thr3ads.net - Secure testing commits - [Secure-testing-commits] r3275

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Jan-12 09:14 UTC
[Secure-testing-commits] r3275 - data/CVE

Author: joeyh
Date: 2006-01-12 09:14:20 +0000 (Thu, 12 Jan 2006)
New Revision: 3275

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-01-12 08:52:45 UTC (rev 3274)
+++ data/CVE/list	2006-01-12 09:14:20 UTC (rev 3275)
@@ -1,3 +1,68 @@
+CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes
code in ...)
+	TODO: check
+CVE-2006-0186 (Multiple SQL injection vulnerabilities in MusicBox 2.3 and
earlier ...)
+	TODO: check
+CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or
(2) ...)
+	TODO: check
+CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow
remote ...)
+	TODO: check
+CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal
...)
+	TODO: check
+CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers
to ...)
+	TODO: check
+CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System
(CS-MARS) ...)
+	TODO: check
+CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars
1.2.2 ...)
+	TODO: check
+CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows
local ...)
+	TODO: check
+CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow
local ...)
+	TODO: check
+CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...)
+	TODO: check
+CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in
Web Wiz ...)
+	TODO: check
+CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise
Collaboration) ...)
+	TODO: check
+CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise
Collaboration) ...)
+	TODO: check
+CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager
utility ...)
+	TODO: check
+CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb
...)
+	TODO: check
+CVE-2006-0170
+	REJECTED
+	TODO: check
+CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded
files, ...)
+	TODO: check
+CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows
...)
+	TODO: check
+CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote
attackers ...)
+	TODO: check
+CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and
2006 ...)
+	TODO: check
+CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries
...)
+	TODO: check
+CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals
is ...)
+	TODO: check
+CVE-2006-0163 (SQL injection vulnerability in the search module ...)
+	TODO: check
+CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has
unknown ...)
+	TODO: check
+CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl
Forums 2.4 ...)
+	TODO: check
+CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl
Forums 2.4 ...)
+	TODO: check
+CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote
...)
+	TODO: check
+CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML
WikiProcessor in ...)
+	TODO: check
+CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent
// CMS ...)
+	TODO: check
+CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB
1.0.0 ...)
+	TODO: check
 CVE-2006-XXXX [xmame buffer overflows]
 	- xmame <unfixed>
 	NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf
@@ -37,7 +102,7 @@
 	TODO: check
 CVE-2006-0145 (The lseek system call in kernfs in NetBSD 1.6 through 2.1 does
not ...)
 	TODO: check
-CVE-2006-0144 (Unspecified vulnerability in go-pear.php in PHP PEAR 0.2.2
allows ...)
+CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2 allows
...)
 	TODO: check
 CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote
...)
 	TODO: check
@@ -65,7 +130,7 @@
 	NOTE: If the admin doesn''t web browsing, why is one
installed/enabled?
 CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1
allows ...)
 	TODO: check
-CVE-2006-0162 [clamav upx heap overflow]
+CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus
...)
 	- clamav 0.88-1
 end claimed by jmm
 CVE-2006-0138 (aMSN (aka Alvaro''s Messenger) allows remote attackers
to cause a ...)
@@ -133,8 +198,7 @@
 	NOT-FOR-US: Timecan CMS 
 CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote
attackers to ...)
 	NOT-FOR-US: Timecan CMS 
-CVE-2006-0105 [Windows-only DoS vulnerability affecting the postmaster process]
-	RESERVED
+CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when
running on ...)
 	NOT-FOR-US: PostgreSQL on Windows
 CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and
earlier ...)
 	NOT-FOR-US: TinyPHPForum
@@ -217,7 +281,7 @@
 	NOT-FOR-US: WinRAR
 CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum
Forum ...)
 	NOT-FOR-US: phpoutsourcing Zorum Forum 
-CVE-2005-4618 (Off-by-one buffer overflow in sysctl in the Linux Kernel 2.6
before ...)
+CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15
allows ...)
 	- linux-2.6 <unfixed>
 	NOTE: Added patch tracker template
 CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server
Tools ...)
@@ -322,10 +386,10 @@
 	RESERVED
 CVE-2006-0056
 	RESERVED
-CVE-2006-0055
-	RESERVED
-CVE-2006-0054
-	RESERVED
+CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses
predictable ...)
+	TODO: check
+CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers
to ...)
+	TODO: check
 CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package
allows ...)
 	- mtink <not-affected> (mtink not installed SUID root)
 CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in
MyBB ...)
@@ -645,8 +709,8 @@
 	- linux-2.6 <unfixed>
 	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not
present)
 	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not
present)
-CVE-2006-0035
-	RESERVED
+CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel
2.6.15 ...)
+	TODO: check
 CVE-2006-0019
 	RESERVED
 CVE-2005-4474 (Buffer overflow in the &quot;Add to archive&quot;
command in WinRAR 3.51 allows ...)
@@ -1383,9 +1447,11 @@
 	TODO: Once dislosed, check, whether this affects Helix
 CVE-2005-4129
 	REJECTED
-CVE-2005-4128 (** UNVERIFIABLE, PRERELEASE ** ...)
+CVE-2005-4128
+	REJECTED
 	NOT-FOR-US: Apple Quicktime
-CVE-2005-4127 (** UNVERIFIABLE, PRERELEASE ** ...)
+CVE-2005-4127
+	REJECTED
 	NOT-FOR-US: iTunes
 CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...)
 	TODO: Once dislosed, check, whether this affects Helix
@@ -1457,7 +1523,7 @@
 	NOT-FOR-US: DoceboLMS
 CVE-2005-4093 (Unspecified vulnerability in Check Point VPN-1 SecureClient NG
with ...)
 	NOT-FOR-US: Check Point
-CVE-2005-4092 (Heap-based buffer overflow in Apple QuickTime Player 7.0.3 and
iTunes ...)
+CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple
...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in
1-Script ...)
 	NOT-FOR-US: 1-Script 1-Search
@@ -1849,8 +1915,8 @@
 	RESERVED
 CVE-2006-0021
 	RESERVED
-CVE-2006-0020
-	RESERVED
+CVE-2006-0020 (An unspecified Microsoft WMF parsing application allows
attackers to ...)
+	TODO: check
 CVE-2006-0018
 	REJECTED
 CVE-2005-3961 (WebCalendar 1.0.1 allows remote attackers to overwrite
WebCalendar ...)
@@ -2612,8 +2678,8 @@
 	RESERVED
 CVE-2006-0011
 	RESERVED
-CVE-2006-0010
-	RESERVED
+CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows
2000 ...)
+	TODO: check
 CVE-2006-0009
 	RESERVED
 CVE-2006-0008
@@ -2628,26 +2694,26 @@
 	RESERVED
 CVE-2006-0003
 	RESERVED
-CVE-2006-0002
-	RESERVED
+CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 200 through 2003,
...)
+	TODO: check
 CVE-2006-0001
 	RESERVED
 CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before
Firmware ...)
 	NOT-FOR-US: Apple AirPort
-CVE-2005-3713
-	RESERVED
+CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4
allows ...)
+	TODO: check
 CVE-2005-3712
 	RESERVED
-CVE-2005-3711
-	RESERVED
-CVE-2005-3710
-	RESERVED
-CVE-2005-3709
-	RESERVED
-CVE-2005-3708
-	RESERVED
-CVE-2005-3707
-	RESERVED
+CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote
...)
+	TODO: check
+CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote
...)
+	TODO: check
+CVE-2005-3709 (Integer underflow in Apple Quicktime before 7.0.4 allows remote
...)
+	TODO: check
+CVE-2005-3708 (Integer overflow in Apple Quicktime before 7.0.4 allows remote
...)
+	TODO: check
+CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote
...)
+	TODO: check
 CVE-2005-3706
 	RESERVED
 CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server
...)
@@ -4784,7 +4850,7 @@
 	NOT-FOR-US: YaST
 CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for
...)
 	NOT-FOR-US: SimpleCDR-X
-CVE-2005-3011 (texindex in texinfo 4.8 and earlier allows local users to
overwrite ...)
+CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and
earlier ...)
 	- texinfo 4.8-1 (bug #328365; low)
 CVE-2005-3010 (Direct static code injection vulnerability in the flood
protection ...)
 	NOT-FOR-US: CuteNews
@@ -6943,8 +7009,8 @@
 	TODO: check
 CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM)
BlackBerry ...)
 	TODO: check
-CVE-2005-2340
-	RESERVED
+CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4
allows ...)
+	TODO: check
 CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version
of ...)
 	NOT-FOR-US: unicode msearch
 CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
2.0.12 JP ...)
@@ -15182,7 +15248,7 @@
 	NOT-FOR-US: ReviewPost
 CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in
ReviewPost PHP ...)
 	NOT-FOR-US: ReviewPost
-CVE-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only
verifies ...)
+CVE-2005-0269 (The file extension check in GNUBoard 3.40 and earlier only
verifies ...)
 	NOT-FOR-US: GNUBoard
 CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows
remote ...)
 	NOT-FOR-US: FlatNuke
@@ -17447,8 +17513,7 @@
 CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the
Icecast ...)
 	{DSA-541}
 	- icecast-server 1:1.3.12-8
-CVE-2004-0780 [CLI buffer overflow in /usr/bin/uustat on Solaris 8 and 9]
-	RESERVED
+CVE-2004-0780 (Buffer overflow in uustat in Sun Solaris 8 and 9 allows local
users to ...)
 	NOT-FOR-US: Solaris
 CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web
browsers ...)
 	- mozilla 2:1.7
Secure testing commits - Jan 2006 - r3275 - data/CVE

[Secure-testing-commits] r3275 - data/CVE
