thr3ads.net - Secure testing commits - [Secure-testing-commits] r3480

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Feb-14 21:15 UTC
[Secure-testing-commits] r3480 - data/CVE

Author: joeyh
Date: 2006-02-14 21:14:24 +0000 (Tue, 14 Feb 2006)
New Revision: 3480

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-02-14 20:56:53 UTC (rev 3479)
+++ data/CVE/list	2006-02-14 21:14:24 UTC (rev 3480)
@@ -1,3 +1,77 @@
+CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2
allows ...)
+	TODO: check
+CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in
PHP-Nuke 6.0 ...)
+	TODO: check
+CVE-2006-0675 (Cross-site scripting (XSS) vulnerability in search.php in
Siteframe ...)
+	TODO: check
+CVE-2006-0674 (Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2,
5.2 ...)
+	TODO: check
+CVE-2006-0673 (Multiple SQL injection vulnerabilities in cms/index.php in Magic
...)
+	TODO: check
+CVE-2006-0672 (Unspecified vulnerability in HP PSC 1210 All-in-One Drivers
before ...)
+	TODO: check
+CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i
cell ...)
+	TODO: check
+CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-0669 (Multiple SQL injection vulnerabilities in archive.asp in
GA''s Forum ...)
+	TODO: check
+CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows
remote ...)
+	TODO: check
+CVE-2006-0667
+	RESERVED
+CVE-2006-0666
+	RESERVED
+CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
+	TODO: check
+CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in
config_defaults_inc.php in ...)
+	TODO: check
+CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus
Domino ...)
+	TODO: check
+CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes
Client ...)
+	TODO: check
+CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in SmE GB Host 1.21 and
SmE ...)
+	TODO: check
+CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5
and ...)
+	TODO: check
+CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in Runcms 1.2
and ...)
+	TODO: check
+CVE-2006-0658 (Incomplete blacklist vulnerability in FCKeditor 2.0 and 2.2, as
used ...)
+	TODO: check
+CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP
Event ...)
+	TODO: check
+CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager
4.2 ...)
+	TODO: check
+CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+	TODO: check
+CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate
...)
+	TODO: check
+CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht
Topsites ...)
+	TODO: check
+CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect
permissions ...)
+	TODO: check
+CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote
...)
+	TODO: check
+CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in
the ...)
+	TODO: check
+CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch
before 4.37 ...)
+	TODO: check
+CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar
2.0.1, ...)
+	TODO: check
+CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on
Linux ...)
+	TODO: check
+CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain ...)
+	TODO: check
+CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1)
GnuTLS ...)
+	TODO: check
+CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in
PHP-Nuke 7.8, ...)
+	TODO: check
+CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS
(VLAN ...)
+	TODO: check
+CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in
PAM-MySQL ...)
+	TODO: check
+CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP
Handicapper ...)
+	TODO: check
 CVE-2006-XXXX [imagemagick''s display(1) deletes arbitrary files]
 	- imagemagick 6:6.2.4.5-0.7 (bug #352575; medium)
 	- graphicsmagick <not-affected> (Vulnerable code not present)
@@ -111,20 +185,16 @@
 	NOT-FOR-US: Land Down Under
 CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD
products ...)
 	NOT-FOR-US: AutoCAD
-CVE-2006-0598 [elog: buffer overflow in write_logfile]
-	RESERVED
+CVE-2006-0598 (Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows
...)
 	{DSA-967-1}
 	- elog 2.6.1+r1642-1
-CVE-2006-0597 [elog: remote DoS through overly long attributes]
-	RESERVED
+CVE-2006-0597 (Multiple stack-based buffer overflows in elogd.c in elog before
2.5.7 ...)
 	{DSA-967-1}
 	- elog 2.6.1+r1642-1
-CVE-2006-0599 [elog: information discloure in password denial]
-	RESERVED
+CVE-2006-0599 (The (1) elog.c and (2) elogd.c components in elog before 2.5.7
r1558-4 ...)
 	{DSA-967-1}
 	- elog 2.6.1+r1642-1
-CVE-2006-0600 [elog: remote DoS through endless loop]
-	RESERVED
+CVE-2006-0600 (elog before 2.5.7 r1558-4 allows remote attackers to cause a
denial of ...)
 	{DSA-967-1}
 	- elog 2.6.1+r1642-1
 CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before
6.00.304 ...)
@@ -149,7 +219,7 @@
 	NOT-FOR-US: PeopleSoft People Tools
 CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy
3.0 and ...)
 	NOT-FOR-US: Clever Copy
-CVE-2006-0582 (Unspecified vulnerability in Heimdal rshd 0.6.x before 0.6.6 and
0.7.x ...)
+CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6
and ...)
 	- heimdal <unfixed>
 CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8
...)
 	NOT-FOR-US: Hosting Controller
@@ -855,6 +925,7 @@
 CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware
WV.00.02 ...)
 	NOT-FOR-US: ZyXel hardware
 CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in
other ...)
+	{DSA-971-1}
 	- poppler 0.4.5-1 (medium)
 	- tetex-bin 3.0-12 (medium)
 	- kdegraphics 4:3.5.1-2 (medium)
@@ -1553,8 +1624,8 @@
 	RESERVED
 CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote
attackers ...)
 	NOT-FOR-US: Windows
-CVE-2006-0056
-	RESERVED
+CVE-2006-0056 (Double-free vulnerability in the authentication and
authentication ...)
+	TODO: check
 CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses
predictable ...)
 	- ee <unfixed> (bug #348322)
 	NOTE: Sarge and Woody are affected
@@ -1620,8 +1691,7 @@
 	RESERVED
 CVE-2006-0047
 	RESERVED
-CVE-2006-0046 [adzapper DoS]
-	RESERVED
+CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows
remote ...)
 	{DSA-966-1}
 	- adzapper 20060115-1
 CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving
and ...)
@@ -4059,8 +4129,7 @@
 	- libextractor 0.5.9-1
 	- pdfkit.framework 0.8-4
 	- pdftohtml <unfixed>
-CVE-2005-3623 [Incorrect ACLs only read-only NFS shares]
-	RESERVED
+CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for
MAY_SATTR ...)
 	[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
 	- linux-2.6 2.6.14-7
 CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to
obtain ...)
@@ -4317,9 +4386,9 @@
 	NOT-FOR-US: F-Prot Antivirus
 CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x
before ...)
 	NOT-FOR-US: WebSphere
-CVE-2005-3497 (SQL injection vulnerability in process_signup.php in PHP
Handicapper ...)
+CVE-2005-3497 (** DISPUTED ** ...)
 	NOT-FOR-US: PHP Handicapper
-CVE-2005-3496 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
Handicapper ...)
+CVE-2005-3496 (Cross-site scripting (XSS) vulnerability in PHP Handicapper
allows ...)
 	NOT-FOR-US: PHP Handicapper
 CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass ...)
 	NOT-FOR-US: Ar-blog
@@ -5400,8 +5469,8 @@
 CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow
remote ...)
 	- ethereal 0.10.13-1 (bug #334880; medium)
 	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
-CVE-2005-3240
-	RESERVED
+CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows
user-complicit ...)
+	TODO: check
 CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket
Option ...)
 	NOT-FOR-US: Solaris
 CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and
...)
Secure testing commits - Feb 2006 - r3480 - data/CVE

[Secure-testing-commits] r3480 - data/CVE
