Author: joeyh
Date: 2006-01-10 21:14:35 +0000 (Tue, 10 Jan 2006)
New Revision: 3263
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-10 21:05:16 UTC (rev 3262)
+++ data/CVE/list 2006-01-10 21:14:35 UTC (rev 3263)
@@ -1,3 +1,61 @@
+CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22
...)
+ TODO: check
+CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10
allows ...)
+ TODO: check
+CVE-2006-0158 (SQL injection vulnerability in index.php in CyberDoc SiteSuite
CMS ...)
+ TODO: check
+CVE-2006-0157 (settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows
...)
+ TODO: check
+CVE-2006-0156 (Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows
...)
+ TODO: check
+CVE-2006-0155 (Cross-site scripting (XSS) vulnerability in posts.php in 427BB
2.2 and ...)
+ TODO: check
+CVE-2006-0154 (SQL injection vulnerability in showthread.php in 427BB 2.2 and
2.2.1 ...)
+ TODO: check
+CVE-2006-0153 (427BB 2.2 and 2.2.1 verifies authentication credentials based on
the ...)
+ TODO: check
+CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber
1.2 and ...)
+ TODO: check
+CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT
...)
+ TODO: check
+CVE-2006-0150 (Multiple format string vulnerabilities in the
auth_ldap_log_reason ...)
+ TODO: check
+CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with
...)
+ TODO: check
+CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of
...)
+ TODO: check
+CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test
script ...)
+ TODO: check
+CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used
in ...)
+ TODO: check
+CVE-2006-0145 (The lseek system call in kernfs in NetBSD 1.6 through 2.1 does
not ...)
+ TODO: check
+CVE-2006-0144 (Unspecified vulnerability in go-pear.php in PHP PEAR 0.2.2
allows ...)
+ TODO: check
+CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote
...)
+ TODO: check
+CVE-2006-0142 (Cross-site scripting (XSS) vulnerability in andromeda.php in
Andromeda ...)
+ TODO: check
+CVE-2006-0141 (Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows
remote ...)
+ TODO: check
+CVE-2006-0140 (Cross-site scripting (XSS) vulnerability in post.php in NavBoard
V16 ...)
+ TODO: check
+CVE-2006-0139 (The send-private-message functionality
(send-private-message.asp) in ...)
+ TODO: check
+CVE-2005-4641 (SQL injection vulnerability in home.php in eazyCMS 2.0 allows
remote ...)
+ TODO: check
+CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll
Software 0.4 ...)
+ TODO: check
+CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST ...)
+ TODO: check
+CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow
remote ...)
+ TODO: check
+CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+ TODO: check
+CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been
disabled, ...)
+ TODO: check
+CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1
allows ...)
+ TODO: check
CVE-2006-0162 [clamav upx heap overflow]
- clamav 0.88-1
CVE-2006-0138 (aMSN (aka Alvaro''s Messenger) allows remote attackers
to cause a ...)
@@ -149,11 +207,10 @@
NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum
Forum ...)
NOT-FOR-US: phpoutsourcing Zorum Forum
-CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15
allows ...)
+CVE-2005-4618 (Off-by-one buffer overflow in sysctl in the Linux Kernel 2.6
before ...)
- linux-2.6 <unfixed>
NOTE: Added patch tracker template
-CVE-2006-0083 [smstools logging format string issue]
- RESERVED
+CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server
Tools ...)
{DSA-930-1}
- smstools <unfixed> (bug #347221; medium)
CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other
versions, ...)
@@ -281,10 +338,10 @@
NOT-FOR-US: TUGZip
CVE-2005-4593 (PHP remote file inclusion vulnerability in phpDocumentor 1.3.0
rc4 and ...)
NOT-FOR-US: phpDocumentor
-CVE-2005-4592
- RESERVED
-CVE-2005-4591
- RESERVED
+CVE-2005-4592 (Heap-based buffer overflow in bogofilter and bogolexer 0.96.2
allows ...)
+ TODO: check
+CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2,
0.94.14, ...)
+ TODO: check
CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass
restrictions on ...)
NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator''s
passcode in the ...)
@@ -830,10 +887,10 @@
NOT-FOR-US: Webglimpse
CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1,
when ...)
NOT-FOR-US: toendaCMS
-CVE-2005-4352
- RESERVED
-CVE-2005-4351
- RESERVED
+CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and
Linux ...)
+ TODO: check
+CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier,
OpenBSD up ...)
+ TODO: check
CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before
A.01.05.12 ...)
NOT-FOR-US: WBEM Services
CVE-2005-4349 (** DISPUTED ** ...)
@@ -2607,7 +2664,7 @@
RESERVED
CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan
Security ...)
NOT-FOR-US: McAfee
-CVE-2005-3656 (Multiple format string vulnerabilities in mod_auth_pgsql before
2.0.3, ...)
+CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in
...)
- libapache2-mod-auth-pgsql <unfixed>
- libapache-mod-auth-pgsql <not-affected> (Does not contain the
vulnerable ap_log_rerror() function)
CVE-2005-3655
@@ -2857,8 +2914,7 @@
NOT-FOR-US: Tonio Gallery
CVE-2005-3541
RESERVED
-CVE-2005-3540 [buffer overflow in petris]
- RESERVED
+CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers
to ...)
{DSA-929-1}
- petris <unfixed>
CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and
earlier ...)
@@ -3568,10 +3624,10 @@
NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005
CVE-2005-3359
RESERVED
-CVE-2005-3358 (Linux kernel 2.6.x, possibly before 2.6.11, allows local users
to ...)
+CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial
of ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
TODO: check 2.4
-CVE-2005-3357 (mod_ssl in Apache 2.0.53 and 2.1.9, when configured with an SSL
vhost ...)
+CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL
vhost ...)
TODO: check
CVE-2005-3356
RESERVED
@@ -5292,8 +5348,8 @@
NOT-FOR-US: OpenTTD
CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1
allow ...)
NOT-FOR-US: OpenTTD
-CVE-2005-2762
- RESERVED
+CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in
...)
+ TODO: check
CVE-2005-2760
RESERVED
CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec
Norton ...)
@@ -6863,8 +6919,8 @@
NOT-FOR-US: Novell
CVE-2005-2345
RESERVED
-CVE-2005-2344
- RESERVED
+CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM)
...)
+ TODO: check
CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for
...)
TODO: check
CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote
attackers to ...)
@@ -11389,7 +11445,7 @@
CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
- phpmyadmin <not-affected> (Only part of examples that an admin would
need to modify anyway)
CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2
and ...)
- {DSA-934-1}
+ {DSA-934-1}
[sarge] - pound 1.8.2-1sarge1
- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
CVE-2005-1390
@@ -12734,7 +12790,7 @@
NOT-FOR-US: Interspire ArticleLive
CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain
...)
NOT-FOR-US: Vortex Portal
-CVE-2005-0879 (PHP remote code injection vulnerability in (1) content.php and
(2) ...)
+CVE-2005-0879 (PHP remote file include vulnerability in (1) content.php and (2)
...)
NOT-FOR-US: Vortex Portal
CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before
1.1.3 ...)
NOT-FOR-US: MercuryBoard