thr3ads.net - Secure testing commits - [Secure-testing-commits] r4651

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Aug-29 09:15 UTC
[Secure-testing-commits] r4651 - data/CVE

Author: joeyh
Date: 2006-08-29 09:14:22 +0000 (Tue, 29 Aug 2006)
New Revision: 4651

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-28 19:48:27 UTC (rev 4650)
+++ data/CVE/list	2006-08-29 09:14:22 UTC (rev 4651)
@@ -1,13 +1,219 @@
-CVE-2006-4333 [several issues fixed in wireshark 0.99.3: SSCOP dissector]
+CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions,
creates ...)
+	TODO: check
+CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
+	TODO: check
+CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows
remote ...)
+	TODO: check
+CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the
character set ...)
+	TODO: check
+CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and
earlier ...)
+	TODO: check
+CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon
and the ...)
+	TODO: check
+CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier
allows ...)
+	TODO: check
+CVE-2006-4429 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4428 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2006-4426 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN
1.2.3 ...)
+	TODO: check
+CVE-2006-4424 (PHP remote file inclusion vulnerability in
coin_includes/constants.php ...)
+	TODO: check
+CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace
1.8.2 ...)
+	TODO: check
+CVE-2006-4422 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos
0.9.2 ...)
+	TODO: check
+CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73
allows ...)
+	TODO: check
+CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage
2006.2a ...)
+	TODO: check
+CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before
2.0.15 ...)
+	TODO: check
+CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM
AIX 5.2 ...)
+	TODO: check
+CVE-2006-4415
+	RESERVED
+CVE-2006-4414
+	RESERVED
+CVE-2006-4413
+	RESERVED
+CVE-2006-4412
+	RESERVED
+CVE-2006-4411
+	RESERVED
+CVE-2006-4410
+	RESERVED
+CVE-2006-4409
+	RESERVED
+CVE-2006-4408
+	RESERVED
+CVE-2006-4407
+	RESERVED
+CVE-2006-4406
+	RESERVED
+CVE-2006-4405
+	RESERVED
+CVE-2006-4404
+	RESERVED
+CVE-2006-4403
+	RESERVED
+CVE-2006-4402
+	RESERVED
+CVE-2006-4401
+	RESERVED
+CVE-2006-4400
+	RESERVED
+CVE-2006-4399
+	RESERVED
+CVE-2006-4398
+	RESERVED
+CVE-2006-4397
+	RESERVED
+CVE-2006-4396
+	RESERVED
+CVE-2006-4395
+	RESERVED
+CVE-2006-4394
+	RESERVED
+CVE-2006-4393
+	RESERVED
+CVE-2006-4392
+	RESERVED
+CVE-2006-4391
+	RESERVED
+CVE-2006-4390
+	RESERVED
+CVE-2006-4389
+	RESERVED
+CVE-2006-4388
+	RESERVED
+CVE-2006-4387
+	RESERVED
+CVE-2006-4386
+	RESERVED
+CVE-2006-4385
+	RESERVED
+CVE-2006-4384
+	RESERVED
+CVE-2006-4383
+	RESERVED
+CVE-2006-4382
+	RESERVED
+CVE-2006-4381
+	RESERVED
+CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of
service ...)
+	TODO: check
+CVE-2006-4379
+	RESERVED
+CVE-2006-4378 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
+	TODO: check
+CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und
Koch ...)
+	TODO: check
+CVE-2006-4375 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to
cause ...)
+	TODO: check
+CVE-2006-4373 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4372 (PHP remote file inclusion vulnerability in
admin.lurm_constructor.php ...)
+	TODO: check
+CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin
3.2.3 ...)
+	TODO: check
+CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and
...)
+	TODO: check
+CVE-2006-4369 (Absolute path traversal vulnerability in
includes/functions_portal.php ...)
+	TODO: check
+CVE-2006-4368 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics
Hack ...)
+	TODO: check
+CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG
0.5 ...)
+	TODO: check
+CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB
2.0.33 ...)
+	TODO: check
+CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N
...)
+	TODO: check
+CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php
in the ...)
+	TODO: check
+CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel
Paid ...)
+	TODO: check
+CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for
Drupal ...)
+	TODO: check
+CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06
Build ...)
+	TODO: check
+CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel
Pay ...)
+	TODO: check
+CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in
Diesel ...)
+	TODO: check
+CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module ...)
+	TODO: check
+CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks
Module ...)
+	TODO: check
+CVE-2006-4354 (PHP remote file inclusion vulnerability in
e/class/CheckLevel.php in ...)
+	TODO: check
+CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery
Server ...)
+	TODO: check
+CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series
Content ...)
+	TODO: check
+CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in
OneOrZero ...)
+	TODO: check
+CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1
allows ...)
+	TODO: check
+CVE-2006-4349 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php
in the ...)
+	TODO: check
+CVE-2006-4347 (SQL injection vulnerability in user logon authentication request
...)
+	TODO: check
+CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables
to ...)
+	TODO: check
+CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in
...)
+	TODO: check
+CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System
(formd) ...)
+	TODO: check
+CVE-2006-4343
+	RESERVED
+CVE-2006-4342
+	RESERVED
+CVE-2006-4341
+	RESERVED
+CVE-2006-4340
+	RESERVED
+CVE-2006-4339
+	RESERVED
+CVE-2006-4338
+	RESERVED
+CVE-2006-4337
+	RESERVED
+CVE-2006-4336
+	RESERVED
+CVE-2006-4335
+	RESERVED
+CVE-2006-4334
+	RESERVED
+CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before
0.99.3 allows ...)
 	- wireshark <unfixed> (low; bug #384529)
 	- ethereal <removed> (low; bug #384528)
-CVE-2006-4332 [several issues fixed in wireshark 0.99.3: DHCP dissector]
+CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark
(formerly ...)
 	- wireshark <not-affected> (windows only)
 	- ethereal <not-affected> (windows only)
-CVE-2006-4331 [several issues fixed in wireshark 0.99.3: ESP preference parser]
+CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in
...)
 	- wireshark <unfixed> (medium; bug #384529)
 	- ethereal <not-affected> (only wireshark 0.99.2 affected)
-CVE-2006-4330 [several issues fixed in wireshark 0.99.3: SCSI dissector]
+CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark
(formerly ...)
 	- wireshark <unfixed> (medium; bug #384529)
 	- ethereal <not-affected> (only wireshark 0.99.2 affected)
 CVE-2006-XXXX [asterisk MGCP AUEP Response Handling Buffer Overflow]
@@ -73,7 +279,7 @@
 	NOT-FOR-US: Solaris
 CVE-2006-4305
 	RESERVED
-CVE-2006-4304 (Buffer overflow in the ppp driver in FreeBSD 4.11 to 6.1 and
NetBSD ...)
+CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1
and ...)
 	NOT-FOR-US: FreeBSD NetBSD
 CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun
...)
 	NOT-FOR-US: Solaris
@@ -87,7 +293,7 @@
 	- tikiwiki 1.9.4+dfsg2-2 (low; bug #384796)
 CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in
...)
 	NOT-FOR-US: osCommerce
-CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce
2.2 ...)
+CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce
before ...)
 	NOT-FOR-US: osCommerce
 CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in
...)
 	NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
@@ -135,7 +341,8 @@
 	TODO: check
 CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in
the ...)
 	TODO: check
-CVE-2006-4274 (Unknown vulnerability in Microsoft PowerPoint allows
user-assisted ...)
+CVE-2006-4274
+	REJECTED
 	NOT-FOR-US: Microsoft
 CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin
3.5.4 ...)
 	TODO: check
@@ -155,7 +362,7 @@
 	NOT-FOR-US: Symantec
 CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled,
allows ...)
 	NOT-FOR-US: Kaspersky
-CVE-2006-4264 (Multiple PHP remote file inclusion vulnerabilities in the ...)
+CVE-2006-4264 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the
Product ...)
 	TODO: check
@@ -240,7 +447,8 @@
 CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12,
when ...)
 	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
 	- mysql-dfsg <unfixed> (low)
-CVE-2006-4225 (Multiple SQL injection vulnerabilities in war.php in Virtual War
...)
+CVE-2006-4225
+	REJECTED
 	NOT-FOR-US: Virtual War
 CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in
Virtual ...)
 	NOT-FOR-US: Virtual War
@@ -258,7 +466,8 @@
 	NOT-FOR-US: Zen Cart
 CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: WEBInsta CMS
-CVE-2006-4216 (PHP remote file inclusion vulnerability in Chaussette 080706 and
...)
+CVE-2006-4216
+	REJECTED
 	NOT-FOR-US: Chaussette
 CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart
...)
 	NOT-FOR-US: Zen Cart
@@ -1007,7 +1216,7 @@
 	RESERVED
 CVE-2006-3870
 	RESERVED
-CVE-2006-3869 (Buffer overflow in Microsoft Internet Explorer 6 SP1 on Windows
2000 ...)
+CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet
...)
 	TODO: check
 CVE-2006-3868
 	RESERVED
@@ -1345,14 +1554,12 @@
 	{DSA-1141-1 DSA-1140-1}
 	- gnupg 1.4.5-1 (medium)
 	- gnupg2 1.9.20-2 (medium)
-CVE-2006-3745 (Unspecified vulnerability in the SCTP implementation in Linux
2.6.9, ...)
+CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function
in the ...)
 	- linux-2.6 2.6.17-7
 	- linux-2.6.16 <unfixed>
-CVE-2006-3744 [imagemagick XCF and Sun Rasterfile Buffer Overflows]
-	RESERVED
+CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows
...)
 	- imagemagick <unfixed> (bug #385062)
-CVE-2006-3743 [imagemagick XCF and Sun Rasterfile Buffer Overflows]
-	RESERVED
+CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow ...)
 	- imagemagick <unfixed> (bug #385062)
 CVE-2006-3742
 	RESERVED
@@ -2676,16 +2883,15 @@
 	TODO: check
 CVE-2006-3125
 	RESERVED
-CVE-2006-3124 [streamripper buffer overflow]
-	RESERVED
+CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper
before ...)
 	{DSA-1158}
 	- streamripper 1.61.25-2
 CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2)
doencrypt ...)
 	{DSA-1138-1}
 	- cfs 1.4.1-17
-CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP server
2.0pl5 ...)
+CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd)
server ...)
 	{DSA-1143-1}
-CVE-2006-3121 (The heartbeat subsystem in High-Availability Linux before 1.2.5
and ...)
+CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat
...)
 	{DSA-1151-1}
 	- heartbeat-2 2.0.6-2
 	- heartbeat 1.2.4-14
@@ -3106,7 +3312,7 @@
 	- linux-2.6.16 2.6.16-17
 CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat
...)
 	[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
-CVE-2006-2932 (Unspecified vulnerability in the restore_all code path of the
4/4GB ...)
+CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB
split ...)
 	TODO: check
 CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded
image files, ...)
 	NOT-FOR-US: CMS Mundo
@@ -5020,10 +5226,10 @@
 	NOT-FOR-US: SWS
 CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers
to ...)
 	NOT-FOR-US: SWS
-CVE-2006-2113
-	RESERVED
-CVE-2006-2112
-	RESERVED
+CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS)
print ...)
+	TODO: check
+CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in
products ...)
+	TODO: check
 CVE-2006-2111 (Microsoft Internet Explorer 6.0 on Windows XP SP2, and possibly
other ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and
2.1.x ...)
Secure testing commits - Aug 2006 - r4651 - data/CVE

[Secure-testing-commits] r4651 - data/CVE
