thr3ads.net - Secure testing commits - [Secure-testing-commits] r3619

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Mar-15 21:15 UTC
[Secure-testing-commits] r3619 - data/CVE

Author: joeyh
Date: 2006-03-15 21:14:22 +0000 (Wed, 15 Mar 2006)
New Revision: 3619

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-03-15 12:12:03 UTC (rev 3618)
+++ data/CVE/list	2006-03-15 21:14:22 UTC (rev 3619)
@@ -1,3 +1,37 @@
+CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in
CrossFire ...)
+	TODO: check
+CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in
HitHost ...)
+	TODO: check
+CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with
...)
+	TODO: check
+CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews
allow ...)
+	TODO: check
+CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with
...)
+	TODO: check
+CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE
set, ...)
+	TODO: check
+CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in
create.php in ...)
+	TODO: check
+CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller
6.1 ...)
+	TODO: check
+CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and
4.6.x ...)
+	TODO: check
+CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when
menu.module is ...)
+	TODO: check
+CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before
4.5.8 ...)
+	TODO: check
+CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and
4.6.x ...)
+	TODO: check
+CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11
allows ...)
+	TODO: check
+CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content
Manager ...)
+	TODO: check
+CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard
4.1 ...)
+	TODO: check
+CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service
...)
+	TODO: check
+CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown
impact ...)
+	TODO: check
 CVE-2006-XXXX [Insufficient filename sanitising in darcsweb]
 	- darcsweb 0.15-1
 CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for
Mac ...)
@@ -258,7 +292,7 @@
 	NOT-FOR-US: Woltlab Burning Board
 CVE-2006-1096 (** DISPUTED ** ...)
 	NOT-FOR-US: NZ Ecommerce
-CVE-2006-1095 (Unspecified vulnerability in the FileSession object in
Mod_python ...)
+CVE-2006-1095 (Directory traversal vulnerability in the FileSession object in
...)
 	NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out
 	NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged
 CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for
...)
@@ -695,7 +729,7 @@
 CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in
RandomIV ...)
 	{DSA-996-1}
 	- libcrypt-cbc-perl 2.17-1
-CVE-2006-0897 (SQL injection vulnerability in Virtual Program Management
Intranet ...)
+CVE-2006-0897 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php
in ...)
 	TODO: check
@@ -1018,7 +1052,7 @@
 	RESERVED
 CVE-2006-0744
 	RESERVED
-CVE-2006-0743 (Unspecified vulnerability in LocalSyslogAppender in Apache
log4net ...)
+CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache
log4net ...)
 	TODO: check
 CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in
Linux ...)
 	- linux-2.6 2.6.15-8
@@ -1909,16 +1943,16 @@
 	- zoph 0.5-1 (bug #350717)
 CVE-2006-0401
 	RESERVED
-CVE-2006-0400
-	RESERVED
-CVE-2006-0399
-	RESERVED
-CVE-2006-0398
-	RESERVED
-CVE-2006-0397
-	RESERVED
-CVE-2006-0396
-	RESERVED
+CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote
attackers ...)
+	TODO: check
+CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or
CoreTypes ...)
+	TODO: check
+CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or
CoreTypes ...)
+	TODO: check
+CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or
CoreTypes ...)
+	TODO: check
+CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5 and
...)
+	TODO: check
 CVE-2006-0395
 	RESERVED
 CVE-2006-0394
@@ -3913,7 +3947,7 @@
 	NOT-FOR-US: Solaris
 CVE-2005-4132 (Unspecified &quot;security leak&quot; vulnerability in
Contenido before 4.6.4, ...)
 	NOT-FOR-US: Contenido
-CVE-2005-4131 (** UNVERIFIABLE, PRERELEASE ** ...)
+CVE-2005-4131 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and
2003, in ...)
 	NOT-FOR-US: Excel
 CVE-2005-4130 (** UNVERIFIABLE, PRERELEASE ** ...)
 	TODO: Once dislosed, check, whether this affects Helix
@@ -4227,6 +4261,7 @@
 CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight
Manager ...)
 	NOT-FOR-US: HP Systems Insight Manager
 CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar
1.0.1 ...)
+	{DSA-1002-1}
 	- webcalendar 1.0.2-1 (bug #342090)
 CVE-2005-3981 (** DISPUTED ** ...)
 	NOT-FOR-US: Windows
@@ -4367,14 +4402,14 @@
 	RESERVED
 CVE-2006-0032
 	RESERVED
-CVE-2006-0031
-	RESERVED
-CVE-2006-0030
-	RESERVED
-CVE-2006-0029
-	RESERVED
-CVE-2006-0028
-	RESERVED
+CVE-2006-0031 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and
2003, in ...)
+	TODO: check
+CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and
2003, in ...)
+	TODO: check
+CVE-2006-0029 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and
2003, in ...)
+	TODO: check
+CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and
2003, in ...)
+	TODO: check
 CVE-2006-0027
 	RESERVED
 CVE-2006-0026
@@ -4394,6 +4429,7 @@
 CVE-2006-0018
 	REJECTED
 CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers
to ...)
+	{DSA-1002-1}
 	- webcalendar 1.0.2-1 (bug #341208; medium)
 CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a
denial of ...)
 	NOT-FOR-US: Kadu
@@ -4418,6 +4454,7 @@
 CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated
users ...)
 	- nufw 1.0.16-1 (bug #341544; medium)
 CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1
allow ...)
+	{DSA-1002-1}
 	- webcalendar 1.0.2-1 (bug #341208; medium)
 CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3
and ...)
 	NOT-FOR-US: PHPAlbum
@@ -5156,8 +5193,8 @@
 	RESERVED
 CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows
2000 ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-0009
-	RESERVED
+CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other
...)
+	TODO: check
 CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in
Korean ...)
 	TODO: check
 CVE-2006-0007
@@ -19318,7 +19355,7 @@
 	- php4 4:4.3.10-1
 CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS
0.9.2 ...)
 	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771)
-CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of
...)
+CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in Bugzilla before
2.18, ...)
 	- bugzilla 2.16.7-2
 CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU
(PMTU) ...)
 	NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors
Secure testing commits - Mar 2006 - r3619 - data/CVE

[Secure-testing-commits] r3619 - data/CVE
