thr3ads.net - Secure testing commits - [Secure-testing-commits] r3932

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-May-10 09:15 UTC
[Secure-testing-commits] r3932 - data/CVE

Author: joeyh
Date: 2006-05-10 09:14:23 +0000 (Wed, 10 May 2006)
New Revision: 3932

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-05-09 21:14:24 UTC (rev 3931)
+++ data/CVE/list	2006-05-10 09:14:23 UTC (rev 3932)
@@ -1,3 +1,59 @@
+CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System
...)
+	TODO: check
+CVE-2006-2296 (SQL injection vulnerability in search_result.asp in
EDirectoryPro 2.0 ...)
+	TODO: check
+CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows
remote ...)
+	TODO: check
+CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0
allows ...)
+	TODO: check
+CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in
MultiCalendars 3.0 ...)
+	TODO: check
+CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow
remote ...)
+	TODO: check
+CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in
...)
+	TODO: check
+CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in
kommentar.php ...)
+	TODO: check
+CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows
local ...)
+	TODO: check
+CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of
service ...)
+	TODO: check
+CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision
Source ...)
+	TODO: check
+CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...)
+	TODO: check
+CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in
Dokeos ...)
+	TODO: check
+CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline
1.7.5 ...)
+	TODO: check
+CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr
phpRaid ...)
+	TODO: check
+CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and
earlier ...)
+	TODO: check
+CVE-2006-2281 (X-Scripts X-Poll 2.30 allows remote attackers to execute
arbitrary PHP ...)
+	TODO: check
+CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine
1.8 ...)
+	TODO: check
+CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow
remote ...)
+	TODO: check
+CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which
allows ...)
+	TODO: check
+CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow ...)
+	TODO: check
+CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users
to ...)
+	TODO: check
+CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-2273
+	RESERVED
+CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17
allows ...)
+	TODO: check
+CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4
up to ...)
+	TODO: check
 CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php
in ...)
 	TODO: check
 CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie
2.1.3 ...)
@@ -395,8 +451,8 @@
 	- rsync 2.6.8-1 (bug #365614; high)
 	[sarge] - rsync <not-affected> (xattr patch appeared in 2.6.7)
 	[woody] - rsync <not-affected> (xattr patch appeared in 2.6.7)
-CVE-2006-2082
-	RESERVED
+CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in
...)
+	TODO: check
 CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to
execute ...)
 	NOT-FOR-US: Oracle
 CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in
Verosky ...)
@@ -481,8 +537,8 @@
 	TODO: check
 CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows
local ...)
 	TODO: check
-CVE-2006-2042
-	RESERVED
+CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code
that ...)
+	TODO: check
 CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain
...)
 	TODO: check
 CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and
1.542 ...)
@@ -714,7 +770,7 @@
 	NOT-FOR-US: SibSoft CommuniMail
 CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter
Scripts ...)
 	NOT-FOR-US: Smarter Scripts IntelliLink Pro
-CVE-2006-1942 (Mozilla Firefox 1.5.0.2 allows user-complicit remote attackers
to open ...)
+CVE-2006-1942 (Mozilla Firefox 1.5.0.2, Netscape 8.1, 8.0.4, and 7.2, and
K-Meleon ...)
 	TODO: check
 	NOTE: pkg-mozilla-maintainers are preparing a big security release,
I''ve pinged them
 	NOTE: to ask about this issue
@@ -2608,8 +2664,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01
through ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-1184
-	RESERVED
+CVE-2006-1184 (Microsoft Distributed Transaction Coordinator (MSDTC) for
Windows NT ...)
+	TODO: check
 CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from
the ...)
 	- base-config <not-affected> (UBuntu specific)
 	- shadow <not-affected> (UBuntu specific)
@@ -3022,10 +3078,10 @@
 	- php5 <unfixed> (bug #361914)
 CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions
...)
 	NOT-FOR-US: EMC Dantz Retrospect
-CVE-2006-0994
-	RESERVED
-CVE-2006-0993
-	RESERVED
+CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for
Windows ...)
+	TODO: check
+CVE-2006-0993 (The web management interface in 3Com TippingPoint SMS Server
before ...)
+	TODO: check
 CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before
2.0 ...)
 	NOT-FOR-US: Novell GroupWise
 CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server
daemon ...)
@@ -4004,8 +4060,8 @@
 	NOT-FOR-US: PluggedOut Blog
 CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in
PluggedOut ...)
 	NOT-FOR-US: PluggedOut Blog
-CVE-2006-0561
-	RESERVED
+CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores
ACS ...)
+	TODO: check
 CVE-2006-0560
 	RESERVED
 CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee
WebShield ...)
@@ -6936,8 +6992,8 @@
 CVE-2005-3962 (Integer overflow in the format string functionality
(Perl_sv_vcatpvfn) ...)
 	{DSA-943-1}
 	- perl 5.8.7-9 (bug #341542; medium)
-CVE-2006-0034
-	RESERVED
+CVE-2006-0034 (Heap-based buffer overflow in the
CRpcIoManagerServer::BuildContext ...)
+	TODO: check
 CVE-2006-0033
 	RESERVED
 CVE-2006-0032
@@ -6950,8 +7006,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and
2003, in ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-0027
-	RESERVED
+CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote
...)
+	TODO: check
 CVE-2006-0026
 	RESERVED
 CVE-2006-0025
@@ -11143,7 +11199,7 @@
 	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
 CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption
(trivial ...)
 	NOT-FOR-US: Hummingbird FTP for Connectivity
-CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly
...)
+CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos 1.6 and
...)
 	NOT-FOR-US: Dokeos
 CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its
installation ...)
 	NOT-FOR-US: AOL Client
@@ -15556,7 +15612,7 @@
 	RESERVED
 CVE-2005-1533
 	RESERVED
-CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not
properly ...)
+CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not
properly ...)
 	{DSA-781-1}
 	- mozilla-firefox 1.0.4
 	- mozilla 2:1.7.8
@@ -16669,13 +16725,13 @@
 	- lam <not-affected> (Mandrake specific packaging flaw)
 CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes
module ...)
 	NOT-FOR-US: phpbb mod
-CVE-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline
(aka ...)
+CVE-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline
1.5.3 ...)
 	NOT-FOR-US: Claroline
 CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php
or ...)
 	NOT-FOR-US: Claroline
-CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos)
1.5.3 ...)
+CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3
through 1.6 ...)
 	NOT-FOR-US: Claroline
-CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
(aka ...)
+CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
1.5.3 ...)
 	NOT-FOR-US: Claroline
 CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4
Koobi ...)
 	NOT-FOR-US: Koobi CMS
Secure testing commits - May 2006 - r3932 - data/CVE

[Secure-testing-commits] r3932 - data/CVE
