Author: joeyh
Date: 2006-08-22 21:16:22 +0000 (Tue, 22 Aug 2006)
New Revision: 4612
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-08-21 19:42:55 UTC (rev 4611)
+++ data/CVE/list 2006-08-22 21:16:22 UTC (rev 4612)
@@ -1,3 +1,189 @@
+CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in
...)
+ TODO: check
+CVE-2006-4280 (PHP remote file inclusion vulnerability in anjel.index.php in
ANJEL ...)
+ TODO: check
+CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1
and ...)
+ TODO: check
+CVE-2006-4278 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova
1.6 ...)
+ TODO: check
+CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and
earlier ...)
+ TODO: check
+CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in
the ...)
+ TODO: check
+CVE-2006-4274 (Unknown vulnerability in Microsoft PowerPoint allows
user-assisted ...)
+ TODO: check
+CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin
3.5.4 ...)
+ TODO: check
+CVE-2006-4272 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4271 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php
in the ...)
+ TODO: check
+CVE-2006-4269 (PHP remote file inclusion vulnerability in admin.x-shop.php in
the ...)
+ TODO: check
+CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart
3.0.11 ...)
+ TODO: check
+CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and
earlier ...)
+ TODO: check
+CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly
earlier, ...)
+ TODO: check
+CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled,
allows ...)
+ TODO: check
+CVE-2006-4264 (Multiple PHP remote file inclusion vulnerabilities in the ...)
+ TODO: check
+CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the
Product ...)
+ TODO: check
+CVE-2006-4262
+ RESERVED
+CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder
1.8 ...)
+ TODO: check
+CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in
Fotopholder ...)
+ TODO: check
+CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality
in ...)
+ TODO: check
+CVE-2006-4257 (Unspecified vulnerability in IBM DB2 Universal Database (UDB)
before ...)
+ TODO: check
+CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows
remote ...)
+ TODO: check
+CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php
in ...)
+ TODO: check
+CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through
5.3.0 ...)
+ TODO: check
+CVE-2006-4253 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2006-4252
+ RESERVED
+CVE-2006-4251
+ RESERVED
+CVE-2006-4250
+ RESERVED
+CVE-2006-4249
+ RESERVED
+CVE-2006-4248
+ RESERVED
+CVE-2006-4247
+ RESERVED
+CVE-2006-4246
+ RESERVED
+CVE-2006-4245
+ RESERVED
+CVE-2006-4244
+ RESERVED
+CVE-2006-4243
+ RESERVED
+CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in
the JIM ...)
+ TODO: check
+CVE-2006-4241 (PHP remote file inclusion vulnerability in
processor/reporter.sql.php ...)
+ TODO: check
+CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion
News ...)
+ TODO: check
+CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php
in ...)
+ TODO: check
+CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent
(WTcom) ...)
+ TODO: check
+CVE-2006-4237 (PHP remote file inclusion vulnerability in
pageheaderdefault.inc.php ...)
+ TODO: check
+CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP
allow ...)
+ TODO: check
+CVE-2006-4235 (Buffer overflow in the import project functionality in Sony
SonicStage ...)
+ TODO: check
+CVE-2006-4234 (PHP remote file inclusion vulnerability in
classes/query.class.php in ...)
+ TODO: check
+CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow
local ...)
+ TODO: check
+CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit
3.2.x, ...)
+ TODO: check
+CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a
...)
+ TODO: check
+CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php
in ...)
+ TODO: check
+CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the
...)
+ TODO: check
+CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0
before ...)
+ TODO: check
+CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of
suid ...)
+ TODO: check
+CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12,
when ...)
+ TODO: check
+CVE-2006-4225 (Multiple SQL injection vulnerabilities in war.php in Virtual War
...)
+ TODO: check
+CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in
Virtual ...)
+ TODO: check
+CVE-2006-4223 (IBM WebSphere Application Server before 6.0.2.13 allows ...)
+ TODO: check
+CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere
Application ...)
+ TODO: check
+CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer
...)
+ TODO: check
+CVE-2006-4220
+ RESERVED
+CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote
...)
+ TODO: check
+CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and
earlier ...)
+ TODO: check
+CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-4216 (PHP remote file inclusion vulnerability in Chaussette 080706 and
...)
+ TODO: check
+CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart
...)
+ TODO: check
+CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and
earlier ...)
+ TODO: check
+CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David
Kent ...)
+ TODO: check
+CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl
Intranet ...)
+ TODO: check
+CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris
Vincent Owl ...)
+ TODO: check
+CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when
...)
+ TODO: check
+CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in
WEBInsta ...)
+ TODO: check
+CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy
...)
+ TODO: check
+CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell
...)
+ TODO: check
+CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
+ TODO: check
+CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in
WebDynamite ...)
+ TODO: check
+CVE-2006-4204 (Multile PHP remote file inclusion vulnerabilities in PHProjekt
5.1 and ...)
+ TODO: check
+CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the
MMP ...)
+ TODO: check
+CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog
Script ...)
+ TODO: check
+CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager
in HP ...)
+ TODO: check
+CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows
...)
+ TODO: check
+CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer
1.83 ...)
+ TODO: check
+CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php
in ...)
+ TODO: check
+CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or
...)
+ TODO: check
+CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta
CMS ...)
+ TODO: check
+CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php
in the ...)
+ TODO: check
+CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as
(gas) ...)
+ TODO: check
+CVE-2005-4807 (Stack-based buffer overflow in messages.c in the GNU as (gas)
...)
+ TODO: check
+CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access
...)
+ TODO: check
+CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file
names, ...)
+ TODO: check
+CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL
...)
+ TODO: check
CVE-2006-XXXX [multiple issues fixed by php 4.4.4 and 5.1.5]
- php4 <unfixed> (medium)
- php5 <unfixed> (medium)
@@ -104,8 +290,8 @@
RESERVED
CVE-2006-4146
RESERVED
-CVE-2006-4145
- RESERVED
+CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux
kernel ...)
+ TODO: check
CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers
to ...)
NOT-FOR-US: Netgear
CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War
(VWar) ...)
@@ -206,8 +392,8 @@
RESERVED
CVE-2006-4094
RESERVED
-CVE-2006-4093
- RESERVED
+CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on
...)
+ TODO: check
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a
user''s actions to ...)
NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel
...)
@@ -373,14 +559,16 @@
- php4 <unfixed> (medium; bug #382270)
CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before
...)
NOT-FOR-US: Intel
-CVE-2006-4021
- RESERVED
+CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers
to ...)
+ TODO: check
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows
...)
- php5 <unfixed> (medium; bug #382256)
- php4 <unfixed> (medium; bug #382261)
CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
+ {DSA-1154}
- squirrelmail 2:1.4.8-1
CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...)
+ {DSA-1153}
- clamav 0.88.4-1 (high; bug #382004; bug #382007)
CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in
Inter ...)
NOT-FOR-US: Inter Network Marketing (INM) CMS G3
@@ -1547,8 +1735,8 @@
RESERVED
CVE-2006-3507
RESERVED
-CVE-2006-3506
- RESERVED
+CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7
and ...)
+ TODO: check
CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote
attackers to ...)
NOT-FOR-US: Apple Mac OS
CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X
10.4.7 ...)
@@ -1873,7 +2061,7 @@
NOTE: firefox, but invalid
CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP
and ...)
NOT-FOR-US: Windows Explorer
-CVE-2006-3695 (Unspecified vulnerability in Trac before 0.9.6 allows remote
attackers ...)
+CVE-2006-3695 (Trac before 0.9.6 does not disable the "raw"
or "include" commands ...)
{DSA-1152}
- trac 0.9.6-1 (medium)
[sarge] - trac 0.8.1-3sarge5
@@ -7582,8 +7770,8 @@
- unalz 0.55-1 (bug #356832; medium)
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code
of ...)
NOT-FOR-US: RaidenHTTPD
-CVE-2006-0948
- RESERVED
+CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other
...)
+ TODO: check
CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows
remote ...)
NOT-FOR-US: Thomson modem firmware
CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch
modems ...)