CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote
attackers to ...)
+	TODO: check
+CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and
...)
+	TODO: check
 CVE-2006-XXXX [two amaya buffer overflows]
 	- amaya <unfixed> (bug #362575)
 CVE-2006-XXXX [kphone stores SIP passwords in world readable files]
@@ -124,15 +200,13 @@
 	- mozilla-browser <unfixed> (medium)
 	- thunderbird <unfixed> (low)
 	- mozilla-thunderbird <unfixed> (low)
-CVE-2006-1738
-	RESERVED
+CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x
...)
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla-browser <unfixed> (medium)
 	- thunderbird <unfixed> (low)
 	- mozilla-thunderbird <unfixed> (low)
-CVE-2006-1737
-	RESERVED
+CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before
1.5 and ...)
 	- firefox <unfixed> (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla-browser <unfixed> (medium)
@@ -275,6 +349,7 @@
 CVE-2006-XXXX [firebird local DoS]
 	- firebird2 1.5.3.4870-4 (bug #362001)
 CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames 2.17-7 allows
local ...)
+	{DSA-1036-1}
 	- bsdgames 2.17-7 (bug #360989)
 CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive
script ...)
 	- mailman <unfixed>
@@ -342,7 +417,7 @@
 	- cherokee 0.5.1-1
 CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote
...)
 	NOT-FOR-US: Jupiter CMS
-CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php
Jupiter ...)
+CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php
in ...)
 	NOT-FOR-US: Jupiter CMS
 CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
 	- phpmyadmin 4:2.8.0.3-1 (bug #362567)
@@ -939,10 +1014,10 @@
 	RESERVED
 CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in
Andy''s PHP ...)
 	NOT-FOR-US: aphpkb
-CVE-2006-1437
-	RESERVED
-CVE-2006-1436
-	RESERVED
+CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the
web ...)
+	TODO: check
+CVE-2006-1436 (Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1
Event ...)
+	TODO: check
 CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in
...)
 	NOT-FOR-US: Accounting Receiving and Inventory Administration (ARIA),
different from debian aria
 CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in
...)
@@ -965,7 +1040,8 @@
 	NOT-FOR-US: Blog Pixel Motion
 CVE-2006-1425 (Cross-site scripting (XSS) vulnerability in track.php in
phpmyfamily ...)
 	NOT-FOR-US: phpmyfamily
-CVE-2006-1424 (Cross-site scripting (XSS) vulnerability in index.php in
ConfTool 1.1 ...)
+CVE-2006-1424
+	REJECTED
 	NOT-FOR-US: ConfTool
 CVE-2006-1423 (SQL injection vulnerability in showflat.php in UBB.threads
5.5.1, 6.0 ...)
 	NOT-FOR-US: UBB.threads
@@ -1062,7 +1138,7 @@
 	NOT-FOR-US: Cisco
 CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in
the ...)
 	NOT-FOR-US: IBM Tivoli Business Systems Manager
-CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server 1.24 allows
...)
+CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server (BabyFTP)
1.24 ...)
 	NOT-FOR-US: Baby FTP Server
 CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php
in ...)
 	NOT-FOR-US: vBulletin
@@ -1072,9 +1148,9 @@
 	NOT-FOR-US: Trend Micro
 CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and ...)
 	NOT-FOR-US: Trend Micro
-CVE-2003-1300 (Unspecified vulnerability in Baby FTP Server versions before May
31, ...)
+CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions
before May ...)
 	NOT-FOR-US: Baby FTP Server
-CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server versions
before ...)
+CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server 1.2, and
possibly ...)
 	NOT-FOR-US: Baby FTP Server
 CVE-2002-2209 (Unspecified &quot;security vulnerability&quot; in Baby
FTP Server versions ...)
 	NOT-FOR-US: Baby FTP Server
@@ -1180,7 +1256,7 @@
 	NOT-FOR-US: Noah''s Classifieds 
 CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	NOT-FOR-US: Noah''s Classifieds 
-CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite allow
remote ...)
+CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and
earlier ...)
 	NOT-FOR-US: phpWebsite
 CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11
allows ...)
 	- jabberd2 <unfixed> (bug #357874)
@@ -1309,7 +1385,7 @@
 	NOT-FOR-US: xhawk.net discussion
 CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion
2.0 ...)
 	NOT-FOR-US: xhawk.net discussion
-CVE-2006-1263 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
...)
+CVE-2006-1263 (Multiple &quot;unannounced&quot; cross-site scripting
(XSS) vulnerabilities in ...)
 	- wordpress 2.0.2-1
 CVE-2006-1262 (Multiple SQL injection vulnerabilities in ASPPortal 3.00 have
unknown ...)
 	NOT-FOR-US: ASPPortal
@@ -2190,7 +2266,7 @@
 	- coppermine <itp> (bug #259206)
 CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine
Photo ...)
 	- coppermine <itp> (bug #259206)
-CVE-2006-0871 (Unspecified vulnerability in Mambo 4.5.3, 4.5.3h, and possibly
...)
+CVE-2006-0871 (Directory traversal vulnerability in the _setTemplate function
in ...)
 	- mambo <unfixed> (bug #354468)
 	NOTE: only in experimental
 CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System
1.8.2 ...)
@@ -2466,8 +2542,7 @@
 	- xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium)
 	- xorg-server 1:1.0.2-1
 	- xfree86 <not-affected>
-CVE-2006-0744 [x86_64: When user could have changed RIP always force IRET]
-	RESERVED
+CVE-2006-0744 (Linux kernel before 2.6.16.5 does not properly handle
uncanonical ...)
 	- linux-2.6 2.6.16-7
 CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache
log4net ...)
 	NOT-FOR-US: Log4Net
@@ -2674,9 +2749,9 @@
 	NOT-FOR-US: SmE GB Host
 CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5
and ...)
 	NOT-FOR-US: FarsiNews
-CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in Runcms 1.2
and ...)
+CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2
and ...)
 	NOT-FOR-US: Runcms
-CVE-2006-0658 (Incomplete blacklist vulnerability in FCKeditor 2.0 and 2.2, as
used ...)
+CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor
2.0 ...)
 	NOT-FOR-US: FCKeditor
 CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP
Event ...)
 	NOT-FOR-US: Softcomplex
@@ -2756,7 +2831,7 @@
 	NOTE: brute-force password guessing and as password seeding is based on
milliseconds
 	NOTE: NTP-timed attacks may even be in the area of a couple thousands attempts
 	NOTE: instead of a million
-CVE-2006-0631 (CRLF injection vulnerability in Erik C. Thauvin mailback allows
remote ...)
+CVE-2006-0631 (CRLF injection vulnerability in mailback.pl in Erik C. Thauvin
...)
 	NOT-FOR-US: Erik C. Thauvin mailback
 CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important
headers ...)
 	NOT-FOR-US: The Bat!
@@ -2854,7 +2929,7 @@
 	NOT-FOR-US: Oracle
 CVE-2006-0585 (jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier
allows ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-0584 (The PSCipher function in PeopleSoft People Tools 8.4x uses weak
...)
+CVE-2006-0584 (The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS
#5 ...)
 	NOT-FOR-US: PeopleSoft People Tools
 CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy
3.0 and ...)
 	NOT-FOR-US: Clever Copy
@@ -2908,8 +2983,8 @@
 	RESERVED
 CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee
WebShield ...)
 	TODO: check
-CVE-2006-0558
-	RESERVED
+CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows
local ...)
+	TODO: check
 CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does
not ...)
 	- linux-2.6 <unfixed>
 CVE-2006-0556
@@ -4132,7 +4207,8 @@
 	NOT-FOR-US: oaBoard
 CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card
ME PHP ...)
 	NOT-FOR-US: @Card ME PHP 
-CVE-2006-0092 (SQL injection vulnerability in index.php in SiteSuite CMS allows
...)
+CVE-2006-0092
+	REJECTED
 	NOT-FOR-US: SiteSuite CMS
 CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in
Open-Xchange ...)
 	NOT-FOR-US: Open-Xchange
Secure testing commits - Apr 2006 - r3824 - data/CVE

[Secure-testing-commits] r3824 - data/CVE
