thr3ads.net - Secure testing commits - [Secure-testing-commits] r4494

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Aug-03 21:15 UTC
[Secure-testing-commits] r4494 - data/CVE

Author: joeyh
Date: 2006-08-03 21:14:24 +0000 (Thu, 03 Aug 2006)
New Revision: 4494

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-03 14:11:15 UTC (rev 4493)
+++ data/CVE/list	2006-08-03 21:14:24 UTC (rev 4494)
@@ -1,3 +1,269 @@
+CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO
...)
+	TODO: check
+CVE-2006-3969 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch
...)
+	TODO: check
+CVE-2006-3967 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3966 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the
web ...)
+	TODO: check
+CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex
PHP ...)
+	TODO: check
+CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner
...)
+	TODO: check
+CVE-2006-3962 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3961 (Unspecified vulnerability in McAfee Internet Security Suite
2006, ...)
+	TODO: check
+CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll 1.10
allows ...)
+	TODO: check
+CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts
X-Protection ...)
+	TODO: check
+CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities
in ...)
+	TODO: check
+CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev
...)
+	TODO: check
+CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in
contact.php in ...)
+	TODO: check
+CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB
Forum ...)
+	TODO: check
+CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka
...)
+	TODO: check
+CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB
(aka ...)
+	TODO: check
+CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing
FTP ...)
+	TODO: check
+CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in
Mam-moodle ...)
+	TODO: check
+CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts
...)
+	TODO: check
+CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php
in the ...)
+	TODO: check
+CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in
PHP-Nuke ...)
+	TODO: check
+CVE-2006-3947 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3946 (The KHTMLParser::popOneBlock function in Apple Safari 2.0.4 on
Mac OS ...)
+	TODO: check
+CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote
...)
+	TODO: check
+CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote
...)
+	TODO: check
+CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft
Internet ...)
+	TODO: check
+CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows 2000 SP4,
Server 2003 ...)
+	TODO: check
+CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine
5.3 ...)
+	TODO: check
+CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow
remote ...)
+	TODO: check
+CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to
perform ...)
+	TODO: check
+CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information
via a ...)
+	TODO: check
+CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before
6.2.2 ...)
+	TODO: check
+CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms
before ...)
+	TODO: check
+CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in
...)
+	TODO: check
+CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms
before ...)
+	TODO: check
+CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe
3.0 ...)
+	TODO: check
+CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in
Tuomas ...)
+	TODO: check
+CVE-2006-3930 (PHP remote file inclusion vulnerability in
admin.a6mambohelpdesk.php ...)
+	TODO: check
+CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin
...)
+	TODO: check
+CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews
0.2a ...)
+	TODO: check
+CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in
...)
+	TODO: check
+CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow
remote ...)
+	TODO: check
+CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX
control ...)
+	TODO: check
+CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos
before ...)
+	TODO: check
+CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in
Fire-Mouse ...)
+	TODO: check
+CVE-2006-3922 (PHP remote file inclusion vulnerability in
mod_membre/inscription.php ...)
+	TODO: check
+CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web
...)
+	TODO: check
+CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before
20060726 ...)
+	TODO: check
+CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows
...)
+	TODO: check
+CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and
6.1 ...)
+	TODO: check
+CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in
R. ...)
+	TODO: check
+CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews
(aka ...)
+	TODO: check
+CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote
...)
+	TODO: check
+CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic
Suite ...)
+	TODO: check
+CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15
Jul ...)
+	TODO: check
+CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before
3.60 ...)
+	TODO: check
+CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live!
3.2.1 ...)
+	TODO: check
+CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is
installed, ...)
+	TODO: check
+CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in
WWWthreads ...)
+	TODO: check
+CVE-2006-3908 (Format string vulnerability in the flush_output function in ...)
+	TODO: check
+CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented
on ...)
+	TODO: check
+CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows
remote ...)
+	TODO: check
+CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS
0.6.1 ...)
+	TODO: check
+CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php
in ...)
+	TODO: check
+CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in
phpFaber ...)
+	TODO: check
+CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email
Firewall ...)
+	TODO: check
+CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in
TP-Book ...)
+	TODO: check
+CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote
...)
+	TODO: check
+CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote
...)
+	TODO: check
+CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000
allows ...)
+	TODO: check
+CVE-2006-3896
+	RESERVED
+CVE-2006-3895
+	RESERVED
+CVE-2006-3894
+	RESERVED
+CVE-2006-3893
+	RESERVED
+CVE-2006-3892
+	RESERVED
+CVE-2006-3891
+	RESERVED
+CVE-2006-3890
+	RESERVED
+CVE-2006-3889
+	RESERVED
+CVE-2006-3888
+	RESERVED
+CVE-2006-3887
+	RESERVED
+CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and
earlier ...)
+	TODO: check
+CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W
...)
+	TODO: check
+CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish
...)
+	TODO: check
+CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish
...)
+	TODO: check
+CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox
2.3.4 and ...)
+	TODO: check
+CVE-2006-3880 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c
in ...)
+	TODO: check
+CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs
/etc/init.d/mysql ...)
+	TODO: check
+CVE-2006-3877
+	RESERVED
+CVE-2006-3876
+	RESERVED
+CVE-2006-3875
+	RESERVED
+CVE-2006-3874
+	RESERVED
+CVE-2006-3873
+	RESERVED
+CVE-2006-3872
+	RESERVED
+CVE-2006-3871
+	RESERVED
+CVE-2006-3870
+	RESERVED
+CVE-2006-3869
+	RESERVED
+CVE-2006-3868
+	RESERVED
+CVE-2006-3867
+	RESERVED
+CVE-2006-3866
+	RESERVED
+CVE-2006-3865
+	RESERVED
+CVE-2006-3864
+	RESERVED
+CVE-2006-3863
+	RESERVED
+CVE-2006-3862
+	RESERVED
+CVE-2006-3861
+	RESERVED
+CVE-2006-3860
+	RESERVED
+CVE-2006-3859
+	RESERVED
+CVE-2006-3858
+	RESERVED
+CVE-2006-3857
+	RESERVED
+CVE-2006-3856
+	RESERVED
+CVE-2006-3855
+	RESERVED
+CVE-2006-3854
+	RESERVED
+CVE-2006-3853
+	RESERVED
+CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro
...)
+	TODO: check
+CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4
and ...)
+	TODO: check
+CVE-2006-3850 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone
Resurrection ...)
+	TODO: check
+CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP
...)
+	TODO: check
+CVE-2006-3847 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3846 (PHP remote file inclusion vulnerability in
extadminmenus.class.php in ...)
+	TODO: check
+CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through
3.60 ...)
+	TODO: check
+CVE-2006-3844 (Buffer overflow in Quick ''n Easy FTP Server 3.0 allows
remote ...)
+	TODO: check
+CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in
...)
+	TODO: check
+CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office
3.2 ...)
+	TODO: check
+CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before
...)
+	TODO: check
+CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS
products ...)
+	TODO: check
+CVE-2006-3839
+	RESERVED
+CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise
...)
+	TODO: check
 CVE-2006-XXXX [syslog-ng dos]
 	- syslog-ng 2.0rc1-2
 CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to
password disclosure]
@@ -10,8 +276,8 @@
 CVE-2006-XXXX [gjay buffer overrun]
 	- gjay 0.2.8.3-5 (bug #361056)
 CVE-2006-XXXX [Webalizer buffer overflows]
-       - webalizer <unfixed> (unknown)
-       NOTE: 11_various_buffer_overflows should be reviewed for exploitability
+	- webalizer <unfixed> (unknown)
+	NOTE: 11_various_buffer_overflows should be reviewed for exploitability
 CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes
the ...)
 	NOT-FOR-US: Professional Home Page Tools Guestbook
 CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia
Chameleon ...)
@@ -49,22 +315,22 @@
 	NOT-FOR-US: ATutor
 CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php
in ...)
 	NOT-FOR-US: Loudblog
-CVE-2006-3819
-	RESERVED
+CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki
4.0.0 ...)
+	TODO: check
 CVE-2006-3818
 	RESERVED
 CVE-2006-3817
 	RESERVED
 CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote
...)
 	- krusader <not-affected> (bug #380063; file in directory with 0700
permissions)
-CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions
in an ...)
+CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions
in a ...)
+	{DSA-1128}
 	- heartbeat 1.2.4-13 (bug #379904)
 CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal
function in ...)
 	- cheesetracker 0.9.9-6 (bug #380364; low)
 CVE-2006-3813
 	RESERVED
-CVE-2006-3812 [firefox/mozilla  chrome: scheme loading remote content]
-	RESERVED
+CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
 	NOTE: MFSA-2006-56
 	- mozilla <unfixed> (medium)
 	- xulrunner <unfixed> (medium)
@@ -72,8 +338,7 @@
 	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
 	- thunderbird <unfixed> (unimportant)
 	- mozilla-thunderbird <removed> (unimportant)
-CVE-2006-3811 [firefox/mozilla Crashes with evidence of memory corruption
(rv:1.8.0.5)]
-	RESERVED
+CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
 	NOTE: MFSA-2006-55
 	- mozilla <unfixed> (high)
 	- xulrunner <unfixed> (high)
@@ -81,8 +346,7 @@
 	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird <unfixed> (medium)
 	- mozilla-thunderbird <removed> (medium)
-CVE-2006-3810 [firefox/mozilla XSS with XPCNativeWrapper(window).Function(...)]
-	RESERVED
+CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5
before ...)
 	NOTE: MFSA-2006-54
 	- mozilla <not-affected> (mozilla 1.7 not affected)
 	- xulrunner <unfixed> (high)
@@ -90,8 +354,7 @@
 	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird <unfixed> (medium)
 	- mozilla-thunderbird <not-affected>
-CVE-2006-3809 [firefox/mozilla UniversalBrowserRead privilege escalation]
-	RESERVED
+CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
 	NOTE: MFSA-2006-53
 	- mozilla <unfixed> (medium)
 	- xulrunner <unfixed> (medium)
@@ -99,15 +362,13 @@
 	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
 	- thunderbird <unfixed> (medium)
 	- mozilla-thunderbird <removed> (medium)
-CVE-2006-3808 [firefox/mozilla PAC privilege escalation using
Function.prototype.call]
-	RESERVED
+CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows
...)
 	NOTE: MFSA-2006-52
 	- mozilla <unfixed> (medium)
 	- xulrunner <unfixed> (medium)
 	- mozilla-firefox <removed> (medium)
 	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
-CVE-2006-3807 [firefox/mozilla Privilege escalation using named-functions and
redefined "new Object()"]
-	RESERVED
+CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
 	NOTE: MFSA-2006-51
 	- mozilla <unfixed> (high)
 	- xulrunner <unfixed> (high)
@@ -115,8 +376,7 @@
 	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird <unfixed> (medium)
 	- mozilla-thunderbird <removed> (medium)
-CVE-2006-3806 [firefox/mozilla JavaScript engine vulnerabilities]
-	RESERVED
+CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla
Firefox ...)
 	NOTE: MFSA-2006-50
 	- mozilla <unfixed> (high)
 	- xulrunner <unfixed> (high)
@@ -124,8 +384,7 @@
 	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird <unfixed> (medium)
 	- mozilla-thunderbird <removed> (medium)
-CVE-2006-3805 [firefox/mozilla JavaScript engine vulnerabilities]
-	RESERVED
+CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5,
Thunderbird ...)
 	NOTE: MFSA-2006-50
 	- mozilla <unfixed> (high)
 	- xulrunner <unfixed> (high)
@@ -133,14 +392,12 @@
 	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird <unfixed> (medium)
 	- mozilla-thunderbird <removed> (medium)
-CVE-2006-3804 [thunderbird/mozilla  Heap buffer overwrite on malformed VCard]
-	RESERVED
+CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5
and ...)
 	NOTE: MFSA-2006-49
 	- mozilla <unfixed> (high)
 	- thunderbird <unfixed> (high)
 	- mozilla-thunderbird <removed> (high)
-CVE-2006-3803 [firefox/mozilla  JavaScript new Function race condition]
-	RESERVED
+CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla
Firefox ...)
 	NOTE: MFSA-2006-48
 	- mozilla <not-affected> (mozilla 1.7 not affected)
 	- xulrunner <unfixed> (high)
@@ -148,8 +405,7 @@
 	- firefox 1.5.dfsg+1.5.0.5-1 (high)
 	- thunderbird <unfixed> (medium)
 	- mozilla-thunderbird <not-affected>
-CVE-2006-3802 [firefox/mozilla Native DOM methods can be hijacked across
domains]
-	RESERVED
+CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
 	NOTE: MFSA-2006-47
 	- mozilla <not-affected> (mozilla 1.7 not affected)
 	- xulrunner <unfixed> (medium)
@@ -157,8 +413,7 @@
 	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
 	- thunderbird <unfixed> (medium)
 	- mozilla-thunderbird <not-affected>
-CVE-2006-3801 [firefox/mozilla Code execution through deleted frame reference]
-	RESERVED
+CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3
does not ...)
 	NOTE: MFSA-2006-44
 	- mozilla-firefox <not-affected> (only firefox >= 1.5)
 	- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
@@ -178,7 +433,7 @@
 	NOT-FOR-US: DeluxeBB
 CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB
before ...)
 	NOT-FOR-US: DeluxeBB
-CVE-2006-3794 (SQL injection vulnerability in Amazing Flash AFCommerce Shopping
Cart ...)
+CVE-2006-3794 (** DISPUTED ** ...)
 	NOT-FOR-US: AFCommerce
 CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in
SiteDepth ...)
 	NOT-FOR-US: SiteDepth
@@ -230,10 +485,10 @@
 	TODO: check
 CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL
1.1 and ...)
 	TODO: check
-CVE-2006-3768
-	RESERVED
-CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in Darren''s $5
Script Archive ...)
+CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01
before ...)
 	TODO: check
+CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in
...)
+	TODO: check
 CVE-2006-3766 (Darren''s $5 Script Archive osDate 1.1.7 and earlier
allows users to ...)
 	TODO: check
 CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in
Huttenlocher ...)
@@ -272,12 +527,11 @@
 	TODO: check
 CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
 	TODO: check
-CVE-2006-3747 [apache mod_rewrite off-by-one bug]
-	RESERVED
+CVE-2006-3747 (Off-by-one error in the the ldap scheme handling in the Rewrite
module ...)
+	{DSA-1132-1 DSA-1131-1}
 	- apache <unfixed> (medium)
 	- apache2 <unfixed> (medium; bug #380182)
-CVE-2006-3746
-	RESERVED
+CVE-2006-3746 (Buffer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows
remote ...)
 	- gnupg 1.4.5-1 (medium)
 	- gnupg2 (medium)
 CVE-2006-3745
@@ -312,7 +566,7 @@
 	NOT-FOR-US: Mail2Forum
 CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line
Interface ...)
 	NOT-FOR-US: CS-MARS
-CVE-2006-3733 (Unspecified vulnerability in a component of the JBoss web
application ...)
+CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...)
 	NOT-FOR-US: Cisco / JBoss
 CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System
(CS-MARS) ...)
 	NOT-FOR-US: CS-MARS
@@ -399,13 +653,13 @@
 	- ruby1.9 1.9.0+20060609-1 (medium)
 CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain
privileges ...)
 	NOT-FOR-US: Rocks Clusters
-CVE-2006-3692 (PHP remote file inclusion vulnerability in
enduser/listmessenger.php ...)
+CVE-2006-3692 (** DISPUTED ** ...)
 	NOT-FOR-US: ListMessenger
 CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and
earlier ...)
 	NOT-FOR-US: VBZooM
 CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB
Forum ...)
 	NOT-FOR-US: MiniBB
-CVE-2006-3689 (PHP remote file inclusion vulnerability in user-func.php in
Codeworks ...)
+CVE-2006-3689 (** DISPUTED ** ...)
 	NOT-FOR-US: Codeworks Gnomedia SubberZ[Lite]
 CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua
...)
 	NOT-FOR-US: Francisco Charrua Photo-Gallery
@@ -427,10 +681,9 @@
 	NOT-FOR-US: Photocycle
 CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass
access ...)
 	NOT-FOR-US: FatWire Content Server
-CVE-2006-3678
-	RESERVED
-CVE-2006-3677 [mozilla/firefox  Javascript navigator Object Vulnerability]
-	RESERVED
+CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS)
...)
+	TODO: check
+CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3
allows ...)
 	NOTE: MFSA-2006-45
 	- mozilla <not-affected> (mozilla 1.7 not affected)
 	- xulrunner <unfixed> (high)
@@ -440,8 +693,8 @@
 	- mozilla-thunderbird <not-affected>
 CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006
allows remote ...)
 	TODO: check
-CVE-2006-3675
-	RESERVED
+CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the ...)
+	TODO: check
 CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows
remote ...)
 	- armagetron <unfixed> (bug #379062; medium)
 CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows
remote ...)
@@ -456,6 +709,7 @@
 CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when
running ...)
 	NOT-FOR-US: Mercury Messenger
 CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in
Dynamic ...)
+	{DSA-1123}
 	- libdumb 1:0.9.3-5 (bug #379064; medium)
 CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer
Banking ...)
 	NOT-FOR-US: Sybase/Financial Fusion Consumer Banking Suite
@@ -526,21 +780,26 @@
 	RESERVED
 CVE-2006-3634
 	RESERVED
-CVE-2006-3633
-	RESERVED
+CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users
to ...)
+	TODO: check
 CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0
...)
+	{DSA-1127}
 	- ethereal <removed> (bug #378745; high)
 	- wireshark 0.99.2-1 (high)
 CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka
...)
+	{DSA-1127}
 	- ethereal <removed> (bug #378745; high)
 	- wireshark 0.99.2-1 (high)
 CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to
...)
+	{DSA-1127}
 	- ethereal <removed> (bug #378745; high)
 	- wireshark 0.99.2-1 (high)
 CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark
...)
+	{DSA-1127}
 	- ethereal <removed> (bug #378745; high)
 	- wireshark 0.99.2-1 (high)
 CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka
Ethereal) ...)
+	{DSA-1127}
 	- ethereal <removed> (bug #378745; high)
 	- wireshark 0.99.2-1 (high)
 CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in
Wireshark ...)
@@ -559,8 +818,8 @@
 	NOT-FOR-US: Koobi Pro CMS
 CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module
in ...)
 	NOT-FOR-US: Koobi Pro CMS
-CVE-2006-3619
-	RESERVED
+CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in
Gnu GCC ...)
+	TODO: check
 CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By
Lev ...)
 	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
 CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in
...)
@@ -599,6 +858,7 @@
 CVE-2006-3601 (** UNVERIFIABLE ** ...)
 	NOT-FOR-US: DotNetNuke
 CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup
...)
+	{DSA-1135-1}
 	- libtunepimp 0.4.2-3.0etch1 (bug #378091; medium)
 CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds
module ...)
 	NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
@@ -640,9 +900,9 @@
 	RESERVED
 CVE-2006-3583
 	RESERVED
-CVE-2006-3582 (Multiple stack-based buffer overflows in AdPlug 2.0 and earlier
allow ...)
+CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and
...)
 	- adplug 2.0.1-1 (bug #378279; medium)
-CVE-2006-3581 (Multiple stack-based buffer overflows in AdPlug 2.0 and earlier
allow ...)
+CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0
and ...)
 	- adplug 2.0.1-1 (bug #378279; medium)
 CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator
before ...)
 	NOT-FOR-US: ASP Stats Generator
@@ -878,24 +1138,31 @@
 	REJECTED
 CVE-2006-3465 [libtiff: flaw in custom tag support]
 	RESERVED
+	{DSA-1137-1}
 	- tiff 3.8.2-6
 CVE-2006-3464 [libtiff: insufficient range checking]
 	RESERVED
+	{DSA-1137-1}
 	- tiff 3.8.2-6
 CVE-2006-3463 [libtiff: infinite loop was discovered in
EstimateStripByteCounts()]
 	RESERVED
+	{DSA-1137-1}
 	- tiff 3.8.2-6
 CVE-2006-3462 [libtiff: NeXT RLE decoder heap overflow]
 	RESERVED
+	{DSA-1137-1}
 	- tiff 3.8.2-6
 CVE-2006-3461 [libtiff: heap overflow exists in the PixarLog decoder]
 	RESERVED
+	{DSA-1137-1}
 	- tiff 3.8.2-6
 CVE-2006-3460 [libtiff: heap overflow vulnerability was discovered in the jpeg
decoder]
 	RESERVED
+	{DSA-1137-1}
 	- tiff 3.8.2-6
 CVE-2006-3459 [libtiff: stack buffer overflow via TIFFFetchShortPair()]
 	RESERVED
+	{DSA-1137-1}
 	- tiff 3.8.2-6
 CVE-2006-3486 (** DISPUTED ** ...)
 	- mysql-dfsg-5.0 5.0.22-4 (unimportant)
@@ -1126,8 +1393,8 @@
 CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in
app/xcf/xcf-load.c ...)
 	{DSA-1116}
 	- gimp 2.2.11-3.1 (bug #377049; medium)
-CVE-2006-3350
-	RESERVED
+CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional
Desktop ...)
+	TODO: check
 CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow
remote ...)
 	NOT-FOR-US: SmS Script
 CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and
3.3 ...)
@@ -1189,6 +1456,7 @@
 CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in
openforum.asp ...)
 	NOT-FOR-US: OpenForum
 CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in
SiteBar ...)
+	{DSA-1130-1}
 	- sitebar 3.3.8-1.1 (bug #377299; low)
 CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP
...)
 	NOT-FOR-US: PHP iCalendar
@@ -1595,16 +1863,17 @@
 	RESERVED
 CVE-2006-3123 [cfs integer overflow]
 	RESERVED
+	{DSA-1138-1}
 	- cfs 1.4.1-17
 CVE-2006-3122
 	RESERVED
 CVE-2006-3121
 	RESERVED
-CVE-2006-3120 [osiris arbitrary code execution]
-	RESERVED
+CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1
...)
+	{DSA-1129}
 	- osiris 4.2.0-2 (medium)
-CVE-2006-3119
-	RESERVED
+CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01
has a ...)
+	{DSA-1124}
 CVE-2006-3118 (spread uses a temporary file with a static filename based on the
port ...)
 	- spread <unfixed> (bug #375617; low)
 	[sarge] - spread <no-dsa> (Minimal security implications)
@@ -1617,8 +1886,7 @@
 	NOT-FOR-US: phpRaid
 CVE-2006-3114
 	RESERVED
-CVE-2006-3113 [mozilla/firefox  Memory corruption with simultaneous events]
-	RESERVED
+CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5,
and ...)
 	NOTE: MFSA-2006-46
 	- mozilla <not-affected> (mozilla 1.7 not affected)
 	- xulrunner <unfixed> (high)
@@ -2007,8 +2275,7 @@
 CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for
Linux ...)
 	- linux-2.6 2.6.17-3
 	- linux-2.6.16 2.6.16-17
-CVE-2006-2933 [kdm dos]
-	RESERVED
+CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat
...)
 	[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
 CVE-2006-2932
 	RESERVED
@@ -2085,6 +2352,7 @@
 CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions
before ...)
 	NOT-FOR-US: ESTsoft InternetDISK
 CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before
1.2.9 ...)
+	{DSA-1126}
 	- asterisk 1:1.2.10.dfsg-2 (bug #380054)
 	- iax 0.2.2-5
 	- iaxmodem 0.1.8.dfsg-2
@@ -2217,10 +2485,13 @@
 CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php
in ...)
 	NOT-FOR-US: gnopaste
 CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module
in ...)
+	{DSA-1125}
 	- drupal 4.5.8-1.1 (medium)
 CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module
...)
+	{DSA-1125}
 	- drupal 4.5.8-1.1 (medium)
 CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running
under ...)
+	{DSA-1125}
 	NOTE: Although not in the changelog, sesse@ (responsible for 4.5.8-1.1)
 	NOTE: says he pulled in the entire patch for DRUPAL-SA-2006-007, which
 	NOTE: fixes CVE-2006-2831.
@@ -2342,7 +2613,7 @@
 CVE-2006-2788 (Double-free vulnerability in the getRawDER function for
nsIX509Cert in ...)
 	TODO: check
 CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4
allows ...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-31
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- thunderbird 1.5.0.4-1 (medium)
@@ -2350,7 +2621,7 @@
 	- mozilla 1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and
...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-33
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- thunderbird 1.5.0.4-1 (medium)
@@ -2358,20 +2629,20 @@
 	- mozilla 1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-34
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- mozilla 1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4
allows ...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-36
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	[sarge] - mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the
Unicode ...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-42
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- thunderbird 1.5.0.4-1 (medium)
@@ -2379,21 +2650,21 @@
 	- mozilla 1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-41
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	[sarge] - mozilla-thunderbird <unfixed> (medium)
 	- mozilla 1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4
and ...)
-	{DSA-1118}
+	{DSA-1134-1 DSA-1118}
 	NOTE: MFSA-2006-40
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
 	- mozilla 1.7.13-0.3 (high)
 	- xulruner <unfixed> (high)
 CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before
1.5.0.4 ...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-32
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
@@ -2401,7 +2672,7 @@
 	- mozilla 1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote
attackers ...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-32
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
@@ -2409,7 +2680,7 @@
 	- mozilla 1.7.13-0.3 (high)
 	- xulruner <unfixed> (high)
 CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird
before ...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-38
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
@@ -2417,13 +2688,13 @@
 	- mozilla 1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and
...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-43
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- mozilla 1.7.13-0.3 (high)
 	- xulruner <unfixed> (high)
 CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird
before ...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-37
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
@@ -2431,7 +2702,7 @@
 	- mozilla 1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL
...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-35
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
 	- thunderbird 1.5.0.4-1 (high)
@@ -2501,8 +2772,10 @@
 CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in
...)
 	NOT-FOR-US: F@cile
 CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with
...)
+	{DSA-1125}
 	- drupal 4.5.8-1.1 (bug #368835; medium)
 CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and
4.7.0 ...)
+	{DSA-1125}
 	- drupal 4.5.8-1.1 (medium)
 CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB
0.3 ...)
 	NOT-FOR-US: tinyBB
@@ -3083,8 +3356,8 @@
 	NOT-FOR-US: Squirrelcart
 CVE-2006-2482
 	RESERVED
-CVE-2006-2481
-	RESERVED
+CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.3 patch
4 ...)
+	TODO: check
 CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit
...)
 	- dia 0.95.0-4 (bug #368202; low)
 	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously
malformed file names)
@@ -4300,7 +4573,7 @@
 CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter
Scripts ...)
 	NOT-FOR-US: Smarter Scripts IntelliLink Pro
 CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before
1.5.0.4, ...)
-	{DSA-1120 DSA-1118}
+	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-39
 	- firefox 1.5.dfsg+1.5.0.4-1 (low)
 	- thunderbird <unfixed> (low)
@@ -4867,7 +5140,7 @@
 	NOTE: exploitable in the default configuration.
 	- xulrunner 1.8.0.1-9
 CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8,
Mozilla ...)
-	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
+	{DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla 2:1.7.13-0.1 (medium)
@@ -5286,6 +5559,7 @@
 CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital
Library ...)
 	NOT-FOR-US: Keystone Digital Library Suite 
 CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	{DSA-1133-1}
 	[woody] - mantis <not-affected> (Vulnerable code not present)
 	- mantis 0.19.4-3.1 (bug #361138)
 CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows
remote ...)
@@ -6276,8 +6550,8 @@
 	RESERVED
 CVE-2006-1179
 	RESERVED
-CVE-2006-1178
-	RESERVED
+CVE-2006-1178 (Tamarack MMSd before 7.992 allows remote attackers to cause a
denial ...)
+	TODO: check
 CVE-2006-1177
 	RESERVED
 CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka
EPUImageControl ...)
@@ -7029,8 +7303,10 @@
 CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3
allows ...)
 	NOT-FOR-US: Calacode @Mail
 CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis
1.00rc4 ...)
+	{DSA-1133-1}
 	- mantis 0.19.4-3.1 (bug #378353)
 CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not
properly ...)
+	{DSA-944-1}
 	- mantis <unfixed>
 CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not
properly ...)
 	- snort <not-affected> (frag3 is only in 2.4, currently there is 2.3.3
in sid)
@@ -7444,9 +7720,11 @@
 CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64
kernels ...)
 	NOT-FOR-US: AIX
 CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
+	{DSA-1133-1}
 	- mantis 0.19.4-3
 	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
 CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in
config_defaults_inc.php in ...)
+	{DSA-1133-1}
 	- mantis 0.19.4-3
 	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
 CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus
Domino ...)
@@ -10487,7 +10765,8 @@
 	NOT-FOR-US: WinEggDropShell
 CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat
...)
 	NOT-FOR-US: phpMyChat
-CVE-2005-3990 (Directory traversal vulnerability in FastJar 0.93 allows remote
...)
+CVE-2005-3990
+	REJECTED
 	- gcc-4.1 <unfixed> (bug #368397; low)
 CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack
...)
 	NOT-FOR-US: Avaya hardware
@@ -11642,12 +11921,12 @@
 	- linux-2.6 2.6.14-7
 CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to
obtain ...)
 	- phpmyadmin <unfixed> (unimportant)
-CVE-2005-3620
-	RESERVED
+CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before
2.0.2 ...)
+	TODO: check
 CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
 	NOT-FOR-US: VMware ESX
-CVE-2005-3618
-	RESERVED
+CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the
management ...)
+	TODO: check
 CVE-2005-3617
 	RESERVED
 CVE-2005-3616
@@ -17029,7 +17308,7 @@
 	NOTE: 2.6.8 and 2.4.27 not affected
 	- linux-2.6 2.6.12-3 (bug #323039; medium)
 CVE-2005-2097 (xpdf and kpdf do not properly validate the
&quot;loca&quot; table in PDF files, ...)
-	{DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1}
+	{DSA-1136-1 DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1}
 	- kdegraphics 4:3.4.2-1 (bug #322458; low)
 	- xpdf 3.00-15 (bug #322462; low)
 	[woody] - tetex-bin <not-affected> (pdftex doesn''t include or
use the vulnerable code)
@@ -21093,6 +21372,7 @@
 CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier
allow ...)
 	NOT-FOR-US: VHCS
 CVE-2005-1127 (Format string vulnerability in the log function in Net::Server
0.87 ...)
+	{DSA-1122 DSA-1121}
 	- libnet-server-perl 0.89-1
 	NOTE: This was already fixed in 0.87-1, although the changelog
doesn''t mention
 	NOTE: the security implication, which was noticed later. I''ve
verified both fixes
@@ -22721,7 +23001,7 @@
 	NOT-FOR-US: Painkiller
 CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers
to ...)
 	NOT-FOR-US: ESF Webserver
-CVE-2004-1743 (Easy File Sharing (ESF) Webserver 1.25 allows remote attackers
to view ...)
+CVE-2004-1743 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers
to view ...)
 	NOT-FOR-US: ESF Webserver
 CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote
...)
 	NOT-FOR-US: WebAPP
Secure testing commits - Aug 2006 - r4494 - data/CVE

[Secure-testing-commits] r4494 - data/CVE
