Author: joeyh Date: 2006-07-25 21:14:28 +0000 (Tue, 25 Jul 2006) New Revision: 4455 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-07-25 19:30:50 UTC (rev 4454) +++ data/CVE/list 2006-07-25 21:14:28 UTC (rev 4455) @@ -1,3 +1,203 @@ +CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...) + TODO: check +CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...) + TODO: check +CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list ...) + TODO: check +CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...) + TODO: check +CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite ...) + TODO: check +CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog ...) + TODO: check +CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine) ...) + TODO: check +CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh ...) + TODO: check +CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in ...) + TODO: check +CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine ...) + TODO: check +CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in ...) + TODO: check +CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh ...) + TODO: check +CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...) + TODO: check +CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory ...) + TODO: check +CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) ...) + TODO: check +CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions ...) + TODO: check +CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 ...) + TODO: check +CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...) + TODO: check +CVE-2006-3819 + RESERVED +CVE-2006-3818 + RESERVED +CVE-2006-3817 + RESERVED +CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...) + TODO: check +CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in an ...) + TODO: check +CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...) + TODO: check +CVE-2006-3813 + RESERVED +CVE-2006-3812 + RESERVED +CVE-2006-3811 + RESERVED +CVE-2006-3810 + RESERVED +CVE-2006-3809 + RESERVED +CVE-2006-3808 + RESERVED +CVE-2006-3807 + RESERVED +CVE-2006-3806 + RESERVED +CVE-2006-3805 + RESERVED +CVE-2006-3804 + RESERVED +CVE-2006-3803 + RESERVED +CVE-2006-3802 + RESERVED +CVE-2006-3801 + RESERVED +CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...) + TODO: check +CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL ...) + TODO: check +CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...) + TODO: check +CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...) + TODO: check +CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...) + TODO: check +CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...) + TODO: check +CVE-2006-3794 (SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart ...) + TODO: check +CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth ...) + TODO: check +CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in ...) + TODO: check +CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...) + TODO: check +CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...) + TODO: check +CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) ...) + TODO: check +CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow ...) + TODO: check +CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 ...) + TODO: check +CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka ...) + TODO: check +CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox ...) + TODO: check +CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the ...) + TODO: check +CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...) + TODO: check +CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...) + TODO: check +CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent ...) + TODO: check +CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web ...) + TODO: check +CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on ...) + TODO: check +CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to ...) + TODO: check +CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot ...) + TODO: check +CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...) + TODO: check +CVE-2006-3775 (SQL injection vulnerability in class_session.php in MyBB (aka ...) + TODO: check +CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the ...) + TODO: check +CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum ...) + TODO: check +CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login ...) + TODO: check +CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...) + TODO: check +CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber ...) + TODO: check +CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and ...) + TODO: check +CVE-2006-3768 + RESERVED +CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in Darren''s $5 Script Archive ...) + TODO: check +CVE-2006-3766 (Darren''s $5 Script Archive osDate 1.1.7 and earlier allows users to ...) + TODO: check +CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher ...) + TODO: check +CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new ...) + TODO: check +CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...) + TODO: check +CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to ...) + TODO: check +CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/function_post.php in ...) + TODO: check +CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...) + TODO: check +CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...) + TODO: check +CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) ...) + TODO: check +CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain ...) + TODO: check +CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and ...) + TODO: check +CVE-2006-3755 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-3754 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-3753 (setcookie.php for tthe administration login in Professional Home Page ...) + TODO: check +CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional ...) + TODO: check +CVE-2006-3751 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash ...) + TODO: check +CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap ...) + TODO: check +CVE-2006-3748 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-3747 + RESERVED +CVE-2006-3746 + RESERVED +CVE-2006-3745 + RESERVED +CVE-2006-3744 + RESERVED +CVE-2006-3743 + RESERVED +CVE-2006-3742 + RESERVED +CVE-2006-3741 + RESERVED +CVE-2006-3740 + RESERVED +CVE-2006-3739 + RESERVED +CVE-2006-3738 + RESERVED CVE-2006-XXXX [htdig: several unspecified security problems] - htdig 1:3.2.0b6-1 CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it] @@ -129,8 +329,8 @@ RESERVED CVE-2006-3677 RESERVED -CVE-2006-3676 - RESERVED +CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...) + TODO: check CVE-2006-3675 RESERVED CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...) @@ -156,9 +356,9 @@ [sarge] - squirrelmail <no-dsa> (Operation with registers_globals not supported) CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 ...) NOT-FOR-US: Sun Solaris -CVE-2006-3663 (Finjan Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a ...) +CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...) NOT-FOR-US: Finjan Appliance -CVE-2006-3662 (SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote ...) +CVE-2006-3662 (** DISPUTED ** ...) NOT-FOR-US: ATutor CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews ...) NOT-FOR-US: CuteNews @@ -769,7 +969,7 @@ TODO: check CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...) TODO: check -CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager in ...) +CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager, as used ...) TODO: check CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...) TODO: check