thr3ads.net - Secure testing commits - [Secure-testing-commits] r3497

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Feb-16 09:16 UTC
[Secure-testing-commits] r3497 - data/CVE

Author: joeyh
Date: 2006-02-16 09:14:24 +0000 (Thu, 16 Feb 2006)
New Revision: 3497

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-02-16 08:46:31 UTC (rev 3496)
+++ data/CVE/list	2006-02-16 09:14:24 UTC (rev 3497)
@@ -1,6 +1,139 @@
+CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in My Blog before 1.65
allows ...)
+	TODO: check
+CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE
...)
+	TODO: check
+CVE-2006-0733 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-0732 (Unspecified vulnerability in SAP Business Connector 4.6 and 4.7
allows ...)
+	TODO: check
+CVE-2006-0731 (Unspecified vulnerability in SAP Business Connector Core Fix 7
and ...)
+	TODO: check
+CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3
allow ...)
+	TODO: check
+CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE
1.0 ...)
+	TODO: check
+CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00
and ...)
+	TODO: check
+CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF
MSAnalysis ...)
+	TODO: check
+CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in
CPG-Nuke ...)
+	TODO: check
+CVE-2006-0725 (PHP remote file include vulnerability in prepend.php in Plume
CMS ...)
+	TODO: check
+CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when
...)
+	TODO: check
+CVE-2006-0723 (preview.php in Reamday Enterprises Magic News Lite 1.2.3, when
...)
+	TODO: check
+CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when
...)
+	TODO: check
+CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a
...)
+	TODO: check
+CVE-2006-0720
+	RESERVED
+CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP
Classifieds ...)
+	TODO: check
+CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in
Avaya ...)
+	TODO: check
+CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows
remote ...)
+	TODO: check
+CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows
remote ...)
+	TODO: check
+CVE-2006-0714 (Directory traversal vulnerability in the installation file ...)
+	TODO: check
+CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote
...)
+	TODO: check
+CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not
properly ...)
+	TODO: check
+CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in
neomail-prefs.pl ...)
+	TODO: check
+CVE-2006-0710 (Double-free vulnerability in isode.eddy in Isode M-Vault Server
11.3 ...)
+	TODO: check
+CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier
allow ...)
+	TODO: check
+CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers,
allows ...)
+	TODO: check
+CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in
G&#228;stebuch ...)
+	TODO: check
+CVE-2006-0705 (Format string vulnerability in a logging function as used by
various ...)
+	TODO: check
+CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a
&quot;bespoke error ...)
+	TODO: check
+CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has
unknown ...)
+	TODO: check
+CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to
upload ...)
+	TODO: check
+CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list
...)
+	TODO: check
+CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder
permission ...)
+	TODO: check
+CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in
QWikiWiki ...)
+	TODO: check
+CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow
remote ...)
+	TODO: check
+CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes
directory, ...)
+	TODO: check
+CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows
remote ...)
+	TODO: check
+CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions,
which ...)
+	TODO: check
+CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in
Ansilove ...)
+	TODO: check
+CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto
Butti ...)
+	TODO: check
+CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL
...)
+	TODO: check
+CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify
that ...)
+	TODO: check
+CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking
Software ...)
+	TODO: check
+CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration
Form in ...)
+	TODO: check
+CVE-2006-0688 (PHP remote file include vulnerability in application.php in ...)
+	TODO: check
+CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the
$siteModInfo ...)
+	TODO: check
+CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1
and ...)
+	TODO: check
+CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control
...)
+	TODO: check
+CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS)
2.4.7.1 ...)
+	TODO: check
+CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting
Control ...)
+	TODO: check
+CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes
system ...)
+	TODO: check
+CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd)
2.0.2 ...)
+	TODO: check
+CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows
remote ...)
+	TODO: check
+CVE-2006-0679
+	RESERVED
+CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x
before ...)
+	TODO: check
+CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and
DI-784 ...)
+	TODO: check
+CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers
to ...)
+	TODO: check
+CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in
tmsPUBLISHER ...)
+	TODO: check
+CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote
attackers to ...)
+	TODO: check
+CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel
1.0.6 ...)
+	TODO: check
+CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows
2000 ...)
+	TODO: check
+CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow
remote ...)
+	TODO: check
 CVE-2006-XXXX [honeyd info leak]
 	- honeyd <unfixed> (bug filed)
 CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2
allows ...)
+	{DSA-977-1}
 	- heimdal <unfixed>
 CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in
PHP-Nuke 6.0 ...)
 	NOT-FOR-US: PHP-Nuke
@@ -22,8 +155,8 @@
 	NOT-FOR-US: PwsPHP
 CVE-2006-0667
 	RESERVED
-CVE-2006-0666
-	RESERVED
+CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64
kernels ...)
+	TODO: check
 CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
 	- mantis 0.19.4-3
 	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
@@ -34,7 +167,7 @@
 	NOT-FOR-US: Lotus Domino 
 CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes
Client ...)
 	NOT-FOR-US: Lotus Domino
-CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in SmE GB Host 1.21 and
SmE ...)
+CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host
1.21 ...)
 	NOT-FOR-US: SmE GB Host
 CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5
and ...)
 	NOT-FOR-US: FarsiNews
@@ -226,6 +359,7 @@
 CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy
3.0 and ...)
 	NOT-FOR-US: Clever Copy
 CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6
and ...)
+	{DSA-977-1}
 	- heimdal <unfixed>
 CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8
...)
 	NOT-FOR-US: Hosting Controller
@@ -283,8 +417,8 @@
 	RESERVED
 CVE-2006-0554
 	RESERVED
-CVE-2006-0553
-	RESERVED
+CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database
users to ...)
+	TODO: check
 CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of
Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in
Oracle ...)
@@ -346,7 +480,7 @@
 	- evolution 2.2.3-4 (low)
 	[sarge] - evolution <not-affected> (Vulnerability was apparantly
introduced in 2.3.1)
 	[woody] - evolution <not-affected> (Vulnerability was apparantly
introduced in 2.3.1)
-CVE-2006-0527 (Unspecified vulnerability in Berkeley Internet Name Domain
(BIND) on ...)
+CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target
forwarder, ...)
 	NOTE: CVE says, "due to the lack of relevant details from the vendor, it
is not
 	NOTE: known whether this is a duplicate of an existing CVE or a brand-new
issue that
 	NOTE: applies to BIND on other operating systems."
@@ -578,8 +712,7 @@
 	RESERVED
 CVE-2006-0456
 	RESERVED
-CVE-2006-0455 [buggy return codes in gpg''s sig verification code]
-	RESERVED
+CVE-2006-0455 (gpgv in GnuPG 1.4.x before 1.4.2.1, when using unattended
signature ...)
 	- gnupg <unfixed> (bug #353017; medium)
 	NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
indicates that
 	NOTE: *all* versions are affected because gpg --verify is also affected
@@ -587,12 +720,12 @@
 	- linux-2.6 2.6.15-5
 	[sarge] - kernel-source-2.6.8 <not-affected>
 	[sarge] - kernel-source-2.4.27 <not-affected>
-CVE-2006-0453
-	RESERVED
-CVE-2006-0452
-	RESERVED
-CVE-2006-0451
-	RESERVED
+CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote
...)
+	TODO: check
+CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0
...)
+	TODO: check
+CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory
Server ...)
+	TODO: check
 CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a
denial of ...)
 	- phpbb2 <unfixed> (unimportant)
 	NOTE: As discussed with the phpbb maintainers; this is only a lack of feature
@@ -678,7 +811,7 @@
 	NOT-FOR-US: BEA WebLogic
 CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5,
and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic
-CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows local users to
...)
+CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit
...)
 	- unzip <unfixed> (medium; bug #349794)
 	NOTE: The scope of this issue is currently unclear, medium for now, but might
be
 	NOTE: less severe
@@ -756,8 +889,8 @@
 	RESERVED
 CVE-2006-0383
 	RESERVED
-CVE-2006-0382
-	RESERVED
+CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial
of ...)
+	TODO: check
 CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in
FreeBSD ...)
 	NOT-FOR-US: pf on Free BSD and Open BSD 
 CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the
kernel ...)
@@ -3193,8 +3326,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-0022
 	RESERVED
-CVE-2006-0021
-	RESERVED
+CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1,
allows ...)
+	TODO: check
 CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in
Internet ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-0018
@@ -3266,7 +3399,7 @@
 CVE-2005-3929 (Directory traversal vulnerability in the create function in ...)
 	NOT-FOR-US: Xaraya
 	NOTE: xarMLSXML2PHPBackend.php, ''nuff said
-CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.3.0 allows local users to
execute ...)
+CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local
users ...)
 	NOT-FOR-US: QNX
 CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and
...)
 	NOT-FOR-US: GuppY
@@ -3956,8 +4089,8 @@
 	RESERVED
 CVE-2006-0014
 	RESERVED
-CVE-2006-0013
-	RESERVED
+CVE-2006-0013 (Buffer overflow in the Web Client service for Microsoft Windows
XP SP1 ...)
+	TODO: check
 CVE-2006-0012
 	RESERVED
 CVE-2006-0011
@@ -3966,16 +4099,16 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-0009
 	RESERVED
-CVE-2006-0008
-	RESERVED
+CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in
Korean ...)
+	TODO: check
 CVE-2006-0007
 	RESERVED
-CVE-2006-0006
-	RESERVED
-CVE-2006-0005
-	RESERVED
-CVE-2006-0004
-	RESERVED
+CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in
...)
+	TODO: check
+CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media
Player ...)
+	TODO: check
+CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction
with ...)
+	TODO: check
 CVE-2006-0003
 	RESERVED
 CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 200 through 2003,
...)
@@ -5071,8 +5204,7 @@
 CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary
files ...)
 	{DSA-927-1}
 	- tkdiff 1:4.0.2-2 (low)
-CVE-2005-3342 [insecure temp file in noweb]
-	RESERVED
+CVE-2005-3342 (noweb 2.10c and earlier allows local users to overwrite
arbitrary ...)
 	{DSA-968-1}
 	- noweb 2.10c-3.2 (low)
 CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and
...)
@@ -5712,7 +5844,7 @@
 	- polipo <unfixed> (bug #332411; medium)
 CVE-2005-3162
 	REJECTED
-CVE-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows
...)
+CVE-2005-3161 (Multiple SQL injection vulnerabilities in PHP-Fusion before
6.00.110 ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in
...)
 	NOT-FOR-US: PHP-Fusion
@@ -6055,10 +6187,10 @@
 	NOT-FOR-US: AIX
 CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and
...)
 	NOT-FOR-US: Opera
-CVE-2005-3058
-	RESERVED
-CVE-2005-3057
-	RESERVED
+CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running
FortiOS ...)
+	TODO: check
+CVE-2005-3057 (Unspecified vulnerability in the FTP component in FortiGate 2.8,
...)
+	TODO: check
 CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution
]
 	RESERVED
 	- twiki 20040902-2 (bug #330733; high)
@@ -6855,8 +6987,8 @@
 	RESERVED
 CVE-2005-2713
 	RESERVED
-CVE-2005-2712
-	RESERVED
+CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1,
6.5.5, ...)
+	TODO: check
 CVE-2005-2711
 	RESERVED
 CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer
10 ...)
@@ -7232,10 +7364,10 @@
 	NOT-FOR-US: ECW Shop
 CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores
the ...)
 	NOT-FOR-US: Novell GroupWise
-CVE-2005-2619
-	RESERVED
-CVE-2005-2618
-	RESERVED
+CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy
(formerly ...)
+	TODO: check
+CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly
Verity) ...)
+	TODO: check
 CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to
cause a ...)
 	NOT-FOR-US: MS IE
 CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX
control ...)
Secure testing commits - Feb 2006 - r3497 - data/CVE

[Secure-testing-commits] r3497 - data/CVE
