Author: joeyh Date: 2006-10-04 21:14:25 +0000 (Wed, 04 Oct 2006) New Revision: 4809 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-03 19:35:35 UTC (rev 4808) +++ data/CVE/list 2006-10-04 21:14:25 UTC (rev 4809) @@ -1,3 +1,51 @@ +CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 ...) + TODO: check +CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web ...) + TODO: check +CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...) + TODO: check +CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...) + TODO: check +CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly ...) + TODO: check +CVE-2006-5162 (wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows ...) + TODO: check +CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved ...) + TODO: check +CVE-2006-5160 (** DISPUTED ** ...) + TODO: check +CVE-2006-5159 (** DISPUTED ** ...) + TODO: check +CVE-2006-5158 (Unspecified vulnerability in NFS lockd in the kernel in SUSE Linux 9.2 ...) + TODO: check +CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...) + TODO: check +CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...) + TODO: check +CVE-2006-5155 (PHP remote file inclusion vulnerability in core/pdf.php in VideoDB ...) + TODO: check +CVE-2006-5154 (PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 ...) + TODO: check +CVE-2006-5153 (The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal ...) + TODO: check +CVE-2006-5152 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) + TODO: check +CVE-2006-5151 (Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for ...) + TODO: check +CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio before ...) + TODO: check +CVE-2006-5149 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) + TODO: check +CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b ...) + TODO: check +CVE-2006-5147 (PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml ...) + TODO: check +CVE-2006-5146 (Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow ...) + TODO: check +CVE-2006-5145 (Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow ...) + TODO: check +CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in ...) + TODO: check CVE-2006-XXXX [openssl fix for CVE-2006-2940 introduced new security bug] - openssl097 0.9.7k-3 - openssl 0.9.8c-3 @@ -58,7 +106,7 @@ TODO: check CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...) TODO: check -CVE-2006-5116 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.1-rc1 ...) +CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) TODO: check CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...) TODO: check @@ -387,7 +435,7 @@ NOT-FOR-US: Php Blue Dragon CVE-2006-4959 (Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows ...) NOT-FOR-US: Sun Secure Global Desktop -CVE-2006-4958 (Cross-site scripting (XSS) vulnerability in Sun Secure Global Desktop ...) +CVE-2006-4958 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure ...) NOT-FOR-US: Sun Secure Global Desktop CVE-2006-4957 (SQL injection vulnerability in the GetMember function in functions.php ...) NOT-FOR-US: MyReview @@ -1370,8 +1418,8 @@ RESERVED CVE-2006-4512 RESERVED -CVE-2006-4511 - RESERVED +CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...) + TODO: check CVE-2006-4510 RESERVED CVE-2006-4509 @@ -4617,7 +4665,7 @@ NOT-FOR-US: MP3 Search/Archive CVE-2006-3070 (write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with ...) NOT-FOR-US: Zeroboard -CVE-2006-3069 (PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when ...) +CVE-2006-3069 (** DISPUTED ** ...) NOT-FOR-US: DoubleSpeak CVE-2006-3068 (IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote ...) NOT-FOR-US: IBM DB2 @@ -12375,7 +12423,7 @@ NOT-FOR-US: SiteEnable CVE-2005-4482 (Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 ...) NOT-FOR-US: PortalApp -CVE-2005-4481 (Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier ...) +CVE-2005-4481 (** DISPUTED ** ...) NOT-FOR-US: Polypoly CVE-2005-4480 (Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and ...) NOT-FOR-US: Plexcor CMS @@ -20673,9 +20721,9 @@ NOT-FOR-US: Fortibus CMS CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) NOT-FOR-US: Fortibus CMS -CVE-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...) +CVE-2005-2036 (modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote ...) NOT-FOR-US: Cool Cafe Chat -CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...) +CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) ...) NOT-FOR-US: Cool Cafe Chat CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...) NOT-FOR-US: iGallery @@ -21435,7 +21483,7 @@ NOT-FOR-US: MyBB CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) NOT-FOR-US: MyBB -CVE-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...) +CVE-2005-1831 (** DISPUTED ** ...) - sudo <not-affected> (Unreproducable, seems like a broken PAM setup on the submitter''s side) CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) NOT-FOR-US: SoftICE