thr3ads.net - Secure testing commits - [Secure-testing-commits] r4139

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Jun-05 09:15 UTC
[Secure-testing-commits] r4139 - data/CVE

Author: joeyh
Date: 2006-06-05 09:14:50 +0000 (Mon, 05 Jun 2006)
New Revision: 4139

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-06-05 09:04:37 UTC (rev 4138)
+++ data/CVE/list	2006-06-05 09:14:50 UTC (rev 4139)
@@ -1,3 +1,323 @@
+CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote
...)
+	TODO: check
+CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss
iCM 7.0 ...)
+	TODO: check
+CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
ManualMaker ...)
+	TODO: check
+CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for
xine-lib ...)
+	TODO: check
+CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and
earlier ...)
+	TODO: check
+CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS
1.5 ...)
+	TODO: check
+CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php
in ...)
+	TODO: check
+CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar
4.0.3 ...)
+	TODO: check
+CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in
Captivate ...)
+	TODO: check
+CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi
Tracking ...)
+	TODO: check
+CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and
earlier ...)
+	TODO: check
+CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board
(WBB) ...)
+	TODO: check
+CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL
and ...)
+	TODO: check
+CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic
Environment ...)
+	TODO: check
+CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when
&quot;load images if ...)
+	TODO: check
+CVE-2006-2788 (Double-free vulnerability in the getRawDER function for
nsIX509Cert in ...)
+	TODO: check
+CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4
allows ...)
+	TODO: check
+CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and
...)
+	TODO: check
+CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
+	TODO: check
+CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4
allows ...)
+	TODO: check
+CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the
Unicode ...)
+	TODO: check
+CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
+	TODO: check
+CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4
and ...)
+	TODO: check
+CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before
1.5.0.4 ...)
+	TODO: check
+CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote
attackers ...)
+	TODO: check
+CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird
before ...)
+	TODO: check
+CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and
...)
+	TODO: check
+CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird
before ...)
+	TODO: check
+CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL
...)
+	TODO: check
+CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in
QontentOne ...)
+	TODO: check
+CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0
does ...)
+	TODO: check
+CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps
...)
+	TODO: check
+CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does
not ...)
+	TODO: check
+CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG
0.3.8 ...)
+	TODO: check
+CVE-2006-2769 (The HTTP Inspect preprocessor in Snort 2.4.0 through 2.4.4
allows ...)
+	TODO: check
+CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when
...)
+	TODO: check
+CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottomanpath 1.1.2,
when ...)
+	TODO: check
+CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet
...)
+	TODO: check
+CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php
in ...)
+	TODO: check
+CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3
allows ...)
+	TODO: check
+CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows
remote ...)
+	TODO: check
+CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php
in ...)
+	TODO: check
+CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3
HITSENSER3/PRP, ...)
+	TODO: check
+CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nForum 0.91
allows ...)
+	TODO: check
+CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read
arbitrary ...)
+	TODO: check
+CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16
...)
+	TODO: check
+CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook
allows ...)
+	TODO: check
+CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in
UBBThreads ...)
+	TODO: check
+CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP
before ...)
+	TODO: check
+CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and
5.0.x ...)
+	TODO: check
+CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell
Linux ...)
+	TODO: check
+CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable
Image ...)
+	TODO: check
+CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query
...)
+	TODO: check
+CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable
Image ...)
+	TODO: check
+CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in
core.php ...)
+	TODO: check
+CVE-2006-2747 (Directory traversal vulnerability in index.php in
PhpMyDesktop|arcade ...)
+	TODO: check
+CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F@cile
...)
+	TODO: check
+CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F@cile
...)
+	TODO: check
+CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in
...)
+	TODO: check
+CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with
...)
+	TODO: check
+CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and
4.7.0 ...)
+	TODO: check
+CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB
0.3 ...)
+	TODO: check
+CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3
allow ...)
+	TODO: check
+CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in
Epicdesigns ...)
+	TODO: check
+CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a
...)
+	TODO: check
+CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows
remote ...)
+	TODO: check
+CVE-2006-2736 (PHP remote file inclusion vulnerability in
blend_data/blend_common.php ...)
+	TODO: check
+CVE-2006-2735 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for
remote ...)
+	TODO: check
+CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext
security ...)
+	TODO: check
+CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3
and ...)
+	TODO: check
+CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and
earlier ...)
+	TODO: check
+CVE-2006-2730 (PHP remote file inclusion vulnerability in
admin/lib_action_step.php ...)
+	TODO: check
+CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php
in ...)
+	TODO: check
+CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php
in ...)
+	TODO: check
+CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers
to ...)
+	TODO: check
+CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS
1.6.9.d ...)
+	TODO: check
+CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before
3.07 ...)
+	TODO: check
+CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows
remote ...)
+	TODO: check
+CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers
to ...)
+	TODO: check
+CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4
allows ...)
+	TODO: check
+CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT
...)
+	TODO: check
+CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows
remote ...)
+	TODO: check
+CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all
accounts ...)
+	TODO: check
+CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server
account''s ...)
+	TODO: check
+CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client
and ...)
+	TODO: check
+CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1
uses a ...)
+	TODO: check
+CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka
C5 EVM) ...)
+	TODO: check
+CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1
does not ...)
+	TODO: check
+CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1
generates ...)
+	TODO: check
+CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server
before ...)
+	TODO: check
+CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and
...)
+	TODO: check
+CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the
same ...)
+	TODO: check
+CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not
validate ...)
+	TODO: check
+CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1
allows ...)
+	TODO: check
+CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1
does not ...)
+	TODO: check
+CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1
allows ...)
+	TODO: check
+CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1
allows ...)
+	TODO: check
+CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM)
before ...)
+	TODO: check
+CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL ...)
+	TODO: check
+CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X,
allows ...)
+	TODO: check
+CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier
allows ...)
+	TODO: check
+CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog
1.4.0sr2 ...)
+	TODO: check
+CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in
Geeklog ...)
+	TODO: check
+CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain
the ...)
+	TODO: check
+CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums
1.0 ...)
+	TODO: check
+CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content
Forums 1.0 ...)
+	TODO: check
+CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload
Pro ...)
+	TODO: check
+CVE-2006-2693 (Directory traversal vulnerability in admin_hacks_list.php in
Nivisec ...)
+	TODO: check
+CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule
before ...)
+	TODO: check
+CVE-2006-2691 (Unspecified &quot;information leakage&quot;
vulnerabilities in aMuleWeb for ...)
+	TODO: check
+CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably
...)
+	TODO: check
+CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web
2.1.2 ...)
+	TODO: check
+CVE-2006-2688 (SQL injection vulnerability in the employees node
(class.employee.inc) ...)
+	TODO: check
+CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in
PHP-AGTC ...)
+	TODO: check
+CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1
allow ...)
+	TODO: check
+CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and
Security ...)
+	TODO: check
+CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in
CMS ...)
+	TODO: check
+CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in
open-medium.CMS ...)
+	TODO: check
+CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in
Back-End ...)
+	TODO: check
+CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and
Pro ...)
+	TODO: check
+CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ
Photo ...)
+	TODO: check
+CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows
Graphical User ...)
+	TODO: check
+CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News
...)
+	TODO: check
+CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...)
+	TODO: check
+CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and
possibly ...)
+	TODO: check
+CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in
UBBThreads ...)
+	TODO: check
+CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13
and ...)
+	TODO: check
+CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in
Bulletin ...)
+	TODO: check
+CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty
Pro One ...)
+	TODO: check
+CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote
attackers to ...)
+	TODO: check
+CVE-2006-2670 (Cross-site scripting (XSS) vulnerability in ChatPat 1.0 allows
remote ...)
+	TODO: check
+CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre
Shopping ...)
+	TODO: check
+CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS
2.05 ...)
+	TODO: check
+CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2
and ...)
+	TODO: check
+CVE-2006-2666 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-2665 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows
remote ...)
+	TODO: check
+CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance
1.1 ...)
+	TODO: check
+CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from
memory ...)
+	TODO: check
+CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2006-2660
+	RESERVED
+CVE-2006-2658
+	RESERVED
+CVE-2006-2657
+	RESERVED
+CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1
accidentally ...)
+	TODO: check
+CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10
up to ...)
+	TODO: check
+CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml
for ...)
+	TODO: check
+CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and
earlier ...)
+	TODO: check
+CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in
Vacation ...)
+	TODO: check
+CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in ...)
+	TODO: check
+CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a)
search.php, ...)
+	TODO: check
+CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp
for ...)
+	TODO: check
+CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX
5.1, ...)
+	TODO: check
+CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier,
allows ...)
+	TODO: check
+CVE-2006-2645 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote
authenticated ...)
+	TODO: check
 CVE-2006-XXXX [libxine buffer overflow in the HTTP header parser]
 	- xine-lib <unfixed> (bug #369876; medium)
 CVE-2006-XXXX [libxine1 overflow via a specially-crafted AVI file]
@@ -13,9 +333,9 @@
 	- mysql <unfixed> (bug #369754; medium)
 	- mysql-dfsg-5.0 <unfixed> (bug #369735; medium)
 	- mysql-dfsg-4.1 <unfixed> (medium)
-CVE-2006-2659 [courier DoS]
+CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to
cause ...)
 	- courier 0.53.2-1 (bug #368834)
-CVE-2006-2656 [tiffsplit buffer overflow]
+CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff
3.8.2 ...)
 	- tiff 3.8.2-3 (bug #369819; medium)
 CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster
Top ...)
 	NOT-FOR-US: Monster Top List
@@ -78,7 +398,7 @@
 	NOT-FOR-US: Russcom.Ping
 CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01
...)
 	NOT-FOR-US: Sun Solaris
-CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox before 1.8.0, and Netscape
7.2 ...)
+CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other
...)
 	NOTE: Installation path disclosure is uninteresting on Debian systems.
 	NOTE: The profile path might be more sensitive, but exploit that
 	NOTE: requires another, real security bug.
@@ -348,7 +668,8 @@
 	- serendipity <itp> (bug #312413)
 CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote
...)
 	NOT-FOR-US: IntelliTampe
-CVE-2006-2493 (Integer overflow in the read_lwfn function in FreeType before
2.2 ...)
+CVE-2006-2493
+	REJECTED
 	- freetype 2.2.1-1
 CVE-2005-1755 (PHP remote code injection vulnerability in poll_vote.php in PHP
Poll ...)
 	NOT-FOR-US: PHP Poll Creator
@@ -465,8 +786,8 @@
 CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions,
which ...)
 	{DSA-1062-1}
 	- kphone 1:4.2-3 (bug #337830; medium)
-CVE-2006-2439
-	RESERVED
+CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote
...)
+	TODO: check
 CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the
...)
 	NOT-FOR-US: Caucho
 CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc)
for ...)
@@ -764,10 +1085,10 @@
 	RESERVED
 CVE-2006-2310
 	RESERVED
-CVE-2006-2309
-	RESERVED
-CVE-2006-2308
-	RESERVED
+CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3
3.25 ...)
+	TODO: check
 CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS
before ...)
 	NOT-FOR-US: Webiste Banker
 CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
@@ -1048,7 +1369,7 @@
 	NOT-FOR-US: Golden FTP Server Pro
 CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow
remote ...)
 	NOT-FOR-US: CyberBuild
-CVE-2006-2178 (Mulitiple cross-site scripting (XSS) vulnerabilities in
CyberBuild ...)
+CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in
CyberBuild ...)
 	NOT-FOR-US: CyberBuild
 CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in
geoBlog 1.0 ...)
 	NOT-FOR-US: geoBlog
@@ -1584,7 +1905,7 @@
 	NOT-FOR-US: SibSoft CommuniMail
 CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter
Scripts ...)
 	NOT-FOR-US: Smarter Scripts IntelliLink Pro
-CVE-2006-1942 (Mozilla Firefox 1.5.0.2, Netscape 8.1, 8.0.4, and 7.2, and
K-Meleon ...)
+CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before
1.5.0.4, ...)
 	TODO: check
 	NOTE: pkg-mozilla-maintainers are preparing a big security release,
I''ve pinged them
 	NOTE: to ask about this issue
@@ -2764,8 +3085,7 @@
 	- mysql-dfsg-4.1 <unfixed> (bug #365939; low)
 	- mysql-dfsg <unfixed> (bug #365939; low)
 	- mysql <unfixed> (bug #365939; low)
-CVE-2006-1515 [typespeed buffer overflow]
-	RESERVED
+CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4
and ...)
 	{DSA-1084-1}
 	- typespeed 0.4.4-10
 CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in
abcmidi ...)
@@ -3550,9 +3870,9 @@
 	RESERVED
 CVE-2006-1176
 	RESERVED
-CVE-2006-1175
-	RESERVED
-CVE-2006-1174 (useradd in shadow-utils before 4.0.3 does not provide a required
...)
+CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe
for ...)
+	TODO: check
+CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other
versions ...)
 	- shadow 1:4.0.15-10 (low)
 CVE-2006-1173
 	RESERVED
@@ -8883,8 +9203,8 @@
 	- phpmyadmin <unfixed> (unimportant)
 CVE-2005-3620
 	RESERVED
-CVE-2005-3619
-	RESERVED
+CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
+	TODO: check
 CVE-2005-3618
 	RESERVED
 CVE-2005-3617
@@ -8928,7 +9248,7 @@
 CVE-2005-3598
 	RESERVED
 CVE-2005-3597
-	RESERVED
+	REJECTED
 CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote
...)
 	NOT-FOR-US: ASPKnowledgebase
 CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a
blank ...)
@@ -14657,7 +14977,7 @@
 	NOT-FOR-US: IceWarp Web Mail
 CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to
execute ...)
 	NOT-FOR-US: Mac OS X
-CVE-2002-1897 (MyWebServer 1.0.2 allows remote attackers to cause a denial of
service ...)
+CVE-2002-1897 (MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to
cause a ...)
 	NOT-FOR-US: MyWebserver
 CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid
root, ...)
 	- alsaplayer 0.99.72-1
@@ -20095,7 +20415,7 @@
 	TODO: 2.4.27 seems to be unaffected, check back with kernel patch tracker
 	TODO: check, when this was fixed in 2.6
 CVE-2005-0528 [mremap kernel issue]
-	RESERVED
+	REJECTED
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	TODO: Fixed for Woody, check 2.4 and 2.6
 CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code
via ...)
@@ -20187,8 +20507,7 @@
 	NOT-FOR-US: Arkeia Server Backup
 CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL
7.12.1, and ...)
 	- curl 7.13.0-2
-CVE-2005-0489
-	RESERVED
+CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17
allows ...)
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine
2.0.0 to ...)
 	- cfengine2 2.1.8-1
@@ -21770,8 +22089,7 @@
 CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local
users to ...)
 	- linux-2.6 <not-affected>
 	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
-CVE-2005-0136
-	RESERVED
+CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has
...)
 	TODO: Check, when this was fixed upstream
 	TODO: Check, whether 2.4 is affected
 	[sarge] - kernel-source-2.6.8 2.6.8-14
@@ -23055,8 +23373,7 @@
 CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier
allows ...)
 	{DSA-616-1}
 	- netkit-telnet-ssl 0.17.24+0.1-6
-CVE-2004-0997
-	RESERVED
+CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in
Linux ...)
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
 	{DSA-610-1}
@@ -25072,8 +25389,7 @@
 	RESERVED
 CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI
IRIX ...)
 	NOT-FOR-US: SGI IRIX
-CVE-2004-0138
-	RESERVED
+CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local
users to ...)
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24
allows ...)
 	NOT-FOR-US: IRIX init
Secure testing commits - Jun 2006 - r4139 - data/CVE

[Secure-testing-commits] r4139 - data/CVE
