Author: joeyh Date: 2006-01-04 09:14:19 +0000 (Wed, 04 Jan 2006) New Revision: 3219 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-04 04:48:25 UTC (rev 3218) +++ data/CVE/list 2006-01-04 09:14:19 UTC (rev 3219) @@ -1,6 +1,68 @@ +CVE-2006-0081 (The ialmrnt5 display driver in Intel Graphics Accelerator Driver ...) + TODO: check +CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and ...) + TODO: check +CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 ...) + TODO: check +CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software ...) + TODO: check +CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...) + TODO: check +CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...) + TODO: check +CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and ...) + TODO: check +CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote ...) + TODO: check +CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...) + TODO: check +CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote ...) + TODO: check +CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid ...) + TODO: check +CVE-2006-0070 (** DISPUTED ** ...) + TODO: check +CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk ...) + TODO: check +CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows ...) + TODO: check +CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 ...) + TODO: check +CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows ...) + TODO: check +CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...) + TODO: check +CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...) + TODO: check +CVE-2006-0063 + RESERVED +CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...) + TODO: check +CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows ...) + TODO: check +CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and ...) + TODO: check +CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier ...) + TODO: check +CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows ...) + TODO: check +CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote ...) + TODO: check +CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ...) + TODO: check +CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12, ...) + TODO: check +CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to ...) + TODO: check +CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows ...) + TODO: check +CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...) + TODO: check +CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...) + TODO: check CVE-2006-XXXX [libmail-audit-perl: insecure /tmp handling] - libmail-audit-perl <unfixed> (bug #344029) -CVE-2005-4605 [kernel procfs information leak] +CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...) - linux-2.6 2.6.15-1 - kernel-source-2.4.27 <not-affected> (2.4''s proc_file_lseek contains a sanity check) NOTE: Sarge 2.6.8 status yet unclear @@ -26,7 +88,7 @@ RESERVED CVE-2006-0054 RESERVED -CVE-2005-4604 (Buffer overflow in MTink allows remote attackers to execute arbitrary ...) +CVE-2005-4604 (Buffer overflow in MTink allows local users to execute arbitrary code ...) - mtink <not-affected> (mtink not installed SUID root) CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB ...) NOT-FOR-US: MyBB @@ -140,7 +202,7 @@ RESERVED CVE-2005-4561 RESERVED -CVE-2005-4560 (Microsoft Windows allows remote attackers to execute arbitrary code ...) +CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in ...) NOT-FOR-US: Windows CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...) NOT-FOR-US: IceWarp Web Mail @@ -310,7 +372,7 @@ NOT-FOR-US: OpenEdit CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier ...) NOT-FOR-US: OpenCms -CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.16.7 through ...) +CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9 through ...) - bugzilla 2.18 (bug #329387; low) NOTE: The vulnerable script has been removed in the 2.18 upstream release [woody] - bugzilla <unfixed>