thr3ads.net - Secure testing commits - [Secure-testing-commits] r3578

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Mar-10 09:15 UTC
[Secure-testing-commits] r3578 - data/CVE

Author: joeyh
Date: 2006-03-10 09:14:24 +0000 (Fri, 10 Mar 2006)
New Revision: 3578

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-03-10 09:07:56 UTC (rev 3577)
+++ data/CVE/list	2006-03-10 09:14:24 UTC (rev 3578)
@@ -1,3 +1,164 @@
+CVE-2006-1128 (Directory traversal vulnerability in the session handling class
...)
+	TODO: check
+CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to
2.0.2 ...)
+	TODO: check
+CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP
...)
+	TODO: check
+CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets
...)
+	TODO: check
+CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows
remote ...)
+	TODO: check
+CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows
remote ...)
+	TODO: check
+CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in
D2KBlog ...)
+	TODO: check
+CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1
allows ...)
+	TODO: check
+CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in
DCP-Portal ...)
+	TODO: check
+CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has
insufficient ...)
+	TODO: check
+CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1
allows ...)
+	TODO: check
+CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce,
(3) ...)
+	TODO: check
+CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before
2.18 ...)
+	TODO: check
+CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman ...)
+	TODO: check
+CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before
0.42 ...)
+	TODO: check
+CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before
0.42 ...)
+	TODO: check
+CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0
allows ...)
+	TODO: check
+CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0
allows ...)
+	TODO: check
+CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1
...)
+	TODO: check
+CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe
...)
+	TODO: check
+CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1
and ...)
+	TODO: check
+CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1
and ...)
+	TODO: check
+CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the
Cube ...)
+	TODO: check
+CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows
remote ...)
+	TODO: check
+CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten
2006_02_28, as ...)
+	TODO: check
+CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...)
+	TODO: check
+CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4
allows ...)
+	TODO: check
+CVE-2006-1098 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank
MOD ...)
+	TODO: check
+CVE-2006-1096 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-1095 (Unspecified vulnerability in the FileSession object in
Mod_python ...)
+	TODO: check
+CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for
...)
+	TODO: check
+CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through
5.0.2.15 ...)
+	TODO: check
+CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the
process ...)
+	TODO: check
+CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an
...)
+	TODO: check
+CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB
1.2.10 ...)
+	TODO: check
+CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain
...)
+	TODO: check
+CVE-2006-1087 (Direct static code injection vulnerability in the modify_config
action ...)
+	TODO: check
+CVE-2006-1086
+	REJECTED
+	TODO: check
+CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and
...)
+	TODO: check
+CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats
0.1.9.1 and ...)
+	TODO: check
+CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in
phpArcadeScript ...)
+	TODO: check
+CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in
Jonathan ...)
+	TODO: check
+CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in
Game-Panel ...)
+	TODO: check
+CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other
products ...)
+	TODO: check
+CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd
2.25b, ...)
+	TODO: check
+CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Evo-Dev
evoBlog ...)
+	TODO: check
+CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a
showtopic ...)
+	TODO: check
+CVE-2006-1075 (Format string vulnerability in the visualization function in
Jason ...)
+	TODO: check
+CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote
attackers ...)
+	TODO: check
+CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave
Simplog ...)
+	TODO: check
+CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog
1.0.2 and ...)
+	TODO: check
+CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in
DVguestbook ...)
+	TODO: check
+CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...)
+	TODO: check
+CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog
1.4.x ...)
+	TODO: check
+CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow
remote ...)
+	TODO: check
+CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote
...)
+	TODO: check
+CVE-2006-1066
+	RESERVED
+CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard
(MyBB) ...)
+	TODO: check
+CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker
2.0 and ...)
+	TODO: check
+CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows
remote ...)
+	TODO: check
+CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and
earlier ...)
+	TODO: check
+CVE-2006-1061
+	RESERVED
+CVE-2006-1060
+	RESERVED
+CVE-2006-1059
+	RESERVED
+CVE-2006-1058
+	RESERVED
+CVE-2006-1057
+	RESERVED
+CVE-2006-1056
+	RESERVED
+CVE-2006-1055
+	RESERVED
+CVE-2006-1054
+	RESERVED
+CVE-2006-1053
+	RESERVED
+CVE-2006-1052
+	RESERVED
+CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine
before ...)
+	TODO: check
+CVE-2006-1050 (Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the
...)
+	TODO: check
+CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on
Debian ...)
+	TODO: check
 CVE-2006-XXXX [runit local privilege escalation]
 	- runit <unfixed> (bug #356016; medium)
 	[sarge] - runit <not-affected>
@@ -644,18 +805,16 @@
 	RESERVED
 CVE-2006-0747
 	RESERVED
-CVE-2006-0746 [kpdf security fix regression]
-	RESERVED
+CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches
from xpdf ...)
 	- kdegraphics 3.5.0-3
 	NOTE: Only affected the 3.3.2 KDE backport
 CVE-2006-0745
 	RESERVED
 CVE-2006-0744
 	RESERVED
-CVE-2006-0743
-	RESERVED
-CVE-2006-0742 [[IA64] die_if_kernel() can return]
-	RESERVED
+CVE-2006-0743 (Unspecified vulnerability in LocalSyslogAppender in Apache
log4net ...)
+	TODO: check
+CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in
Linux ...)
 	- linux-2.6 2.6.15-8
 CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors,
allows ...)
 	- linux-2.6 2.6.15-8
@@ -835,6 +994,7 @@
 CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i
cell ...)
 	NOT-FOR-US: Sony Ericsson
 CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote
attackers to ...)
+	{DSA-990-1}
 	- bluez-hcidump 1.30-1 (bug #351881; medium)
 CVE-2006-0669 (** DISPUTED ** ...)
 	NOT-FOR-US: Forum Light
@@ -2694,7 +2854,7 @@
 	NOT-FOR-US: PHP-Fusion
 CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in
PHP-Fusion ...)
 	NOT-FOR-US: PHP-Fusion
-CVE-2005-4515 (SQL injection vulnerability in WebDB 1.1 and earlier allows
remote ...)
+CVE-2005-4515 (** DISPUTED ** ...)
 	NOT-FOR-US: WebDB
 CVE-2005-4514 (** DISPUTED ** ...)
 	NOT-FOR-US: Webwasher
@@ -4919,8 +5079,8 @@
 	NOTE: does not appear to affect debian, redhat-specific
 CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to
obtain ...)
 	TODO: check
-CVE-2005-3629
-	RESERVED
+CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly
handle ...)
+	TODO: check
 CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
 	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1
DSA-932-1 DSA-931-1 DTSA-28-1}
 	- kdegraphics 3.5.0-3
Secure testing commits - Mar 2006 - r3578 - data/CVE

[Secure-testing-commits] r3578 - data/CVE
