thr3ads.net - Secure testing commits - [Secure-testing-commits] r3355

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Jan-24 09:14 UTC
[Secure-testing-commits] r3355 - data/CVE

Author: joeyh
Date: 2006-01-24 09:14:21 +0000 (Tue, 24 Jan 2006)
New Revision: 3355

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-01-23 23:11:58 UTC (rev 3354)
+++ data/CVE/list	2006-01-24 09:14:21 UTC (rev 3355)
@@ -1,3 +1,117 @@
+CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site
Manager ...)
+	TODO: check
+CVE-2006-0377
+	RESERVED
+CVE-2006-0376 (The 802.11 wireless client in certain operating systems
including ...)
+	TODO: check
+CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21
...)
+	TODO: check
+CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21
...)
+	TODO: check
+CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in
Douran ...)
+	TODO: check
+CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane
Visions ...)
+	TODO: check
+CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling
RCBlog ...)
+	TODO: check
+CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories
under ...)
+	TODO: check
+CVE-2006-0369 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0
before ...)
+	TODO: check
+CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier,
3.3 ...)
+	TODO: check
+CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka
PCW) ...)
+	TODO: check
+CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme
message ...)
+	TODO: check
+CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard
(MyBB) ...)
+	TODO: check
+CVE-2006-0363 (The &quot;Remember my Password&quot; feature in MSN
Messenger 7.5 stores ...)
+	TODO: check
+CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before
2.1.4.6324, ...)
+	TODO: check
+CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in
Bit 5 ...)
+	TODO: check
+CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows
remote ...)
+	TODO: check
+CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly
1.1 ...)
+	TODO: check
+CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier
versions, ...)
+	TODO: check
+CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to
cause ...)
+	TODO: check
+CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote
attackers ...)
+	TODO: check
+CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points
(WAP) ...)
+	TODO: check
+CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...)
+	TODO: check
+CVE-2006-0351 (Unspecified &quot;critical denial-of-service
vulnerability&quot; in MyDNS before ...)
+	TODO: check
+CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow
remote ...)
+	TODO: check
+CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-0348 (Format string vulnerability in the write_logfile function in
ELOG ...)
+	TODO: check
+CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows
remote ...)
+	TODO: check
+CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows
...)
+	TODO: check
+CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow
remote ...)
+	TODO: check
+CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP
Server ...)
+	TODO: check
+CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and
Advanced ...)
+	TODO: check
+CVE-2006-0342 (MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows
remote ...)
+	TODO: check
+CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in
Rockliffe ...)
+	TODO: check
+CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP)
...)
+	TODO: check
+CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers
to ...)
+	TODO: check
+CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows
and ...)
+	TODO: check
+CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and
versions ...)
+	TODO: check
+CVE-2006-0336 (Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to
cause ...)
+	TODO: check
+CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall
before ...)
+	TODO: check
+CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My
Amazon ...)
+	TODO: check
+CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows
remote ...)
+	TODO: check
+CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail
attachments ...)
+	TODO: check
+CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail
plugin ...)
+	TODO: check
+CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2
...)
+	TODO: check
+CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS,
BS-S, ...)
+	TODO: check
+CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CVE-2006-0326
+	RESERVED
+CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier
versions, ...)
+	TODO: check
+CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote
...)
+	TODO: check
+CVE-2006-0323
+	RESERVED
+CVE-2006-0322 (Unspecified vulnerability the edit comment formatting
functionality in ...)
+	TODO: check
+CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3
Beta1 ...)
+	TODO: check
 CVE-2006-XXXX [mydns remote DoS]
 	- mydns 1.1.0+pre-3 (medium)
 CVE-2006-XXXX [tor discovery of hidden services]
@@ -2,7 +116,7 @@
 	- tor <unfixed> (bug #349283)
-CVE-2006-0353 [fd leak in lsh]
+CVE-2006-0353 (unix_random.c in lsh before 2.0.1 leaks file descriptors related
to ...)
 	- lsh-utils 2.0.1cdbs-4 (low)
 CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2,
...)
 	NOT-FOR-US: Oracle
-CVE-2006-0321 [fetchmail: segfault after bouncing a message]
+CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote
...)
 	- fetchmail <unfixed> (bug #348747; low)
@@ -74,7 +188,7 @@
 	NOT-FOR-US: Oracle
 CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application
Server ...)
 	NOT-FOR-US: Oracle
-CVE-2006-0288 (Unspecified vulnerability in the Oracle Reports Developer
component of ...)
+CVE-2006-0288 (Multiple unspecified vulnerabilities in the Oracle Reports
Developer ...)
 	NOT-FOR-US: Oracle
 CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of
...)
 	NOT-FOR-US: Oracle
@@ -783,8 +897,7 @@
 	RESERVED
 CVE-2006-0046
 	RESERVED
-CVE-2006-0045
-	RESERVED
+CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving
and ...)
 	{DSA-949-1}
 	- crawl 1:4.0.0beta26-7 (medium)
 CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web
application ...)
@@ -1044,20 +1157,17 @@
 	RESERVED
 CVE-2006-0038
 	RESERVED
-CVE-2006-0037 [another netfilter ip_nat_helper_pptp dos]
-	RESERVED
+CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper
(netfilter/ip_nat_helper_pptp.c) in ...)
 	- linux-2.6 2.6.15-3
 	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not
present)
 	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not
present)
-CVE-2006-0036 [netfilter ip_nat_helper_pptp dos]
-	RESERVED
+CVE-2006-0036 (ip_nat_pptp in the PPTP NAT helper
(netfilter/ip_nat_helper_pptp.c) in ...)
 	- linux-2.6 2.6.15-3
 	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not
present)
 	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not
present)
-CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel
2.6.15 ...)
+CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel
2.6.14 ...)
 	- linux-2.6 2.6.15-3
-CVE-2006-0019 [kjs heap overflow]
-	RESERVED
+CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI
functions in ...)
 	{DSA-948-1}
 	- kdelibs <unfixed> (medium)
 CVE-2005-4474 (Buffer overflow in the &quot;Add to archive&quot;
command in WinRAR 3.51 allows ...)
@@ -1941,7 +2051,7 @@
 	NOT-FOR-US: rwAuction
 CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c
and ...)
 	NOT-FOR-US: LocazoList
-CVE-2005-4058 (SQL injection vulnerability in saralblog v.1 and earlier allows
remote ...)
+CVE-2005-4058 (SQL injection vulnerability in saralblog 1 and earlier allows
remote ...)
 	NOT-FOR-US: saralblog
 CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in
PluggedOut ...)
 	NOT-FOR-US: PluggedOut Nexus
@@ -3110,8 +3220,8 @@
 	NOT-FOR-US: Novell Open Enterprise Server
 CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote
attackers to ...)
 	NOT-FOR-US: Blue Coat WinProxy
-CVE-2005-3653
-	RESERVED
+CVE-2005-3653 (Heap-based buffer overflow in the iGateway service for various
...)
+	TODO: check
 CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client
9.0 ...)
 	NOT-FOR-US: Citrix
 CVE-2005-3651 (Stack-based buffer overflow in the
dissect_ospf_v3_address_prefix ...)
@@ -3163,8 +3273,7 @@
 	RESERVED
 CVE-2005-3629
 	RESERVED
-CVE-2005-3628 [further xpdf overflow check]
-	RESERVED
+CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
 	{DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
 	- kdegraphics 3.5.0-3
 	- gpdf 2.10.0-2 (bug #342286)
@@ -4083,8 +4192,7 @@
 	TODO: check 2.4
 CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL
vhost ...)
 	- apache2 2.0.55-4
-CVE-2005-3356 [kernel DoS, see patch-tracking for details]
-	RESERVED
+CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain
situations, ...)
 	- linux-2.6 <unfixed>
 CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8
has ...)
 	{DSA-901-1}
@@ -18374,8 +18482,8 @@
 	TODO: DSA claims PHP3 is vulnerable, but this is not mentioned in the
changelog.
 CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic
before ...)
 	NOT-FOR-US: Sygate Enforcer
-CVE-2004-0592
-	RESERVED
+CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6
in ...)
+	TODO: check
 CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc
...)
 	{DSA-533}
 	- courier 0.45.4-4
@@ -21836,8 +21944,8 @@
 	RESERVED
 CVE-2002-1572
 	RESERVED
-CVE-2002-1571
-	RESERVED
+CVE-2002-1571 (The linux 2.4 kernel before 2.4.19 assumes that the fninit
instruction ...)
+	TODO: check
 CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and
...)
 	- ucd-snmp 4.2.3-2
 CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers
to ...)
Secure testing commits - Jan 2006 - r3355 - data/CVE

[Secure-testing-commits] r3355 - data/CVE
