thr3ads.net - Secure testing commits - [Secure-testing-commits] r4628

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Aug-24 21:15 UTC
[Secure-testing-commits] r4628 - data/CVE

Author: joeyh
Date: 2006-08-24 21:14:51 +0000 (Thu, 24 Aug 2006)
New Revision: 4628

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-24 19:17:26 UTC (rev 4627)
+++ data/CVE/list	2006-08-24 21:14:51 UTC (rev 4628)
@@ -1,3 +1,99 @@
+CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows
Rising ...)
+	TODO: check
+CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine
Interactive ...)
+	TODO: check
+CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in
add_url.php in ...)
+	TODO: check
+CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through
13.x, ...)
+	TODO: check
+CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika
...)
+	TODO: check
+CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in ...)
+	TODO: check
+CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity
1.0, ...)
+	TODO: check
+CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in
the ...)
+	TODO: check
+CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the
Coppermine ...)
+	TODO: check
+CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the
OpenSEF ...)
+	TODO: check
+CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10
allows ...)
+	TODO: check
+CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to
...)
+	TODO: check
+CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in
WoltLab ...)
+	TODO: check
+CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain
root ...)
+	TODO: check
+CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH
Tectia ...)
+	TODO: check
+CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM)
6 and ...)
+	TODO: check
+CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series
...)
+	TODO: check
+CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series
Adaptive ...)
+	TODO: check
+CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise
...)
+	TODO: check
+CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not
...)
+	TODO: check
+CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in
Blackboard ...)
+	TODO: check
+CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8
and 9 ...)
+	TODO: check
+CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821
...)
+	TODO: check
+CVE-2006-4305
+	RESERVED
+CVE-2006-4304 (Buffer overflow in the ppp driver in FreeBSD 4.11 to 6.1 and
NetBSD ...)
+	TODO: check
+CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun
...)
+	TODO: check
+CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java
Web ...)
+	TODO: check
+CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0
and ...)
+	TODO: check
+CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php
in ...)
+	TODO: check
+CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in
...)
+	TODO: check
+CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce
2.2 ...)
+	TODO: check
+CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in
...)
+	TODO: check
+CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda
...)
+	TODO: check
+CVE-2006-4294
+	RESERVED
+CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10
allow ...)
+	TODO: check
+CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b
allows ...)
+	TODO: check
+CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x,
3.x, ...)
+	TODO: check
+CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x
...)
+	TODO: check
+CVE-2006-4288 (PHP remote file inclusion vulnerability in
admin.a6mambocredits.php in ...)
+	TODO: check
+CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game
and NES ...)
+	TODO: check
+CVE-2006-4286 (PHP remote file inclusion vulnerability in contentpublisher.php
in the ...)
+	TODO: check
+CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic
News ...)
+	TODO: check
+CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and
earlier ...)
+	TODO: check
+CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA
SPAW ...)
+	TODO: check
+CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the
...)
+	TODO: check
 CVE-2006-XXXX [capi4hylafax arbitrary remote command execution ]
 	- capi4hylafax 1:01.03.00.99.svn.300-1
 CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in
...)
@@ -38,8 +134,8 @@
 	TODO: check
 CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the
Product ...)
 	TODO: check
-CVE-2006-4262
-	RESERVED
+CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
+	TODO: check
 CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to
cause a ...)
 	TODO: check
 CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder
1.8 ...)
@@ -880,8 +976,8 @@
 	RESERVED
 CVE-2006-3870
 	RESERVED
-CVE-2006-3869
-	RESERVED
+CVE-2006-3869 (Buffer overflow in Microsoft Internet Explorer 6 SP1 on Windows
2000 ...)
+	TODO: check
 CVE-2006-3868
 	RESERVED
 CVE-2006-3867
@@ -1218,8 +1314,8 @@
 	{DSA-1141-1 DSA-1140-1}
 	- gnupg 1.4.5-1 (medium)
 	- gnupg2 1.9.20-2 (medium)
-CVE-2006-3745
-	RESERVED
+CVE-2006-3745 (Unspecified vulnerability in the SCTP implementation in Linux
2.6.9, ...)
+	TODO: check
 CVE-2006-3744
 	RESERVED
 CVE-2006-3743
@@ -2788,7 +2884,7 @@
 	- php4 <unfixed> (medium; bug #382259)
 CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328
allows ...)
 	NOT-FOR-US: WinSCP
-CVE-2006-3014 (Microsoft Excel allows user-complicit attackers to execute
arbitrary ...)
+CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute
arbitrary ...)
 	NOT-FOR-US: Microsoft Excel
 CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange
before 2.0 ...)
 	NOT-FOR-US: phpBannerExchange
@@ -2971,8 +3067,8 @@
 	- linux-2.6.16 2.6.16-17
 CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat
...)
 	[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
-CVE-2006-2932
-	RESERVED
+CVE-2006-2932 (Unspecified vulnerability in the restore_all code path of the
4/4GB ...)
+	TODO: check
 CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded
image files, ...)
 	NOT-FOR-US: CMS Mundo
 CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid
...)
@@ -3041,7 +3137,7 @@
 	NOT-FOR-US: Partial Links
 CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap)
firmware ...)
 	NOT-FOR-US: D-Link
-CVE-2006-2900 (Internet Explorer 6 allows user-complicit remote attackers to
read ...)
+CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to
read ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions
before ...)
 	NOT-FOR-US: ESTsoft InternetDISK
@@ -4064,7 +4160,7 @@
 	RESERVED
 CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch
4 ...)
 	NOT-FOR-US: VMware ESX 
-CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit
...)
+CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted
...)
 	- dia 0.95.0-4 (bug #368202; low)
 	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously
malformed file names)
 CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not
verify ...)
@@ -4255,7 +4351,7 @@
 	NOT-FOR-US: OZJournals
 CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2,
Office ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-complicit
...)
+CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted
...)
 	NOT-FOR-US: Microsoft
 CVE-2006-2387
 	RESERVED
@@ -4932,7 +5028,7 @@
 	NOT-FOR-US: Phex
 CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and
...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-complicit
...)
+CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted
...)
 	- libnasl 2.2.8-1 (bug #365898; low)
 	[sarge] - libnasl <no-dsa> (Hardly exploitable, see #365898)
 CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for
Windows ...)
@@ -6095,7 +6191,7 @@
 	- linphone 1.3.5-1 (bug #361913)
 CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when
the ...)
 	- util-vserver 0.30.210-1 (bug #360438; unimportant)
-CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-complicit
...)
+CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted
...)
 	{DSA-1074-1}
 	- mpg123 0.59r-22 (bug #361863; unknown)
 CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500
...)
@@ -6492,7 +6588,7 @@
 CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in
abcmidi ...)
 	{DSA-1043-1}
 	- abcmidi 20060422-1
-CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow
user-complicit ...)
+CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow
user-assisted ...)
 	{DSA-1041-1}
 	- abc2ps <removed> (bug #373685; low)
 CVE-2006-1512
@@ -6650,7 +6746,7 @@
 	NOT-FOR-US: Apple
 CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6
allows ...)
 	NOT-FOR-US: Apple
-CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-complicit
...)
+CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted
...)
 	NOT-FOR-US: Apple
 CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers
to ...)
 	NOT-FOR-US: Apple
@@ -6955,13 +7051,13 @@
 	RESERVED
 CVE-2006-1310
 	RESERVED
-CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-complicit
attackers to ...)
+CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers
to ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004
allows ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-1307
 	RESERVED
-CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-complicit
attackers to ...)
+CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers
to ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-1305
 	RESERVED
@@ -6971,7 +7067,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-complicit
attackers to ...)
+CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers
to ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000
SP4, ...)
 	NOT-FOR-US: Microsoft
@@ -7778,7 +7874,7 @@
 	RESERVED
 CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges
when the ...)
 	NOT-FOR-US: NOD32
-CVE-2006-0950 (unalz 0.53 allows user-complicit attackers to overwrite
arbitrary ...)
+CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary
...)
 	- unalz 0.55-1 (bug #356832; medium)
 CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code
of ...)
 	NOT-FOR-US: RaidenHTTPD
@@ -8043,7 +8139,7 @@
 	NOT-FOR-US: Tivoli
 CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has
world-readable ...)
 	NOT-FOR-US: Tivoli
-CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to cause
an ...)
+CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause
an ...)
 	- thunderbird <unfixed> (bug #370432; low)
 	[sarge] - mozilla-thunderbird <unfixed> (bug #370432; low)
 CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web
Calendar ...)
@@ -8090,7 +8186,7 @@
 	NOT-FOR-US: NetworkActiv Web Server
 CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions,
when run ...)
 	NOT-FOR-US: Lighttpd under windows
-CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-complicit
...)
+CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-assisted
...)
 	NOT-FOR-US: WinACE
 CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server
...)
 	NOT-FOR-US: WinACE VisNetic AntiVirus
@@ -9118,7 +9214,7 @@
 	NOT-FOR-US: BEA WebLogic
 CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5,
and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic
-CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit
...)
+CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-assisted
...)
 	{DSA-1012-1}
 	- unzip 5.52-7 (low; bug #349794)
 CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and
5.1 ...)
@@ -9387,7 +9483,7 @@
 	- koffice <unfixed> (medium)
 	- libextractor 0.5.10-1 (medium)
 	- pdfkit.framework 0.8-4 (medium)
-CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows
user-complicit ...)
+CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted
...)
 	{DSA-987-1}
 	- tar 1.15.1-3 (bug #354091; high)
 	- dpkg <not-affected> (has completely different tar implementation)
@@ -13355,7 +13451,7 @@
 	NOT-FOR-US: Archilles Newsworld
 CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and
(2) ...)
 	NOT-FOR-US: Archilles Newsworld
-CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-complicit
attackers ...)
+CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-assisted
attackers ...)
 	NOT-FOR-US: Mirabilis ICQ
 CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password
...)
 	NOT-FOR-US: MiniGal2
@@ -14002,7 +14098,7 @@
 CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow
remote ...)
 	- ethereal 0.10.13-1 (bug #334880; medium)
 	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
-CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows
user-complicit ...)
+CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows
user-assisted ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket
Option ...)
 	NOT-FOR-US: Solaris
@@ -14840,7 +14936,7 @@
 	NOT-FOR-US: pam_per_user (not in Debian)
 CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill
list ...)
 	NOT-FOR-US: KillProcess
-CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows
user-complicit ...)
+CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows
user-assisted ...)
 	NOT-FOR-US: KillProcess
 CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for
...)
 	- openssl (bug #314465; unimportant)
@@ -15274,13 +15370,13 @@
 	NOT-FOR-US: Symantec Antivirus
 CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS
X ...)
 	NOT-FOR-US: Mac OS X
-CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-complicit attackers to
...)
+CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-assisted attackers to
...)
 	NOT-FOR-US: Apple QuickTime
-CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-complicit
attackers to ...)
+CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-assisted
attackers to ...)
 	NOT-FOR-US: Apple QuickTime
-CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows
user-complicit ...)
+CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows
user-assisted ...)
 	NOT-FOR-US: Apple QuickTime
-CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows
user-complicit ...)
+CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows
user-assisted ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier
does ...)
 	NOT-FOR-US: Mac OS X
@@ -16672,7 +16768,7 @@
 	NOT-FOR-US: nbsmtp
 CVE-2005-2408
 	RESERVED
-CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-complicit
...)
+CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted
...)
 	NOT-FOR-US: Opera
 CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site
scripting ...)
 	NOT-FOR-US: Opera
Secure testing commits - Aug 2006 - r4628 - data/CVE

[Secure-testing-commits] r4628 - data/CVE
