Author: joeyh
Date: 2006-04-25 21:14:26 +0000 (Tue, 25 Apr 2006)
New Revision: 3876
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-04-25 18:07:59 UTC (rev 3875)
+++ data/CVE/list 2006-04-25 21:14:26 UTC (rev 3876)
@@ -1,4 +1,86 @@
-CVE-2006-1993 [firefox javascript code excution]
+CVE-2006-2018 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in
phpLDAPadmin ...)
+ TODO: check
+CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows
remote ...)
+ TODO: check
+CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0
...)
+ TODO: check
+CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows
remote ...)
+ TODO: check
+CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows
...)
+ TODO: check
+CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in
4images 1.7 ...)
+ TODO: check
+CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in
Bloggage ...)
+ TODO: check
+CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in
phpMyAgenda ...)
+ TODO: check
+CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in
Built2Go ...)
+ TODO: check
+CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows
remote ...)
+ TODO: check
+CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver
3.5 ...)
+ TODO: check
+CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows
remote ...)
+ TODO: check
+CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow
remote ...)
+ TODO: check
+CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in
Community ...)
+ TODO: check
+CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in
MyGamingLadder ...)
+ TODO: check
+CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry
Gallery ...)
+ TODO: check
+CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in
logMethods ...)
+ TODO: check
+CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to
cause ...)
+ TODO: check
+CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial
of ...)
+ TODO: check
+CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere before 7.0
allows ...)
+ TODO: check
+CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive
...)
+ TODO: check
+CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery
1.1 ...)
+ TODO: check
+CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and
earlier ...)
+ TODO: check
+CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet
Explorer, ...)
+ TODO: check
+CVE-2006-1991 (The substr_compare function in string.c in PHP 4.4.2 and 5.1.2
allows ...)
+ TODO: check
+CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP
4.4.2 and ...)
+ TODO: check
+CVE-2006-1989
+ RESERVED
+CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry:
function ...)
+ TODO: check
+CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of
...)
+ TODO: check
+CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of
...)
+ TODO: check
+CVE-2006-1985 (Heap-based buffer overflow in BOMArchiveHelper 10.4 (6.3) Build
312, ...)
+ TODO: check
+CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in
Mac OS X ...)
+ TODO: check
+CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and
earlier ...)
+ TODO: check
+CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in
Mac OS X ...)
+ TODO: check
+CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X
10.4.5 may ...)
+ TODO: check
+CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking
allows ...)
+ TODO: check
+CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic
Web ...)
+ TODO: check
+CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and
...)
+ TODO: check
+CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA
and ...)
+ TODO: check
+CVE-2006-1993 (Mozilla Firefox 1.5.0.2 allows remote attackers to cause a
denial of ...)
- firefox 1.5.dfsg+1.5.0.2-2
[sarge] - mozilla-firefox <not-affected>
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
@@ -55,10 +137,9 @@
NOT-FOR-US: RechnungsZentrale
CVE-2006-1953
RESERVED
-CVE-2006-1952
- RESERVED
-CVE-2006-1951
- RESERVED
+CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for
Windows ...)
+ TODO: check
+CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1
and ...)
NOT-FOR-US: SolarWinds TFTP Server
CVE-2006-1950 (Multiple cross-site scripting (XSS) vulnerabilities in
banners.cgi in ...)
NOT-FOR-US: PerlCoders BannerFarm
@@ -83,24 +164,24 @@
NOTE: to ask about this issue
CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to
cause a ...)
NOT-FOR-US: Neon Responder
-CVE-2006-1940
- RESERVED
-CVE-2006-1939
- RESERVED
-CVE-2006-1938
- RESERVED
-CVE-2006-1937
- RESERVED
-CVE-2006-1936
- RESERVED
-CVE-2006-1935
- RESERVED
-CVE-2006-1934
- RESERVED
-CVE-2006-1933
- RESERVED
-CVE-2006-1932
- RESERVED
+CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14
allows ...)
+ TODO: check
+CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to
0.10.14 ...)
+ TODO: check
+CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to
0.10.14 ...)
+ TODO: check
+CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to
0.10.14 ...)
+ TODO: check
+CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote
...)
+ TODO: check
+CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote
...)
+ TODO: check
+CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow
...)
+ TODO: check
+CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to
0.10.14 ...)
+ TODO: check
+CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x
up to ...)
+ TODO: check
CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking
sockets, ...)
TODO: check
CVE-2006-1930 (Multiple SQL injection vulnerabilities in userscript.php in
Green ...)
@@ -235,14 +316,14 @@
TODO: check
CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and
...)
TODO: check
-CVE-2006-1868 (Unspecified vulnerability in Oracle Database Server 10.1.0.4 has
...)
+CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle
...)
TODO: check
CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has
...)
TODO: check
CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server
...)
TODO: check
-CVE-2006-1865
- RESERVED
+CVE-2006-1865 (Beagle before 0.2.5 can produce certain insecure command lines
to ...)
+ TODO: check
CVE-2006-1864
RESERVED
CVE-2006-1863 [Don''t allow a backslash in a path component]
@@ -282,7 +363,8 @@
TODO: check
CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account
module in ...)
TODO: check
-CVE-2006-1845 (Buffer overflow in the POP3 server in Kinesphere Corporation
EXchange ...)
+CVE-2006-1845
+ REJECTED
TODO: check
CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2)
base-config ...)
NOTE: seems to be a duplicate of CVE-2006-1376
@@ -625,7 +707,8 @@
NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS
4.0 ...)
NOT-FOR-US: ShopXS
-CVE-2006-1721 (Unspecified vulnerability in digestmd5.c in the CMU Cyrus Simple
...)
+CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security
Layer ...)
+ {DSA-1042-1}
- cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low)
CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in
SaphpLesson ...)
NOT-FOR-US: SaphpLesson
@@ -675,7 +758,7 @@
- slash <unfixed> (medium)
CVE-2006-XXXX [firebird local DoS]
- firebird2 1.5.3.4870-4 (bug #362001)
-CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames 2.17-7 allows
local ...)
+CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7
allows ...)
{DSA-1036-1}
- bsdgames 2.17-7 (bug #360989)
CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive
script ...)
@@ -1147,7 +1230,7 @@
RESERVED
CVE-2006-1526
RESERVED
-CVE-2006-1525 (ip_route_input in Linux kernel before 2.6.16.8 allows local
users to ...)
+CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local
users ...)
- linux-2.6 2.6.16-9
CVE-2006-1524 (madvise_remove in Linux kernel 2.4.x and 2.6.x before 2.6.16.6
does ...)
- linux-2.6 2.6.16-8
@@ -1171,12 +1254,11 @@
RESERVED
CVE-2006-1514
RESERVED
-CVE-2006-1513
- RESERVED
+CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow
user-complicit ...)
{DSA-1041-1}
- abc2ps 1.3.3-3sarge1
CVE-2006-1512
- RESERVED
+ REJECTED
CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0
and ...)
NOT-FOR-US: Microsoft
CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2
ntdll.dll ...)
@@ -1754,9 +1836,9 @@
NOT-FOR-US: Apple Quicktime
CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11,
and ...)
NOT-FOR-US: HP-UX
-CVE-2006-1247 (Unspecified vulnerability in rm_mlcache_file command in ...)
+CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0
allows ...)
TODO: check
-CVE-2006-1246 (Unspecified vulnerability in BOS.RTE.LVM in IBM AIX 5.3 has
unknown ...)
+CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX
5.3 ...)
NOT-FOR-US: AIX
CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer
...)
NOT-FOR-US: Microsoft
@@ -2201,8 +2283,7 @@
[sarge] - samba <not-affected>
CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords,
which ...)
- busybox <unfixed> (low; bug #360578)
-CVE-2006-1057 [gdm race condition in ICE handling]
- RESERVED
+CVE-2006-1057 (Race condition in gdm before 2.14.1 allows local users to gain
...)
{DSA-1040-1}
- gdm 2.14.1-1
CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when
running ...)
@@ -3367,7 +3448,7 @@
- fcron <not-affected> (Vulnerable app in the Debian package, not setuid
anyway)
CVE-2006-0538 (CipherTrust IronMail 5.0.1, when "Denial of Service
Protection" is ...)
NOT-FOR-US: IronMail
-CVE-2006-0537 (Buffer overflow in eXchange POP3 before 5.0.060125 allows remote
...)
+CVE-2006-0537 (Buffer overflow in the POP3 server in Kinesphere Corporation
eXchange ...)
NOT-FOR-US: eXchange POP3
CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in
NeoMail 1.27 ...)
NOT-FOR-US: NeoMail
@@ -4162,14 +4243,11 @@
NOT-FOR-US: microBlog
CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in microBlog 2.0 RC-10
allows ...)
NOT-FOR-US: microBlog
-CVE-2006-0232
- RESERVED
+CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions
before ...)
NOT-FOR-US: Symantec Scan Engine
-CVE-2006-0231
- RESERVED
+CVE-2006-0231 (Symantec Scan Engine 5.0.0.24, and possibly other versions
before ...)
NOT-FOR-US: Symantec Scan Engine
-CVE-2006-0230
- RESERVED
+CVE-2006-0230 (Symantec Scan Engine 5.0.0.24, and possibly other versions
before ...)
NOT-FOR-US: Symantec Scan Engine
CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might
allow ...)
NOT-FOR-US: Wehntrust
@@ -22635,7 +22713,7 @@
CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2)
slp.c ...)
- gaim 1:0.81-3
CVE-2004-0499
- RESERVED
+ REJECTED
CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and
...)
NOT-FOR-US: StoneSoft firewall engine
CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users
to ...)