thr3ads.net - Secure testing commits - [Secure-testing-commits] r3252

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Jan-09 21:15 UTC
[Secure-testing-commits] r3252 - data/CVE

Author: joeyh
Date: 2006-01-09 21:14:25 +0000 (Mon, 09 Jan 2006)
New Revision: 3252

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-01-09 18:34:23 UTC (rev 3251)
+++ data/CVE/list	2006-01-09 21:14:25 UTC (rev 3252)
@@ -1,13 +1,159 @@
+CVE-2006-0138 (aMSN (aka Alvaro''s Messenger) allows remote attackers
to cause a ...)
+	TODO: check
+CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic
Softwares ...)
+	TODO: check
+CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the
guestbook ...)
+	TODO: check
+CVE-2006-0135 (SQL injection vulnerability in login.php in TheWebForum (twf)
1.2.1 ...)
+	TODO: check
+CVE-2006-0134 (Cross-site scripting (XSS) vulnerability in register.php in ...)
+	TODO: check
+CVE-2006-0133 (Multiple directory traversal vulnerabilities in AIX 5.3 ML03
allow ...)
+	TODO: check
+CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP
1.2.6 ...)
+	TODO: check
+CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive
...)
+	TODO: check
+CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in
...)
+	TODO: check
+CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in
...)
+	TODO: check
+CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before
...)
+	TODO: check
+CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of
Rockliffe ...)
+	TODO: check
+CVE-2006-0126 (rxvt-unicode before 6.3, on certain platforms that use openpty
and ...)
+	TODO: check
+CVE-2006-0125 (Unspecified vulnerability in appserv/main.php in AppServ 2.4.5
allows ...)
+	TODO: check
+CVE-2006-0124 (Cross-site scripting (XSS) vulnerability in crear.php in ADN
Forum ...)
+	TODO: check
+CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow
remote ...)
+	TODO: check
+CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in
...)
+	TODO: check
+CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server
before ...)
+	TODO: check
+CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and
Domino ...)
+	TODO: check
+CVE-2006-0119 (Multiple unspecified vulnerabilities in IBM Lotus Notes and
Domino ...)
+	TODO: check
+CVE-2006-0118 (Unspecified vulnerability in IBM Lotus Notes and Domino Server
before ...)
+	TODO: check
+CVE-2006-0117 (Buffer overflow in IBM Lotus Notes and Domino Server before
6.5.5 ...)
+	TODO: check
+CVE-2006-0116 (Cross-site scripting vulnerability search.inetstore in iNETstore
...)
+	TODO: check
+CVE-2006-0115 (Multiple SQL injection vulnerabilities in OnePlug Solutions
OnePlug ...)
+	TODO: check
+CVE-2006-0114 (The vCard functions in Joomla! 1.0.5 use predictable sequential
IDs ...)
+	TODO: check
+CVE-2006-0113 (Enhanced Simple PHP Gallery 1.7 allows remote attackers to
obtain the ...)
+	TODO: check
+CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in
Enhanced ...)
+	TODO: check
+CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media
...)
+	TODO: check
+CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro
Domus ...)
+	TODO: check
+CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular
Merchant ...)
+	TODO: check
+CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS
allows ...)
+	TODO: check
+CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote
attackers to ...)
+	TODO: check
+CVE-2006-0105
+	RESERVED
+CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and
earlier ...)
+	TODO: check
+CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/anyuser.hash
and (2) ...)
+	TODO: check
+CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF)
3.6 and ...)
+	TODO: check
+CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG
0.7.1 ...)
+	TODO: check
+CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow
local ...)
+	TODO: check
+CVE-2006-0099 (PHP remote file include vulnerability in (1) ...)
+	TODO: check
+CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7
and ...)
+	TODO: check
+CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in
...)
+	TODO: check
+CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before
2.4.29 ...)
+	TODO: check
+CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a
structure ...)
+	TODO: check
+CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard
1.0 ...)
+	TODO: check
+CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card
ME PHP ...)
+	TODO: check
+CVE-2006-0092 (SQL injection vulnerability in index.php in SiteSuite CMS allows
...)
+	TODO: check
+CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in
Open-Xchange ...)
+	TODO: check
+CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory
Viewer ...)
+	TODO: check
+CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers
to ...)
+	TODO: check
+CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1
Alpha ...)
+	TODO: check
+CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php
in ...)
+	TODO: check
+CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next
Generation ...)
+	TODO: check
+CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote
...)
+	TODO: check
+CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0
and ...)
+	TODO: check
+CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel
before ...)
+	TODO: check
+CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign
SupportTrio ...)
+	TODO: check
+CVE-2005-4633 (SQL injection vulnerability in index.php in phpoutsourcing Zorum
Forum ...)
+	TODO: check
+CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0
and ...)
+	TODO: check
+CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and
earlier ...)
+	TODO: check
+CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3
allows ...)
+	TODO: check
+CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote
attackers to ...)
+	TODO: check
+CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38
and ...)
+	TODO: check
+CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1)
GmailSite ...)
+	TODO: check
+CVE-2005-4626 (The default configuration of Recruitment Software installs ...)
+	TODO: check
+CVE-2005-4625 (Drivers for certain display adapters, including (1) an
unspecified ATI ...)
+	TODO: check
+CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6
allows ...)
+	TODO: check
+CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote
...)
+	TODO: check
+CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page
in ...)
+	TODO: check
+CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to
...)
+	TODO: check
+CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum
Forum ...)
+	TODO: check
+CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15
allows ...)
+	TODO: check
 CVE-2006-0083 [smstools logging format string issue]
+	RESERVED
+	{DSA-930-1}
 	- smstools <unfixed> (bug #347221; medium)
-CVE-2006-0106 [wine SETABORTPROC code execution via WMF]
+CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other
versions, ...)
 	{CVE-2005-4560}
 	- wine <unfixed> (bug #346197; medium)
-CVE-2006-0082 [Format string issue in imagemagick]
+CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in
image.c ...)
 	- imagemagick <unfixed> (bug #345876)
 CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
 	- b2evolution 0.9.1b-4 (bug #344000)
-CVE-2006-0081 (The ialmrnt5 display driver in Intel Graphics Accelerator Driver
...)
+CVE-2006-0081 (ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics
...)
 	NOT-FOR-US: Intel
 CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and
...)
 	NOT-FOR-US: vBulletin
@@ -45,8 +191,8 @@
 	NOT-FOR-US: VEGO Web Forum
 CVE-2006-0064 (PHP remote file include vulnerability in
includes/orderSuccess.inc.php ...)
 	NOT-FOR-US: CubeCart
-CVE-2006-0063
-	RESERVED
+CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when
...)
+	TODO: check
 CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and
earlier ...)
 	NOT-FOR-US: cSupport
 CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows
...)
@@ -100,7 +246,7 @@
 	RESERVED
 CVE-2006-0054
 	RESERVED
-CVE-2005-4604 (Buffer overflow in MTink allows local users to execute arbitrary
code ...)
+CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package
allows ...)
 	- mtink <not-affected> (mtink not installed SUID root)
 CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in
MyBB ...)
 	NOT-FOR-US: MyBB
@@ -309,7 +455,7 @@
 	NOT-FOR-US: PHP-Fusion
 CVE-2005-4515 (SQL injection vulnerability in WebDB 1.1 and earlier allows
remote ...)
 	NOT-FOR-US: WebDB
-CVE-2005-4514 (The encapsulation script mechanism in Webwasher CSM Appliance
Suite ...)
+CVE-2005-4514 (** DISPUTED ** ...)
 	NOT-FOR-US: Webwasher
 CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH
allows ...)
 	NOT-FOR-US: WANDSOFT e-SEARCH
@@ -1239,8 +1385,8 @@
 	NOT-FOR-US: SugarCRM
 CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar
Suite ...)
 	NOT-FOR-US: SugarCRM
-CVE-2005-4085
-	RESERVED
+CVE-2005-4085 (Buffer overflow in BlueCoat WinProxy before 6.1a allows remote
...)
+	TODO: check
 CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier
...)
 	NOT-FOR-US: phpBB eXtreme Styles module
 CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme
Styles ...)
@@ -2069,7 +2215,7 @@
 	NOT-FOR-US: Solaris 
 CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers
to ...)
 	NOT-FOR-US: IPUpdate 
-CVE-2005-3779 (Unknown vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23
...)
+CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and
11.23 ...)
 	NOT-FOR-US: HP-UX
 CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0
PR2 Rev ...)
 	NOT-FOR-US: MyBB
@@ -2400,8 +2546,8 @@
 	RESERVED
 CVE-2006-0001
 	RESERVED
-CVE-2005-3714
-	RESERVED
+CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before
Firmware ...)
+	TODO: check
 CVE-2005-3713
 	RESERVED
 CVE-2005-3712
@@ -2448,12 +2594,12 @@
 	RESERVED
 CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan
Security ...)
 	NOT-FOR-US: McAfee
-CVE-2005-3656
-	RESERVED
+CVE-2005-3656 (Multiple format string vulnerabilities in mod_auth_pgsql before
2.0.3, ...)
+	TODO: check
 CVE-2005-3655
 	RESERVED
-CVE-2005-3654
-	RESERVED
+CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote
attackers to ...)
+	TODO: check
 CVE-2005-3653
 	RESERVED
 CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client
9.0 ...)
@@ -2509,25 +2655,26 @@
 	RESERVED
 CVE-2005-3628 [further xpdf overflow check]
 	RESERVED
+	{DSA-932-1 DSA-931-1}
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
-CVE-2005-3627 [xpdf buffer overflow]
-	RESERVED
+CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf,
pdftohtml, ...)
+	{DSA-932-1 DSA-931-1}
 	- poppler 0.4.3-2
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
-CVE-2005-3626 [xpdf null pointer dos]
-	RESERVED
+CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml,
poppler, ...)
+	{DSA-932-1 DSA-931-1}
 	- poppler 0.4.3-2
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
-CVE-2005-3625 [xpdf endless loop]
-	RESERVED
+CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml,
poppler, ...)
+	{DSA-932-1 DSA-931-1}
 	- poppler 0.4.3-2
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
-CVE-2005-3624 [xpdf heap overflow]
-	RESERVED
+CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for
xpdf, ...)
+	{DSA-932-1 DSA-931-1}
 	- poppler 0.4.3-2
 	- kdegraphics 3.5.0-3
 	- xpdf 3.01-4
@@ -2698,13 +2845,12 @@
 	RESERVED
 CVE-2005-3540 [buffer overflow in petris]
 	RESERVED
+	{DSA-929-1}
 	- petris <unfixed>
-CVE-2005-3539 [hylafax notify missing input sanitising]
-	RESERVED
+CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and
earlier ...)
 	- hylafax 2:4.2.4-2
 	NOTE: First patch had regressions
-CVE-2005-3538 [hylafax hfaxd PAM breakage]
-	RESERVED
+CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts
...)
 	- hylafax 2:4.2.4-1
 CVE-2005-3537 (A &quot;missing request validation&quot; error in phpBB
2 before 2.0.18 allows ...)
 	{DSA-925-1}
@@ -3410,8 +3556,8 @@
 CVE-2005-3358 (Linux kernel 2.6.x, possibly before 2.6.11, allows local users
to ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	TODO: check 2.4
-CVE-2005-3357
-	RESERVED
+CVE-2005-3357 (mod_ssl in Apache 2.0.53 and 2.1.9, when configured with an SSL
vhost ...)
+	TODO: check
 CVE-2005-3356
 	RESERVED
 CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8
has ...)
@@ -3965,6 +4111,7 @@
 CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1
(International), ...)
 	NOT-FOR-US: ALZip
 CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream
function ...)
+	{DSA-932-1 DSA-931-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
 	- gpdf 2.10.0-1 (bug #342286; medium)
 	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
@@ -3976,6 +4123,7 @@
 	- libextractor 0.5.8-1 (medium)
 	- cupsys 1.1.23-13 (unimportant)
 CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in
Xpdf ...)
+	{DSA-932-1 DSA-931-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
 	- gpdf 2.10.0-1 (bug #342286; medium)
 	- pdftohtml <unfixed> (bug #342289; medium)
@@ -3988,6 +4136,7 @@
 	- libextractor 0.5.8-1 (medium)
 	- cupsys 1.1.23-13 (unimportant)
 CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
+	{DSA-932-1 DSA-931-1}
 	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
 	- gpdf 2.10.0-1 (bug #342286; medium)
 	- pdftohtml <unfixed> (bug #342289; medium)
@@ -4004,8 +4153,8 @@
 	NOT-FOR-US: Qualcomm WorldMail IMAP Server
 CVE-2005-3188
 	RESERVED
-CVE-2005-3187
-	RESERVED
+CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before
6.1a ...)
+	TODO: check
 CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering
library in ...)
 	{DSA-913-1 DSA-911-1}
 	- gtk+2.0 2.6.10-2 (bug #339431; medium)
@@ -5234,7 +5383,7 @@
 	{DSA-826-1}
 	NOTE: see  http://www.open-security.org/advisories/13
 	- helix-player 1.0.6-1 (bug #330364; high)
-CVE-2005-2709 (sysctl.c in Linux kernel before 2.6.14.1 allows local users to
cause a ...)
+CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before
2.6.14.1 ...)
 	- linux-2.6 2.6.14-3
 	NOTE: Send to Horms as usual
 CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel
on ...)
Secure testing commits - Jan 2006 - r3252 - data/CVE

[Secure-testing-commits] r3252 - data/CVE
