thr3ads.net - Secure testing commits - [Secure-testing-commits] r3536

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Feb-24 21:15 UTC
[Secure-testing-commits] r3536 - data/CVE

Author: joeyh
Date: 2006-02-24 21:14:25 +0000 (Fri, 24 Feb 2006)
New Revision: 3536

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-02-24 18:39:00 UTC (rev 3535)
+++ data/CVE/list	2006-02-24 21:14:25 UTC (rev 3536)
@@ -1,3 +1,151 @@
+CVE-2006-0883
+	RESERVED
+CVE-2006-0882 (Directory traversal vulnerability in include.php in
Noah''s Classifieds ...)
+	TODO: check
+CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in
gorum/gorumlib.php ...)
+	TODO: check
+CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-0879 (SQL injection vulnerability in the search tool in
Noah''s Classifieds ...)
+	TODO: check
+CVE-2006-0878 (Noah''s Classifieds 1.3 allows remote attackers to
obtain the ...)
+	TODO: check
+CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows
remote ...)
+	TODO: check
+CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS
1.3a5 ...)
+	TODO: check
+CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser
...)
+	TODO: check
+CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in
...)
+	TODO: check
+CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine
Photo ...)
+	TODO: check
+CVE-2006-0871 (Unspecified vulnerability in Mambo 4.5.3, 4.5.3h, and possibly
...)
+	TODO: check
+CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System
1.8.2 ...)
+	TODO: check
+CVE-2006-0869 (Directory traversal vulnerability in the &quot;remember
me&quot; feature in PHP ...)
+	TODO: check
+CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified
Auth ...)
+	TODO: check
+CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT)
WebDrive, ...)
+	TODO: check
+CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct
brute ...)
+	TODO: check
+CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify
the ...)
+	TODO: check
+CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote
...)
+	TODO: check
+CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087
on ...)
+	TODO: check
+CVE-2006-0861 (Michael Salzer Guestbox 0.6 allows remote attackers to obtain
the ...)
+	TODO: check
+CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael
Salzer ...)
+	TODO: check
+CVE-2006-0859 (Michael Salzer Guestbox 0.6 allows remote attackers to post an
admin ...)
+	TODO: check
+CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe,
(2) the ...)
+	TODO: check
+CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0
in e107 ...)
+	TODO: check
+CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host
1.21 ...)
+	TODO: check
+CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c
for zoo ...)
+	TODO: check
+CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in
Intensive ...)
+	TODO: check
+CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet
Anywhere ...)
+	TODO: check
+CVE-2006-0852 (Direct static code injection vulnerability in write.php in
Admbook ...)
+	TODO: check
+CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan
1.05g and ...)
+	TODO: check
+CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php
in ...)
+	TODO: check
+CVE-2006-0849
+	RESERVED
+CVE-2006-0848 (The &quot;Open ''safe'' files after
downloading&quot; option in Safari on Apple ...)
+	TODO: check
+CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component
in ...)
+	TODO: check
+CVE-2006-0846 (Multiple cross-site scripting (XSS) vulnerabilities in Leif M.
...)
+	TODO: check
+CVE-2006-0845 (Leif M. Wright''s Blog 3.5 allows remote authenticated
users with ...)
+	TODO: check
+CVE-2006-0844 (Leif M. Wright''s Blog 3.5 does not make a password
comparison when ...)
+	TODO: check
+CVE-2006-0843 (Leif M. Wright''s Blog 3.5 stores the config file and
other txt files ...)
+	TODO: check
+CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3
allows ...)
+	TODO: check
+CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis
1.00rc4 ...)
+	TODO: check
+CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not
properly ...)
+	TODO: check
+CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not
properly ...)
+	TODO: check
+CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext
...)
+	TODO: check
+CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has
world-readable ...)
+	TODO: check
+CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to cause
an ...)
+	TODO: check
+CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web
Calendar ...)
+	TODO: check
+CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password
of ...)
+	TODO: check
+CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda
...)
+	TODO: check
+CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy
allow ...)
+	TODO: check
+CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim
Rehberi ...)
+	TODO: check
+CVE-2006-0830 (The scripting engine in Internet Explorer allows remote
attackers to ...)
+	TODO: check
+CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows
...)
+	TODO: check
+CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and
MicroServer ...)
+	TODO: check
+CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller
and ...)
+	TODO: check
+CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and
MicroServer ...)
+	TODO: check
+CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller
and ...)
+	TODO: check
+CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in
Geeklog ...)
+	TODO: check
+CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before
...)
+	TODO: check
+CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before
0.99.17 ...)
+	TODO: check
+CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows
remote ...)
+	TODO: check
+CVE-2006-0820
+	RESERVED
+CVE-2006-0819
+	RESERVED
+CVE-2006-0818
+	RESERVED
+CVE-2006-0817
+	RESERVED
+CVE-2006-0816
+	RESERVED
+CVE-2006-0815
+	RESERVED
+CVE-2006-0814
+	RESERVED
+CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-complicit
...)
+	TODO: check
+CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server
...)
+	TODO: check
+CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook
before ...)
+	TODO: check
+CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy
Cache ...)
+	TODO: check
 CVE-2006-XXXX [three issues in bugzilla]
 	- bugzilla <unfixed> (bug filed)
 	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
@@ -20,15 +168,15 @@
 	NOT-FOR-US: php-Nuke
 CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers
to ...)
 	- tin 1.8.1 
-CVE-2006-0803
-	RESERVED
+CVE-2006-0803 (The signature verification functionality in the YaST Online
Update ...)
+	TODO: check
 CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages
module ...)
 	NOT-FOR-US: PostNuke
 CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for
PostNuke ...)
 	NOT-FOR-US: PostNuke
 CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows
remote ...)
 	NOT-FOR-US: PostNuke
-CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to conduct
...)
+CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a
...)
 	NOT-FOR-US: Microsoft
 CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service
in ...)
 	NOT-FOR-US: Macallan Mail Solution
@@ -198,8 +346,8 @@
 	NOT-FOR-US: Reamday Enterprises Magic News Lite
 CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a
...)
 	NOT-FOR-US: RunCMS 
-CVE-2006-0720
-	RESERVED
+CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13
allows ...)
+	TODO: check
 CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP
Classifieds ...)
 	NOT-FOR-US: PHP Classifieds
 CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in
Avaya ...)
@@ -520,7 +668,7 @@
 	NOT-FOR-US: MyTopix
 CVE-2006-0588 (SQL injection vulnerability in search.php in MyTopix 1.2.3
allows ...)
 	NOT-FOR-US: MyTopix
-CVE-2006-0587 (Unspecified vulnerability in Gallery before 1.5.2-pl2 allows
remote ...)
+CVE-2006-0587 (Unspecified vulnerability in util.php in Gallery before
1.5.2-pl2 ...)
 	- gallery 1.5.2-pl2-1
 CVE-2006-0586 (Multiple SQL injection vulnerabilities in Oracle 10g Release 1
before ...)
 	NOT-FOR-US: Oracle
@@ -1074,8 +1222,7 @@
 	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
 CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site
Manager ...)
 	NOT-FOR-US: Netrix X-Site Manager 
-CVE-2006-0377 [squirrelmail IMAP injection]
-	RESERVED
+CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5
allows ...)
 	- squirrelmail <unfixed> (bug #354063)
 CVE-2006-0376 (The 802.11 wireless client in certain operating systems
including ...)
 	NOT-FOR-US: Windows
@@ -1252,8 +1399,7 @@
 	- koffice <unfixed> (medium)
 	- libextractor 0.5.10-1 (medium)
 	- pdfkit.framework 0.8-4 (medium)
-CVE-2006-0300 [buffer overflow in tar]
-	RESERVED
+CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows
user-complicit ...)
 	- tar 1.15.1-3 (bug #354091; high)
 	- dpkg <not-affected> (has completely different tar implementation)
 	[woody] - tar <not-affected>
@@ -1501,8 +1647,7 @@
 	- xorg-x11 <unfixed> (bug #349251; low)
 CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif)
0.4.4 ...)
 	NOT-FOR-US: slsnif
-CVE-2006-0195 [squirrelmail XSS]
-	RESERVED
+CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail
1.4.0 ...)
 	- squirrelmail <unfixed> (bug #354062)
 CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in
FogBugz ...)
 	NOT-FOR-US: FogBugz
@@ -1516,8 +1661,7 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46
allows ...)
 	NOT-FOR-US: eStara Softphone
-CVE-2006-0188 [squirrelmail XSS]
-	RESERVED
+CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote
attackers to ...)
 	- squirrelmail <unfixed> (bug #354064)
 CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other
...)
 	NOT-FOR-US: OcoMon
@@ -4407,8 +4551,8 @@
 	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
 CVE-2005-3631 (udev does not properly set permissions on certain files in
/dev/input, ...)
 	NOTE: does not appear to affect debian, redhat-specific
-CVE-2005-3630
-	RESERVED
+CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to
obtain ...)
+	TODO: check
 CVE-2005-3629
 	RESERVED
 CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
@@ -4672,8 +4816,8 @@
 	NOTE:
http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
 CVE-2005-3526
 	RESERVED
-CVE-2005-3525
-	RESERVED
+CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the
installer ...)
+	TODO: check
 CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in
ManageEngine ...)
 	NOT-FOR-US: ManageEngine NetflowAnalyzer
 CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617
through ...)
@@ -6682,8 +6826,8 @@
 	NOT-FOR-US: Real Player
 CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft
AntiSpyware ...)
 	NOT-FOR-US: Microsoft AntiSpyware
-CVE-2005-2934
-	RESERVED
+CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and
7.1.4 ...)
+	TODO: check
 CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in
mail.c ...)
 	{DSA-861-1}
 	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
@@ -11069,8 +11213,8 @@
 	- kdelibs 4:3.4.2-1 (bug #319016; medium)
 CVE-2005-1919
 	REJECTED
-CVE-2005-1918
-	RESERVED
+CVE-2005-1918 (The original patch for a GNU tar directory traversal
vulnerability ...)
+	TODO: check
 CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and
overwrite ...)
 	NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is
not the same one
 CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to
overwrite ...)
Secure testing commits - Feb 2006 - r3536 - data/CVE

[Secure-testing-commits] r3536 - data/CVE
