Author: joeyh Date: 2006-07-10 21:14:27 +0000 (Mon, 10 Jul 2006) New Revision: 4363 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-07-09 19:48:22 UTC (rev 4362) +++ data/CVE/list 2006-07-10 21:14:27 UTC (rev 4363) @@ -1,10 +1,222 @@ +CVE-2006-3457 + RESERVED +CVE-2006-3456 + RESERVED +CVE-2006-3455 + RESERVED +CVE-2006-3454 + RESERVED +CVE-2006-3453 + RESERVED +CVE-2006-3452 + RESERVED +CVE-2006-3451 + RESERVED +CVE-2006-3450 + RESERVED +CVE-2006-3449 + RESERVED +CVE-2006-3448 + RESERVED +CVE-2006-3447 + RESERVED +CVE-2006-3446 + RESERVED +CVE-2006-3445 + RESERVED +CVE-2006-3444 + RESERVED +CVE-2006-3443 + RESERVED +CVE-2006-3442 + RESERVED +CVE-2006-3441 + RESERVED +CVE-2006-3440 + RESERVED +CVE-2006-3439 + RESERVED +CVE-2006-3438 + RESERVED +CVE-2006-3437 + RESERVED +CVE-2006-3436 + RESERVED +CVE-2006-3435 + RESERVED +CVE-2006-3434 + RESERVED +CVE-2006-3433 + RESERVED +CVE-2006-3432 + RESERVED +CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...) + TODO: check +CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...) + TODO: check +CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...) + TODO: check +CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...) + TODO: check +CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) + TODO: check +CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server ...) + TODO: check +CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and ...) + TODO: check +CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, ...) + TODO: check +CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before ...) + TODO: check +CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows ...) + TODO: check +CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and ...) + TODO: check +CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in ...) + TODO: check +CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes ...) + TODO: check +CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor''s ...) + TODO: check +CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or ...) + TODO: check +CVE-2006-3416 (** DISPUTED ** ...) + TODO: check +CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the "OR" ...) + TODO: check +CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...) + TODO: check +CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on ...) + TODO: check +CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall ...) + TODO: check +CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys ...) + TODO: check +CVE-2006-3410 (Tor before 0.1.1.20 creates "internal circuits" primarily consisting ...) + TODO: check +CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to ...) + TODO: check +CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor ...) + TODO: check +CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or ...) + TODO: check +CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 ...) + TODO: check +CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in ...) + TODO: check +CVE-2006-3403 + RESERVED +CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...) + TODO: check +CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: ...) + TODO: check +CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake ...) + TODO: check +CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki ...) + TODO: check +CVE-2006-3398 (The "change password forms" in Taskjitsu before 2.0.1 includes ...) + TODO: check +CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu ...) + TODO: check +CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in ...) + TODO: check +CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX ...) + TODO: check +CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP ...) + TODO: check +CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...) + TODO: check +CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path ...) + TODO: check +CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 ...) + TODO: check +CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation ...) + TODO: check +CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain ...) + TODO: check +CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 ...) + TODO: check +CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News ...) + TODO: check +CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to ...) + TODO: check +CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent ...) + TODO: check +CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...) + TODO: check +CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 ...) + TODO: check +CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 ...) + TODO: check +CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code ...) + TODO: check +CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 ...) + TODO: check +CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 ...) + TODO: check +CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...) + TODO: check +CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...) + TODO: check +CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...) + TODO: check +CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...) + TODO: check +CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 ...) + TODO: check +CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit ...) + TODO: check +CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document ...) + TODO: check +CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root ...) + TODO: check +CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with ...) + TODO: check +CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with ...) + TODO: check +CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web ...) + TODO: check +CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow ...) + TODO: check +CVE-2006-3365 (mail/index.php in V3 Chat allows remote attackers to obtain the ...) + TODO: check +CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in ...) + TODO: check +CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...) + TODO: check +CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager in ...) + TODO: check +CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...) + TODO: check +CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...) + TODO: check +CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 ...) + TODO: check +CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) + TODO: check +CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) ...) + TODO: check +CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...) + TODO: check +CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...) + TODO: check +CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) + TODO: check +CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) ...) + TODO: check +CVE-2006-3352 (** DISPUTED ** ...) + TODO: check +CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and ...) + TODO: check CVE-2006-XXXX [trac: reStructuredText breach of privacy and denial of service] - trac 0.9.6-1 -CVE-2006-3458 [information disclosure vulnerability in Zope2] +CVE-2006-3458 (Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and ...) - zope2.7 <unfixed> (bug #377285; medium) - zope2.8 <unfixed> (bug #377277; medium) - zope2.9 <unfixed> (bug #377286; medium) -CVE-2006-3404 [gimp: Buffer overrun in XCF reading code] +CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c ...) - gimp 2.2.11-3.1 (bug #377049; medium) CVE-2006-3350 RESERVED @@ -34,8 +246,8 @@ NOT-FOR-US: Atlassian CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: cPanel (not the Chinese language tool in Debian) -CVE-2006-3336 - RESERVED +CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the ...) + TODO: check CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...) NOT-FOR-US: HP-UX CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...) @@ -208,7 +420,7 @@ NOT-FOR-US: Woltlab Burning Board CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board ...) NOT-FOR-US: Woltlab Burning Board -CVE-2006-3253 (Cross-site scripting (XSS) vulnerability in member.php in vBulletin ...) +CVE-2006-3253 (** DISPUTED ** ...) NOT-FOR-US: vBulletin CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic ...) NOT-FOR-US: Algorithmic Research PrivateWire VPN @@ -348,11 +560,11 @@ NOT-FOR-US: CMS Faethon CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator ...) NOT-FOR-US: ASP Stats Generator -CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in Mobile Space ...) +CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts ...) NOT-FOR-US: Mobile Space Community -CVE-2006-3182 (Directory traversal vulnerability in index.php in Mobile Space ...) +CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile ...) NOT-FOR-US: Mobile Space Community -CVE-2006-3181 (SQL injection vulnerability in index.php in Mobile Space Community 2.0 ...) +CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space ...) NOT-FOR-US: Mobile Space Community CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx ...) NOT-FOR-US: Confixx Pro @@ -397,7 +609,7 @@ NOT-FOR-US: SmartSiteCMS CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...) NOT-FOR-US: SaphpLesson -CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in Simple File ...) +CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple ...) NOT-FOR-US: Simple File Manager CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...) NOT-FOR-US: Sun ONE/iPlanet Messaging Server @@ -445,7 +657,7 @@ NOT-FOR-US: phpMyDirectory CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...) NOT-FOR-US: Edge eCommerce Shop -CVE-2006-3136 (Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 ...) +CVE-2006-3136 (** DISPUTED ** ...) NOT-FOR-US: Nucleus CVE-2006-3135 RESERVED @@ -530,7 +742,7 @@ NOT-FOR-US: iPostMX CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic ...) NOT-FOR-US: Calendarix Basic -CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Reader before 7.0.8 have ...) +CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader ...) NOT-FOR-US: Adobe Reader CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass ...) NOT-FOR-US: PhpMyFactures @@ -2001,8 +2213,8 @@ CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature ...) - gdm <unfixed> (bug #375281; medium) [sarge] - gdm <not-affected> (Vulnerable code has only been introduced with 2.8) -CVE-2006-2451 - RESERVED +CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...) + TODO: check CVE-2006-2450 RESERVED CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...) @@ -5127,8 +5339,8 @@ RESERVED CVE-2006-1177 RESERVED -CVE-2006-1176 - RESERVED +CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...) + TODO: check CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for ...) NOT-FOR-US: WeOnlyDo! SFTP CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions ...) @@ -6968,7 +7180,7 @@ NOT-FOR-US: SleeperChat CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat ...) NOT-FOR-US: SleeperChat -CVE-2006-0414 (Tor 0.1.1.10-alpha and earlier allows remote attackers to identify ...) +CVE-2006-0414 (Tor before 0.1.1.20 allows remote attackers to identify hidden ...) - tor 0.1.1.11-alpha-1 (bug #349283) CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow ...) NOT-FOR-US: NewsPHP