thr3ads.net - Secure testing commits - [Secure-testing-commits] r4162

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Jun-07 21:15 UTC
[Secure-testing-commits] r4162 - data/CVE

Author: joeyh
Date: 2006-06-07 21:14:23 +0000 (Wed, 07 Jun 2006)
New Revision: 4162

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-06-07 09:14:24 UTC (rev 4161)
+++ data/CVE/list	2006-06-07 21:14:23 UTC (rev 4162)
@@ -1,4 +1,208 @@
-CVE-2006-2842 [squirrelmail remote file inclusion]
+CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions
before ...)
+	TODO: check
+CVE-2006-2898 (Unspecified vulnerability in the IAX2 channel driver (chan_iax2)
for ...)
+	TODO: check
+CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71
allows ...)
+	TODO: check
+CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to
change ...)
+	TODO: check
+CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up
to ...)
+	TODO: check
+CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey
...)
+	TODO: check
+CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the
full ...)
+	TODO: check
+CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy
1.0.3 ...)
+	TODO: check
+CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for
...)
+	TODO: check
+CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is
enabled, ...)
+	TODO: check
+CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost
...)
+	TODO: check
+CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in
Wikiwig ...)
+	TODO: check
+CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and
...)
+	TODO: check
+CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows
remote ...)
+	TODO: check
+CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in
KnowledgeTree ...)
+	TODO: check
+CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows
...)
+	TODO: check
+CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita
FAQ ...)
+	TODO: check
+CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp
in ...)
+	TODO: check
+CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in
DreamAccount 3.1 ...)
+	TODO: check
+CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed
Packages ...)
+	TODO: check
+CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex
News-Engine ...)
+	TODO: check
+CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and
earlier ...)
+	TODO: check
+CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and
...)
+	TODO: check
+CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro
Publish ...)
+	TODO: check
+CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of
Quake ...)
+	TODO: check
+CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4
has ...)
+	TODO: check
+CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma
Haber ...)
+	TODO: check
+CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble
1.02 ...)
+	TODO: check
+CVE-2006-2871 (PHP remote file inclusion vulnerability in include/common.php in
...)
+	TODO: check
+CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in
...)
+	TODO: check
+CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before
4.7.844 ...)
+	TODO: check
+CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline
1.7.6 ...)
+	TODO: check
+CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3
beta ...)
+	TODO: check
+CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in
...)
+	TODO: check
+CVE-2006-2865 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes
...)
+	TODO: check
+CVE-2006-2863 (PHP remote file inclusion vulnerability in
class.cs_phpmailer.php in ...)
+	TODO: check
+CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery
1.0.0 ...)
+	TODO: check
+CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2
and ...)
+	TODO: check
+CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1
...)
+	TODO: check
+CVE-2006-2859 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList
Classifieds ...)
+	TODO: check
+CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4
allows ...)
+	TODO: check
+CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the
site/lib ...)
+	TODO: check
+CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows
remote ...)
+	TODO: check
+CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0
allows ...)
+	TODO: check
+CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty
Portal ...)
+	TODO: check
+CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6
and ...)
+	TODO: check
+CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in
dotProject ...)
+	TODO: check
+CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in
PHP ...)
+	TODO: check
+CVE-2006-2849 (PHP remote file inclusion vulnerability in
includes/webdav/server.php ...)
+	TODO: check
+CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change
the ...)
+	TODO: check
+CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0
allows ...)
+	TODO: check
+CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in
VisionGate ...)
+	TODO: check
+CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2
allows ...)
+	TODO: check
+CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0
allow ...)
+	TODO: check
+CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows
remote ...)
+	TODO: check
+CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD
(aka ...)
+	TODO: check
+CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and
(2) ...)
+	TODO: check
+CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module
...)
+	TODO: check
+CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for
...)
+	TODO: check
+CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest
Book ...)
+	TODO: check
+CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple
Technologies ...)
+	TODO: check
+CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote
attackers ...)
+	TODO: check
+CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php
in ...)
+	TODO: check
+CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module
in ...)
+	TODO: check
+CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module
...)
+	TODO: check
+CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running
under ...)
+	TODO: check
+CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime
Agent ...)
+	TODO: check
+CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk
before ...)
+	TODO: check
+CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows
remote ...)
+	TODO: check
+CVE-2006-2827 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library
...)
+	TODO: check
+CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir
...)
+	TODO: check
+CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27
(0xc8 ...)
+	TODO: check
+CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores
sensitive ...)
+	TODO: check
+CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac
...)
+	TODO: check
+CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in
DeltaScripts ...)
+	TODO: check
+CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com
Weblog ...)
+	TODO: check
+CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in
Barnraiser ...)
+	TODO: check
+CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in
Cameron ...)
+	TODO: check
+CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows
remote ...)
+	TODO: check
+CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes
...)
+	TODO: check
+CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main
functions ...)
+	TODO: check
+CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart
...)
+	TODO: check
+CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico
...)
+	TODO: check
+CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior
...)
+	TODO: check
+CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod
htmlGEAR ...)
+	TODO: check
+CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers
to ...)
+	TODO: check
+CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka
Apache ...)
+	TODO: check
+CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5
and ...)
+	TODO: check
+CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL
Eventum ...)
+	TODO: check
+CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function
in ...)
+	TODO: check
+CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE
CMS ...)
+	TODO: check
+CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass
...)
+	TODO: check
+CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the
password ...)
+	TODO: check
+CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature
in ...)
+	TODO: check
+CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako
...)
+	TODO: check
+CVE-2006-2842 (** DISPUTED ** ...)
 	- squirrelmail <unfixed> (unimportant)
 	NOTE: Only exploitable with register_globals enabled
 CVE-2006-XXXX [XSS vulnerability in dokuwikis''s "Fullname"
and "E-Mail" fields]
@@ -9,7 +213,7 @@
 	- webalizer 2.01.10-29
 CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote
...)
 	NOT-FOR-US: vBulletin
-CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss
iCM 7.0 ...)
+CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss
...)
 	NOT-FOR-US: Goss iCM
 CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
ManualMaker ...)
 	NOT-FOR-US: PHP ManualMaker
@@ -149,11 +353,11 @@
 	TODO: check
 CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG
0.3.8 ...)
 	TODO: check
-CVE-2006-2769 (The HTTP Inspect preprocessor in Snort 2.4.0 through 2.4.4
allows ...)
+CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0
through ...)
 	TODO: check
 CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when
...)
 	TODO: check
-CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottomanpath 1.1.2,
when ...)
+CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when
...)
 	TODO: check
 CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet
...)
 	TODO: check
@@ -645,7 +849,7 @@
 	NOT-FOR-US: Xtreme Topsites
 CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL
errors ...)
 	NOT-FOR-US: Xtreme Topsites
-CVE-2006-2542 (xmcdconfig in Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb
and ...)
+CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates
/var/lib/cddb ...)
 	{DSA-1086-1}
 	TODO: check sarge and woody
 	- xmcd 2.6-17.2 (bug #366816; medium)
@@ -852,8 +1056,7 @@
 	RESERVED
 CVE-2006-2448
 	RESERVED
-CVE-2006-2447 [spamd --vpopmail/--paranoid remote command execution bug]
-	RESERVED
+CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the
paranoid ...)
 	- spamassassin 3.1.3-1 (medium)
 CVE-2006-2446
 	RESERVED
@@ -4586,7 +4789,7 @@
 	NOT-FOR-US: Calcium
 CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code
Confirmation ...)
 	NOT-FOR-US: Invision Power Board
-CVE-2006-0887 (Unspecified vulnerability in PHPLIB 7.4 allows remote attackers
to ...)
+CVE-2006-0887 (Eval injection vulnerability in sessions.inc in PHP Base Library
...)
 	NOT-FOR-US: PHPLIB
 CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV
web ...)
 	NOT-FOR-US: DEV web management system
@@ -4768,7 +4971,7 @@
 	NOT-FOR-US: MUTE
 CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word
...)
 	NOT-FOR-US: NJStar
-CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb
4.71 ...)
+CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb
4.71, as ...)
 	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
 	- libphp-adodb 4.72-0.1 (bug #358872; medium)
 	- moodle <unfixed> (bug #360396; medium)
@@ -9885,7 +10088,7 @@
 	NOT-FOR-US: Ringtail CaseBook
 CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in
Ringtail ...)
 	NOT-FOR-US: Ringtail CaseBook
-CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe Tutorial
Manager ...)
+CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe.net
Tutorials ...)
 	NOT-FOR-US: PHPCafe Tutorial Manager
 CVE-2005-3477 (Multiple interpretation error in the image upload handling code
in ...)
 	NOT-FOR-US: Invision Gallery
@@ -15457,8 +15660,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2005-1977
 	RESERVED
-CVE-2005-1976
-	RESERVED
+CVE-2005-1976 (Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on
Linux, sets ...)
+	TODO: check
 CVE-2002-1782 (The default configuration of University of Washington IMAP
daemon ...)
 	- uw-imap <unfixed> (bug #315499; low)
 CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow
remote ...)
Secure testing commits - Jun 2006 - r4162 - data/CVE

[Secure-testing-commits] r4162 - data/CVE
