Author: joeyh
Date: 2006-01-25 21:14:21 +0000 (Wed, 25 Jan 2006)
New Revision: 3369
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-25 20:12:20 UTC (rev 3368)
+++ data/CVE/list 2006-01-25 21:14:21 UTC (rev 3369)
@@ -1,3 +1,83 @@
+CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and
5.1 ...)
+ TODO: check
+CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and
...)
+ TODO: check
+CVE-2006-0416 (SleeperChat 0.3f an earlier allows remote attackers to bypass
...)
+ TODO: check
+CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in
SleeperChat ...)
+ TODO: check
+CVE-2006-0414 (Tor 0.1.1.10-alpha and earlier allows remote attackers to
identify ...)
+ TODO: check
+CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP
allow ...)
+ TODO: check
+CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers
to ...)
+ TODO: check
+CVE-2006-0411 (Claroline 1.7.2 uses guessable session cookies (md5 hash of
connection ...)
+ TODO: check
+CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using
...)
+ TODO: check
+CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in
Pixelpost ...)
+ TODO: check
+CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local
users ...)
+ TODO: check
+CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ
Bulletin ...)
+ TODO: check
+CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff
3.8.0 ...)
+ TODO: check
+CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web
document ...)
+ TODO: check
+CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow
remote ...)
+ TODO: check
+CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote
...)
+ TODO: check
+CVE-2006-0401
+ RESERVED
+CVE-2006-0400
+ RESERVED
+CVE-2006-0399
+ RESERVED
+CVE-2006-0398
+ RESERVED
+CVE-2006-0397
+ RESERVED
+CVE-2006-0396
+ RESERVED
+CVE-2006-0395
+ RESERVED
+CVE-2006-0394
+ RESERVED
+CVE-2006-0393
+ RESERVED
+CVE-2006-0392
+ RESERVED
+CVE-2006-0391
+ RESERVED
+CVE-2006-0390
+ RESERVED
+CVE-2006-0389
+ RESERVED
+CVE-2006-0388
+ RESERVED
+CVE-2006-0387
+ RESERVED
+CVE-2006-0386
+ RESERVED
+CVE-2006-0385
+ RESERVED
+CVE-2006-0384
+ RESERVED
+CVE-2006-0383
+ RESERVED
+CVE-2006-0382
+ RESERVED
+CVE-2006-0381
+ RESERVED
+CVE-2006-0380
+ RESERVED
+CVE-2006-0379
+ RESERVED
CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site
Manager ...)
TODO: check
CVE-2006-0377
@@ -68,7 +148,7 @@
TODO: check
CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and
Advanced ...)
TODO: check
-CVE-2006-0342 (MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows
remote ...)
+CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1
allows ...)
TODO: check
CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in
Rockliffe ...)
TODO: check
@@ -117,7 +197,7 @@
- mydns 1.1.0+pre-3 (medium)
CVE-2006-XXXX [tor discovery of hidden services]
- tor <unfixed> (bug #349283)
-CVE-2006-0353 (unix_random.c in lsh before 2.0.1 leaks file descriptors related
to ...)
+CVE-2006-0353 (unix_random.c in lsh 2.0.1 leaks file descriptors related to the
...)
- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2,
...)
NOT-FOR-US: Oracle
@@ -317,11 +397,10 @@
NOT-FOR-US: lpsched in Sun Solaris
CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem
(ieee80211_ioctl.c) ...)
NOT-FOR-US: freebsd kernel
-CVE-2006-0225 [scp in OpenSSH suffers from shell code injection in
local-to-local copies]
- RESERVED
+CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary
commands ...)
- openssh <unfixed> (low; bug #349645)
-CVE-2006-0224
- RESERVED
+CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST)
0.6.1 ...)
+ TODO: check
CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and
earlier ...)
NOT-FOR-US: PunBB
CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash
Chat ...)
@@ -739,6 +818,7 @@
[sarge] - smstools 1.14.8-1sarge0
- smstools 1.16-1.1 (bug #347221; medium)
CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other
versions, ...)
+ {DSA-954-1}
{CVE-2005-4560}
- wine 0.9.2-1 (bug #346197; medium)
CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in
image.c ...)
@@ -1859,6 +1939,7 @@
- php5 5.1.1-1
NOTE: PHP 5 in Debian is vulnerable according to the changelog.
CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a
denial ...)
+ {DSA-955-1}
- mailman 2.1.5-10
CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers
to ...)
NOT-FOR-US: Soti Pocket Controller-Professional
@@ -3276,14 +3357,14 @@
CVE-2005-3629
RESERVED
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
- {DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+ {DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1
DTSA-28-1}
- kdegraphics 3.5.0-3
- gpdf 2.10.0-2 (bug #342286)
- xpdf 3.01-4
- koffice 1:1.4.2-6 (bug #342294)
- libextractor 0.5.9-1
CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf,
pdftohtml, ...)
- {DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+ {DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1
DTSA-28-1}
- poppler 0.4.4-1 (bug #346076)
- tetex <not-affected> (Links dynamically to poppler)
- kdegraphics 3.5.0-3
@@ -3292,7 +3373,7 @@
- koffice 1:1.4.2-6 (bug #342294)
- libextractor 0.5.9-1
CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml,
poppler, ...)
- {DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+ {DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1
DTSA-28-1}
- poppler 0.4.3-2
- kdegraphics 3.5.0-3
- xpdf 3.01-4
@@ -3300,7 +3381,7 @@
- koffice 1:1.4.2-6 (bug #342294)
- libextractor 0.5.9-1
CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml,
poppler, ...)
- {DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+ {DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1
DTSA-28-1}
- poppler 0.4.4-1 (bug #346076)
- tetex <not-affected> (Links dynamically to poppler)
- kdegraphics 3.5.0-3
@@ -3309,7 +3390,7 @@
- koffice 1:1.4.2-6 (bug #342294)
- libextractor 0.5.9-1
CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for
xpdf, ...)
- {DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+ {DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1
DTSA-28-1}
- poppler 0.4.4-1 (bug #346076)
- tetex <not-affected> (Links dynamically to poppler)
- gpdf 2.10.0-2 (bug #342286)
@@ -3415,6 +3496,7 @@
CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows
remote ...)
NOT-FOR-US: iCMS
CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8
character ...)
+ {DSA-955-1}
- mailman 2.1.5-10 (bug #327732; bug #339095; medium)
CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7
...)
NOT-FOR-US: Peel
@@ -4752,7 +4834,7 @@
CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1
(International), ...)
NOT-FOR-US: ALZip
CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream
function ...)
- {DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
+ {DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
- xpdf 3.01-3 (bug #342281; bug #342337; medium)
- gpdf 2.10.0-1 (bug #342286; medium)
- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
@@ -8714,7 +8796,7 @@
NOTE: 2.6.8 and 2.4.27 not affected
- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2097 (xpdf and kpdf do not properly validate the
"loca" table in PDF files, ...)
- {DSA-936-1 DSA-780-1}
+ {DSA-936-1 DSA-780-1 DTSA-28-1}
- kdegraphics 4:3.4.2-1 (bug #322458; low)
- xpdf 3.00-15 (bug #322462; low)
- tetex-bin <not-affected> (pdftex doesn''t include or use the
vulnerable code)