Author: joeyh Date: 2006-06-27 09:14:34 +0000 (Tue, 27 Jun 2006) New Revision: 4305 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-06-26 22:28:32 UTC (rev 4304) +++ data/CVE/list 2006-06-27 09:14:34 UTC (rev 4305) @@ -1,3 +1,191 @@ +CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web ...) + TODO: check +CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the ...) + TODO: check +CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...) + TODO: check +CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote ...) + TODO: check +CVE-2006-3223 + RESERVED +CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 ...) + TODO: check +CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ...) + TODO: check +CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab ...) + TODO: check +CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board ...) + TODO: check +CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board ...) + TODO: check +CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows ...) + TODO: check +CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...) + TODO: check +CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...) + TODO: check +CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ...) + TODO: check +CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote ...) + TODO: check +CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...) + TODO: check +CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...) + TODO: check +CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and earlier, when register_globals is ...) + TODO: check +CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP ...) + TODO: check +CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...) + TODO: check +CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...) + TODO: check +CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows ...) + TODO: check +CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to ...) + TODO: check +CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically ...) + TODO: check +CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier ...) + TODO: check +CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain ...) + TODO: check +CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...) + TODO: check +CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ...) + TODO: check +CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) ...) + TODO: check +CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to ...) + TODO: check +CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) + TODO: check +CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to ...) + TODO: check +CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) + TODO: check +CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...) + TODO: check +CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...) + TODO: check +CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows ...) + TODO: check +CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 ...) + TODO: check +CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php ...) + TODO: check +CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and ...) + TODO: check +CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop ...) + TODO: check +CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon ...) + TODO: check +CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS ...) + TODO: check +CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator ...) + TODO: check +CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in Mobile Space ...) + TODO: check +CVE-2006-3182 (Directory traversal vulnerability in index.php in Mobile Space ...) + TODO: check +CVE-2006-3181 (SQL injection vulnerability in index.php in Mobile Space Community 2.0 ...) + TODO: check +CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx ...) + TODO: check +CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...) + TODO: check +CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...) + TODO: check +CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...) + TODO: check +CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 ...) + TODO: check +CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...) + TODO: check +CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...) + TODO: check +CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) + TODO: check +CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) + TODO: check +CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote ...) + TODO: check +CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 ...) + TODO: check +CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote ...) + TODO: check +CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...) + TODO: check +CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free ...) + TODO: check +CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...) + TODO: check +CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0 ...) + TODO: check +CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...) + TODO: check +CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in ...) + TODO: check +CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...) + TODO: check +CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in Simple File ...) + TODO: check +CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...) + TODO: check +CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions ...) + TODO: check +CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory ...) + TODO: check +CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate ...) + TODO: check +CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...) + TODO: check +CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ...) + TODO: check +CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate ...) + TODO: check +CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and ...) + TODO: check +CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD ...) + TODO: check +CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and ...) + TODO: check +CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum ...) + TODO: check +CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in ...) + TODO: check +CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...) + TODO: check +CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.23 and earlier ...) + TODO: check +CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows ...) + TODO: check +CVE-2006-3144 (PHP remote file inclusion vulnerability in microcms-include.php in IBD ...) + TODO: check +CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...) + TODO: check +CVE-2006-3142 (SQL injection vulnerability in Forum.php in VBZooM 1.11 allows remote ...) + TODO: check +CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...) + TODO: check +CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...) + TODO: check +CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War 1.5.0 ...) + TODO: check +CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory ...) + TODO: check +CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...) + TODO: check +CVE-2006-3136 (Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 ...) + TODO: check +CVE-2006-3135 + RESERVED +CVE-2006-3134 + RESERVED CVE-2006-3133 RESERVED CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in ...) @@ -104,8 +292,7 @@ CVE-2006-3100 [termnetd buffer overflow] RESERVED - termnetd 3.3-7 (bug #358028; medium) -CVE-2006-3085 [linux endless loop in xt_sctp] - RESERVED +CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...) - linux-2.6 2.6.16-15 CVE-2006-XXXX [webalizer-stonesteps XSS] - webalizer-stonesteps 2.4.1.2-1 @@ -167,9 +354,9 @@ NOT-FOR-US: PHORUM CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows ...) NOT-FOR-US: Event Registration -CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0 and ...) +CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, ...) NOT-FOR-US: SixCMS -CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0 and ...) +CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and ...) NOT-FOR-US: SixCMS CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...) NOT-FOR-US: Mole Group Ticket Booking Script @@ -187,7 +374,7 @@ NOT-FOR-US: LogiSphere CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe ...) NOT-FOR-US: CFXe-CMS -CVE-2006-3042 (Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 ...) +CVE-2006-3042 (** DISPUTED ** ...) NOT-FOR-US: ISPConfig CVE-2006-3041 (** DISPUTED ** ...) TODO: check @@ -451,18 +638,18 @@ - sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low) CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...) NOT-FOR-US: Microsoft -CVE-2006-2918 - RESERVED +CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...) + TODO: check CVE-2006-2917 RESERVED CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...) - arts 1.5.3-2 (bug #374003; low) [sarge] - arts <not-affected> (Not setuid root in Debian) NOTE: artswrapper is not suid root by default, but README.Debian describes it -CVE-2006-2915 - RESERVED -CVE-2006-2914 - RESERVED +CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote ...) + TODO: check +CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...) + TODO: check CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows ...) NOT-FOR-US: SelectaPix CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...) @@ -1557,16 +1744,14 @@ RESERVED CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...) - kdebase 4:3.5.2-2 (bug #374002; medium) -CVE-2006-2448 [linux machine check problem on powerpc] - RESERVED +CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, ...) - linux-2.6 2.6.16-15 CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...) {DSA-1090-1} - spamassassin 3.1.3-1 (medium) CVE-2006-2446 RESERVED -CVE-2006-2445 [linux vuln in check_process_timers (DoS?)] - RESERVED +CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before ...) - linux-2.6 2.6.16-15 CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel ...) - linux-2.6 2.6.16-15 @@ -1869,10 +2054,10 @@ NOTE: it''s marked as fixed here. (Previous versions are vulnerable.) CVE-2006-2312 (Unspecified vulnerability in the URI handler in Skype 2.0.*.104 and ...) NOT-FOR-US: Skype -CVE-2006-2311 - RESERVED -CVE-2006-2310 - RESERVED +CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...) + TODO: check +CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote ...) + TODO: check CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain ...) NOT-FOR-US: EServ CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...) @@ -2126,11 +2311,10 @@ RESERVED CVE-2006-2198 RESERVED -CVE-2006-2197 (Integer overflow in wv2 before 0.2.2 might allow context-dependent ...) +CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent ...) {DSA-1100} - wv2 0.2.2-6 (medium) -CVE-2006-2196 [pinball loads levels and compiled plugins from user-controllable locations] - RESERVED +CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain ...) {DSA-1102} - pinball 0.3.1-6 CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before ...)