thr3ads.net - Secure testing commits - [Secure-testing-commits] r3323

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Jan-19 21:15 UTC
[Secure-testing-commits] r3323 - data/CVE

Author: joeyh
Date: 2006-01-19 21:14:24 +0000 (Thu, 19 Jan 2006)
New Revision: 3323

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-01-19 14:29:08 UTC (rev 3322)
+++ data/CVE/list	2006-01-19 21:14:24 UTC (rev 3323)
@@ -1,5 +1,201 @@
-CVE-2006-0223 (Unspecified vulnerability in Shanghai TopCMM 123 Flash Chat
Server ...)
+CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5
Blog ...)
 	TODO: check
+CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port
22003/tcp) ...)
+	TODO: check
+CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when
...)
+	TODO: check
+CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in
...)
+	TODO: check
+CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You''ve Got
Pictures (YGP) ...)
+	TODO: check
+CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse
the p ...)
+	TODO: check
+CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext,
which ...)
+	TODO: check
+CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before
1.0 ...)
+	TODO: check
+CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows
...)
+	TODO: check
+CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows
...)
+	TODO: check
+CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows
remote ...)
+	TODO: check
+CVE-2006-0308 (PHP remote file include vulnerability in HTMLtonuke.php in
HTMLtoNuke ...)
+	TODO: check
+CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer
...)
+	TODO: check
+CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common
Component in ...)
+	TODO: check
+CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running
firmware ...)
+	TODO: check
+CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing
component, ...)
+	TODO: check
+CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware
WV.00.02 ...)
+	TODO: check
+CVE-2006-0301
+	RESERVED
+CVE-2006-0300
+	RESERVED
+CVE-2006-0299
+	RESERVED
+CVE-2006-0298
+	RESERVED
+CVE-2006-0297
+	RESERVED
+CVE-2006-0296
+	RESERVED
+CVE-2006-0295
+	RESERVED
+CVE-2006-0294
+	RESERVED
+CVE-2006-0293
+	RESERVED
+CVE-2006-0292
+	RESERVED
+CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server
...)
+	TODO: check
+CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7,
...)
+	TODO: check
+CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application
Server ...)
+	TODO: check
+CVE-2006-0288 (Unspecified vulnerability in the Oracle Reports Developer
component of ...)
+	TODO: check
+CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of
...)
+	TODO: check
+CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of
...)
+	TODO: check
+CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle
Database ...)
+	TODO: check
+CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application
Server ...)
+	TODO: check
+CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2,
...)
+	TODO: check
+CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4,
9.0.1.5, ...)
+	TODO: check
+CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server
8.95.F1 ...)
+	TODO: check
+CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal
8.4 ...)
+	TODO: check
+CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
+	TODO: check
+CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
+	TODO: check
+CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
+	TODO: check
+CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration
Suite ...)
+	TODO: check
+CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer
component of ...)
+	TODO: check
+CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer
component of ...)
+	TODO: check
+CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle ...)
+	TODO: check
+CVE-2006-0272 (Unspecified vulnerability in the XML Database component of
Oracle ...)
+	TODO: check
+CVE-2006-0271 (Unspecified vulnerability in the Upgrade &amp; Downgrade
component of ...)
+	TODO: check
+CVE-2006-0270 (Unspecified vulnerability in the TDE Wallet component of Oracle
...)
+	TODO: check
+CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of
Oracle ...)
+	TODO: check
+CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle
Database ...)
+	TODO: check
+CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of
Oracle ...)
+	TODO: check
+CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of
Oracle ...)
+	TODO: check
+CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server
...)
+	TODO: check
+CVE-2006-0264 (Unspecified vulnerability in the Net Listener component of
Oracle ...)
+	TODO: check
+CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server
...)
+	TODO: check
+CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component
of ...)
+	TODO: check
+CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server
...)
+	TODO: check
+CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server
9.2.0.7 ...)
+	TODO: check
+CVE-2006-0259 (Multiple unspecified vulnerabilities in the Data Pump component
of ...)
+	TODO: check
+CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of
...)
+	TODO: check
+CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component
of ...)
+	TODO: check
+CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of
Oracle ...)
+	TODO: check
+CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1
...)
+	TODO: check
+CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Geronimo ...)
+	TODO: check
+CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in
&quot;Blue ...)
+	TODO: check
+CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows
remote ...)
+	TODO: check
+CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in
Faq-O-Matic ...)
+	TODO: check
+CVE-2006-0250 (Format string vulnerability in the snmp_input function in
snmptrapd in ...)
+	TODO: check
+CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog
...)
+	TODO: check
+CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed
500 ...)
+	TODO: check
+CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in
Netbula ...)
+	TODO: check
+CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl
Download ...)
+	TODO: check
+CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart
...)
+	TODO: check
+CVE-2006-0244 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows
remote ...)
+	TODO: check
+CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox
4.0.6 ...)
+	TODO: check
+CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier
allows ...)
+	TODO: check
+CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow
remote ...)
+	TODO: check
+CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple
Blog 2.1 ...)
+	TODO: check
+CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats
2.0 ...)
+	TODO: check
+CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP
iCommerce ...)
+	TODO: check
+CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird
1.0.2, ...)
+	TODO: check
+CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote
attackers ...)
+	TODO: check
+CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10
allows ...)
+	TODO: check
+CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in microBlog 2.0 RC-10
allows ...)
+	TODO: check
+CVE-2006-0232
+	RESERVED
+CVE-2006-0231
+	RESERVED
+CVE-2006-0230
+	RESERVED
+CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might
allow ...)
+	TODO: check
+CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not
properly ...)
+	TODO: check
+CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris
8, 9, ...)
+	TODO: check
+CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem
(ieee80211_ioctl.c) ...)
+	TODO: check
+CVE-2006-0225
+	RESERVED
+CVE-2006-0224
+	RESERVED
+CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and
earlier ...)
+	TODO: check
+CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash
Chat ...)
+	TODO: check
 CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in
AlstraSoft ...)
 	TODO: check
 CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in
Dragon ...)
@@ -10,7 +206,7 @@
 	TODO: check
 CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB)
before ...)
 	TODO: check
-CVE-2006-0217 (Cross-site scripting (XSS) vulnerability in item.pl in Ultimate
...)
+CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate
...)
 	TODO: check
 CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644
allows ...)
 	TODO: check
@@ -28,7 +224,7 @@
 	TODO: check
 CVE-2006-0209 (SQL injection vulnerability in general_functions.php in
TankLogger 2.4 ...)
 	TODO: check
-CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1
allow ...)
+CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
5.1.1, when ...)
 	- php5 5.1.2-1
 	- php4 4:4.4.2-1
 CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1
allow ...)
@@ -570,8 +766,7 @@
 	RESERVED
 CVE-2006-0045
 	RESERVED
-CVE-2006-0044 [albatross code execution]
-	RESERVED
+CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web
application ...)
 	{DSA-942-1}
 	- albatross 1.33-1
 CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal
0.9.1 to ...)
@@ -766,7 +961,7 @@
 	NOT-FOR-US: Tangora Portal
 CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS
1.2.1 ...)
 	NOT-FOR-US: Syntax CMS
-CVE-2005-4495 (SQL injection vulnerability in index.cfm in SpireMedia mx7
allows ...)
+CVE-2005-4495 (** DISPUTED ** ...)
 	NOT-FOR-US: SpireMedia
 CVE-2005-4494 (Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and
earlier ...)
 	NOT-FOR-US: SPIP
@@ -1001,7 +1196,7 @@
 	NOT-FOR-US: Liferay Portal Professional
 CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in
...)
 	NOT-FOR-US: Libertas Enterprise CMS
-CVE-2005-4398 (Cross-site scripting (XSS) vulnerability in lemoon 2.0 and
earlier ...)
+CVE-2005-4398 (** DISPUTED ** ...)
 	NOT-FOR-US: lemoon
 CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote
...)
 	NOT-FOR-US: iCMS
@@ -1039,7 +1234,7 @@
 	NOT-FOR-US: Caravel CMS
 CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and
1.1.1 beta ...)
 	NOT-FOR-US: Bitweaver
-CVE-2005-4379 (Cross-site scripting (XSS) vulnerability in my_groups.php in
Bitweaver ...)
+CVE-2005-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver
1.1 ...)
 	NOT-FOR-US: Bitweaver
 CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and
...)
 	NOT-FOR-US: Baseline CMS
@@ -1061,7 +1256,7 @@
 	NOT-FOR-US: Acidcat
 CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2
allows ...)
 	NOT-FOR-US: Acuity CMS
-CVE-2005-4368 (roundcube webmail allows remote attackers to obtain the full
path of ...)
+CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ...)
 	NOT-FOR-US: roundcube webmail 
 CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php
in ...)
 	NOT-FOR-US: DRZES HMS 
@@ -2369,7 +2564,7 @@
 	NOT-FOR-US: Cisco hardware
 CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware
4.03.03 ...)
 	NOT-FOR-US: Belkin hardware
-CVE-2005-3801 (PasswordSafe 1.x and 2.x allows local users to test possible
...)
+CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test
...)
 	NOT-FOR-US: PasswordSafe
 	TODO: the problem might affect mypasswordsafe
 CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a
weak ...)
@@ -2874,10 +3069,10 @@
 	- linux-2.6 <unfixed> (low)
 	- kernel-source-2.4.27 <unfixed> (low)
 	NOTE: Really hard to fix design limitation, no fix to be expected soon
-CVE-2005-3659
-	RESERVED
-CVE-2005-3658
-	RESERVED
+CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x
before ...)
+	TODO: check
+CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker
7.1.x ...)
+	TODO: check
 CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan
Security ...)
 	NOT-FOR-US: McAfee
 CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in
...)
@@ -3917,8 +4112,7 @@
 	- tkdiff 1:4.0.2-2 (low)
 CVE-2005-3342
 	RESERVED
-CVE-2005-3340 [tuxpaint insecure tempfile]
-	RESERVED
+CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and
...)
 	{DSA-941-1}
 	- tuxpaint 1:0.9.15b-1 (low)
 CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and
earlier ...)
@@ -4282,7 +4476,7 @@
 CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can
incorrectly ...)
 	{DSA-889-1}
 	- enigmail 2:0.93-1 (bug #335731; medium)
-CVE-2005-3253 (Avaya Wireless Access Points (AP) AP-3 through AP-6 2.5 to
2.5.4, and ...)
+CVE-2005-3253 (Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5
to ...)
 	NOT-FOR-US: Avaya Wireless Access Points
 CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO)
preprocessor for ...)
 	- snort <not-affected> (Vulnerable code was introduced later, see bug
#334606)
@@ -4543,7 +4737,7 @@
 	- mediawiki 1.4.11-1 (bug #332408; unknown)
 CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki
...)
 	- mediawiki 1.4.9 
-CVE-2005-3164 (Hitachi Cosminexus Application Server has unknown impact and
attack ...)
+CVE-2005-3164 (Hitachi Cosminexus Application Server does not properly handle
when a ...)
 	NOT-FOR-US: Hitachi Cosminexus Application Server
 CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows
attackers ...)
 	- polipo <unfixed> (bug #332411; medium)
@@ -4623,8 +4817,7 @@
 	NOT-FOR-US: Address Add Plugin for Squirrelmail
 CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in
lucidCMS ...)
 	NOT-FOR-US: lucidCMS
-CVE-2005-3126 [antiword insecure temp files]
-	RESERVED
+CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword
(gantiword.sh) ...)
 	{DSA-945-1}
 	- antiword 0.35-2 (low)
 CVE-2005-3125
@@ -15181,7 +15374,7 @@
 	NOT-FOR-US: Cisco
 CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote
attackers ...)
 	NOT-FOR-US: FormMail.php != nms-formmail
-CVE-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows
remote ...)
+CVE-2004-1430 (SQL injection vulnerability in the show_stats module in
Arcade.php in ...)
 	NOT-FOR-US: Arcade.php
 CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of
times ...)
 	NOT-FOR-US: ArGoSoft
Secure testing commits - Jan 2006 - r3323 - data/CVE

[Secure-testing-commits] r3323 - data/CVE
