Secure testing commits - Mar 2006 - r3610 - data/CVE

Author: joeyh
Date: 2006-03-14 09:14:27 +0000 (Tue, 14 Mar 2006)
New Revision: 3610

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-03-13 21:14:23 UTC (rev 3609)
+++ data/CVE/list	2006-03-14 09:14:27 UTC (rev 3610)
@@ -1,3 +1,187 @@
+CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for
Mac ...)
+	TODO: check
+CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier,
and ...)
+	TODO: check
+CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell
BorderManager ...)
+	TODO: check
+CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in
Runcms 1.x ...)
+	TODO: check
+CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab
...)
+	TODO: check
+CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified
...)
+	TODO: check
+CVE-2006-1213 (JiRo''s Banner System Experience and Professional 1.0
and earlier ...)
+	TODO: check
+CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1
allows ...)
+	TODO: check
+CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a
MySQL ...)
+	TODO: check
+CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure
3.0.236 ...)
+	TODO: check
+CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive
...)
+	TODO: check
+CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to
execute ...)
+	TODO: check
+CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with
...)
+	TODO: check
+CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in
...)
+	TODO: check
+CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland
...)
+	TODO: check
+CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum
...)
+	TODO: check
+CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum
...)
+	TODO: check
+CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in
textfileBB 1.0 ...)
+	TODO: check
+CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net
...)
+	TODO: check
+CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in
daverave ...)
+	TODO: check
+CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in
daverave ...)
+	TODO: check
+CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to
encrypt a ...)
+	TODO: check
+CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver
with ...)
+	TODO: check
+CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki
1.5 ...)
+	TODO: check
+CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c
for ENet ...)
+	TODO: check
+CVE-2006-1194 (Integer signedness error in the
enet_protocol_handle_incoming_commands ...)
+	TODO: check
+CVE-2006-1193
+	RESERVED
+CVE-2006-1192
+	RESERVED
+CVE-2006-1191
+	RESERVED
+CVE-2006-1190
+	RESERVED
+CVE-2006-1189
+	RESERVED
+CVE-2006-1188
+	RESERVED
+CVE-2006-1187
+	RESERVED
+CVE-2006-1186
+	RESERVED
+CVE-2006-1185
+	RESERVED
+CVE-2006-1184
+	RESERVED
+CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from
the ...)
+	TODO: check
+CVE-2006-1182
+	RESERVED
+CVE-2006-1181
+	RESERVED
+CVE-2006-1180
+	RESERVED
+CVE-2006-1179
+	RESERVED
+CVE-2006-1178
+	RESERVED
+CVE-2006-1177
+	RESERVED
+CVE-2006-1176
+	RESERVED
+CVE-2006-1175
+	RESERVED
+CVE-2006-1174
+	RESERVED
+CVE-2006-1173
+	RESERVED
+CVE-2006-1172
+	RESERVED
+CVE-2006-1171
+	RESERVED
+CVE-2006-1170
+	RESERVED
+CVE-2006-1169
+	RESERVED
+CVE-2006-1168
+	RESERVED
+CVE-2006-1167
+	RESERVED
+CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager
module in ...)
+	TODO: check
+CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the
list.gtdat file ...)
+	TODO: check
+CVE-2006-1163 (Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows
...)
+	TODO: check
+CVE-2006-1162 (Directory traversal vulnerability in Nodez 4.6.1.1 and earlier
allows ...)
+	TODO: check
+CVE-2006-1161 (Absolute path traversal vulnerability in Easy File Sharing (EFS)
Web ...)
+	TODO: check
+CVE-2006-1160 (Cross-site scripting (XSS) vulnerability in Easy File Sharing
(EFS) ...)
+	TODO: check
+CVE-2006-1159 (Format string vulnerability in Easy File Sharing (EFS) Web
Server 3.2 ...)
+	TODO: check
+CVE-2006-1158 (Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to
cause ...)
+	TODO: check
+CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum
2.0.3 ...)
+	TODO: check
+CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership
Script ...)
+	TODO: check
+CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site
...)
+	TODO: check
+CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in
Fantastic ...)
+	TODO: check
+CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote
attackers ...)
+	TODO: check
+CVE-2006-1152 (PHP remote file inclusion vulnerability in index.php in M-Phorum
0.2 ...)
+	TODO: check
+CVE-2006-1151 (Cross-site scripting vulnerability in index.php in M-Phorum 0.2
allows ...)
+	TODO: check
+CVE-2006-1150 (Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, ...)
+	TODO: check
+CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in
OWL ...)
+	TODO: check
+CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs
function ...)
+	TODO: check
+CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold
...)
+	TODO: check
+CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in
g_cmds.c in ...)
+	TODO: check
+CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in ...)
+	TODO: check
+CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows
...)
+	TODO: check
+CVE-2006-1143 (Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine
1.1 ...)
+	TODO: check
+CVE-2006-1142 (Unspecified vulnerability in Ravenous Web Server before 0.7.1
allows ...)
+	TODO: check
+CVE-2006-1141 (Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10
allows ...)
+	TODO: check
+CVE-2006-1140 (SQL injection vulnerability in rss.php in RedBLoG 0.5 allows
remote ...)
+	TODO: check
+CVE-2006-1139 (Unspecified vulnerability in the ESS/ Network Controller in
Xerox ...)
+	TODO: check
+CVE-2006-1138 (Unspecified vulnerability in the web server code in Xerox
CopyCentre ...)
+	TODO: check
+CVE-2006-1137 (Multiple unspecified vulnerabilities in Xerox CopyCentre and
Xerox ...)
+	TODO: check
+CVE-2006-1136 (Buffer overflow in the PostScript file interpreter code for
Xerox ...)
+	TODO: check
+CVE-2006-1135 (Multiple cross-site scripting (XSS) vulnerabilities in sBlog
0.7.2 ...)
+	TODO: check
+CVE-2006-1134 (SQL injection vulnerability in CyBoards PHP Lite 1.25, when ...)
+	TODO: check
+CVE-2006-1133 (Multiple cross-site scripting (XSS) vulnerabilities in vbzoom
1.11 ...)
+	TODO: check
+CVE-2006-1132 (SQL injection vulnerability in show.php in vbzoom 1.11 allow
remote ...)
+	TODO: check
+CVE-2006-1131 (Cross-site scripting (XSS) vulnerability in read.php in
bitweaver CMS ...)
+	TODO: check
+CVE-2006-1130 (Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3
allows ...)
+	TODO: check
+CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3
allows ...)
+	TODO: check
+CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows
remote ...)
+	TODO: check
 CVE-2006-XXXX [gallery2: local file inclusion]
 	- gallery2 2.0.4-1
 CVE-2006-XXXX [Unspecified security problem in Peercast]
@@ -4,7 +188,7 @@
 	- peercast 0.1217-1
 CVE-2006-XXXX [Directory traversal issue in Namazu2]
 	- namazu2 2.0.16-1
-CVE-2006-1166 [Lua code execution in Monotone]
+CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a
directory ...)
 	- monotone <unfixed> (low)
 	NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on
 	NOTE: the client.
@@ -115,7 +299,7 @@
 CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd
2.25b, ...)
 	- thttpd 2.23beta1-2.4 (bug #253816; low)
 	NOTE: apache''s htpasswd not vulnerable
-CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Evo-Dev
evoBlog ...)
+CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the
commentary ...)
 	NOT-FOR-US: Evo-Dev evoBlog
 CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a
showtopic ...)
 	NOT-FOR-US: checkInvision Power Board 
@@ -359,7 +543,7 @@
 	TODO: check
 CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers
to ...)
 	TODO: check
-CVE-2006-0961 (SQL injection vulnerability in Cilem News 1.1 allows remote
attackers ...)
+CVE-2006-0961 (SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1
allows ...)
 	TODO: check
 CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote
...)
 	TODO: check
@@ -381,8 +565,8 @@
 	RESERVED
 CVE-2006-0951
 	RESERVED
-CVE-2006-0950
-	RESERVED
+CVE-2006-0950 (unalz 0.53 allows user-complicit attackers to overwrite
arbitrary ...)
+	TODO: check
 CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code
of ...)
 	TODO: check
 CVE-2006-0948
@@ -669,10 +853,10 @@
 	TODO: check
 CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows
remote ...)
 	TODO: check
-CVE-2006-0820
-	RESERVED
-CVE-2006-0819
-	RESERVED
+CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server
1.3.2 ...)
+	TODO: check
+CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the
source ...)
+	TODO: check
 CVE-2006-0818
 	RESERVED
 CVE-2006-0817
@@ -1019,8 +1203,8 @@
 	NOT-FOR-US: Forum Light
 CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows
remote ...)
 	NOT-FOR-US: PwsPHP
-CVE-2006-0667
-	RESERVED
+CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify
arbitrary ...)
+	TODO: check
 CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64
kernels ...)
 	NOT-FOR-US: AIX
 CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
@@ -1275,8 +1459,8 @@
 	RESERVED
 CVE-2006-0558
 	RESERVED
-CVE-2006-0557
-	RESERVED
+CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does
not ...)
+	TODO: check
 CVE-2006-0556
 	RESERVED
 CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a
denial ...)
@@ -1576,8 +1760,8 @@
 	RESERVED
 CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...)
 	TODO: check
-CVE-2006-0457
-	RESERVED
+CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3)
keyctl ...)
+	TODO: check
 CVE-2006-0456
 	RESERVED
 CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature
...)
@@ -2704,8 +2888,7 @@
 	RESERVED
 CVE-2006-0050
 	RESERVED
-CVE-2006-0049
-	RESERVED
+CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify
non-detached ...)
 	{DSA-993-2}
 	- gnupg 1.4.2.2-1 (medium)
 CVE-2006-0048
@@ -2975,8 +3158,7 @@
 	- libapreq2 2.07-1
 CVE-2006-0041
 	RESERVED
-CVE-2006-0040 [Evolution local DoS through malformed mbox]
-	RESERVED
+CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to
cause a ...)
 	- evolution <unfixed>
 CVE-2006-0039
 	RESERVED
@@ -5360,8 +5542,8 @@
 	- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced
later)
 	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was
introduced later)
 	NOTE:
http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
-CVE-2005-3526
-	RESERVED
+CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration
Suite ...)
+	TODO: check
 CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the
installer ...)
 	TODO: check
 CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in
ManageEngine ...)