thr3ads.net - Secure testing commits - [Secure-testing-commits] r3784

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Apr-11 09:15 UTC
[Secure-testing-commits] r3784 - data/CVE

Author: joeyh
Date: 2006-04-11 09:14:22 +0000 (Tue, 11 Apr 2006)
New Revision: 3784

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-04-11 08:33:56 UTC (rev 3783)
+++ data/CVE/list	2006-04-11 09:14:22 UTC (rev 3784)
@@ -1,3 +1,54 @@
+CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPWebGallery ...)
+	TODO: check
+CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...)
+	TODO: check
+CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in
Dark_Wizard ...)
+	TODO: check
+CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco
Optical ...)
+	TODO: check
+CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000
series ...)
+	TODO: check
+CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000
series ...)
+	TODO: check
+CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven
Team ...)
+	TODO: check
+CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG)
(aka ...)
+	TODO: check
+CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty
Syntax ...)
+	TODO: check
+CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1
stable ...)
+	TODO: check
+CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab
Portal ...)
+	TODO: check
+CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and
...)
+	TODO: check
+CVE-2006-1663
+	REJECTED
+	TODO: check
+CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows
remote ...)
+	TODO: check
+CVE-2006-1661 (Multiple cross-site scripting (XSS) vulnerabilities in SKForum
1.5 and ...)
+	TODO: check
+CVE-2006-1660 (Cross-site scripting (XSS) vulnerability in image_desc.php in
Softbiz ...)
+	TODO: check
+CVE-2006-1659 (Multiple SQL injection vulnerabilities in Softbiz Image Gallery
allow ...)
+	TODO: check
+CVE-2006-1658 (Direct static code injection vulnerability in ticker.db.php in
Chucky ...)
+	TODO: check
+CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky
...)
+	TODO: check
+CVE-2005-4772 (Yet another Setup Tool (YaST) in SUSE Linux before 20051007
preserves ...)
+	TODO: check
+CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted
Mobility ...)
+	TODO: check
+CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated
Enterprise ...)
+	TODO: check
+CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry
vCard ...)
+	TODO: check
+CVE-2005-4768 (SQL injection vulnerability in manage_account.php in Tux Racer
TuxBank ...)
+	TODO: check
+CVE-2004-2655 (rdesktop 1.3.1 with xscreensaver 4.14, and possibly other
versions, ...)
+	TODO: check
 CVE-2006-XXXX [linphone insecure password leakage]
 	- linphone <unfixed> (bug #361913)
 CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when
the ...)
@@ -53,8 +104,8 @@
 	RESERVED
 CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality
in ...)
 	TODO: check
-CVE-2006-1629
-	RESERVED
+CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to
execute ...)
+	TODO: check
 CVE-2006-1628
 	RESERVED
 CVE-2006-1627
@@ -91,8 +142,8 @@
 	TODO: check
 CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA,
XFIT/S/ZGN, ...)
 	TODO: check
-CVE-2006-1608
-	RESERVED
+CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local
users ...)
+	TODO: check
 CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS
before ...)
 	TODO: check
 CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS
before ...)
@@ -144,16 +195,13 @@
 	TODO: check
 CVE-2006-XXXX [openvpn missing setenv sanitising]
 	- openvpn 2.0.6-1 (bug #360559; medium)
-CVE-2006-1614 [clamav 0.88.1 integer overflow]
-	RESERVED
+CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header
parser ...)
 	{DSA-1024-1}
 	- clamav 0.88.1-1
-CVE-2006-1630 [clamav 0.88.1 fix possible crash in cli_bitset_test()]
-	RESERVED
+CVE-2006-1630 (The cli_bitset_set function in libclamav/others.c in Clam
AntiVirus ...)
 	{DSA-1024-1}
 	- clamav 0.88.1-1
-CVE-2006-1615 [clamav 0.88.1 format string flaws]
-	RESERVED
+CVE-2006-1615 (Multiple format string vulnerabilities in the logging code in
Clam ...)
 	{DSA-1024-1}
 	- clamav 0.88.1-1
 CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt
SiteMan ...)
@@ -323,8 +371,8 @@
 	RESERVED
 CVE-2006-1523
 	RESERVED
-CVE-2006-1522
-	RESERVED
+CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel
2.6.16.1 ...)
+	TODO: check
 CVE-2006-1521
 	RESERVED
 CVE-2006-1520
@@ -378,8 +426,8 @@
 	NOT-FOR-US: ViHor Design
 CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1)
...)
 	NOT-FOR-US: PHPCollab / NetOffice
-CVE-2006-1494
-	RESERVED
+CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and
5.1.2 ...)
+	TODO: check
 CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer
XP ...)
 	NOT-FOR-US: Explorer XP
 CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP
allows ...)
@@ -1492,8 +1540,8 @@
 	NOT-FOR-US: Novell
 CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5
and ...)
 	NOT-FOR-US: Novell
-CVE-2006-0996
-	RESERVED
+CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in
PHP ...)
+	TODO: check
 CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions
...)
 	NOT-FOR-US: EMC Dantz Retrospect
 CVE-2006-0994
@@ -1583,8 +1631,8 @@
 	RESERVED
 CVE-2006-0952
 	RESERVED
-CVE-2006-0951
-	RESERVED
+CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges
when the ...)
+	TODO: check
 CVE-2006-0950 (unalz 0.53 allows user-complicit attackers to overwrite
arbitrary ...)
 	- unalz <unfixed> (bug #356832; medium)
 CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code
of ...)
@@ -3904,8 +3952,7 @@
 	- imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
 	NOTE: Exploitable through Gnus and Thunderbird.
 	- graphicsmagick 1.1.7-1
-CVE-2006-0053 [libimager-perl DoS]
-	RESERVED
+CVE-2006-0053 (Unspecified vulnerability in Imager (libimager-perl) before
5.0-1 ...)
 	{DSA-1028-1}
 	- libimager-perl 5.0-1 (bug #359661)
 CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and
earlier, ...)
Secure testing commits - Apr 2006 - r3784 - data/CVE

[Secure-testing-commits] r3784 - data/CVE
