thr3ads.net - Secure testing commits - [Secure-testing-commits] r4063

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-May-23 21:15 UTC
[Secure-testing-commits] r4063 - data/CVE

Author: joeyh
Date: 2006-05-23 21:14:30 +0000 (Tue, 23 May 2006)
New Revision: 4063

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-05-23 18:56:38 UTC (rev 4062)
+++ data/CVE/list	2006-05-23 21:14:30 UTC (rev 4063)
@@ -1,3 +1,127 @@
+CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute
arbitrary ...)
+	TODO: check
+CVE-2006-2549
+	RESERVED
+CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote
attackers ...)
+	TODO: check
+CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with
Informix ...)
+	TODO: check
+CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic
Server ...)
+	TODO: check
+CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme
Topsites ...)
+	TODO: check
+CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1,
with ...)
+	TODO: check
+CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL
errors ...)
+	TODO: check
+CVE-2006-2542 (xmcdconfig in Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb
and ...)
+	TODO: check
+CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12
allows ...)
+	TODO: check
+CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends
sensitive ...)
+	TODO: check
+CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX
PA-RISC, ...)
+	TODO: check
+CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote
...)
+	TODO: check
+CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and
...)
+	TODO: check
+CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links
Script ...)
+	TODO: check
+CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers
to ...)
+	TODO: check
+CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other
support ...)
+	TODO: check
+CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php
and (2) ...)
+	TODO: check
+CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote
...)
+	TODO: check
+CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users
identity ...)
+	TODO: check
+CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and
possibly ...)
+	TODO: check
+CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3
Beta, ...)
+	TODO: check
+CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php
in ...)
+	TODO: check
+CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy
...)
+	TODO: check
+CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows
remote ...)
+	TODO: check
+CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and
earlier ...)
+	TODO: check
+CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in
phpListPro ...)
+	TODO: check
+CVE-2006-2522 (Dayfox Blog 2.0 and ealier stores user credentials in ...)
+	TODO: check
+CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in
phpMyDirectory ...)
+	TODO: check
+CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and
earlier ...)
+	TODO: check
+CVE-2006-2519 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV
allows ...)
+	TODO: check
+CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard
Edition, ...)
+	TODO: check
+CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when
register_globals is ...)
+	TODO: check
+CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox
...)
+	TODO: check
+CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with
...)
+	TODO: check
+CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun
Java ...)
+	TODO: check
+CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition,
EUR ...)
+	TODO: check
+CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote
authenticated ...)
+	TODO: check
+CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission
form in ...)
+	TODO: check
+CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com
Short ...)
+	TODO: check
+CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com
Stylish ...)
+	TODO: check
+CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake
Nutma ...)
+	TODO: check
+CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in
search.php in ...)
+	TODO: check
+CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to
execute ...)
+	TODO: check
+CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and
earlier ...)
+	TODO: check
+CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows
remote ...)
+	TODO: check
+CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD
(cyrus-imapd) ...)
+	TODO: check
+CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server
6.0 SP9 ...)
+	TODO: check
+CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in ...)
+	TODO: check
+CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News
...)
+	TODO: check
+CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers
to ...)
+	TODO: check
+CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB
0.5.2 ...)
+	TODO: check
+CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows
remote ...)
+	TODO: check
+CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry
Manager ...)
+	TODO: check
+CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote
...)
+	TODO: check
+CVE-2006-2493 (Integer overflow in the read_lwfn function in FreeType before
2.2 ...)
+	TODO: check
+CVE-2005-1755 (PHP remote code injection vulnerability in poll_vote.php in PHP
Poll ...)
+	TODO: check
+CVE-2005-1754 (JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16,
...)
+	TODO: check
+CVE-2005-1753 (ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by
Apache ...)
+	TODO: check
+CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows
remote ...)
+	TODO: check
 CVE-2006-2492 (Buffer overflow in Microsoft Word XP and Word 2003 allows ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and
(2) ...)
@@ -398,7 +522,7 @@
 	RESERVED
 CVE-2006-2308
 	RESERVED
-CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS
allows ...)
+CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS
before ...)
 	NOT-FOR-US: Webiste Banker
 CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
 	NOT-FOR-US: EPublisherPro
@@ -665,8 +789,8 @@
 	NOT-FOR-US: zenphoto
 CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain
...)
 	NOT-FOR-US: zenphoto
-CVE-2006-2185
-	RESERVED
+CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and
password ...)
+	TODO: check
 CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB
...)
 	NOT-FOR-US: PHPKB Knowledge Base
 CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when
running ...)
@@ -714,7 +838,7 @@
 CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x
before ...)
 	- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
 	- nagios2 2.3-1 (bug #366683; medium)
-CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01 and (2) Abakt
0.9.2 and ...)
+CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2
and ...)
 	NOT-FOR-US: TZipBuilder/Abakt
 CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network
Loginphp ...)
 	NOT-FOR-US: Russcom
@@ -943,7 +1067,7 @@
 	NOT-FOR-US: Invision
 CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17
allows ...)
 	NOT-FOR-US: Avant
-CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.06 allows
...)
+CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows
...)
 	NOT-FOR-US: Only on Windows
 CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for
Windows XP ...)
 	NOT-FOR-US: Microsoft
@@ -1420,17 +1544,15 @@
 	- linux-2.6 2.6.16-10
 CVE-2006-1862
 	RESERVED
-CVE-2006-1861
-	RESERVED
+CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote
...)
+	TODO: check
 CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows
...)
 	- linux-2.6 2.6.16-14
 CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before
...)
 	- linux-2.6 <unfixed>
-CVE-2006-1858 [SCTP: Respect the real chunk length when walking parameters]
-	RESERVED
+CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to
cause ...)
 	- linux-2.6 2.6.16-14
-CVE-2006-1857 [SCTP: Validate the parameter length in HB-ACK chunk]
-	RESERVED
+CVE-2006-1857 (Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows
remote ...)
 	- linux-2.6 2.6.16-14
 CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do
not ...)
 	TODO: check
@@ -2373,8 +2495,8 @@
 	- linux-2.6 2.6.16-7
 CVE-2006-1521
 	RESERVED
-CVE-2006-1520
-	RESERVED
+CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework
library ...)
+	TODO: check
 CVE-2006-1519
 	REJECTED
 CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in
MySQL ...)
@@ -4123,8 +4245,8 @@
 	- thunderbird 1.5.0.2-1 (high)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
 	- xulrunner 1.8.0.1-9
-CVE-2006-0747
-	RESERVED
+CVE-2006-0747 (integer underflow in Freetype before 2.2 allows remote attackers
to ...)
+	TODO: check
 CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches
from xpdf ...)
 	{DSA-1008-1}
 	- kdegraphics 3.5.0-3
@@ -4166,7 +4288,7 @@
 CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in
WordPress ...)
 	- wordpress <unfixed>
 	NOTE: This may very well be a non-issue
-CVE-2006-0732 (Unspecified vulnerability in SAP Business Connector 4.6 and 4.7
allows ...)
+CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC)
4.6 ...)
 	NOT-FOR-US: SAP Business Connector
 CVE-2006-0731 (Unspecified vulnerability in SAP Business Connector Core Fix 7
and ...)
 	NOT-FOR-US: SAP Business Connector
Secure testing commits - May 2006 - r4063 - data/CVE

[Secure-testing-commits] r4063 - data/CVE
