Author: joeyh Date: 2006-02-02 09:14:17 +0000 (Thu, 02 Feb 2006) New Revision: 3412 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-01 21:14:28 UTC (rev 3411) +++ data/CVE/list 2006-02-02 09:14:17 UTC (rev 3412) @@ -1,7 +1,135 @@ +CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...) + TODO: check +CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...) + TODO: check +CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...) + TODO: check +CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...) + TODO: check +CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...) + TODO: check +CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as ...) + TODO: check +CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote ...) + TODO: check +CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 ...) + TODO: check +CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...) + TODO: check +CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably ...) + TODO: check +CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS ...) + TODO: check +CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email ...) + TODO: check +CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance ...) + TODO: check +CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S ...) + TODO: check +CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...) + TODO: check +CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...) + TODO: check +CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...) + TODO: check +CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...) + TODO: check +CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in ...) + TODO: check +CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, ...) + TODO: check +CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...) + TODO: check +CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...) + TODO: check +CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...) + TODO: check +CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows ...) + TODO: check +CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers ...) + TODO: check +CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...) + TODO: check +CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...) + TODO: check +CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...) + TODO: check +CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in ...) + TODO: check +CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and ...) + TODO: check +CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ...) + TODO: check +CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...) + TODO: check +CVE-2005-4706 (Unspecified vulnerability in the "privilege management" feature of Sun ...) + TODO: check +CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...) + TODO: check +CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) + TODO: check +CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers ...) + TODO: check +CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in ...) + TODO: check +CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun ...) + TODO: check +CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) ...) + TODO: check +CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows ...) + TODO: check +CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier ...) + TODO: check +CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local ...) + TODO: check +CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP ...) + TODO: check +CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...) + TODO: check +CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...) + TODO: check +CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...) + TODO: check +CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...) + TODO: check +CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...) + TODO: check +CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation ...) + TODO: check +CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes ...) + TODO: check +CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail ...) + TODO: check +CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client''s ...) + TODO: check +CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes ...) + TODO: check +CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...) + TODO: check +CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS ...) + TODO: check +CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of ...) + TODO: check +CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...) + TODO: check +CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...) + TODO: check +CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...) + TODO: check +CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote ...) + TODO: check +CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the ...) + TODO: check +CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the ...) + TODO: check +CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...) + TODO: check +CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute ...) + TODO: check CVE-2006-XXXX [pioneers: Client and server can crash from huge chat buffer] - pioneers 0.9.49-1 (bug #350237; medium) -CVE-2006-0467 - RESERVED +CVE-2006-0467 (Unspecified vulnerability in pioneers before 0.9.49 allows remote ...) + TODO: check CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag ...) NOT-FOR-US: Goldstag Content Management System CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in ...) @@ -370,8 +498,7 @@ NOT-FOR-US: Joomla! CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...) NOT-FOR-US: ZyXel hardware -CVE-2006-0301 [another xpdf heap overflow in splash handling] - RESERVED +CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf allows attackers to ...) - poppler <unfixed> - tetex-bin 3.0-12 - kdegraphics <unfixed> @@ -1367,8 +1494,7 @@ CVE-2005-XXXX [Insecure tempfile in libjpeg6b''s exifautotran] - libjpeg6b 6b-11 [woody] - libjpeg6b <not-affected> (Does not include exifautotran) -CVE-2006-0043 [symlink-related buffer overflow in the user-space rpc.mountd] - RESERVED +CVE-2006-0043 (Buffer overflow in the realpath function in nfs-server rpc.mountd, as ...) - nfs-user-server 2.2beta47-22 (high; bug #350020) NOTE: nfs-utils (kernel NFS server) is not affected NOTE: (it uses PATH_MAX for the buffer passed to realpath).