thr3ads.net - Secure testing commits - [Secure-testing-commits] r3452

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Feb-10 09:15 UTC
[Secure-testing-commits] r3452 - data/CVE

Author: joeyh
Date: 2006-02-10 09:14:19 +0000 (Fri, 10 Feb 2006)
New Revision: 3452

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-02-09 21:14:32 UTC (rev 3451)
+++ data/CVE/list	2006-02-10 09:14:19 UTC (rev 3452)
@@ -1,14 +1,112 @@
+CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in
...)
+	TODO: check
+CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web
...)
+	TODO: check
+CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging
...)
+	TODO: check
+CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine
the IP ...)
+	TODO: check
+CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root
access to ...)
+	TODO: check
+CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB
(aka ...)
+	TODO: check
+CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka ...)
+	TODO: check
+CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0
allows ...)
+	TODO: check
+CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence
of the ...)
+	TODO: check
+CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...)
+	TODO: check
+CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise
edition ...)
+	TODO: check
+CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power
Board ...)
+	TODO: check
+CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently
...)
+	TODO: check
+CVE-2006-0631 (CRLF injection vulnerability in Erik C. Thauvin mailback allows
remote ...)
+	TODO: check
+CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important
headers ...)
+	TODO: check
+CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM)
5.9.3861 ...)
+	TODO: check
+CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to
execute ...)
+	TODO: check
+CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0,
2.0a, and ...)
+	TODO: check
+CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate
Manager ...)
+	TODO: check
+CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with
world-writable ...)
+	TODO: check
+CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of
...)
+	TODO: check
+CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local
users ...)
+	TODO: check
+CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local
users ...)
+	TODO: check
+CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0
allow ...)
+	TODO: check
+CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS
6.3.0 ...)
+	TODO: check
+CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0
...)
+	TODO: check
+CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4
and ...)
+	TODO: check
+CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0
...)
+	TODO: check
+CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3
and ...)
+	TODO: check
+CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as
used in ...)
+	TODO: check
+CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain
...)
+	TODO: check
+CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and
...)
+	TODO: check
+CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar
system 1.2, ...)
+	TODO: check
+CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton
Design ...)
+	TODO: check
+CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd
1.0 ...)
+	TODO: check
+CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords
when ...)
+	TODO: check
+CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox
2005.07.21 ...)
+	TODO: check
+CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown
Domain ...)
+	TODO: check
+CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check
the user ...)
+	TODO: check
+CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in
Hinton ...)
+	TODO: check
+CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg
...)
+	TODO: check
+CVE-2006-0601
+	RESERVED
+CVE-2006-0596
+	RESERVED
+CVE-2006-0595
+	RESERVED
+CVE-2006-0594
+	RESERVED
+CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU)
801 ...)
+	TODO: check
+CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD
products ...)
+	TODO: check
 CVE-2006-0598 [elog: buffer overflow in write_logfile]
+	RESERVED
 	- elog 2.6.1+r1642-1
 CVE-2006-0597 [elog: remote DoS through overly long attributes]
+	RESERVED
 	- elog 2.6.1+r1642-1
 CVE-2006-0599 [elog: information discloure in password denial]
+	RESERVED
 	- elog 2.6.1+r1642-1
 CVE-2006-0600 [elog: remote DoS through endless loop]
+	RESERVED
 	- elog 2.6.1+r1642-1
 CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before
6.00.304 ...)
 	TODO: check
-CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing service
...)
+CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce
Server ...)
 	TODO: check
 CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based
and ...)
 	TODO: check
@@ -40,7 +138,7 @@
 	TODO: check
 CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM
privileges by ...)
 	TODO: check
-CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile
allows ...)
+CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile
0.9.1 and ...)
 	TODO: check
 CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote
attackers to ...)
 	TODO: check
@@ -175,10 +273,10 @@
 	- spip <unfixed> (medium; bug #351335)
 CVE-2006-0517 (Multiple SQL injection vulnerabilities in ...)
 	- spip <unfixed> (medium; bug #351334)
-CVE-2006-0625
+CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g
and ...)
 	- spip <unfixed> (medium; bug #352076)
 	NOTE: http://www.securityfocus.com/bid/16556
-CVE-2006-0626
+CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP
1.8.2g and ...)
 	- spip <unfixed> (medium; bug #352077)
 	NOTE: http://www.securityfocus.com/bid/16551
 CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10
64 ...)
@@ -2990,11 +3088,11 @@
 	RESERVED
 CVE-2006-0021
 	RESERVED
-CVE-2006-0020 (An unspecified Microsoft WMF parsing application allows
attackers to ...)
+CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in
Internet ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-0018
 	REJECTED
-CVE-2005-3961 (WebCalendar 1.0.1 allows remote attackers to overwrite
WebCalendar ...)
+CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers
to ...)
 	- webcalendar <unfixed> (bug #341208; medium)
 CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a
denial of ...)
 	NOT-FOR-US: Kadu
@@ -11597,8 +11695,8 @@
 	NOT-FOR-US: Sophos
 CVE-2005-1529
 	RESERVED
-CVE-2005-1528
-	RESERVED
+CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in
QNX ...)
+	TODO: check
 CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and
earlier, ...)
 	{DSA-892-1}
 	- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
Secure testing commits - Feb 2006 - r3452 - data/CVE

[Secure-testing-commits] r3452 - data/CVE
