Author: joeyh
Date: 2006-01-17 09:14:19 +0000 (Tue, 17 Jan 2006)
New Revision: 3304
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-16 21:14:23 UTC (rev 3303)
+++ data/CVE/list 2006-01-17 09:14:19 UTC (rev 3304)
@@ -1,3 +1,111 @@
+CVE-2006-0223 (Unspecified vulnerability in Shanghai TopCMM 123 Flash Chat
Server ...)
+ TODO: check
+CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in
AlstraSoft ...)
+ TODO: check
+CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in
Dragon ...)
+ TODO: check
+CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in
DCP-Portal 5.3 ...)
+ TODO: check
+CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update
from ...)
+ TODO: check
+CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB)
before ...)
+ TODO: check
+CVE-2006-0217 (Cross-site scripting (XSS) vulnerability in item.pl in Ultimate
...)
+ TODO: check
+CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644
allows ...)
+ TODO: check
+CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in
QualityEBiz ...)
+ TODO: check
+CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier
allows ...)
+ TODO: check
+CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions
pre-2.1-20051215 ...)
+ TODO: check
+CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in
Toshiba ...)
+ TODO: check
+CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp
in Helm ...)
+ TODO: check
+CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in
Interspire ...)
+ TODO: check
+CVE-2006-0209 (SQL injection vulnerability in general_functions.php in
TankLogger 2.4 ...)
+ TODO: check
+CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1
allow ...)
+ TODO: check
+CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1
allow ...)
+ TODO: check
+CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0
...)
+ TODO: check
+CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow
remote ...)
+ TODO: check
+CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in
Wordcircle 2.17 ...)
+ TODO: check
+CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does
not ...)
+ TODO: check
+CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka
PHP ...)
+ TODO: check
+CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka
PHP ...)
+ TODO: check
+CVE-2006-0200 (Format string vulnerability in the error-reporting feature in
the ...)
+ TODO: check
+CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System
1.8.2 ...)
+ TODO: check
+CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module,
possibly ...)
+ TODO: check
+CVE-2006-0197 (The XClientMessageEvent struct used in certain components of
X.Org ...)
+ TODO: check
+CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif)
0.4.4 ...)
+ TODO: check
+CVE-2006-0195
+ RESERVED
+CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in
FogBugz ...)
+ TODO: check
+CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control
Panel ...)
+ TODO: check
+CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey
1.10 ...)
+ TODO: check
+CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users
to ...)
+ TODO: check
+CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86
platform ...)
+ TODO: check
+CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46
allows ...)
+ TODO: check
+CVE-2006-0188
+ RESERVED
+CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other
...)
+ TODO: check
+CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and
possibly ...)
+ TODO: check
+CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and
possibly ...)
+ TODO: check
+CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an
e-mail ...)
+ TODO: check
+CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might
allow ...)
+ TODO: check
+CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable ...)
+ TODO: check
+CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to
bypass ...)
+ TODO: check
+CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3
and ...)
+ TODO: check
+CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in
PHP-Fusion ...)
+ TODO: check
+CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView
(OfO) ...)
+ TODO: check
+CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and
earlier ...)
+ TODO: check
+CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote
...)
+ TODO: check
+CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro
2.0 ...)
+ TODO: check
+CVE-2005-4650 (Joomla! 1.03 does not restrict the number of
"Search" Mambots, which ...)
+ TODO: check
+CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced
...)
+ TODO: check
+CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5
and ...)
+ TODO: check
+CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with
RMI ...)
+ TODO: check
CVE-2006-XXXX [knowledgetree information disclosure]
- knowledgetree <unfixed> (bug #348306; medium)
CVE-2006-XXXX [php5 response splitting]
@@ -8,7 +116,8 @@
- php4 <not-affected> (vulnerable code was introduced in PHP5)
CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes
code in ...)
NOT-FOR-US: Microsoft
-CVE-2006-0186 (Multiple SQL injection vulnerabilities in MusicBox 2.3 and
earlier ...)
+CVE-2006-0186
+ REJECTED
NOT-FOR-US: MusicBox
CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or
(2) ...)
NOT-FOR-US: PHP-Nuke
@@ -1003,7 +1112,7 @@
[sarge] - kernel-patch-vserver 1.9.5.4 (bug #329087; medium)
[sarge] - util-vserver 0.30.204-5sarge3 (bug #329090; medium)
NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to
fix this vulnerability
-CVE-2005-4346 (SQL injection vulnerability in index.php in phpBB Blog 2.2.2 and
...)
+CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and
earlier ...)
NOT-FOR-US: phpBB Blog
TODO: Double-check please, this doesn''t seem to be included in stock
phpbb
CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the
password ...)
@@ -1533,7 +1642,7 @@
NOT-FOR-US: DoceboLMS
CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4
allows ...)
NOT-FOR-US: DoceboLMS
-CVE-2005-4093 (Unspecified vulnerability in Check Point VPN-1 SecureClient NG
with ...)
+CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence
R56, ...)
NOT-FOR-US: Check Point
CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple
...)
NOT-FOR-US: Apple QuickTime
@@ -2764,8 +2873,8 @@
[sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
- libapache2-mod-auth-pgsql 2.0.2b1-7
- libapache-mod-auth-pgsql <not-affected> (Does not contain the
vulnerable ap_log_rerror() function)
-CVE-2005-3655
- RESERVED
+CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server
Remote ...)
+ TODO: check
CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote
attackers to ...)
NOT-FOR-US: Blue Coat WinProxy
CVE-2005-3653
@@ -3758,7 +3867,7 @@
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before
4.4.1 ...)
- php4 <unfixed> (bug #339577; medium)
- php5 5.1.1-1 (bug #336654; medium)
-CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module
allows ...)
+CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module
of ...)
- apache 1.3.34-2 (bug #343466; low)
- apache2 <unfixed> (bug #343467; low)
NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
@@ -3853,7 +3962,7 @@
NOT-FOR-US: Data ONTAP
CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard
(MyBB) ...)
NOT-FOR-US: MyBB
-CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Basic
Analysis and ...)
+CVE-2005-3325 (SQL injection vulnerability in base_qry_main.php in Analysis
Console ...)
{DSA-893-1}
- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
NOTE: the fix from 1.2-2 did not address the problem fully
@@ -3883,7 +3992,7 @@
NOT-FOR-US: Symantec Discovery
CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch
...)
NOT-FOR-US: Novell ZENworks
-CVE-2005-3314 (Stack-based buffer overflow in the IMAP deamon in Novell Netmail
3.5.2 ...)
+CVE-2005-3314 (Stack-based buffer overflow in the IMAP daemon in Novell Netmail
3.5.2 ...)
NOT-FOR-US: Novell Netmail
CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote
attackers ...)
[woody] - ethereal <not-affected> (Only affects version 0.10.13)
@@ -8305,7 +8414,7 @@
- pvpgn 1.7.8-2 (bug #332236; unknown)
- mysql-dfsg-4.1 (bug #319858; unimportant)
NOTE: fixed in experimental in 1:1.0.5.6-1, not yet in sid
-CVE-2005-2095 (SquirrelMail 1.4.4 and earlier does not properly handle the
$_POST ...)
+CVE-2005-2095 (options_identities.php in SquirrelMail 1.4.4 and earlier uses
the ...)
{DSA-756-1}
- squirrelmail 2:1.4.4-6sarge1 (bug #317094)
CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison
the ...)
@@ -9385,8 +9494,8 @@
NOT-FOR-US: SilverCity
CVE-2005-1940
RESERVED
-CVE-2005-1939
- RESERVED
+CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small
Business ...)
+ TODO: check
CVE-2005-1938
REJECTED
CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows
remote ...)