thr3ads.net - Secure testing commits - [Secure-testing-commits] r4747

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Sep-20 09:14 UTC
[Secure-testing-commits] r4747 - data/CVE

Author: joeyh
Date: 2006-09-20 09:14:23 +0000 (Wed, 20 Sep 2006)
New Revision: 4747

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-19 21:07:35 UTC (rev 4746)
+++ data/CVE/list	2006-09-20 09:14:23 UTC (rev 4747)
@@ -1,3 +1,114 @@
+CVE-2006-4898 (PHP remote file inclusion vulnerability in
include/phpxd/phpXD.php in ...)
+	TODO: check
+CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the
web ...)
+	TODO: check
+CVE-2006-4896 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1+,
and ...)
+	TODO: check
+CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in
forms/lostpassword.php in ...)
+	TODO: check
+CVE-2006-4893 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ
...)
+	TODO: check
+CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno
Dreams ...)
+	TODO: check
+CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS
1.5 and ...)
+	TODO: check
+CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn
...)
+	TODO: check
+CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does
not drop ...)
+	TODO: check
+CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan
Enterprise ...)
+	TODO: check
+CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599
and ...)
+	TODO: check
+CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot
...)
+	TODO: check
+CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot
...)
+	TODO: check
+CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts
Charon ...)
+	TODO: check
+CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David
Bennett ...)
+	TODO: check
+CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett
PHP-Post ...)
+	TODO: check
+CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett
...)
+	TODO: check
+CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post
(PHPp) 1.0 ...)
+	TODO: check
+CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow
remote ...)
+	TODO: check
+CVE-2006-4875 (Unrestricted file upload vulnerability in ...)
+	TODO: check
+CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter
CMS ...)
+	TODO: check
+CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan
...)
+	TODO: check
+CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka
Keyvan ...)
+	TODO: check
+CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating
4.1, ...)
+	TODO: check
+CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php
in ...)
+	TODO: check
+CVE-2006-4868 (Stack-based buffer overflow in Microsoft Internet Explorer 6.0
on ...)
+	TODO: check
+CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and
earlier ...)
+	TODO: check
+CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by
TDIXSupport in ...)
+	TODO: check
+CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All
Enthusiast ...)
+	TODO: check
+CVE-2006-4863 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows
remote ...)
+	TODO: check
+CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed
Mehdi ...)
+	TODO: check
+CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) ...)
+	TODO: check
+CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in
the ...)
+	TODO: check
+CVE-2006-4858 (PHP remote file inclusion vulnerability in
install.serverstat.php in ...)
+	TODO: check
+CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page)
in ...)
+	TODO: check
+CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller
...)
+	TODO: check
+CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall
2006 ...)
+	TODO: check
+CVE-2006-4854
+	REJECTED
+	TODO: check
+CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02
through ...)
+	TODO: check
+CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5
...)
+	TODO: check
+CVE-2006-4851 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4850 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...)
+	TODO: check
+CVE-2006-4848 (Multiple PHP remote file inclusion vulnerabilities in Brian
Fraval ...)
+	TODO: check
+CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before
Hotfix ...)
+	TODO: check
+CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced
...)
+	TODO: check
+CVE-2006-4845 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
 CVE-2006-4843
 	RESERVED
 CVE-2006-4842
@@ -328,8 +439,8 @@
 	RESERVED
 CVE-2006-4685
 	RESERVED
-CVE-2006-4684
-	RESERVED
+CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and
2.8.0 ...)
+	TODO: check
 CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain
sensitive ...)
 	TODO: check
 CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10
allow ...)
@@ -680,8 +791,8 @@
 	NOT-FOR-US: OpenVMS
 CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS
Frogss ...)
 	NOT-FOR-US: CMS Frogss
-CVE-2006-4535
-	RESERVED
+CVE-2006-4535 (The Linux kernel 2.6.10 through 2.6.15 allows local users to
cause a ...)
+	TODO: check
 CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000 allows remote
...)
 	NOT-FOR-US: Microsoft
 CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS
1.0.6 ...)
@@ -1127,16 +1238,16 @@
 	- openssl 0.9.8b-3 (medium)
 	- openssl097 0.9.7i-2 (medium)
 	- openssl096 <removed>
-CVE-2006-4338
-	RESERVED
-CVE-2006-4337
-	RESERVED
-CVE-2006-4336
-	RESERVED
-CVE-2006-4335
-	RESERVED
-CVE-2006-4334
-	RESERVED
+CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows
context-dependent ...)
+	TODO: check
+CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component
in ...)
+	TODO: check
+CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip
1.3.5 allows ...)
+	TODO: check
+CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the
LZH ...)
+	TODO: check
+CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent
...)
+	TODO: check
 CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before
0.99.3 allows ...)
 	{DSA-1171}
 	- wireshark 0.99.2-5.1 (low; bug #384529)
@@ -1333,8 +1444,8 @@
 	RESERVED
 CVE-2006-4247
 	RESERVED
-CVE-2006-4246
-	RESERVED
+CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read
...)
+	TODO: check
 CVE-2006-4245
 	RESERVED
 CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying
that ...)
@@ -2164,7 +2275,7 @@
 CVE-2006-3867
 	RESERVED
 CVE-2006-3866
-	RESERVED
+	REJECTED
 CVE-2006-3865
 	RESERVED
 CVE-2006-3864
@@ -6002,8 +6113,8 @@
 CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf
in libtiff ...)
 	{DSA-1091-1}
 	- tiff 3.8.2-4 (bug #371064; medium)
-CVE-2006-2191
-	RESERVED
+CVE-2006-2191 (** DISPUTED ** ...)
+	TODO: check
 CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in ...)
 	NOT-FOR-US: OpenWebMail
 CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2
...)
@@ -26255,7 +26366,7 @@
 	NOT-FOR-US: ASP Calendar
 CVE-2004-1399 (Directory traversal vulnerability in the Attachment module
2.3.10 and ...)
 	NOT-FOR-US: Attachment Mod for phpBB
-CVE-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac
OS X ...)
+CVE-2004-1398 (Format string vulnerability in prelink.c in kextload in Apple OS
X, as ...)
 	NOT-FOR-US: MacOSX
 CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0
allows ...)
 	- usemod-wiki 1.0-6
Secure testing commits - Sep 2006 - r4747 - data/CVE

[Secure-testing-commits] r4747 - data/CVE
