thr3ads.net - Secure testing commits - [Secure-testing-commits] r4533

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Aug-09 09:15 UTC
[Secure-testing-commits] r4533 - data/CVE

Author: joeyh
Date: 2006-08-09 09:14:59 +0000 (Wed, 09 Aug 2006)
New Revision: 4533

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-08 21:14:31 UTC (rev 4532)
+++ data/CVE/list	2006-08-09 09:14:59 UTC (rev 4533)
@@ -1,4 +1,20 @@
-CVE-2006-4018 [clamav code execution through upx compressed files]
+CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3
allows ...)
+	TODO: check
+CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and
...)
+	TODO: check
+CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0
through ...)
+	TODO: check
+CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly
validate ...)
+	TODO: check
+CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before
...)
+	TODO: check
+CVE-2006-4021
+	RESERVED
+CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows
...)
+	TODO: check
+CVE-2006-4019
+	RESERVED
+CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in Clam
AntiVirus ...)
 	- clamav 0.88.4-1 (high; bug #382004; bug #382007)
 CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in
Inter ...)
 	TODO: check
@@ -321,26 +337,26 @@
 	RESERVED
 CVE-2006-3863
 	RESERVED
-CVE-2006-3862
-	RESERVED
-CVE-2006-3861
-	RESERVED
+CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5
through ...)
+	TODO: check
+CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00
before ...)
+	TODO: check
 CVE-2006-3860
 	RESERVED
 CVE-2006-3859
 	RESERVED
-CVE-2006-3858
-	RESERVED
-CVE-2006-3857
-	RESERVED
-CVE-2006-3856
-	RESERVED
-CVE-2006-3855
-	RESERVED
+CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00
before ...)
+	TODO: check
+CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS)
before ...)
+	TODO: check
+CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00
before ...)
+	TODO: check
+CVE-2006-3855 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
allows ...)
+	TODO: check
 CVE-2006-3854
 	RESERVED
-CVE-2006-3853
-	RESERVED
+CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before
9.40.TC7 ...)
+	TODO: check
 CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro
...)
 	NOT-FOR-US: Micro GuestBook
 CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4
and ...)
@@ -860,10 +876,10 @@
 	RESERVED
 CVE-2006-3650
 	RESERVED
-CVE-2006-3649
-	RESERVED
-CVE-2006-3648
-	RESERVED
+CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA)
SDK ...)
+	TODO: check
+CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1
and ...)
+	TODO: check
 CVE-2006-3647
 	RESERVED
 CVE-2006-3646
@@ -872,20 +888,20 @@
 	RESERVED
 CVE-2006-3644
 	RESERVED
-CVE-2006-3643
-	RESERVED
+CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer
5.01 and ...)
+	TODO: check
 CVE-2006-3642
 	RESERVED
 CVE-2006-3641
 	RESERVED
-CVE-2006-3640
-	RESERVED
-CVE-2006-3639
-	RESERVED
-CVE-2006-3638
-	RESERVED
-CVE-2006-3637
-	RESERVED
+CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to
...)
+	TODO: check
+CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly
identify the ...)
+	TODO: check
+CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle
...)
+	TODO: check
+CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly
handle ...)
+	TODO: check
 CVE-2006-3636
 	RESERVED
 CVE-2006-3635
@@ -996,7 +1012,7 @@
 	- linux-2.6 2.6.17-4 (high)
 CVE-2006-XXXX [insufficient form variable escaping]
 	- webauth 3.5.2-1
-CVE-2006-3590 (Unspecified vulnerability in mso.dll, as used by Microsoft
PowerPoint ...)
+CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003,
allows ...)
 	NOT-FOR-US: Microsoft PowerPoint
 CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and
Infrastructure ...)
 	NOT-FOR-US: VMware
@@ -1004,14 +1020,14 @@
 	NOT-FOR-US: Macromedia Flash Player 8
 CVE-2006-3587 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0
allows ...)
 	NOT-FOR-US: Macromedia Flash Player 8
-CVE-2006-3586
-	RESERVED
-CVE-2006-3585
-	RESERVED
-CVE-2006-3584
-	RESERVED
-CVE-2006-3583
-	RESERVED
+CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote
...)
+	TODO: check
+CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox
CMS 2.1 ...)
+	TODO: check
+CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox
CMS ...)
+	TODO: check
+CVE-2006-3583 (Sessiln fixation vulnerability in Jetbox CMS 2.1 SR1 allows
remote attackers ...)
+	TODO: check
 CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and
...)
 	- adplug 2.0.1-1 (bug #378279; medium)
 CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0
and ...)
@@ -1251,10 +1267,10 @@
 CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF
...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
-CVE-2006-3464 (Multiple unspecified vulnerabilities in the TIFF library
(libtiff) ...)
+CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent
attackers ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
-CVE-2006-3463 (The TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned
short ...)
+CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff)
before ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
 CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF
library ...)
@@ -1263,7 +1279,7 @@
 CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF
library ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
-CVE-2006-3460 (Heap-based buffer overflow in the TIFF library (libtiff) before
3.8.2 ...)
+CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF
library ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
 CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library
(libtiff) ...)
@@ -1286,12 +1302,12 @@
 	NOT-FOR-US: Adobe acrobat
 CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has
insecure ...)
 	NOT-FOR-US: Adobe acrobat
-CVE-2006-3451
-	RESERVED
-CVE-2006-3450
-	RESERVED
-CVE-2006-3449
-	RESERVED
+CVE-2006-3451 (Microsoft Internet Explorer does not properly handle chained
Cascading Style ...)
+	TODO: check
+CVE-2006-3450 (Unspecified vulnerability in Microsoft Internet Explorer 6
allows ...)
+	TODO: check
+CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through
2003, ...)
+	TODO: check
 CVE-2006-3448
 	RESERVED
 CVE-2006-3447
@@ -1300,20 +1316,20 @@
 	RESERVED
 CVE-2006-3445
 	RESERVED
-CVE-2006-3444
-	RESERVED
-CVE-2006-3443
-	RESERVED
+CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
+	TODO: check
+CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft
Windows ...)
+	TODO: check
 CVE-2006-3442
 	RESERVED
-CVE-2006-3441
-	RESERVED
-CVE-2006-3440
-	RESERVED
-CVE-2006-3439
-	RESERVED
-CVE-2006-3438
-	RESERVED
+CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows
2000 ...)
+	TODO: check
+CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000
SP4, XP ...)
+	TODO: check
+CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000
SP4, ...)
+	TODO: check
+CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library
...)
+	TODO: check
 CVE-2006-3437
 	RESERVED
 CVE-2006-3436
@@ -1649,7 +1665,7 @@
 	NOT-FOR-US: Dating Agent PRO
 CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote
attackers to ...)
 	NOT-FOR-US: Dating Agent PRO
-CVE-2006-3281 (Microsoft Internet Explorer 6.0 allows remote user-complicit
attackers ...)
+CVE-2006-3281 (Microsoft Internet Explorer 6.0 does not properly handle Drag
and Drop ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0
allows ...)
 	NOT-FOR-US: Microsoft Internet Explorer
@@ -1993,8 +2009,8 @@
 	NOT-FOR-US: phpRaid
 CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and
possibly ...)
 	NOT-FOR-US: phpRaid
-CVE-2006-3114
-	RESERVED
+CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on
the ...)
+	TODO: check
 CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5,
and ...)
 	NOTE: MFSA-2006-46
 	- mozilla <not-affected> (mozilla 1.7 not affected)
@@ -2117,7 +2133,7 @@
 	NOT-FOR-US: 5 Star Review
 CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows
remote ...)
 	NOT-FOR-US: P.A.I.D
-CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004
allows remote ...)
+CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004
allows ...)
 	NOT-FOR-US: Microsoft Excel
 CVE-2006-3058
 	RESERVED
Secure testing commits - Aug 2006 - r4533 - data/CVE

[Secure-testing-commits] r4533 - data/CVE
