Secure testing commits - Jun 2006 - r4250 - data/CVE

Author: joeyh
Date: 2006-06-16 21:14:30 +0000 (Fri, 16 Jun 2006)
New Revision: 4250

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-06-16 19:47:43 UTC (rev 4249)
+++ data/CVE/list	2006-06-16 21:14:30 UTC (rev 4250)
@@ -1,3 +1,107 @@
+CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP
(dhcdbd) ...)
+	TODO: check
+CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01
allows ...)
+	TODO: check
+CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow
remote ...)
+	TODO: check
+CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow
remote ...)
+	TODO: check
+CVE-2006-3053 (PHP remote file inclusion vulnerability in common.php in PHORUM
5.1.13 ...)
+	TODO: check
+CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration
allows ...)
+	TODO: check
+CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS
6.0 and ...)
+	TODO: check
+CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0
and ...)
+	TODO: check
+CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in
booking3.php in ...)
+	TODO: check
+CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly
earlier ...)
+	TODO: check
+CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in tikiwiki 1.9.3.2 and
...)
+	TODO: check
+CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext
1.5, ...)
+	TODO: check
+CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in
Foing ...)
+	TODO: check
+CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0
allows ...)
+	TODO: check
+CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in
CFXe-CMS 2.0 ...)
+	TODO: check
+CVE-2006-3042 (Multiple PHP remote file inclusion vulnerabilities in ISPConfig
2.2.3 ...)
+	TODO: check
+CVE-2006-3041 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-3040 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in
Cescripts ...)
+	TODO: check
+CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in
Cescripts ...)
+	TODO: check
+CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in
publish.php in ...)
+	TODO: check
+CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in
addwords.php in ...)
+	TODO: check
+CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1
allows ...)
+	TODO: check
+CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme
ASP ...)
+	TODO: check
+CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp
in ...)
+	TODO: check
+CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone
Shopping ...)
+	TODO: check
+CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in
ClickTech ...)
+	TODO: check
+CVE-2006-3028 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos
2.2 and ...)
+	TODO: check
+CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in
ClickGallery ...)
+	TODO: check
+CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris
Lea ...)
+	TODO: check
+CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius
...)
+	TODO: check
+CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in
thumbnails.asp ...)
+	TODO: check
+CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in
fipsGallery ...)
+	TODO: check
+CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in
BlueCollar ...)
+	TODO: check
+CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in
FullPhoto.asp ...)
+	TODO: check
+CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS
1.2.1pl2 ...)
+	TODO: check
+CVE-2006-3018 (Unspecified vulnerability in the session extension functionality
in ...)
+	TODO: check
+CVE-2006-3017 (Unspecified vulnerability in PHP before 5.1.3 can prevent a
variable ...)
+	TODO: check
+CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has
unknown ...)
+	TODO: check
+CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328
allows ...)
+	TODO: check
+CVE-2006-3014
+	RESERVED
+CVE-2006-3013
+	RESERVED
+CVE-2006-3012
+	RESERVED
+CVE-2006-3011
+	RESERVED
+CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP
...)
+	TODO: check
+CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote
attackers to ...)
+	TODO: check
+CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP
before ...)
+	TODO: check
+CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP
functionality ...)
+	TODO: check
+CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local
users ...)
+	TODO: check
 CVE-2006-XXXX [snarf: crash on invalid response to the PASV command]
 	- snarf 7.0-5
 CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business
Management ...)
@@ -192,8 +296,7 @@
 	RESERVED
 CVE-2006-2917
 	RESERVED
-CVE-2006-2916 [artswrapper local root]
-	RESERVED
+CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or
later ...)
 	- arts <unfixed> (bug filed; low)
 	NOTE: artswrapper is not suid root by default, but README.Debian describes it
 CVE-2006-2915
@@ -208,8 +311,8 @@
 	RESERVED
 CVE-2006-2910
 	RESERVED
-CVE-2006-2909
-	RESERVED
+CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension ...)
+	TODO: check
 CVE-2006-2908 (The domecode function in inc/functions_post.php in
MyBulletinBoard ...)
 	NOT-FOR-US: MyBB
 CVE-2006-2907
@@ -609,7 +712,7 @@
 	- webcalendar 1.0.4-1 (medium)
 CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3
HITSENSER3/PRP, ...)
 	NOT-FOR-US: Hitachi
-CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nForum 0.91
allows ...)
+CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum
0.91 ...)
 	NOT-FOR-US: 4nForum
 CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read
arbitrary ...)
 	TODO: check
@@ -838,6 +941,7 @@
 CVE-2006-2645 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Plume
 CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote
authenticated ...)
+	{DSA-1075-1}
 	- awstats 6.5-2 (bug #365910)
 CVE-2006-XXXX [libxine1 overflow via a specially-crafted AVI file]
 	- xine-lib 1.1.1-2 (bug #369876; medium)
@@ -1290,8 +1394,7 @@
 	RESERVED
 CVE-2006-2450
 	RESERVED
-CVE-2006-2449 [kdm arbitrary file read via symlink]
-	RESERVED
+CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local
users ...)
 	- kdebase <unfixed> (bug filed; medium)
 CVE-2006-2448
 	RESERVED
@@ -1429,7 +1532,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-2381
 	RESERVED
-CVE-2006-2380 (Microsoft Windows XP SP1 and SP2, Server 2003 SP1 and earlier,
Windows ...)
+CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC
server ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft
Windows ...)
 	NOT-FOR-US: Microsoft
@@ -1857,15 +1960,13 @@
 	RESERVED
 CVE-2006-2198
 	RESERVED
-CVE-2006-2197 [wv2 integer overflow]
-	RESERVED
+CVE-2006-2197 (Integer overflow in wv2 before 0.2.2 might allow
context-dependent ...)
 	{DSA-1100}
 	- wv2 <unfixed> (medium)
 CVE-2006-2196 [pinball loads levels and compiled plugins from user-controllable
locations]
 	RESERVED
 	- pinball 0.3.1-6
-CVE-2006-2195 [horde XSS]
-	RESERVED
+CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3)
before ...)
 	{DSA-1099-1 DSA-1098-1}
 	- horde3 3.1.1-3
 CVE-2006-2194
@@ -4373,7 +4474,7 @@
 	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
 CVE-2006-1194 (Integer signedness error in the
enet_protocol_handle_incoming_commands ...)
 	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
-CVE-2006-1193 (Microsoft Exchange Server 2000 SP1 through SP3, when running
Outlook ...)
+CVE-2006-1193 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange
Server ...)
 	TODO: check
 CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote
attackers to ...)
 	NOT-FOR-US: Microsoft
@@ -4414,7 +4515,7 @@
 	TODO: check
 CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other
versions ...)
 	- shadow 1:4.0.15-10 (low)
-CVE-2006-1173 (Unspecified vulnerability in HP Tru64 UNIX 4.0F PK8 up to 5.1B-3
and ...)
+CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial
of ...)
 	- sendmail 8.13.7-1 (low)
 CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...)
 	NOT-FOR-US: ActiveX control
@@ -13710,6 +13811,7 @@
 	NOTE: Direct flooding is possible as well in most circumstances.
 	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in
Debian
 CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge
4.5 ...)
+	{DSA-1094-1}
 	- gforge (bug #328224; medium)
 	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in
Debian
 CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not
properly set ...)