thr3ads.net - Secure testing commits - [Secure-testing-commits] r3413

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Feb-03 09:18 UTC
[Secure-testing-commits] r3413 - data/CVE

Author: joeyh
Date: 2006-02-03 09:14:17 +0000 (Fri, 03 Feb 2006)
New Revision: 3413

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-02-02 09:14:17 UTC (rev 3412)
+++ data/CVE/list	2006-02-03 09:14:17 UTC (rev 3413)
@@ -1,3 +1,73 @@
+CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before
1.07 ...)
+	TODO: check
+CVE-2006-0529 (Computer Associates (CA) Message Queuing (CAM / CAFT) before
1.07 ...)
+	TODO: check
+CVE-2006-0528 (GNOME Evolution allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2006-0527 (Unspecified vulnerability in Berkeley Internet Name Domain
(BIND) on ...)
+	TODO: check
+CVE-2006-0526 (The default configuration of the America Online (AOL) client
software ...)
+	TODO: check
+CVE-2006-0525 (Multiple unspecified Adobe products install a large number of
.EXE and ...)
+	TODO: check
+CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek
...)
+	TODO: check
+CVE-2006-0523 (SQL injection vulnerability in global.php in MyBB before 1.03
allows ...)
+	TODO: check
+CVE-2006-0522 (SQL injection vulnerability in the Authentication Servlet in
Symantec ...)
+	TODO: check
+CVE-2006-0521 (Cross-site scripting (XSS) vulnerability in results.php in
BrowserCRM ...)
+	TODO: check
+CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module
1.3 ...)
+	TODO: check
+CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier
allows ...)
+	TODO: check
+CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP
1.8.2-e ...)
+	TODO: check
+CVE-2006-0517 (Multiple SQL injection vulnerabilities in ...)
+	TODO: check
+CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10
64 ...)
+	TODO: check
+CVE-2006-0515
+	RESERVED
+CVE-2006-0514
+	RESERVED
+CVE-2006-0513
+	RESERVED
+CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which
...)
+	TODO: check
+CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does
not ...)
+	TODO: check
+CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5
...)
+	TODO: check
+CVE-2006-0509 (Multiple cross-site scripting (XSS) vulnerabilities in
clients.php in ...)
+	TODO: check
+CVE-2006-0508 (Easy CMS stores the images directory under the web document root
with ...)
+	TODO: check
+CVE-2006-0507 (Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS
allow ...)
+	TODO: check
+CVE-2006-0506 (Cross-site scripting (XSS) vulnerability in index.php in
Nuked-klaN ...)
+	TODO: check
+CVE-2006-0505 (zbattle.net Zbattle client 1.09 SR-1 beta allows remote
attackers to ...)
+	TODO: check
+CVE-2006-0504 (Unspecified vulnerability in MailEnable Enterprise Edition
before 1.2 ...)
+	TODO: check
+CVE-2006-0503 (IMAP service in MailEnable Professional Edition before 1.72
allows ...)
+	TODO: check
+CVE-2006-0502 (PHP remote file inclusion vulnerability in loginout.php in
FarsiNews ...)
+	TODO: check
+CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0
allows ...)
+	TODO: check
+CVE-2006-0500 (MyCO Guestbook 1.0 admin directory under the web document root
with ...)
+	TODO: check
+CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink
1.0.0 ...)
+	TODO: check
+CVE-2005-4709 (The popSubjectContext method in the SecurityAssociation class in
JBoss ...)
+	TODO: check
+CVE-2005-4708 (Adobe Macromedia MX 2004 products, Captivate, Contribute 2,
Contribute ...)
+	TODO: check
+CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews
0.83 ...)
+	TODO: check
 CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN
before ...)
 	TODO: check
 CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4
allow ...)
@@ -215,8 +285,8 @@
 	NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin
 CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running
with JDK ...)
 	NOT-FOR-US: ParoxProxy
-CVE-2006-0433
-	RESERVED
+CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not
...)
+	TODO: check
 CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic
Express ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic
Express ...)
@@ -498,7 +568,7 @@
 	NOT-FOR-US: Joomla! 
 CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware
WV.00.02 ...)
 	NOT-FOR-US: ZyXel hardware
-CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf allows attackers
to ...)
+CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in
other ...)
 	- poppler <unfixed>
 	- tetex-bin 3.0-12
 	- kdegraphics <unfixed>
@@ -509,22 +579,22 @@
 	- pdfkit.framework <unfixed>
 CVE-2006-0300
 	RESERVED
-CVE-2006-0299
-	RESERVED
-CVE-2006-0298
-	RESERVED
-CVE-2006-0297
-	RESERVED
-CVE-2006-0296
-	RESERVED
-CVE-2006-0295
-	RESERVED
-CVE-2006-0294
-	RESERVED
-CVE-2006-0293
-	RESERVED
-CVE-2006-0292
-	RESERVED
+CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1,
Thunderbird ...)
+	TODO: check
+CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey
before ...)
+	TODO: check
+CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird
1.5 if ...)
+	TODO: check
+CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before
1.5.0.1, ...)
+	TODO: check
+CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in
mail, ...)
+	TODO: check
+CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running
Javascript ...)
+	TODO: check
+CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in
Firefox ...)
+	TODO: check
+CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox
before ...)
+	TODO: check
 CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server
...)
 	NOT-FOR-US: Oracle
 CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7,
...)
@@ -1302,9 +1372,9 @@
 CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart
Enterprise ...)
 	NOT-FOR-US: Enterprise Heart Enterprise Connector
 CVE-2005-4562
-	RESERVED
+	REJECTED
 CVE-2005-4561
-	RESERVED
+	REJECTED
 CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in
...)
 	{CVE-2006-0106}
 	NOT-FOR-US: Microsoft
@@ -1354,8 +1424,7 @@
 	RESERVED
 CVE-2005-4537
 	RESERVED
-CVE-2005-4536 [libmail-audit-perl: insecure /tmp handling]
-	RESERVED
+CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is
...)
 	{DSA-960-2 DSA-960-1}
 	- libmail-audit-perl 2.1-5.1 (bug #344029; medium)
 CVE-2005-4535
@@ -2544,7 +2613,8 @@
 CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX
...)
 	NOT-FOR-US: Sobexsrv
 	NOTE: Checked obexserver source package, not vulnerable
-CVE-2005-3994 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence
2.0.1 ...)
+CVE-2005-3994
+	REJECTED
 	NOT-FOR-US: Atlassian Confluence
 CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional
1.6 ...)
 	NOT-FOR-US: MailEnable
Secure testing commits - Feb 2006 - r3413 - data/CVE

[Secure-testing-commits] r3413 - data/CVE
