Author: joeyh
Date: 2006-10-10 09:14:23 +0000 (Tue, 10 Oct 2006)
New Revision: 4837
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-09 21:14:36 UTC (rev 4836)
+++ data/CVE/list 2006-10-10 09:14:23 UTC (rev 4837)
@@ -1,3 +1,113 @@
+CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep
1.1.9, ...)
+ TODO: check
+CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module
in ...)
+ TODO: check
+CVE-2006-5218 (Integer overflow in STRIOCREPLACE in systrace in OpenBSD 3.9 and
...)
+ TODO: check
+CVE-2006-5217 (SQL injection vulnerability in uyegiris.asp in Emek Portal 2.1
allows ...)
+ TODO: check
+CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD
(shttpd) ...)
+ TODO: check
+CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in
NetBSD ...)
+ TODO: check
+CVE-2006-5214 (Race condition in the Xsession script, as used by X Display
Manager ...)
+ TODO: check
+CVE-2006-5213 (Sun Solaris 10 before 20061006 uses "incorrect and
insufficient ...)
+ TODO: check
+CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM)
Suite for ...)
+ TODO: check
+CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM)
Suite for ...)
+ TODO: check
+CVE-2006-5210
+ RESERVED
+CVE-2006-5209 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1
allow ...)
+ TODO: check
+CVE-2006-5207 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows
remote ...)
+ TODO: check
+CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7
allows ...)
+ TODO: check
+CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in
action_admin/member.php in ...)
+ TODO: check
+CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote
restricted ...)
+ TODO: check
+CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when
...)
+ TODO: check
+CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java
JDK and ...)
+ TODO: check
+CVE-2006-5200
+ RESERVED
+CVE-2006-5199
+ RESERVED
+CVE-2006-5198
+ RESERVED
+CVE-2006-5197 (PDshopPro stores sensitive information under the web root with
...)
+ TODO: check
+CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem
allows ...)
+ TODO: check
+CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog
1.0 ...)
+ TODO: check
+CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp
0.93 ...)
+ TODO: check
+CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh
Schmidt ...)
+ TODO: check
+CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php
in ...)
+ TODO: check
+CVE-2006-5191 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in
osCommerce 2.2 ...)
+ TODO: check
+CVE-2006-5189 (PHP remote file inclusion vulnerability in
funzioni/lib/show_hlp.php ...)
+ TODO: check
+CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius
GOOP ...)
+ TODO: check
+CVE-2006-5187 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
+ TODO: check
+CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in ...)
+ TODO: check
+CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather
3.9.8.4 and ...)
+ TODO: check
+CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before
2.0.6 ...)
+ TODO: check
+CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox
Designs ...)
+ TODO: check
+CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan
Jensen ...)
+ TODO: check
+CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua
Muheim ...)
+ TODO: check
+CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php
in ...)
+ TODO: check
+CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent
...)
+ TODO: check
+CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier
allows ...)
+ TODO: check
+CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and
Enterprise ...)
+ TODO: check
+CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable
Professional 2.0 ...)
+ TODO: check
+CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the
administrative ...)
+ TODO: check
+CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel
2.6 ...)
+ TODO: check
+CVE-2006-5173
+ RESERVED
+CVE-2006-5172
+ RESERVED
+CVE-2006-5171
+ RESERVED
+CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core
3 and ...)
+ TODO: check
+CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka
...)
+ TODO: check
+CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search
functionality ...)
+ TODO: check
+CVE-2005-4813 (Unspecified vulnerability in Report Application Server ...)
+ TODO: check
+CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option
enabled, ...)
+ TODO: check
CVE-2006-XXXX [zabbix format string vulnerabilities]
- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-XXXX [zabbix buffer overflows]
@@ -53,10 +163,10 @@
NOT-FOR-US: OlateDownload
CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)]
- libgsf 1.14.2-1
-CVE-2006-5143
- RESERVED
-CVE-2006-5142
- RESERVED
+CVE-2006-5143 (Stack-based buffer overflow in the Backup Agent RPC Server ...)
+ TODO: check
+CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserver Backup
R11.5 ...)
+ TODO: check
CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin
A. ...)
NOT-FOR-US: Open Geo Targeting (aka geotarget)
CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy
Image ...)
@@ -145,7 +255,7 @@
- dokuwiki <unfixed> (bug #391291; medium)
CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote
...)
- dokuwiki <unfixed> (bug #391291; medium)
-CVE-2006-5097 (PHP remote file inclusion vulnerability in index.php in net2ftp
allows ...)
+CVE-2006-5097 (** DISPUTED ** ...)
NOT-FOR-US: net2ftp
CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
NOT-FOR-US: VirtueMart
@@ -171,7 +281,7 @@
NOT-FOR-US: Blog Pixel Motion
CVE-2006-5085 (Static code injection vulnerability in config.php in Blog Pixel
Motion ...)
NOT-FOR-US: Blog Pixel Motion
-CVE-2006-5084 (Format string vulnerability in eBay Skype 1.5.0.79 has
unspecified ...)
+CVE-2006-5084 (Format string vulnerability in the NSRunAlertPanel function in
eBay ...)
NOT-FOR-US: Skype
CVE-2006-5083 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Integrated MODs (IM) Portal
@@ -200,8 +310,7 @@
TODO: check for security relevance and CVE-ids. Maybe imagemagick is affected,
too
CVE-2006-XXXX [moodle SQL injection]
- moodle 1.6.2+20060930-1 (bug #390294)
-CVE-2006-5072 [mono temp race]
- RESERVED
+CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create
temporary ...)
- mono 1.1.17.1-5
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS
before ...)
NOT-FOR-US: eyeOS
@@ -357,8 +466,8 @@
RESERVED
CVE-2006-4998
RESERVED
-CVE-2006-4997
- RESERVED
+CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in
Linux ...)
+ TODO: check
CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before
1.2.2 ...)
NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla!
CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats ...)
@@ -391,8 +500,7 @@
NOT-FOR-US: Cisco
CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to
bypass ...)
NOT-FOR-US: Symantec
-CVE-2006-4980 [buffer overrun in repr() for unicode strings]
- RESERVED
+CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6
before ...)
- python2.4 2.4.3-9
- python2.3 <unfixed>
TODO: check other pythons
@@ -500,8 +608,8 @@
RESERVED
CVE-2006-4928
RESERVED
-CVE-2006-4927
- RESERVED
+CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device
...)
+ TODO: check
CVE-2006-4926
RESERVED
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and
earlier, ...)
@@ -666,7 +774,7 @@
NOT-FOR-US: BolinOS
CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...)
NOT-FOR-US: MobilePublisherPHP
-CVE-2006-4848 (Multiple PHP remote file inclusion vulnerabilities in Brian
Fraval ...)
+CVE-2006-4848 (** DISPUTED ** ...)
NOT-FOR-US: Hitweb
CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before
Hotfix ...)
NOT-FOR-US: WS_FTP
@@ -738,8 +846,7 @@
RESERVED
CVE-2006-4813
RESERVED
-CVE-2006-4812 [php unserialize integer overflow]
- RESERVED
+CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows
remote ...)
- php4 <not-affected>
- php5 <unfixed>
CVE-2006-4811
@@ -3225,8 +3332,8 @@
- graphicsmagick 1.1.7-8
CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM
...)
TODO: check
-CVE-2006-3741
- RESERVED
+CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel
2.4.x and ...)
+ TODO: check
CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and
...)
{DSA-1193-1}
- libxfont 1:1.2.2-1
@@ -17649,7 +17756,7 @@
- squid 2.5
CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain
...)
- squid 2.5.8
-CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, which is
included in ...)
+CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, as used in (1)
IBM ...)
NOTE: "the original vendor report is too vague to know whether this issue
is already identified by another CVE name."
CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable
the ...)
NOT-FOR-US: DiamondCS