Author: joeyh Date: 2006-10-26 21:14:31 +0000 (Thu, 26 Oct 2006) New Revision: 4887 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-26 17:03:46 UTC (rev 4886) +++ data/CVE/list 2006-10-26 21:14:31 UTC (rev 4887) @@ -1,3 +1,107 @@ +CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen ...) + TODO: check +CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...) + TODO: check +CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH ...) + TODO: check +CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book ...) + TODO: check +CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab ...) + TODO: check +CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent ...) + TODO: check +CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 ...) + TODO: check +CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote ...) + TODO: check +CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...) + TODO: check +CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...) + TODO: check +CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX ...) + TODO: check +CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control ...) + TODO: check +CVE-2006-5500 (Multiple SQL injection vulnerabilities in the checkUser function in ...) + TODO: check +CVE-2006-5499 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity ...) + TODO: check +CVE-2006-5498 (Directory traversal vulnerability in ...) + TODO: check +CVE-2006-5497 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-5496 (Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason ...) + TODO: check +CVE-2006-5495 (Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS ...) + TODO: check +CVE-2006-5494 (Multiple PHP remote file inclusion vulnerabilities in ...) + TODO: check +CVE-2006-5493 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-5492 (Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 ...) + TODO: check +CVE-2006-5491 (Multiple SQL injection vulnerabilities in include/index.php in ...) + TODO: check +CVE-2006-5490 (Multiple SQL injection vulnerabilities in Segue Content Management ...) + TODO: check +CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before ...) + TODO: check +CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly ...) + TODO: check +CVE-2006-5487 + RESERVED +CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...) + TODO: check +CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg ...) + TODO: check +CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...) + TODO: check +CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...) + TODO: check +CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...) + TODO: check +CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 ...) + TODO: check +CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in Castor 1.1.1 ...) + TODO: check +CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...) + TODO: check +CVE-2006-5478 (Stack-based buffer overflow in the BuildRedirectURL function in the ...) + TODO: check +CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form ...) + TODO: check +CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...) + TODO: check +CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...) + TODO: check +CVE-2006-5474 (The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 ...) + TODO: check +CVE-2006-5473 (** DISPUTED ** ...) + TODO: check +CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer ...) + TODO: check +CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php ...) + TODO: check +CVE-2006-5470 + RESERVED +CVE-2006-5469 + RESERVED +CVE-2006-5468 + RESERVED +CVE-2006-5467 + RESERVED +CVE-2006-5466 + RESERVED +CVE-2006-5465 + RESERVED +CVE-2006-5464 + RESERVED +CVE-2006-5463 + RESERVED +CVE-2006-5462 + RESERVED +CVE-2006-5461 + RESERVED CVE-2006-XXXX [diffmon information leakage] - diffmon 20020222-2.2 (bug #382132) CVE-2006-XXXX [postgres DoSs] @@ -167,8 +271,8 @@ TODO: check CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and ...) TODO: check -CVE-2006-5382 - RESERVED +CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and ...) + TODO: check CVE-2003-1307 (** DISPUTED ** ...) TODO: check CVE-2006-XXXX [unspecified steam cache vulnerability] @@ -1366,7 +1470,7 @@ CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...) - php4 <not-affected> - php5 <unfixed> (bug #391586) -CVE-2006-4811 (Integer overflow in Qt, as used in the KDE khtml library, kdelibs ...) +CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 ...) - qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313) - qt4-x11 4.2.1-1 (bug #394192) CVE-2006-4810 @@ -1882,8 +1986,7 @@ RESERVED CVE-2006-4574 RESERVED -CVE-2006-4573 [GNU Screen UTF-8 Character Handling Vulnerabilities] - RESERVED +CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining characters ...) - screen <unfixed> (bug #395225; medium) CVE-2006-4572 RESERVED @@ -2060,10 +2163,10 @@ RESERVED CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...) NOT-FOR-US: Novell GroupWise -CVE-2006-4510 - RESERVED -CVE-2006-4509 - RESERVED +CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP service in ...) + TODO: check +CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest function in ...) + TODO: check CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and ...) - tor 0.1.1.23-1 CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...) @@ -2583,7 +2686,7 @@ NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla! CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...) NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo -CVE-2006-4280 (PHP remote file inclusion vulnerability in anjel.index.php in ANJEL ...) +CVE-2006-4280 (** DISPUTED ** ...) NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...) NOT-FOR-US: XennoBB @@ -2831,8 +2934,8 @@ CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and ...) - kfreebsd-5 <unfixed> (bug #391289; low) [etch] - kfreebsd-5 <no-dsa> (Etch doesn''t have security support for the FreeBSD kernel) -CVE-2006-4177 - RESERVED +CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory ...) + TODO: check CVE-2006-4176 RESERVED CVE-2006-4175 @@ -4494,8 +4597,8 @@ NOT-FOR-US: Symantec CVE-2006-3456 RESERVED -CVE-2006-3455 - RESERVED +CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate ...) + TODO: check CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...) NOT-FOR-US: Symantec CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...) @@ -27589,7 +27692,7 @@ - moodle 1.4.3-1 CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...) - moodle 1.4.3-1 -CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in (1) calendar.php ...) +CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor ...) NOT-FOR-US: PHP-Calendar CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...) NOT-FOR-US: WHM AutoPilot