thr3ads.net - Secure testing commits - [Secure-testing-commits] r4724

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Sep-13 09:15 UTC
[Secure-testing-commits] r4724 - data/CVE

Author: joeyh
Date: 2006-09-13 09:14:40 +0000 (Wed, 13 Sep 2006)
New Revision: 4724

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-12 23:10:34 UTC (rev 4723)
+++ data/CVE/list	2006-09-13 09:14:40 UTC (rev 4724)
@@ -1,3 +1,223 @@
+CVE-2006-4731 (Directory traversal vulnerability in login.pl in (1) SQL-Ledger
before ...)
+	TODO: check
+CVE-2006-4730
+	RESERVED
+CVE-2006-4729
+	RESERVED
+CVE-2006-4728
+	RESERVED
+CVE-2006-4727
+	RESERVED
+CVE-2006-4726
+	RESERVED
+CVE-2006-4725
+	RESERVED
+CVE-2006-4724
+	RESERVED
+CVE-2006-4723 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board
...)
+	TODO: check
+CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro
Sports ...)
+	TODO: check
+CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in
mcGalleryPRO ...)
+	TODO: check
+CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in
MyABraCaDaWeb ...)
+	TODO: check
+CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in
livre_or.php in ...)
+	TODO: check
+CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie
module ...)
+	TODO: check
+CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in Fire
Soft ...)
+	TODO: check
+CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs
Vivvo ...)
+	TODO: check
+CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in
SpoonLabs ...)
+	TODO: check
+CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in
PSYWERKS PUMA ...)
+	TODO: check
+CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage
allow ...)
+	TODO: check
+CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage
allow ...)
+	TODO: check
+CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator
...)
+	TODO: check
+CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b
allows ...)
+	TODO: check
+CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in
Vikingboard ...)
+	TODO: check
+CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php
(aka the ...)
+	TODO: check
+CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in
inc/functions_post.php in ...)
+	TODO: check
+CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and
Dominic ...)
+	TODO: check
+CVE-2006-4704
+	RESERVED
+CVE-2006-4703
+	RESERVED
+CVE-2006-4702
+	RESERVED
+CVE-2006-4701
+	RESERVED
+CVE-2006-4700
+	RESERVED
+CVE-2006-4699
+	RESERVED
+CVE-2006-4698
+	RESERVED
+CVE-2006-4697
+	RESERVED
+CVE-2006-4696
+	RESERVED
+CVE-2006-4695
+	RESERVED
+CVE-2006-4694
+	RESERVED
+CVE-2006-4693
+	RESERVED
+CVE-2006-4692
+	RESERVED
+CVE-2006-4691
+	RESERVED
+CVE-2006-4690
+	RESERVED
+CVE-2006-4689
+	RESERVED
+CVE-2006-4688
+	RESERVED
+CVE-2006-4687
+	RESERVED
+CVE-2006-4686
+	RESERVED
+CVE-2006-4685
+	RESERVED
+CVE-2006-4684
+	RESERVED
+CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10
allow ...)
+	TODO: check
+CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM
Director ...)
+	TODO: check
+CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and
passwords ...)
+	TODO: check
+CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by
default, ...)
+	TODO: check
+CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3
allows ...)
+	TODO: check
+CVE-2006-4677 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded
usernames and ...)
+	TODO: check
+CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in
...)
+	TODO: check
+CVE-2006-4674 (Direct static code injection vulnerability in doku.php in
DokuWiki ...)
+	TODO: check
+CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in
PHP-Fusion ...)
+	TODO: check
+CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart
2.5 EE, ...)
+	TODO: check
+CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in
Fantastic ...)
+	TODO: check
+CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn
...)
+	TODO: check
+CVE-2006-4669 (PHP remote file inclusion vulnerability in
admin/system/include.php in ...)
+	TODO: check
+CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob
Hensley ...)
+	TODO: check
+CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow
remote ...)
+	TODO: check
+CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in WM-News
0.5 ...)
+	TODO: check
+CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in
MKPortal M1.1 ...)
+	TODO: check
+CVE-2006-4664 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4663 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in
AOL ICQ ...)
+	TODO: check
+CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does
not ...)
+	TODO: check
+CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS
Feed ...)
+	TODO: check
+CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007
11.00.00 ...)
+	TODO: check
+CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00
uses ...)
+	TODO: check
+CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00
...)
+	TODO: check
+CVE-2006-4656 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD
extension in X ...)
+	TODO: check
+CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2
allows ...)
+	TODO: check
+CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll
store ...)
+	TODO: check
+CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have
a ...)
+	TODO: check
+CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and
possibly ...)
+	TODO: check
+CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used
and the ...)
+	TODO: check
+CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo
News ...)
+	TODO: check
+CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo
News ...)
+	TODO: check
+CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge
News 2.2 ...)
+	TODO: check
+CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7
Pathauto ...)
+	TODO: check
+CVE-2006-4645 (PHP remote file inclusion vulnerability in
akarru.gui/main_content.php ...)
+	TODO: check
+CVE-2006-4644 (PHP remote file inclusion vulnerability in
modules/home.module.php in ...)
+	TODO: check
+CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert
...)
+	TODO: check
+CVE-2006-4642 (AuditWizard 6.3.2, when using &quot;Remote Audit,&quot;
logs the administrator ...)
+	TODO: check
+CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber
Portal ...)
+	TODO: check
+CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0
allows ...)
+	TODO: check
+CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr
C-News ...)
+	TODO: check
+CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV
News ...)
+	TODO: check
+CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News
0.9.1 ...)
+	TODO: check
+CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and
...)
+	TODO: check
+CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and
possibly ...)
+	TODO: check
+CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM
allows ...)
+	TODO: check
+CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote
attackers ...)
+	TODO: check
+CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and
possibly ...)
+	TODO: check
+CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php
in ...)
+	TODO: check
+CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky
GUNNING ...)
+	TODO: check
+CVE-2006-4629 (PHP remote file inclusion vulnerability in
affichage/commentaires.php ...)
+	TODO: check
+CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983
allows ...)
+	TODO: check
+CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed
via ...)
+	TODO: check
+CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine
before ...)
+	TODO: check
+CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to
bypass ...)
+	TODO: check
+CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before
2.1.9rc1 ...)
+	TODO: check
+CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation
...)
+	TODO: check
+CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server
...)
+	TODO: check
 CVE-2006-XXXX [gnutls signature forgery]
 	NOTE: GNUTLS-SA-2006-4
 	NOTE: fix for gnutls13 reverted in 1.4.3-2
@@ -15,7 +235,7 @@
 	NOT-FOR-US: Pheap
 CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running
with ...)
 	NOT-FOR-US: Alt-N WebAdmin
-CVE-2006-4619 (The start update window in Avira AntiVir PersonalEdition Classic
...)
+CVE-2006-4619 (The start update window in update.exe in Avira AntiVir
PersonalEdition ...)
 	NOT-FOR-US: Avira
 CVE-2006-4618 (PHP remote file inclusion vulnerability in
adodb-postgres7.inc.php in ...)
 	- libphp-adodb <not-affected> (vulnerable code seems to be In-link
specific)
@@ -132,7 +352,7 @@
 	RESERVED
 CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in
Simple ...)
 	NOT-FOR-US: Simple Machines Forum
-CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in modules.php in
PHP-Nuke ...)
+CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines
before ...)
 	NOT-FOR-US: PHP-Nuke
 CVE-2006-4562 (** DISPUTED ** ...)
 	NOT-FOR-US: Symantec
@@ -523,31 +743,31 @@
 	RESERVED
 CVE-2006-4390
 	RESERVED
-CVE-2006-4389
-	RESERVED
-CVE-2006-4388
-	RESERVED
+CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote
attackers to ...)
+	TODO: check
+CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
+	TODO: check
 CVE-2006-4387
 	RESERVED
-CVE-2006-4386
-	RESERVED
-CVE-2006-4385
-	RESERVED
-CVE-2006-4384
-	RESERVED
+CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
+	TODO: check
+CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
+	TODO: check
+CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3
allows ...)
+	TODO: check
 CVE-2006-4383
 	RESERVED
-CVE-2006-4382
-	RESERVED
-CVE-2006-4381
-	RESERVED
+CVE-2006-4382 (Buffer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
+	TODO: check
+CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
+	TODO: check
 CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of
service ...)
 	{DSA-1169}
 	- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
 	- mysql-dfsg <not-affected> (only 4.1 affected)
 	- mysql-dfsg-4.1 <removed>
-CVE-2006-4379
-	RESERVED
+CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...)
+	TODO: check
 CVE-2006-4378 (** DISPUTED ** ...)
 	NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
 CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
@@ -623,7 +843,7 @@
 CVE-2006-4342
 	RESERVED
 CVE-2006-4341
-	RESERVED
+	REJECTED
 CVE-2006-4340
 	RESERVED
 CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before
0.9.8c, ...)
@@ -710,7 +930,7 @@
 	NOT-FOR-US: Solaris
 CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows
remote ...)
 	- maxdb-7.5.00 <unfixed> (high; bug #386182)
-CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1
and ...)
+CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1,
NetBSD ...)
 	NOT-FOR-US: FreeBSD NetBSD
 CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun
...)
 	NOT-FOR-US: Solaris
@@ -730,8 +950,8 @@
 	NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
 CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda
...)
 	NOT-FOR-US: Panda ActiveScan
-CVE-2006-4294
-	RESERVED
+CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0
through 4.0.4 ...)
+	TODO: check
 CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10
allow ...)
 	NOT-FOR-US: cPanel
 CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b
allows ...)
@@ -990,7 +1210,7 @@
 CVE-2006-4181
 	RESERVED
 CVE-2006-4180
-	RESERVED
+	REJECTED
 CVE-2006-4179
 	RESERVED
 CVE-2006-4178
@@ -1649,8 +1869,8 @@
 	RESERVED
 CVE-2006-3874
 	RESERVED
-CVE-2006-3873
-	RESERVED
+CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet
...)
+	TODO: check
 CVE-2006-3872
 	RESERVED
 CVE-2006-3871
@@ -1966,7 +2186,7 @@
 	NOT-FOR-US: Diesel Joke Site
 CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote
attackers to ...)
 	NOT-FOR-US: Touch Control ActiveX control
-CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in
inc/function_post.php in ...)
+CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in
inc/functions_post.php in ...)
 	NOT-FOR-US: MyBB
 CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka
MyBulletinBoard) ...)
 	NOT-FOR-US: MyBB
@@ -2360,9 +2580,9 @@
 	NOT-FOR-US: Microsoft PowerPoint
 CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and
Infrastructure ...)
 	NOT-FOR-US: VMware
-CVE-2006-3588 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0
allows ...)
+CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player
8.0.24.0 ...)
 	NOT-FOR-US: Macromedia Flash Player 8
-CVE-2006-3587 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0
allows ...)
+CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player
8.0.24.0 ...)
 	NOT-FOR-US: Macromedia Flash Player 8
 CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote
...)
 	NOT-FOR-US: Jetbox CMS
@@ -2665,8 +2885,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft
Windows ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-3442
-	RESERVED
+CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM)
in ...)
+	TODO: check
 CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows
2000 ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000
SP4, XP ...)
@@ -2948,8 +3168,8 @@
 	NOT-FOR-US: Netsoft smartNet
 CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans
and ...)
 	NOT-FOR-US: QaTraq
-CVE-2006-3311
-	RESERVED
+CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier,
Flash ...)
+	TODO: check
 CVE-2006-3310
 	RESERVED
 CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout
Portal ...)
@@ -4428,8 +4648,8 @@
 	NOTE: tempnam function is taking unsanitized input, it''s an
 	NOTE: application error
 	- php5 5.1.6-1 (low)
-CVE-2006-2658
-	RESERVED
+CVE-2006-2658 (Directory traversal vulnerability in the xsp component in
mod_mono in ...)
+	TODO: check
 CVE-2006-2657
 	REJECTED
 CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1
accidentally ...)
@@ -4807,7 +5027,7 @@
 	NOT-FOR-US: IntelliTampe
 CVE-2006-2493
 	REJECTED
-CVE-2005-1755 (PHP remote code injection vulnerability in poll_vote.php in PHP
Poll ...)
+CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP
Poll ...)
 	NOT-FOR-US: PHP Poll Creator
 CVE-2005-1754 (JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16,
...)
 	NOT-FOR-US: JavaMail API
@@ -4840,8 +5060,8 @@
 	NOT-FOR-US: IceWarp
 CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in
...)
 	NOT-FOR-US: Squirrelcart
-CVE-2006-2482
-	RESERVED
+CVE-2006-2482 (Heap-based buffer overflow in ZipTV for Delphi 7 2006.1.26 and
for C++ ...)
+	TODO: check
 CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch
4 ...)
 	NOT-FOR-US: VMware ESX 
 CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted
...)
@@ -12453,8 +12673,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2,
Office ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-0032
-	RESERVED
+CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing Service
in ...)
+	TODO: check
 CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and
2003, ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and
2003, in ...)
@@ -13281,8 +13501,8 @@
 	NOT-FOR-US: RDS.Dataspace
 CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through
2003, ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-0001
-	RESERVED
+CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through
2003 ...)
+	TODO: check
 CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before
Firmware ...)
 	NOT-FOR-US: Apple AirPort
 CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4
allows ...)
@@ -15990,7 +16210,7 @@
 CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote
attackers to ...)
 	{DSA-809-3 DSA-809-1}
 	- squid 2.5.10-5 (medium)
-CVE-2005-2793 (PHP remote code injection vulnerability in welcome.php in
phpLDAPadmin ...)
+CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in
phpLDAPadmin ...)
 	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
 	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
 	- egroupware <not-affected> (copy included is older and not vulnerable;
bug #339583)
@@ -19257,11 +19477,11 @@
 	NOT-FOR-US: Logsurfer
 CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name
requests to ...)
 	NOT-FOR-US: CommonName Toolbar
-CVE-2002-1887 (PHP remote code injection vulnerability in customize.php for
...)
+CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for
...)
 	NOT-FOR-US: phpMyNewsletter
 CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root
with ...)
 	NOT-FOR-US: TightAuction
-CVE-2002-1885 (PHP remote code injection vulnerability in showhits.php3 for
...)
+CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for
...)
 	NOT-FOR-US: PPhlogger
 CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as
an ...)
 	NOT-FOR-US: Py-Membres
@@ -19275,7 +19495,7 @@
 	NOT-FOR-US: LokwaBB
 CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote
attackers ...)
 	NOT-FOR-US: LokwaBB
-CVE-2002-1878 (PHP remote code injection vulnerability in w-Agora 4.1.3 allows
remote ...)
+CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows
remote ...)
 	NOT-FOR-US: w-Agora
 CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access
restrictions ...)
 	NOT-FOR-US: Netgear hardware
@@ -19591,7 +19811,7 @@
 	NOT-FOR-US: McGallery
 CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to
...)
 	NOT-FOR-US: McGallery
-CVE-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix
Site ...)
+CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix
Site ...)
 	NOT-FOR-US: Bitrix Site Manager
 CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain
sensitive ...)
 	NOT-FOR-US: Bitrix Site Manager
@@ -19950,9 +20170,9 @@
 	NOT-FOR-US: ProductCart Ecommerce
 CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal
allows ...)
 	NOT-FOR-US: e107
-CVE-2005-1965 (PHP remote code injection vulnerability in siteframe.php for
Broadpool ...)
+CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for
Broadpool ...)
 	NOT-FOR-US: Broadpool Siteframe
-CVE-2005-1964 (PHP remote code injection vulnerability in utilit.php for
Ovidentia ...)
+CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for
Ovidentia ...)
 	NOT-FOR-US: Ovidentia Portal
 CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain
sensitive ...)
 	NOT-FOR-US: Cerberus Helpdesk
@@ -20135,7 +20355,7 @@
 	NOT-FOR-US: YaPiG
 CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include
arbitrary ...)
 	NOT-FOR-US: YaPiG
-CVE-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in
YaPiG ...)
+CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in
YaPiG ...)
 	NOT-FOR-US: YaPiG
 CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly
restrict ...)
 	NOT-FOR-US: YaPiG
@@ -20159,9 +20379,9 @@
 	NOT-FOR-US: WebSphere
 CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0
through ...)
 	- drupal 4.5.3-1
-CVE-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php
in ...)
+CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php
in ...)
 	NOT-FOR-US: Popper
-CVE-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in
MWChat ...)
+CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in
MWChat ...)
 	NOT-FOR-US: MWChat
 CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote
attackers to ...)
 	NOT-FOR-US: I-Man
@@ -20171,7 +20391,7 @@
 	NOT-FOR-US: Calendarix
 CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced
1.5 ...)
 	NOT-FOR-US: Calendarix
-CVE-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in
...)
+CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in
...)
 	NOT-FOR-US: Calendarix
 CVE-2003-1218
 	RESERVED
@@ -20290,7 +20510,7 @@
 	NOT-FOR-US: Qualiteam X-Cart
 CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8
allow ...)
 	NOT-FOR-US: Qualiteam X-Cart
-CVE-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in
...)
+CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php in
...)
 	NOT-FOR-US: PowerDownload
 CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote
...)
 	NOT-FOR-US: Zeroboard
@@ -21123,7 +21343,7 @@
 CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and
earlier, ...)
 	{DSA-892-1}
 	- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
-CVE-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti
...)
+CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php
in ...)
 	{DSA-764-1}
 	- cacti 0.8.6e-1 (bug #315703; high)
 CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti
before ...)
@@ -21297,7 +21517,7 @@
 	- firebird2 1.5.3.4870-3 (bug #357580)
 CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow
remote ...)
 	NOT-FOR-US: no_package
-CVE-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php
in ...)
+CVE-2004-2041 (PHP remote file inclusion vulnerability in secure_img_render.php
in ...)
 	NOT-FOR-US: no_package
 CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107
0.615 ...)
 	NOT-FOR-US: no_package
@@ -21343,7 +21563,7 @@
 	NOT-FOR-US: php-nuke
 CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote
...)
 	NOT-FOR-US: php-nuke
-CVE-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke
6.x ...)
+CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in Php-Nuke
6.x ...)
 	NOT-FOR-US: php-nuke
 CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo
Traffic ...)
 	NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
@@ -21359,7 +21579,7 @@
 	NOT-FOR-US: NetBSD
 CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote
attackers to ...)
 	NOT-FOR-US: MSIE
-CVE-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop
0.7.1 ...)
+CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop
0.7.1 ...)
 	NOT-FOR-US: phpShop
 CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the
full ...)
 	NOT-FOR-US: NukeJokes
@@ -21401,9 +21621,9 @@
 	NOT-FOR-US: aweb
 CVE-2004-1990 (Aldo''s Web Server (aweb) 1.5 allows remote attackers to
gain sensitive ...)
 	NOT-FOR-US: aweb
-CVE-2004-1989 (PHP remote code injection vulnerability in theme.php in
Coppermine ...)
+CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in
Coppermine ...)
 	NOT-FOR-US: Coppermine
-CVE-2004-1988 (PHP remote code injection vulnerability in init.inc.php in
Coppermine ...)
+CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in
Coppermine ...)
 	NOT-FOR-US: Coppermine
 CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and
1.2.0 RC4 ...)
 	NOT-FOR-US: Coppermine
@@ -21493,7 +21713,7 @@
 	NOT-FOR-US: Kinesphere eXchange POP3 
 CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to
cause a ...)
 	NOT-FOR-US: Eudora
-CVE-2004-1943 (PHP remote code injection vulnerability in album_portal.php in
phpBB ...)
+CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in
phpBB ...)
 	NOT-FOR-US: phpbb as modified by przemo
 CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02
...)
 	NOT-FOR-US: Solaris
@@ -21511,7 +21731,7 @@
 	NOT-FOR-US: ZoneAlarm
 CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline
allows ...)
 	NOT-FOR-US: SCT Campus Pipeline
-CVE-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel
3.50 ...)
+CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in Gemitel
3.50 ...)
 	NOT-FOR-US: Gemitel
 CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and
files ...)
 	NOT-FOR-US: Citadel
@@ -21737,7 +21957,7 @@
 	NOT-FOR-US: no_package
 CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5
through ...)
 	NOT-FOR-US: no_package
-CVE-2004-1820 (PHP remote code injection vulnerability in displaycategory.php
in ...)
+CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php
in ...)
 	NOT-FOR-US: no_package
 CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote
attackers to ...)
 	NOT-FOR-US: no_package
@@ -21785,7 +22005,7 @@
 	NOT-FOR-US: no_package
 CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for
FreznoShop ...)
 	NOT-FOR-US: no_package
-CVE-2004-1796 (PHP remote code injection vulnerability in HotNews 0.7.2 and
earlier ...)
+CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and
earlier ...)
 	NOT-FOR-US: no_package
 CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the
underlying ...)
 	NOT-FOR-US: no_package
@@ -21865,7 +22085,7 @@
 	NOT-FOR-US: Advanced Poll
 CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows
remote ...)
 	NOT-FOR-US: Advanced Poll
-CVE-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced
Poll ...)
+CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced
Poll ...)
 	NOT-FOR-US: Advanced Poll
 CVE-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to
execute ...)
 	NOT-FOR-US: Advanced Poll
@@ -21925,7 +22145,7 @@
 	NOT-FOR-US: Novell portmapper
 CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton
Internet ...)
 	NOT-FOR-US: Symantec Norton Internet Security
-CVE-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php
and (2) ...)
+CVE-2003-1148 (PHP remote file inclusion vulnerability in (1) config.inc.php
and (2) ...)
 	NOT-FOR-US: Les Visiteurs
 CVE-2003-1147
 	REJECTED
@@ -22075,7 +22295,7 @@
 	- serendipity 1.0-1
 CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin
for ...)
 	- serendipity 1.0-1
-CVE-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel
2.6.1 ...)
+CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in SitePanel
2.6.1 ...)
 	NOT-FOR-US: SitePanel
 CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers
to ...)
 	NOT-FOR-US: SitePanel
@@ -22093,7 +22313,7 @@
 	NOT-FOR-US: ViArt Shop
 CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket
...)
 	NOT-FOR-US: osTicket
-CVE-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket
allows ...)
+CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket
allows ...)
 	NOT-FOR-US: osTicket
 CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote
...)
 	NOT-FOR-US: osTicket
@@ -22221,7 +22441,7 @@
 	- lam <not-affected> (Mandrake specific packaging flaw)
 CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes
module ...)
 	NOT-FOR-US: phpbb mod
-CVE-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline
1.5.3 ...)
+CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline
1.5.3 ...)
 	NOT-FOR-US: Claroline
 CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php
or ...)
 	NOT-FOR-US: Claroline
@@ -22263,7 +22483,7 @@
 	NOT-FOR-US: MetaCart
 CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0
allow ...)
 	NOT-FOR-US: MetaCart
-CVE-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS
1.1 ...)
+CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS
1.1 ...)
 	NOT-FOR-US: GrayCMS
 CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script
allows ...)
 	NOT-FOR-US: text.cgi
@@ -22364,7 +22584,7 @@
 	- kronolith 1.1.4-1
 CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module
before ...)
 	- sork-passwd 2.2.2-1
-CVE-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2
...)
+CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2
...)
 	NOT-FOR-US: Yappa-NG
 CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before
2.3.2 ...)
 	NOT-FOR-US: Yappa-NG
@@ -22619,7 +22839,7 @@
 	- egroupware 1.0.0.007-2.dfsg-1
 CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin
board ...)
 	NOT-FOR-US: AZbb
-CVE-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ
...)
+CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ
...)
 	NOT-FOR-US: AZbb
 CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads
allows ...)
 	NOT-FOR-US: UBB.threads
@@ -22659,7 +22879,7 @@
 	NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2
protocol
 CVE-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to
...)
 	NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2
protocol
-CVE-2001-1468 (PHP remote code injection vulnerability in checklogin.php in
...)
+CVE-2001-1468 (PHP remote file inclusion vulnerability in checklogin.php in
...)
 	NOT-FOR-US: phpSecurePages
 CVE-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through
7.0, ...)
 	- expect <not-affected> (in expect 5.42.1, mkpasswd does not seed by
pid)
@@ -22947,7 +23167,7 @@
 	NOTE: That''s a policy violation, but not a security problem
 CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in
the ...)
 	NOT-FOR-US: RSA authentication agent
-CVE-2005-1117 (PHP remote code injection vulnerability in index.php in ...)
+CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in ...)
 	NOT-FOR-US: All4WWW Homepage creator
 CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module
for ...)
 	NOT-FOR-US: phpbb2 calendar addon
@@ -23083,7 +23303,7 @@
 	NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the
web ...)
 	NOT-FOR-US: TowerBlog
-CVE-2005-1054 (PHP remote code injection vulnerability in news.php in
ModernBill ...)
+CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in
ModernBill ...)
 	NOT-FOR-US: ModernBill
 CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in
orderwiz.php in ...)
 	NOT-FOR-US: ModernBill
@@ -23253,7 +23473,7 @@
 	NOT-FOR-US: Yet Another Forum.net
 CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft EPay ...)
 	NOT-FOR-US: Alstrasoft EPay
-CVE-2005-0980 (PHP remote code injection vulnerability in index.php in
AlstraSoft ...)
+CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in
AlstraSoft ...)
 	NOT-FOR-US: Alstrasoft EPay
 CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote
...)
 	NOT-FOR-US: Rumba
@@ -23366,7 +23586,7 @@
 	NOT-FOR-US: phpCOIN
 CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and
earlier ...)
 	NOT-FOR-US: phpCOIN
-CVE-2005-0931 (PHP remote code injection vulnerability in The Includer 1.0 and
1.1 ...)
+CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and
1.1 ...)
 	NOT-FOR-US: The Includer
 CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in
Chatness ...)
 	NOT-FOR-US: Chatness
@@ -23395,7 +23615,7 @@
 	NOT-FOR-US: Adventia E-Data
 CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and
earlier, ...)
 	NOT-FOR-US: Adobe SVG Viewer
-CVE-2005-0917 (PHP remote code injection vulnerability in index_header.php for
...)
+CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for
...)
 	NOT-FOR-US: EncapsBB 
 CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64
architectures with ...)
 	- kernel-source-2.6.8 2.6.8-16
@@ -23414,7 +23634,7 @@
 	NOT-FOR-US: exoops
 CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops
allow ...)
 	NOT-FOR-US: exoops
-CVE-2005-0909 (PHP remote code injection vulnerability in shoutact.php for
TKai''s ...)
+CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for
TKai''s ...)
 	NOT-FOR-US: THai''s Shoutbox
 CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in
Valdersoft ...)
 	NOT-FOR-US: Valdersoft Shopping Cart
@@ -23438,7 +23658,7 @@
 	NOT-FOR-US: AS/400 running OS400
 CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in
...)
 	NOT-FOR-US: E-Store Kit-2 PayPal Edition
-CVE-2005-0897 (PHP remote code injection vulnerability in catalog.php in
E-Store ...)
+CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in
E-Store ...)
 	NOT-FOR-US: E-Store Kit-2 PayPal Edition
 CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in
review.php in ...)
 	NOT-FOR-US: phpMyDirectory
@@ -23606,13 +23826,13 @@
 	NOT-FOR-US: Samsung ASDL modems, Debian''s boa has been fixed years
ago
 CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x
allows ...)
 	NOT-FOR-US: PHPOpenChat
-CVE-2005-0862 (Multiple PHP remote code injection vulnerabilities in
PHPOpenChat ...)
+CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in
PHPOpenChat ...)
 	NOT-FOR-US: PHPOpenChat
 CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow
...)
 	NOT-FOR-US: Delegate 
-CVE-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0
allows ...)
+CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0
allows ...)
 	NOT-FOR-US: TRG News Script
-CVE-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b allows
...)
+CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows
...)
 	NOT-FOR-US: CzarNews
 CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and
earlier ...)
 	NOT-FOR-US: CoolForum
@@ -23797,7 +24017,7 @@
 	NOT-FOR-US: ACS Blog
 CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The
Includer ...)
 	NOT-FOR-US: The Includer
-CVE-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews
1.3 ...)
+CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in mcNews
1.3 ...)
 	NOT-FOR-US: mcNews
 CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote
attackers ...)
 	NOT-FOR-US: MySQL on Windows
@@ -23811,7 +24031,7 @@
 	NOT-FOR-US: Hola CMS
 CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect
installation ...)
 	NOT-FOR-US: ZPanel 
-CVE-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel
allows ...)
+CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel
allows ...)
 	NOT-FOR-US: ZPanel 
 CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote
attackers to ...)
 	NOT-FOR-US: ZPanel 
@@ -23914,7 +24134,7 @@
 	[sarge] - kernel-source-2.6.8 2.6.8-16
 	- kernel-source-2.4.27 2.4.27-10
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
-CVE-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
+CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in ...)
 	NOT-FOR-US: ActiveCampaign KnowledgeBuilder
 CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the
Adobe ...)
 	NOT-FOR-US: Adobe PhotoDeluxe
@@ -23947,7 +24167,7 @@
 	- wine 0.0.20050310-1.1
 CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote
...)
 	- openslp 1.0.11a-2
-CVE-2005-0748 (PHP remote code injection vulnerability in initdb.php for
WEBInsta ...)
+CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for
WEBInsta ...)
 	NOT-FOR-US: WEBInsta
 CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain
sensitive ...)
 	NOT-FOR-US: ApplyYourself
@@ -24004,9 +24224,9 @@
 	NOT-FOR-US: paFileDB
 CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for
the ...)
 	NOT-FOR-US: eXPerience2
-CVE-2005-0721 (PHP remote code injection vulnerability in modules.php in
eXPerience2 ...)
+CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in
eXPerience2 ...)
 	NOT-FOR-US: eXPerience2
-CVE-2005-0720 (PHP remote code injection vulnerability in header.php in PHP
mcNews ...)
+CVE-2005-0720 (PHP remote file inclusion vulnerability in header.php in PHP
mcNews ...)
 	NOT-FOR-US: mcNews
 CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64
Unix ...)
 	NOT-FOR-US: Tru64
@@ -24194,7 +24414,7 @@
 	NOT-FOR-US: Aztek
 CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in
the ...)
 	- ethereal 0.10.9-2
-CVE-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and
earlier ...)
+CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and
earlier ...)
 	NOT-FOR-US: PHPWebLog
 CVE-2005-0697 (SQL injection vulnerability in the process_picture function ...)
 	NOT-FOR-US: CopperExport
@@ -24208,7 +24428,7 @@
 	NOT-FOR-US: JoWood Chaser (for Windows)
 CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for
...)
 	NOT-FOR-US: PHP-Fusion 
-CVE-2005-0691 (PHP remote code injection vulnerability in article mode for ...)
+CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for ...)
 	NOT-FOR-US: SocialMPN 
 CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the
control ...)
 	NOT-FOR-US: Gene6 FTP Server for Win
@@ -24230,11 +24450,11 @@
 	- drupal 4.5.2
 CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of
service ...)
 	NOT-FOR-US: Nokia
-CVE-2005-0680 (PHP remote code injection vulnerability in ...)
+CVE-2005-0680 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Download Center Lite 
-CVE-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php
for ...)
+CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php
for ...)
 	NOT-FOR-US: Tell A Friend Script 
-CVE-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for
Form ...)
+CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for
Form ...)
 	NOT-FOR-US: Form Mail Script 
 CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform
certain ...)
 	NOT-FOR-US: Zorum 
@@ -24490,7 +24710,7 @@
 	NOT-FOR-US: PunBB
 CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause
a ...)
 	NOT-FOR-US: Soldier of Fortune II
-CVE-2005-0567 (Multiple PHP remote code injection vulnerabilities in phpMyAdmin
2.6.1 ...)
+CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin
2.6.1 ...)
 	- phpmyadmin 3:2.6.1-pl2-1
 CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote
attackers ...)
 	NOT-FOR-US: Golden FTP Server
@@ -24568,7 +24788,7 @@
 	- cacti 0.8.5a-5
 CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list
option in ...)
 	- sympa 4.1.5-4 (bug #298105; low)
-CVE-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows
...)
+CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a allows
...)
 	- mantis 0.19.2-1
 CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other
versions ...)
 	NOT-FOR-US: MyDMS
@@ -24719,13 +24939,13 @@
 	NOT-FOR-US: My Firewall Plus
 CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek
before ...)
 	NOT-FOR-US: Verity Ultraseek
-CVE-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in
the ...)
+CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php in
the ...)
 	NOT-FOR-US: pMachine
-CVE-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo
4.5.2 ...)
+CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo
4.5.2 ...)
 	NOT-FOR-US: Mambo
 CVE-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin
3.0.6 ...)
 	NOT-FOR-US: vBulletin
-CVE-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in
pMachine ...)
+CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in
pMachine ...)
 	NOT-FOR-US: pMachine
 CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to
cause ...)
 	NOT-FOR-US: fallback-reboot
@@ -24794,7 +25014,7 @@
 	NOT-FOR-US: EmuLive Server4
 CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four
default ...)
 	NOT-FOR-US: Symantec
-CVE-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo
4.5 ...)
+CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in Mambo
4.5 ...)
 	NOT-FOR-US: Mambo
 CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo
4.5 ...)
 	NOT-FOR-US: Mambo
@@ -24860,7 +25080,7 @@
 	NOT-FOR-US: YaBB
 CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
 	NOT-FOR-US: MailWorks
-CVE-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and
earlier ...)
+CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and
earlier ...)
 	NOT-FOR-US: CuteNews
 CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in
CuteNews ...)
 	NOT-FOR-US: CuteNews
@@ -25022,7 +25242,7 @@
 	NOT-FOR-US: FuseTalk
 CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: SCT email client
-CVE-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal
1.0.3 ...)
+CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal
1.0.3 ...)
 	NOT-FOR-US: ocPortal
 CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM
...)
 	NOT-FOR-US: Micronet Wireless Router
@@ -25042,7 +25262,7 @@
 	- wordpress 1.2.1-1.1
 CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm
1.3 ...)
 	NOT-FOR-US: FTP server in TriDComm
-CVE-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1
allows ...)
+CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1
allows ...)
 	NOT-FOR-US: BlackBoard
 CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
 	NOT-FOR-US: BlackBoard
@@ -25101,7 +25321,7 @@
 	NOT-FOR-US: MyWebServer
 CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP
...)
 	NOT-FOR-US: BroadBoard Instant ASP Message Board
-CVE-2004-1554 (PHP remote code injection vulnerability in livre_include.php in
@lex ...)
+CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in
@lex ...)
 	NOT-FOR-US: @lex GuestBook
 CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote
attackers to ...)
 	NOT-FOR-US: aspWebAlbum
@@ -25196,7 +25416,7 @@
 	NOT-FOR-US: PHPKIT
 CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade
module for ...)
 	NOT-FOR-US: Invision Power Board
-CVE-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for
the Cash ...)
+CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for
the Cash ...)
 	NOT-FOR-US: Cash Mod module of phpbb2 
 CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking
enabled, ...)
 	NOT-FOR-US: ZoneAlarm
@@ -25489,7 +25709,7 @@
 	NOT-FOR-US: Breed game
 CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT
1.0 ...)
 	NOT-FOR-US: forumKIT
-CVE-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...)
+CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
 	NOT-FOR-US: ZeroBoard
 CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5
and ...)
 	NOT-FOR-US: ZeroBoard
@@ -25498,7 +25718,7 @@
 	TODO: check horde3
 CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01
allows ...)
 	NOT-FOR-US: sgallery
-CVE-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows
local ...)
+CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows
local ...)
 	NOT-FOR-US: sgallery
 CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain
...)
 	NOT-FOR-US: sgallery
@@ -25692,7 +25912,7 @@
 	NOT-FOR-US: ArGoSoft
 CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the
user ...)
 	NOT-FOR-US: ArGoSoft
-CVE-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog
...)
+CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in KorWeblog
...)
 	NOT-FOR-US: KorWeblog
 CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog
1.6.2-cvs ...)
 	NOT-FOR-US: KorWeblog
@@ -25700,15 +25920,15 @@
 	- moodle 1.4.3-1
 CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and
earlier ...)
 	- moodle 1.4.3-1
-CVE-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1)
calendar.php ...)
+CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in (1)
calendar.php ...)
 	NOT-FOR-US: PHP-Calendar
 CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to
gain ...)
 	NOT-FOR-US: WHM AutoPilot
-CVE-2004-1421 (Multiple PHP remote code injection vulnerabilities (1)
step_one.php, ...)
+CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1)
step_one.php, ...)
 	NOT-FOR-US: WHM AutoPilot
 CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in
header.php in ...)
 	NOT-FOR-US: WHM AutoPilot
-CVE-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and
...)
+CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and
...)
 	NOT-FOR-US: ZeroBoard
 CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and
...)
 	NOT-FOR-US: WPKontakt
@@ -25740,7 +25960,7 @@
 	- mediawiki 1.4.9 (bug #276057)
 CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache
...)
 	NOT-FOR-US: Attachment Mod for phpBB
-CVE-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard
3.39 ...)
+CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in GNUBoard
3.39 ...)
 	NOT-FOR-US: GNUBoard
 CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers
to ...)
 	NOT-FOR-US: iWebNegar
@@ -26310,7 +26530,7 @@
 	RESERVED
 CVE-2005-0153
 	RESERVED
-CVE-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6
allows ...)
+CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6
allows ...)
 	{DSA-662-1}
 	- squirrelmail 1:1.2.7-1
 	NOTE: This bug exists only in version 1.2.6.
@@ -26438,7 +26658,7 @@
 CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
 	{DSA-662-1}
 	- squirrelmail 2:1.4.4
-CVE-2005-0103 (PHP remote code injection vulnerability in webmail.php in
SquirrelMail ...)
+CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in
SquirrelMail ...)
 	- squirrelmail 2:1.4.4-1
 CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and
earlier ...)
 	{DSA-673-1}
@@ -27366,7 +27586,7 @@
 CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3)
...)
 	{DSA-608-1}
 	- zgv 5.7-1.3 (bug #284124)
-CVE-2004-1094 (Buffer overflow in a third-party compression library, InnerMedia
...)
+CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version
...)
 	NOT-FOR-US: RealPlayer
 CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
 	{DSA-639-1}
@@ -28602,7 +28822,7 @@
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
 CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote
...)
 	NOT-FOR-US: Infinity WEB
-CVE-2004-0624 (PHP remote code injection vulnerability in index.php for
Artmedic ...)
+CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for
Artmedic ...)
 	NOT-FOR-US: Artmedic links
 CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may
allow ...)
 	{DSA-590-1}
@@ -29379,7 +29599,7 @@
 	NOT-FOR-US: Xlight FTP server 1.52; 
 CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote
...)
 	NOT-FOR-US: RobotFTP; 
-CVE-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors,
(2) ...)
+CVE-2004-0285 (PHP remote file inclusion vulnerabilities in (1) AllMyVisitors,
(2) ...)
 	NOT-FOR-US: PHP scripts 
 CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003
allow ...)
 	NOT-FOR-US: MSIE bugs
@@ -29666,7 +29886,7 @@
 CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak
in ...)
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive;
2.4.26-rc2)
 	TODO: Check 2.6
-CVE-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents
2.0.2 ...)
+CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents
2.0.2 ...)
 	NOT-FOR-US: ezContents
 CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers
to ...)
 	NOT-FOR-US: phpGedView
@@ -29754,7 +29974,7 @@
 	REJECTED
 CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to
gain ...)
 	- xsok <not-affected> (Not vulnerable. See bug #278777)
-CVE-2004-0073 (PHP remote code injection vulnerability in (1) config.php and
(2) ...)
+CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and
(2) ...)
 	NOT-FOR-US: EasyDynamicPages
 CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0
...)
 	NOT-FOR-US: Accipiter Direct Server 6.0
@@ -29824,7 +30044,7 @@
 	NOT-FOR-US: FistClass Desktop Client
 CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum
3.4.5 ...)
 	NOT-FOR-US: Phorum
-CVE-2004-0030 (PHP remote code injection vulnerability in (1) functions.php,
(2) ...)
+CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php,
(2) ...)
 	NOT-FOR-US: PHPGEDVIEW
 CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini
configuration ...)
 	NOT-FOR-US: Lotus Notes Domino
Secure testing commits - Sep 2006 - r4724 - data/CVE

[Secure-testing-commits] r4724 - data/CVE
