Author: joeyh Date: 2006-05-25 09:14:26 +0000 (Thu, 25 May 2006) New Revision: 4073 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-25 08:27:12 UTC (rev 4072) +++ data/CVE/list 2006-05-25 09:14:26 UTC (rev 4073) @@ -1,3 +1,69 @@ +CVE-2006-2580 (Multiple unspecified vulnerabilities in HP OpenView Network Node ...) + TODO: check +CVE-2006-2579 (Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 ...) + TODO: check +CVE-2006-2578 (admin/cron.php in eSyndicat Directory 1.2, when register_globals is ...) + TODO: check +CVE-2006-2577 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) + TODO: check +CVE-2006-2576 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...) + TODO: check +CVE-2006-2575 (The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and ...) + TODO: check +CVE-2006-2574 (Multiple unspecified vulnerabilities in Software Distributor in HP-UX ...) + TODO: check +CVE-2006-2573 (SQL injection vulnerability in index.php in DGBook 1.0, with ...) + TODO: check +CVE-2006-2572 (Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 ...) + TODO: check +CVE-2006-2571 (Cross-site scripting (XSS) vulnerability in search.html in Alkacon ...) + TODO: check +CVE-2006-2570 (PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 ...) + TODO: check +CVE-2006-2569 (SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and ...) + TODO: check +CVE-2006-2568 (PHP remote file inclusion vulnerability in addpost_newpoll.php in ...) + TODO: check +CVE-2006-2567 (Cross-site scripting (XSS) vulnerability in submit_article.php in ...) + TODO: check +CVE-2006-2566 (Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain ...) + TODO: check +CVE-2006-2565 (SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 ...) + TODO: check +CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check +CVE-2006-2563 + RESERVED +CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...) + TODO: check +CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access ...) + TODO: check +CVE-2006-2560 (Sitecom WL-153 router firmware before 1.38 allows remote attackers to ...) + TODO: check +CVE-2006-2559 (Linksys WRT54G Wireless-G Broadband Router allows remote attackers to ...) + TODO: check +CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...) + TODO: check +CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in ...) + TODO: check +CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...) + TODO: check +CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote ...) + TODO: check +CVE-2006-2554 (Buffer overflow in the tell_player_surr_changes function in Genecys ...) + TODO: check +CVE-2006-2553 (Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl ...) + TODO: check +CVE-2006-2552 (Jemscripts DownloadControl 1.0 allows remote attackers to obtain ...) + TODO: check +CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local ...) + TODO: check +CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when ...) + TODO: check +CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when ...) + TODO: check +CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...) + TODO: check CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary ...) NOT-FOR-US: perlpodder CVE-2006-XXXX [shadow useradd arbitrary file chmod?] @@ -3,6 +69,6 @@ NOTE: CERT VU#312962, no exact information yet, might be a non-issue - shadow 1:4.0.15-10 (low) -CVE-2006-2549 - RESERVED +CVE-2006-2549 (Stack-based buffer overflow in PDF Form Filling and Flattening Tool ...) + TODO: check CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...) NOT-FOR-US: prodder/perlpodder @@ -58,7 +124,7 @@ NOT-FOR-US: UseBB CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro ...) NOT-FOR-US: phpListPro -CVE-2006-2522 (Dayfox Blog 2.0 and ealier stores user credentials in ...) +CVE-2006-2522 (Dayfox Blog 2.0 and earlier stores user credentials in ...) NOT-FOR-US: Dayfox CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory ...) NOT-FOR-US: phpMyDirectory @@ -498,8 +564,7 @@ NOT-FOR-US: Intel Windows software CVE-2006-2315 (PHP remote file inclusion vulnerability in session.inc.php in ...) NOT-FOR-US: ISPConfig -CVE-2006-2314 [PostgreSQL string encoding interpretation conflict] - RESERVED +CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...) - postgresql 7.5.4 (medium; bug #368645) - postgresql-7.4 1:7.4.13-1 (medium) - postgresql-8.0 <unfixed> (medium) @@ -507,8 +572,7 @@ NOTE: Beginning with version 7.5.4, postgresql is a transition NOTE: package which does not contain actual code. That''s why NOTE: it''s marked as fixed here. (Previous versions are vulnerable.) -CVE-2006-2313 [Too lenient UTF-8 etc. decoders in PostgreSQL] - RESERVED +CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...) - postgresql 7.5.4 (high; bug #368645) - postgresql-7.4 1:7.4.13-1 (high) - postgresql-8.0 <unfixed> (high) @@ -1546,8 +1610,8 @@ - linux-2.6 2.6.16-13 CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier ...) - linux-2.6 2.6.16-10 -CVE-2006-1862 - RESERVED +CVE-2006-1862 (The virtual memory implementation in Linux kernel 2.6.x allows local ...) + TODO: check CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote ...) TODO: check CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows ...) @@ -2647,8 +2711,8 @@ RESERVED CVE-2006-1467 RESERVED -CVE-2006-1466 - RESERVED +CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects ...) + TODO: check CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...) NOT-FOR-US: Apple CVE-2006-1464 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...) @@ -16401,7 +16465,7 @@ NOT-FOR-US: LinPHA CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...) - dansguardian 2.5.2-0-0.1 -CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and ealier ...) +CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier ...) NOT-FOR-US: lostBook CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...) NOT-FOR-US: AntiBoard