thr3ads.net - Secure testing commits - [Secure-testing-commits] r4857

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Oct-17 21:14 UTC
[Secure-testing-commits] r4857 - data/CVE

Author: joeyh
Date: 2006-10-17 21:14:35 +0000 (Tue, 17 Oct 2006)
New Revision: 4857

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-10-17 20:47:45 UTC (rev 4856)
+++ data/CVE/list	2006-10-17 21:14:35 UTC (rev 4857)
@@ -1,4 +1,196 @@
-CVE-2006-5295 [clamav buffer overflow]
+CVE-2006-5326 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5325 (Multiple PHP remote file inclusion vulnerabilities in Dimitri
Seitz ...)
+	TODO: check
+CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM
...)
+	TODO: check
+CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server
before ...)
+	TODO: check
+CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3
allow ...)
+	TODO: check
+CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist
before ...)
+	TODO: check
+CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo
Sans ...)
+	TODO: check
+CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3
allows ...)
+	TODO: check
+CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco
JASmine ...)
+	TODO: check
+CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli
allows ...)
+	TODO: check
+CVE-2006-5316 (registroTL stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in
registroTL ...)
+	TODO: check
+CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in
TribunaLibre ...)
+	TODO: check
+CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote
authenticated ...)
+	TODO: check
+CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the
Ajax ...)
+	TODO: check
+CVE-2006-5311 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5310 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5309 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open
Conference ...)
+	TODO: check
+CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB
GUESTBOOK ...)
+	TODO: check
+CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the
Journals ...)
+	TODO: check
+CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the
lat2cyr ...)
+	TODO: check
+CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in
IncCMS ...)
+	TODO: check
+CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to
...)
+	TODO: check
+CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction
System ...)
+	TODO: check
+CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php
in ...)
+	TODO: check
+CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before
2.1.5 ...)
+	TODO: check
+CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and
...)
+	TODO: check
+CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client
...)
+	TODO: check
+CVE-2006-5296 (Buffer overflow in Microsoft Office 2003 PowerPoint allows ...)
+	TODO: check
+CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist
...)
+	TODO: check
+CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+	TODO: check
+CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in
...)
+	TODO: check
+CVE-2006-5291 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server
components of ...)
+	TODO: check
+CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM
4.2 ...)
+	TODO: check
+CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0
have a ...)
+	TODO: check
+CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook
0.93 ...)
+	TODO: check
+CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8
...)
+	TODO: check
+CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and
possibly ...)
+	TODO: check
+CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in
Shen ...)
+	TODO: check
+CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat
6.0 ...)
+	TODO: check
+CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News
3.1 and ...)
+	TODO: check
+CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in
n@board ...)
+	TODO: check
+CVE-2006-5280 (PHP remote file inclusion vulnerability in
includes/import-archive.php ...)
+	TODO: check
+CVE-2006-5279
+	RESERVED
+CVE-2006-5278
+	RESERVED
+CVE-2006-5277
+	RESERVED
+CVE-2006-5276
+	RESERVED
+CVE-2006-5275
+	RESERVED
+CVE-2006-5274
+	RESERVED
+CVE-2006-5273
+	RESERVED
+CVE-2006-5272
+	RESERVED
+CVE-2006-5271
+	RESERVED
+CVE-2006-5270
+	RESERVED
+CVE-2006-5269
+	RESERVED
+CVE-2006-5268
+	RESERVED
+CVE-2006-5267
+	RESERVED
+CVE-2006-5266
+	RESERVED
+CVE-2006-5265
+	RESERVED
+CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in
MysqlDumper ...)
+	TODO: check
+CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in
...)
+	TODO: check
+CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5
and ...)
+	TODO: check
+CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews
1.4 ...)
+	TODO: check
+CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in
Compteur 2 ...)
+	TODO: check
+CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in
...)
+	TODO: check
+CVE-2006-5258 (Unspecified vulnerability in the spell checking component of
Asbru Web ...)
+	TODO: check
+CVE-2006-5257 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5256 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5255 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5254 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in Dayana
...)
+	TODO: check
+CVE-2006-5252 (PHP remote file inclusion vulnerability in includes/core.lib.php
in ...)
+	TODO: check
+CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep CMS
2.0a ...)
+	TODO: check
+CVE-2006-5250 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php
in ...)
+	TODO: check
+CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart
allow ...)
+	TODO: check
+CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other
critical ...)
+	TODO: check
+CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and
gain ...)
+	TODO: check
+CVE-2006-5244 (Multilple PHP remote file inclusion vulnerabilities in OpenDock
Easy ...)
+	TODO: check
+CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock
Easy ...)
+	TODO: check
+CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management System
(CMS) ...)
+	TODO: check
+CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock
Easy ...)
+	TODO: check
+CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php in
...)
+	TODO: check
+CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog
0.3.5 ...)
+	TODO: check
+CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue
Smiley ...)
+	TODO: check
+CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before 4.46
...)
+	TODO: check
+CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x
allows ...)
+	TODO: check
+CVE-2006-5235 (PHP remote file inclusion vulnerability in
includes/functions_kb.php ...)
+	TODO: check
+CVE-2006-5234 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version
...)
+	TODO: check
+CVE-2006-5232 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version
1.1.0.5, ...)
+	TODO: check
+CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in
FreeForum ...)
+	TODO: check
+CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote
...)
 	- clamav 0.88.5-1 (high; bug #393445)
 CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms
and ...)
 	TODO: check
@@ -43,8 +235,8 @@
 	NOT-FOR-US: Trend Micro OfficeScan
 CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM)
Suite for ...)
 	NOT-FOR-US: Trend Micro OfficeScan
-CVE-2006-5210
-	RESERVED
+CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1
...)
+	TODO: check
 CVE-2006-5209 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Admin Topic Action Logging Mod for phpBB
 CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1
allow ...)
@@ -272,7 +464,7 @@
 	NOT-FOR-US: SyntaxCMS
 CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin
2.x ...)
 	NOT-FOR-US: vBulletin
-CVE-2006-5103 (PHP remote file inclusion vulnerability in index2.php in bbsNew
2.0.1 ...)
+CVE-2006-5103 (PHP remote file inclusion vulnerability in admin/index2.php in
bbsNew ...)
 	NOT-FOR-US: bbsNew
 CVE-2006-5102 (PHP remote file inclusion vulnerability in
include/editfunc.inc.php in ...)
 	NOT-FOR-US: Newswriter SW
@@ -821,12 +1013,12 @@
 	NOT-FOR-US: Claroline
 CVE-2006-4843
 	RESERVED
-CVE-2006-4842
-	RESERVED
+CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as
used in ...)
+	TODO: check
 CVE-2006-4841
 	RESERVED
 CVE-2006-4840
-	RESERVED
+	REJECTED
 CVE-2006-4839
 	RESERVED
 CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in
DCP-Portal SE ...)
@@ -879,8 +1071,8 @@
 	RESERVED
 CVE-2006-4814
 	RESERVED
-CVE-2006-4813
-	RESERVED
+CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux
kernel ...)
+	TODO: check
 CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows
remote ...)
 	- php4 <not-affected>
 	- php5 <unfixed>
@@ -1137,7 +1329,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X
for ...)
 	NOT-FOR-US: Microsoft Word
-CVE-2006-4692 (The Windows Object Packager in Microsoft Windows XP SP1 and SP2
and ...)
+CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager
...)
 	NOT-FOR-US: Microsoft Word
 CVE-2006-4691
 	RESERVED
@@ -1563,8 +1755,8 @@
 	RESERVED
 CVE-2006-4517
 	RESERVED
-CVE-2006-4516
-	RESERVED
+CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local
users to ...)
+	TODO: check
 CVE-2006-4515
 	RESERVED
 CVE-2006-4514
@@ -1950,8 +2142,8 @@
 	- openssl 0.9.8c-2 (bug #389940)
 	- openssl097 0.9.7k-2
 	- openssl096 <removed>
-CVE-2006-4342
-	RESERVED
+CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP
systems, ...)
+	TODO: check
 CVE-2006-4341
 	REJECTED
 CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as
used ...)
@@ -2333,8 +2525,7 @@
 	NOT-FOR-US: SmartLine DeviceLock
 CVE-2006-4183
 	RESERVED
-CVE-2006-4182 [clamav buffer overflow]
-	RESERVED
+CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions
...)
 	- clamav 0.88.5-1 (high; bug #393445)
 CVE-2006-4181
 	RESERVED
@@ -2392,8 +2583,8 @@
 	NOT-FOR-US: pearlabs mafia moblog
 CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka
threaded ...)
 	NOT-FOR-US: Invision Power Board (IPB)
-CVE-2006-4154
-	RESERVED
+CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for Apache
2.x ...)
+	TODO: check
 CVE-2006-4153
 	RESERVED
 CVE-2006-4152
@@ -2863,7 +3054,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft
Internet ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows 2000 SP4,
Server 2003 ...)
+CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000,
XP, and ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine
5.3 ...)
 	NOT-FOR-US: N1 Grid Engine 
@@ -3022,7 +3213,7 @@
 	REJECTED
 CVE-2006-3865
 	RESERVED
-CVE-2006-3864 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003,
2004 for ...)
+CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000,
XP, and ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3863
 	RESERVED
@@ -3580,13 +3771,13 @@
 	NOT-FOR-US: Microsoft Internet Security and Acceleration Server
 CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and
Office ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-3650 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003,
2004 for ...)
+CVE-2006-3650 (Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac
do not ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA)
SDK ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1
and ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-3647 (Unspecified vulnerability in Microsoft Word 2000, 2002, Office
2003, ...)
+CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for
Mac, and ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3646
 	RESERVED
@@ -4046,7 +4237,7 @@
 	RESERVED
 CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET
Framework ...)
 	NOT-FOR-US: Microsoft
-CVE-2006-3435 (Unspecified vulnerability in PowerPoint in Microsoft Office 2003
...)
+CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and
v.X ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003,
2004 for ...)
 	NOT-FOR-US: Microsoft
@@ -23263,7 +23454,7 @@
 	NOT-FOR-US: Advanced Poll
 CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced
Poll ...)
 	NOT-FOR-US: Advanced Poll
-CVE-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to
execute ...)
+CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll
2.0.2 ...)
 	NOT-FOR-US: Advanced Poll
 CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2
before ...)
 	NOT-FOR-US: MERCUR Mailserver
Secure testing commits - Oct 2006 - r4857 - data/CVE

[Secure-testing-commits] r4857 - data/CVE
