Author: joeyh Date: 2006-09-14 21:14:35 +0000 (Thu, 14 Sep 2006) New Revision: 4729 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-09-14 17:46:56 UTC (rev 4728) +++ data/CVE/list 2006-09-14 21:14:35 UTC (rev 4729) @@ -1,3 +1,129 @@ +CVE-2006-4792 + RESERVED +CVE-2006-4791 + RESERVED +CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent ...) + TODO: check +CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users ...) + TODO: check +CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in ...) + TODO: check +CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive ...) + TODO: check +CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2006-4785 (SQL injection vulnerability in Moodle 1.6.1 and earlier allows remote ...) + TODO: check +CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ...) + TODO: check +CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and ...) + TODO: check +CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals ...) + TODO: check +CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded ...) + TODO: check +CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in ...) + TODO: check +CVE-2006-4779 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...) + TODO: check +CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation.PathControl COM ...) + TODO: check +CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...) + TODO: check +CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and ...) + TODO: check +CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows ...) + TODO: check +CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and ...) + TODO: check +CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root with ...) + TODO: check +CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 ...) + TODO: check +CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 ...) + TODO: check +CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 ...) + TODO: check +CVE-2006-4768 (Multiple direct static code injection vulnerabilities in add_go.php in ...) + TODO: check +CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst ...) + TODO: check +CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst ...) + TODO: check +CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows ...) + TODO: check +CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas LETE ...) + TODO: check +CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client''s ...) + TODO: check +CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader ...) + TODO: check +CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman ...) + TODO: check +CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...) + TODO: check +CVE-2006-4759 (PunBB 1.2.12 does not properly handle pathnames ending in %00, which ...) + TODO: check +CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...) + TODO: check +CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 ...) + TODO: check +CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and ...) + TODO: check +CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in ...) + TODO: check +CVE-2006-4754 (Cross-site scripting (XSS) vulnerability in index.php in PHProg before ...) + TODO: check +CVE-2006-4753 (Directory traversal vulnerability in index.php in PHProg before 1.1 ...) + TODO: check +CVE-2006-4752 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote ...) + TODO: check +CVE-2006-4751 (Cross-site scripting (XSS) vulnerability in index.php in Laurentiu ...) + TODO: check +CVE-2006-4750 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-4749 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...) + TODO: check +CVE-2006-4748 (Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow ...) + TODO: check +CVE-2006-4747 (Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot ...) + TODO: check +CVE-2006-4746 (PHP remote file inclusion vulnerability in news/include/customize.php ...) + TODO: check +CVE-2006-4745 (ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to ...) + TODO: check +CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication ...) + TODO: check +CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain ...) + TODO: check +CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot ...) + TODO: check +CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in ...) + TODO: check +CVE-2006-4740 (Jetbox CMS allows remote attackers to obtain sensitive information via ...) + TODO: check +CVE-2006-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...) + TODO: check +CVE-2006-4738 (PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS ...) + TODO: check +CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote ...) + TODO: check +CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. allow ...) + TODO: check +CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...) + TODO: check +CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php ...) + TODO: check +CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...) + TODO: check +CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an ...) + TODO: check +CVE-2002-2218 (CRLF injection vulnerability in the setUserValue function in ...) + TODO: check +CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...) + TODO: check CVE-2006-4731 (Directory traversal vulnerability in login.pl in (1) SQL-Ledger before ...) TODO: check CVE-2006-4730 @@ -8,12 +134,12 @@ RESERVED CVE-2006-4727 RESERVED -CVE-2006-4726 - RESERVED -CVE-2006-4725 - RESERVED -CVE-2006-4724 - RESERVED +CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 ...) + TODO: check +CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security ...) + TODO: check +CVE-2006-4724 (Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ...) + TODO: check CVE-2006-4723 (PHP remote file inclusion vulnerability in ...) TODO: check CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board ...) @@ -36,7 +162,7 @@ TODO: check CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA ...) TODO: check -CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow ...) +CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 ...) TODO: check CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow ...) TODO: check @@ -128,7 +254,7 @@ TODO: check CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote ...) TODO: check -CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in WM-News 0.5 ...) +CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst ...) TODO: check CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...) TODO: check @@ -757,7 +883,7 @@ TODO: check CVE-2006-4383 RESERVED -CVE-2006-4382 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) +CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow ...) TODO: check CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) TODO: check @@ -2235,12 +2361,10 @@ TODO: check CVE-2006-3741 RESERVED -CVE-2006-3740 [libxfont CID integer overflows: scan_cidfont()] - RESERVED +CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and ...) - xfree86 <removed> - libxfont 1:1.2.2-1 -CVE-2006-3739 [libxfont CID integer overflows: CIDAFM()] - RESERVED +CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X ...) - xfree86 <removed> - libxfont 1:1.2.2-1 CVE-2006-3738 @@ -2864,8 +2988,8 @@ RESERVED CVE-2006-3455 RESERVED -CVE-2006-3454 - RESERVED +CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...) + TODO: check CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...) NOT-FOR-US: Adobe acrobat CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...) @@ -24946,7 +25070,7 @@ NOT-FOR-US: pMachine CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 ...) NOT-FOR-US: Mambo -CVE-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin 3.0.6 ...) +CVE-2005-0511 (misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in ...) NOT-FOR-US: vBulletin CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine ...) NOT-FOR-US: pMachine