Secure testing commits - Feb 2006 - r3518 - data/CVE

Author: joeyh
Date: 2006-02-21 09:14:56 +0000 (Tue, 21 Feb 2006)
New Revision: 3518

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-02-20 14:05:51 UTC (rev 3517)
+++ data/CVE/list	2006-02-21 09:14:56 UTC (rev 3518)
@@ -1,3 +1,161 @@
+CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate
Board ...)
+	TODO: check
+CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9
allows ...)
+	TODO: check
+CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow
remote ...)
+	TODO: check
+CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service
...)
+	TODO: check
+CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word
...)
+	TODO: check
+CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb
4.71 ...)
+	TODO: check
+CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed
...)
+	TODO: check
+CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers
to ...)
+	TODO: check
+CVE-2006-0803
+	RESERVED
+CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages
module ...)
+	TODO: check
+CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for
PostNuke ...)
+	TODO: check
+CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows
remote ...)
+	TODO: check
+CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to conduct
...)
+	TODO: check
+CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service
in ...)
+	TODO: check
+CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to caues a denial
of ...)
+	TODO: check
+CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in
Clever Copy ...)
+	TODO: check
+CVE-2006-0795 (Unspecified vulnerability in convert.cgi in Quirex 2.0.2 and
earlier ...)
+	TODO: check
+CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain
the ...)
+	TODO: check
+CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to
conduct ...)
+	TODO: check
+CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in
preferences.personal.php ...)
+	TODO: check
+CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in
DreamCost ...)
+	TODO: check
+CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-0789 (Certain unspecified Kyocera printers have a default
"admin" account ...)
+	TODO: check
+CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that
allows ...)
+	TODO: check
+CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2
and ...)
+	TODO: check
+CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT
1.6.1 ...)
+	TODO: check
+CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT
1.6.1 ...)
+	TODO: check
+CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote
attackers ...)
+	TODO: check
+CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in
Siteframe ...)
+	TODO: check
+CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and
earlier ...)
+	TODO: check
+CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b
and ...)
+	TODO: check
+CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl
in ...)
+	TODO: check
+CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB
Forums ...)
+	TODO: check
+CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and
earlier ...)
+	TODO: check
+CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex
1.0 ...)
+	TODO: check
+CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca
Scripts ...)
+	TODO: check
+CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys
3.1 ...)
+	TODO: check
+CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession
library ...)
+	TODO: check
+CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business
Logic - ...)
+	TODO: check
+CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic -
Container ...)
+	TODO: check
+CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as
used ...)
+	TODO: check
+CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in ...)
+	TODO: check
+CVE-2006-0769 (Unspecified vulnerability in in.rexecd in Solaris 10 allows
local ...)
+	TODO: check
+CVE-2006-0768 (Kadu 0.4.3 allows remote attackers to cause a denial of service
...)
+	TODO: check
+CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive
...)
+	TODO: check
+CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite
4.1, ...)
+	TODO: check
+CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly
Mirabilis) ...)
+	TODO: check
+CVE-2006-0764 (The Authentication, Authorization, and Accounting (AAA)
capability in ...)
+	TODO: check
+CVE-2006-0763 (Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi
in ...)
+	TODO: check
+CVE-2006-0762 (WinAbility Folder Guard 4.11 allows local users to gain
unauthorized ...)
+	TODO: check
+CVE-2006-0761 (Buffer overflow in BlackBerry Attachment Service in Research in
Motion ...)
+	TODO: check
+CVE-2006-0760 (LightTPD 1.4.8 and earlier, when the web root is on a
case-insensitive ...)
+	TODO: check
+CVE-2006-0759 (Multiple SQL injection vulnerabilities in HiveMail 1.3 and
earlier ...)
+	TODO: check
+CVE-2006-0758 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail
1.3 ...)
+	TODO: check
+CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and
earlier ...)
+	TODO: check
+CVE-2006-0756 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-0755 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-0754 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP
Service ...)
+	TODO: check
+CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP
packet ...)
+	TODO: check
+CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in
...)
+	TODO: check
+CVE-2006-0750 (SQL injection vulnerability in index.php in supersmashbrothers
(SSB) ...)
+	TODO: check
+CVE-2006-0749
+	RESERVED
+CVE-2006-0748
+	RESERVED
+CVE-2006-0747
+	RESERVED
+CVE-2006-0746
+	RESERVED
+CVE-2006-0745
+	RESERVED
+CVE-2006-0744
+	RESERVED
+CVE-2006-0743
+	RESERVED
+CVE-2006-0742
+	RESERVED
+CVE-2006-0741
+	RESERVED
+CVE-2006-0740
+	RESERVED
+CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone
allow ...)
+	TODO: check
+CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2006-0736
+	RESERVED
+CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows
...)
+	TODO: check
+CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass
intended ...)
+	TODO: check
+CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3
allows ...)
+	TODO: check
 CVE-2006-XXXX [sa-exim: deletion of files]
 	- sa-exim <unfixed> (bug #345071)
 CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand]
@@ -2,7 +160,7 @@
 	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
-CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in My Blog before 1.65
allows ...)
+CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom
...)
 	NOT-FOR-US: My Blog
 CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE
...)
 	NOT-FOR-US: Half-Life
-CVE-2006-0733 (** DISPUTED ** ...)
+CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in
WordPress ...)
 	- wordpress <unfixed>
@@ -118,8 +276,8 @@
 	NOTE: powerd supposedly normally comes with sysvinit, but not in debian
 CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows
remote ...)
 	- webgui <itp> (bug #139749)
-CVE-2006-0679
-	RESERVED
+CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account
module in ...)
+	TODO: check
 CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x
before ...)
 	NOTE: Only vulnerable when compiled with asserts
 	- postgresql <unfixed> (unimportant)
@@ -161,7 +319,7 @@
 	NOT-FOR-US: Sony Ericsson
 CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote
attackers to ...)
 	- bluez-hcidump <unfixed> (bug #351881)
-CVE-2006-0669 (Multiple SQL injection vulnerabilities in archive.asp in
GA''s Forum ...)
+CVE-2006-0669 (** DISPUTED ** ...)
 	NOT-FOR-US: Forum Light
 CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows
remote ...)
 	NOT-FOR-US: PwsPHP
@@ -714,8 +872,8 @@
 	NOT-FOR-US: AndoNET Blog
 CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in
...)
 	NOT-FOR-US: ExpressionEngine
-CVE-2006-0460
-	RESERVED
+CVE-2006-0460 (Multiple buffer overflows in BomberClone before 0.11.6.2 allow
remote ...)
+	TODO: check
 CVE-2006-0459
 	RESERVED
 CVE-2006-0458
@@ -2111,8 +2269,8 @@
 	- nfs-user-server 2.2beta47-22 (high; bug #350020)
 	NOTE: nfs-utils (kernel NFS server) is not affected
 	NOTE: (it uses PATH_MAX for the buffer passed to realpath).
-CVE-2006-0042
-	RESERVED
+CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2)
...)
+	TODO: check
 CVE-2006-0041
 	RESERVED
 CVE-2006-0040
@@ -2964,7 +3122,7 @@
 	NOT-FOR-US: SugarCRM
 CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar
Suite ...)
 	NOT-FOR-US: SugarCRM
-CVE-2005-4085 (Buffer overflow in BlueCoat WinProxy before 6.1a allows remote
...)
+CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the
web ...)
 	NOT-FOR-US: BlueCoat WinProxy
 CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier
...)
 	NOT-FOR-US: phpBB eXtreme Styles module
@@ -3089,7 +3247,7 @@
 	NOT-FOR-US: aMember
 CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote
attackers ...)
 	NOT-FOR-US: SimpleBBS
-CVE-2005-4026 (search.php in Geeklog 1.4.0 Beta 1 and earlier allows remote
attackers ...)
+CVE-2005-4026 (search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before
...)
 	NOT-FOR-US: Geeklog
 CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect
...)
 	NOT-FOR-US: Help Desk Reloaded Free Help Desk
@@ -4108,7 +4266,7 @@
 	RESERVED
 CVE-2006-0014
 	RESERVED
-CVE-2006-0013 (Buffer overflow in the Web Client service for Microsoft Windows
XP SP1 ...)
+CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for
Microsoft ...)
 	TODO: check
 CVE-2006-0012
 	RESERVED
@@ -10896,7 +11054,7 @@
 	{DSA-804-2}
 	- kdelibs 4:3.4.2-1 (bug #319016; medium)
 CVE-2005-1919
-	RESERVED
+	REJECTED
 CVE-2005-1918
 	RESERVED
 CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and
overwrite ...)
@@ -20875,8 +21033,8 @@
 	RESERVED
 CVE-2003-0957
 	RESERVED
-CVE-2003-0956
-	RESERVED
+CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux
kernel ...)
+	TODO: check
 CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial
of ...)
 	NOT-FOR-US: OpenBSD
 CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local
users ...)