thr3ads.net - Secure testing commits - [Secure-testing-commits] r4909

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Nov-02 09:14 UTC
[Secure-testing-commits] r4909 - data/CVE

Author: joeyh
Date: 2006-11-02 09:14:23 +0100 (Thu, 02 Nov 2006)
New Revision: 4909

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-01 22:34:40 UTC (rev 4908)
+++ data/CVE/list	2006-11-02 08:14:23 UTC (rev 4909)
@@ -1,3 +1,15 @@
+CVE-2006-5649
+	RESERVED
+CVE-2006-5648
+	RESERVED
+CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus
for ...)
+	TODO: check
+CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint
Security ...)
+	TODO: check
+CVE-2006-5645 (Unspecified vulnerability in Sophos Anti-Virus and Endpoint
Security ...)
+	TODO: check
+CVE-2006-5644
+	RESERVED
 CVE-2006-5643 (Cross-site scripting (XSS) vulnerability in search_de.html in
foresite ...)
 	TODO: check
 CVE-2006-5642 (Unspecified vulnerability in NmnLogger 1.0.0 and earlier has
unknown ...)
@@ -1689,8 +1701,8 @@
 	RESERVED
 CVE-2006-4840
 	REJECTED
-CVE-2006-4839
-	RESERVED
+CVE-2006-4839 (Sophos Anti-Virus 5.1 allows remote attackers to cause a denial
of ...)
+	TODO: check
 CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in
DCP-Portal SE ...)
 	NOT-FOR-US: DCP-Portal
 CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal
SE ...)
@@ -1976,8 +1988,8 @@
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and
Dominic ...)
 	NOT-FOR-US: Timesheet (aka Timesheet.php)
-CVE-2006-4704
-	RESERVED
+CVE-2006-4704 (Unspecified vulnerability in the WMI Object Broker ActiveX
control ...)
+	TODO: check
 CVE-2006-4703
 	RESERVED
 CVE-2006-4702
@@ -2425,8 +2437,8 @@
 	RESERVED
 CVE-2006-4518
 	RESERVED
-CVE-2006-4517
-	RESERVED
+CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a
...)
+	TODO: check
 CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local
users to ...)
 	TODO: check
 CVE-2006-4515
@@ -35642,7 +35654,7 @@
 	NOT-FOR-US: gnu radiusd, not in debian
 CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin
2.5.5 ...)
 	- phpmyadmin 2:2.6.0-pl2
-CVE-2004-0128 (PHP remote code injection vulnerability in the GEDCOM
configuration ...)
+CVE-2004-0128 (PHP remote file inclusion vulnerability in the GEDCOM
configuration ...)
 	NOT-FOR-US: phpgedview, not in debian
 CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the
...)
 	NOT-FOR-US: freebsd
@@ -35692,9 +35704,9 @@
 	- kernel-source-2.4.24 2.4.24-3
 	NOTE: fixed in 2.4.26-pre3
 	TODO: test
-CVE-2004-0070 (PHP remote code injection vulnerability in module.php for
ezContents ...)
+CVE-2004-0070 (PHP remote file inclusion vulnerability in module.php for
ezContents ...)
 	NOT-FOR-US: ezcontents, commercial
-CVE-2004-0068 (PHP remote code injection vulnerability in config.php for PhpDig
1.6.5 ...)
+CVE-2004-0068 (PHP remote file inclusion vulnerability in config.php for PhpDig
1.6.5 ...)
 	NOT-FOR-US: phpdig, not in debian
 CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library
1.3.12, ...)
 	NOT-FOR-US: ncipher hsm
@@ -35759,7 +35771,7 @@
 	NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
 CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE
Personal ...)
 	- kdepim 4:3.1.5-1
-CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before
2.4.21 ...)
+CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before
...)
 	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417
DSA-413}
 	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload;
2.4.24-rc1)
 CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and
possibly ...)
@@ -35784,7 +35796,7 @@
 	- qpopper 4.0.4-9
 CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550
before ...)
 	NOT-FOR-US: SOHO Routefinder
-CVE-2003-0124 (man before 1.51 allows attackers to execute arbitrary code via a
...)
+CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a
...)
 	NOT-FOR-US: man before 1.51
 CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino
R4.5 ...)
 	NOT-FOR-US: lotus notes
@@ -35925,7 +35937,7 @@
 	NOT-FOR-US: apache on windows
 CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and
Me ...)
 	NOT-FOR-US: apache on windows
-CVE-2003-0015 (Double-free vulnerabiity in CVS 1.11.4 and earlier allows remote
...)
+CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows
remote ...)
 	{DSA-233}
 	- cvs 1.11.2-5.1
 CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5,
...)
@@ -36034,7 +36046,7 @@
 	- cacti 0.6.8a-2
 CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through
1.6, and ...)
 	NOT-FOR-US: NetBSD
-CVE-2002-1472 (libX11.so in xfree86, when used in setuid or setgid programs,
allows ...)
+CVE-2002-1472 (Untrusted search path vulnerability in libX11.so in xfree86,
when used ...)
 	- xfree86 4.2.1-1 (bug #280872)
 CVE-2002-1471 (The camel component for Ximian Evolution 1.0.x and earlier does
not ...)
 	- evolution 1.2.0-1 (bug #280883)
@@ -36476,7 +36488,7 @@
 	NOT-FOR-US: Abyss Web Server
 CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail
before ...)
 	NOT-FOR-US: Ipswitch IMail
-CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in CacheFlow CacheOS
4.1.06 ...)
+CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in Blue Coat Systems
...)
 	NOT-FOR-US: CacheFlow CacheOS
 CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6,
and 4.x ...)
 	NOT-FOR-US: Van Dyke SecureCRT SSH client
@@ -36838,7 +36850,7 @@
 CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache
user to ...)
 	{DSA-137}
 	- mm 1.1.3-7
-CVE-2002-0653 (Off-by-one buffer overflow in rewrite_command hook for mod_ssl
Apache ...)
+CVE-2002-0653 (Off-by-one buffer overflow in the ssl_compat_directive function,
as ...)
 	{DSA-135}
 	- libapache-mod-ssl 2.8.9-2
 CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc,
and ...)
@@ -37098,7 +37110,7 @@
 	TODO: check
 CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe,
allows ...)
 	NOT-FOR-US: WebNews
-CVE-2002-0287 (pforum 1.14 and earlier does no explicitly enable PHP magic
quotes, ...)
+CVE-2002-0287 (pforum 1.14 and earlier does not explicitly enable PHP magic
quotes, ...)
 	NOT-FOR-US: pforum
 CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and
earlier, ...)
 	TODO: check
@@ -37430,7 +37442,7 @@
 	TODO: check
 CVE-2001-1299 (Zorbat Zorbstats PHP script before 0.9 allows remote attackers
to ...)
 	TODO: check
-CVE-2001-1297 (Actionpoll PHP script before 1.1.2 allows remote attackers to
include ...)
+CVE-2001-1297 (PHP remote file inclusion vulnerability in Actionpoll PHP script
...)
 	TODO: check
 CVE-2001-1296 (More.groupware PHP script allows remote attackers to include
arbitrary ...)
 	TODO: check
@@ -37466,7 +37478,7 @@
 	TODO: check
 CVE-2001-1234 (Bharat Mediratta Gallery PHP script before 1.2.1 allows remote
...)
 	TODO: check
-CVE-2001-1231 (GroupWise 5.5 and 6 running in live remove or smart caching mode
...)
+CVE-2001-1231 (GroupWise 5.5 and 6 running in live remote or smart caching mode
...)
 	TODO: check
 CVE-2001-1227 (Zope before 2.2.4 allows partially trusted users to bypass
security ...)
 	TODO: check
@@ -37530,7 +37542,7 @@
 	TODO: check
 CVE-2001-1130 (Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers
to ...)
 	TODO: check
-CVE-2001-1121 (Cross-site scripting (CSS) vulnerability in JRun 3.0 and 2.3.3
allows ...)
+CVE-2001-1121 (DEPRECATED.  This entry has been deprecated.  It is a duplicate
of ...)
 	TODO: check
 CVE-2001-1119 (cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to
...)
 	TODO: check
@@ -37564,7 +37576,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2001-1085 (Lmail 2.7 and earlier allows local users to overwrite arbitrary
files ...)
 	TODO: check
-CVE-2001-1084 (Cross-site scripting vulnerability in Allaire JRun 3.1 and
earlier ...)
+CVE-2001-1084 (Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3
...)
 	TODO: check
 CVE-2001-1083 (Icecast 1.3.7, and other versions before 1.3.11 with HTTP server
file ...)
 	TODO: check
@@ -37856,7 +37868,7 @@
 	NOT-FOR-US: Cisco
 CVE-2001-0750 (Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a
denial ...)
 	NOT-FOR-US: Cisco
-CVE-2001-0749 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attacker
to  ...)
+CVE-2001-0749 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote
attackers to ...)
 	TODO: check
 CVE-2001-0748 (Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly
other ...)
 	NOT-FOR-US: Cisco
@@ -37966,7 +37978,7 @@
 	TODO: check
 CVE-2001-0644 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords
in ...)
 	TODO: check
-CVE-2001-0643 (A type-check flaw in Internet Explorer 5.5 does not display the
Class ...)
+CVE-2001-0643 (Internet Explorer 5.5 does not display the Class ID (CLSID) when
it is ...)
 	NOT-FOR-US: Microsoft
 CVE-2001-0641 (Buffer overflow in man program in various distributions of Linux
...)
 	TODO: check
@@ -38308,7 +38320,7 @@
 	TODO: check
 CVE-2001-0269 (pam_ldap authentication module in Solaris 8 allows remote
attackers to ...)
 	TODO: check
-CVE-2001-0268 (NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, allow local
users ...)
+CVE-2001-0268 (The i386_set_ldt system call in NetBSD 1.5 and earlier, and
OpenBSD ...)
 	TODO: check
 CVE-2001-0267 (NM debug in HP MPE/iX 6.5 and earlier does not properly handle
...)
 	TODO: check
@@ -38368,7 +38380,7 @@
 	TODO: check
 CVE-2001-0196 (inetd ident server in FreeBSD 4.x and earlier does not properly
set ...)
 	TODO: check
-CVE-2001-0195 (sash before 3.4-4 in Debian Linux does not properly clone
/etc/shadow, ...)
+CVE-2001-0195 (sash before 3.4-4 in Debian GNU/Linux does not properly clone
...)
 	TODO: check
 CVE-2001-0194 (Buffer overflow in httpGets function in CUPS 1.1.5 allows remote
...)
 	TODO: check
@@ -38524,7 +38536,7 @@
 	TODO: check
 CVE-2001-0071 (gpg (aka GnuPG) 1.0.4 and other versions does not properly
verify detached ...)
 	TODO: check
-CVE-2001-0069 (dialog before 0.9a-20000118-3bis in Debian Linux allows local
users to ...)
+CVE-2001-0069 (dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows
local ...)
 	TODO: check
 CVE-2001-0066 (Secure Locate (slocate) allows local users to corrupt memory via
a ...)
 	TODO: check
@@ -38642,7 +38654,7 @@
 	TODO: check
 CVE-2000-1181 (Real Networks RealServer 7 and earlier allows remote attackers
to ...)
 	TODO: check
-CVE-2000-1180 (Buffer overflow in cmctl program in Oracle 8.1.5 Connection
Manager Control  ...)
+CVE-2000-1180 (Buffer overflow in cmctl program in Oracle 8.1.5 Connection
Manager Control ...)
 	TODO: check
 CVE-2000-1179 (Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers
to ...)
 	TODO: check
@@ -38690,9 +38702,9 @@
 	NOT-FOR-US: Microsoft
 CVE-2000-1137 (GNU ed before 0.2-18.1 allows local users to overwrite the files
of ...)
 	TODO: check
-CVE-2000-1136 (elvis-tiny before 1.4-10 in Debian Linux, and possibly other
Linux ...)
+CVE-2000-1136 (elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other
Linux ...)
 	TODO: check
-CVE-2000-1135 (fshd (fsh daemon) in Debian Linux allows local users to
overwrite ...)
+CVE-2000-1135 (fshd (fsh daemon) in Debian GNU/Linux allows local users to
overwrite ...)
 	TODO: check
 CVE-2000-1132 (DCForum cgforum.cgi CGI script allows remote attackers to read
...)
 	TODO: check
@@ -38804,11 +38816,11 @@
 	NOT-FOR-US: Microsoft
 CVE-2000-1032 (The client authentication interface for Check Point Firewall-1
4.0 and ...)
 	TODO: check
-CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 allows a local user to
gain ...)
+CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f
through ...)
 	TODO: check
 CVE-2000-1027 (Cisco Secure PIX Firewall 5.2(2) allows remote attackers to
determine ...)
 	NOT-FOR-US: Cisco
-CVE-2000-1026 (Multiple buffer overflows in LBNL tcpdump allows remote
attackers to ...)
+CVE-2000-1026 (Multiple buffer overflows in LBNL tcpdump allow remote attackers
to ...)
 	TODO: check
 CVE-2000-1024 (eWave ServletExec 3.0C and earlier does not restrict access to
the ...)
 	TODO: check
@@ -38910,7 +38922,7 @@
 	TODO: check
 CVE-2000-0958 (HotJava Browser 3.0 allows remote attackers to access the DOM of
a web ...)
 	TODO: check
-CVE-2000-0957 (The pluggable authentication module for msql (pam_mysql) before
0.4.7 ...)
+CVE-2000-0957 (The pluggable authentication module for mysql (pam_mysql) before
0.4.7 ...)
 	TODO: check
 CVE-2000-0956 (cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly
verify ...)
 	TODO: check
@@ -39332,7 +39344,7 @@
 	TODO: check
 CVE-2000-0639 (The default configuration of Big Brother 1.4h2 and earlier does
not ...)
 	TODO: check
-CVE-2000-0638 (Big Brother 1.4h1 and earlier allows remote attackers to read
...)
+CVE-2000-0638 (bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote
attackers ...)
 	TODO: check
 CVE-2000-0637 (Microsoft Excel 97 and 2000 allows an attacker to execute
arbitrary ...)
 	NOT-FOR-US: Microsoft
@@ -39732,7 +39744,7 @@
 	TODO: check
 CVE-2000-0375 (The kernel in FreeBSD 3.2 follows symbolic links when it creates
core ...)
 	TODO: check
-CVE-2000-0374 (The default configuration of kdm in Caldera Linux allows XDMCP
...)
+CVE-2000-0374 (The default configuration of kdm in Caldera and Mandrake Linux,
and ...)
 	TODO: check
 CVE-2000-0373 (Vulnerabilities in the KDE kvt terminal program allow local
users to ...)
 	TODO: check
@@ -39746,9 +39758,9 @@
 	TODO: check
 CVE-2000-0368 (Classic Cisco IOS 9.1 and later allows attackers with access to
the ...)
 	NOT-FOR-US: Cisco
-CVE-2000-0367 (Vulnerability in eterm 0.8.8 in Debian Linux allows an attacker
to ...)
+CVE-2000-0367 (Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an
attacker to ...)
 	TODO: check
-CVE-2000-0366 (dump in Debian Linux 2.1 does not properly restore symlinks,
which ...)
+CVE-2000-0366 (dump in Debian GNU/Linux 2.1 does not properly restore symlinks,
which ...)
 	TODO: check
 CVE-2000-0363 (Linux cdwtools 093 and earlier allows local users to gain root
...)
 	TODO: check
@@ -40052,11 +40064,11 @@
 	TODO: check
 CVE-2000-0157 (NetBSD ptrace call on VAX allows local users to gain privileges
by ...)
 	TODO: check
-CVE-2000-0156 (Internet Explorer 4.x and 5.x allow a remote web server to
access ...)
+CVE-2000-0156 (Internet Explorer 4.x and 5.x allows remote web servers to
access ...)
 	NOT-FOR-US: Microsoft
 CVE-2000-0152 (Remote attackers can cause a denial of service in Novell
BorderManager ...)
 	TODO: check
-CVE-2000-0150 (Firewall-1 allows remote attackers to bypass port access
restrictions ...)
+CVE-2000-0150 (Check Point Firewall-1 allows remote attackers to bypass port
access ...)
 	TODO: check
 CVE-2000-0149 (Zeus web server allows remote attackers to view the source code
for ...)
 	TODO: check
@@ -40064,7 +40076,7 @@
 	TODO: check
 CVE-2000-0146 (The Java Server in the Novell GroupWise Web Access Enhancement
Pack ...)
 	TODO: check
-CVE-2000-0145 (The libguile.so library file used by gnucash in Debian Linux is
...)
+CVE-2000-0145 (The libguile.so library file used by gnucash in Debian GNU/Linux
is ...)
 	TODO: check
 CVE-2000-0144 (Axis 700 Network Scanner does not properly restrict access to
...)
 	TODO: check
@@ -40092,7 +40104,7 @@
 	TODO: check
 CVE-2000-0113 (The SyGate Remote Management program does not properly restrict
access ...)
 	TODO: check
-CVE-2000-0112 (The default installation of Debian Linux uses an insecure Master
Boot ...)
+CVE-2000-0112 (The default installation of Debian GNU/Linux uses an insecure
Master ...)
 	TODO: check
 CVE-2000-0111 (The RightFax web client uses predictable session numbers, which
allows ...)
 	TODO: check
@@ -40228,7 +40240,7 @@
 	TODO: check
 CVE-2000-0003 (Buffer overflow in UnixWare rtpm program allows local users to
gain ...)
 	TODO: check
-CVE-2000-0002 (Buffer overflow in ZBServer Pro allows remote attackers to
execute ...)
+CVE-2000-0002 (Buffer overflow in ZBServer Pro 1.50 allows remote attackers to
...)
 	TODO: check
 CVE-2000-0001 (RealMedia server allows remote attackers to cause a denial of
service ...)
 	TODO: check
@@ -40294,7 +40306,7 @@
 	TODO: check
 CVE-1999-1414 (IBM Netfinity Remote Control allows local users to gain
administrator ...)
 	TODO: check
-CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian Linux 2.0
adds ...)
+CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian GNU/Linux
2.0 ...)
 	TODO: check
 CVE-1999-1409 (The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows
local ...)
 	TODO: check
@@ -40419,7 +40431,7 @@
 	TODO: check
 CVE-1999-1215 (LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily
writes ...)
 	TODO: check
-CVE-1999-1214 (Vulnerability in asynchronous I/O facility in 4.4 BSD kernel
does not ...)
+CVE-1999-1214 (The asynchronous I/O facility in 4.4 BSD kernel does not check
user ...)
 	TODO: check
 CVE-1999-1209 (Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open ...)
 	TODO: check
@@ -40485,7 +40497,7 @@
 	TODO: check
 CVE-1999-1143 (Vulnerability in runtime linker program rld in SGI IRIX 6.x and
...)
 	TODO: check
-CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges in
...)
+CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges
via ...)
 	TODO: check
 CVE-1999-1140 (Buffer overflow in CrackLib 2.5 may allow local users to gain
root ...)
 	TODO: check
@@ -40658,7 +40670,7 @@
 	TODO: check
 CVE-1999-0965 (Race condition in xterm allows local users to modify arbitrary
files ...)
 	TODO: check
-CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module. ...)
+CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module allows
...)
 	TODO: check
 CVE-1999-0963 (FreeBSD mount_union command allows local users to gain root
privileges ...)
 	TODO: check
@@ -40682,7 +40694,7 @@
 	TODO: check
 CVE-1999-0953 (WWWBoard stores encrypted passwords in a password file that is
...)
 	TODO: check
-CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows
remote ...)
+CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.exe allows
remote ...)
 	TODO: check
 CVE-1999-0950 (Buffer overflow in WFTPD FTP server allows remote attackers to
gain ...)
 	TODO: check
@@ -41056,7 +41068,7 @@
 	TODO: check
 CVE-1999-0711 (The oratclsh interpreter in Oracle 8.x Intelligent Agent for
Unix ...)
 	TODO: check
-CVE-1999-0710 (The RedHat squid program installs cachemgr.cgi in a public web
...)
+CVE-1999-0710 (The Squid package in Red Hat Linux 5.2 and 6.0, and other ...)
 	{DSA-576-1}
 	- squid 2.5.7-1
 CVE-1999-0708 (Buffer overflow in cfingerd allows local users to gain root
privileges ...)
@@ -41081,7 +41093,7 @@
 	TODO: check
 CVE-1999-0697 (SCO Doctor allows local users to gain root privileges through a
Tools ...)
 	TODO: check
-CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon
(rpc.cmsd) ...)
+CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon
(rpc.cmsd). ...)
 	TODO: check
 CVE-1999-0695 (The Sybase PowerDynamo personal web server allows attackers to
...)
 	TODO: check
@@ -41115,7 +41127,7 @@
 	TODO: check
 CVE-1999-0679 (Buffer overflow in hybrid-6 IRC server commonly used on EFnet
allows ...)
 	TODO: check
-CVE-1999-0678 (A default configuration of Apache on Debian Linux sets the
ServerRoot ...)
+CVE-1999-0678 (A default configuration of Apache on Debian GNU/Linux sets the
...)
 	TODO: check
 CVE-1999-0676 (sdtcm_convert in Solaris 2.6 allows a local user to overwrite
...)
 	TODO: check
@@ -41197,7 +41209,7 @@
 	TODO: check
 CVE-1999-0457 (Linux ftpwatch program allows local users to gain root
privileges. ...)
 	TODO: check
-CVE-1999-0449 (Denial of service in IIS 4 with scripts from the ExAir sample
site. ...)
+CVE-1999-0449 (The ExAir sample site in IIS 4 allows remote attackers to cause
a ...)
 	NOT-FOR-US: Microsoft
 CVE-1999-0448 (IIS 4.0 and Apache log HTTP request methods, regardless of how
long ...)
 	NOT-FOR-US: Microsoft
@@ -41299,7 +41311,7 @@
 	TODO: check
 CVE-1999-0380 (SLMail 3.1 and 3.2 allows local users to access any file in the
NTFS ...)
 	TODO: check
-CVE-1999-0379 (Microsoft Taskpads feature allows remote web sites to execute
commands ...)
+CVE-1999-0379 (Microsoft Taskpads allows remote web sites to execute commands
on the ...)
 	NOT-FOR-US: Microsoft
 CVE-1999-0378 (InterScan VirusWall for Solaris doesn''t scan files for
viruses when ...)
 	TODO: check
@@ -41309,9 +41321,9 @@
 	TODO: check
 CVE-1999-0375 (Buffer overflow in webd in Network Flight Recorder (NFR) ...)
 	TODO: check
-CVE-1999-0374 (Debian Linux cfengine package is susceptible to a symlink
attack. ...)
+CVE-1999-0374 (Debian GNU/Linux cfengine package is susceptible to a symlink
attack. ...)
 	TODO: check
-CVE-1999-0373 (Buffer overflow in the &quot;Super&quot; utility in
Debian Linux and other ...)
+CVE-1999-0373 (Buffer overflow in the &quot;Super&quot; utility in
Debian GNU/Linux, and other ...)
 	TODO: check
 CVE-1999-0372 (The installer for BackOffice Server includes account names and
...)
 	TODO: check
@@ -41333,7 +41345,7 @@
 	TODO: check
 CVE-1999-0358 (Digital Unix 4.0 has a buffer overflow in the inc program of the
mh ...)
 	TODO: check
-CVE-1999-0357 (Denial of service in Windows systems using malformed oshare
packets. ...)
+CVE-1999-0357 (Windows 98 and other operating systems allows remote attackers
to ...)
 	TODO: check
 CVE-1999-0355 (Local or remote users can force ControlIT 4.5 to reboot or force
a ...)
 	TODO: check
@@ -41365,7 +41377,7 @@
 	NOT-FOR-US: AIX
 CVE-1999-0337 (AIX batch queue (bsh) allows local and remote users to gain
additional ...)
 	NOT-FOR-US: AIX
-CVE-1999-0335 (Buffer overflow in BSD and linux lpr command allows local users
to ...)
+CVE-1999-0335 (DEPRECATED.  This entry has been deprecated.  It is a duplicate
of ...)
 	TODO: check
 CVE-1999-0334 (In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a
local ...)
 	TODO: check
@@ -41397,9 +41409,9 @@
 	TODO: check
 CVE-1999-0315 (Buffer overflow in Solaris fdformat command gives root access to
local ...)
 	TODO: check
-CVE-1999-0314 (IRIX ioconfig program allows local users to gain root access
...)
+CVE-1999-0314 (ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local
users to ...)
 	TODO: check
-CVE-1999-0313 (IRIX disk_bandwidth program allows local users to gain root
access ...)
+CVE-1999-0313 (disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows
local ...)
 	TODO: check
 CVE-1999-0312 (HP ypbind allows attackers with root privileges to modify NIS
data. ...)
 	TODO: check
@@ -41411,7 +41423,7 @@
 	TODO: check
 CVE-1999-0308 (HP-UX gwind program allows users to modify arbitrary files. ...)
 	TODO: check
-CVE-1999-0305 (BSD sysctl control does not properly restrict source routing.
...)
+CVE-1999-0305 (The system configuration control (sysctl) facility in BSD based
...)
 	TODO: check
 CVE-1999-0304 (mmap function in BSD allows local attackers in the kmem group to
...)
 	TODO: check
@@ -41443,7 +41455,7 @@
 	TODO: check
 CVE-1999-0289 (The Apache web server for Win32 may provide access to restricted
...)
 	TODO: check
-CVE-1999-0288 (Denial of service in WINS with malformed data to port 137
(NETBIOS ...)
+CVE-1999-0288 (The WINS server in Microsoft Windows NT 4.0 before SP4 allows
remote ...)
 	TODO: check
 CVE-1999-0281 (Denial of service in IIS using long URLs. ...)
 	NOT-FOR-US: Microsoft
@@ -41465,11 +41477,11 @@
 	TODO: check
 CVE-1999-0272 (Denial of service in Slmail v2.5 through the POP3 port. ...)
 	TODO: check
-CVE-1999-0270 (pfdispaly CGI program for SGI''s Performer API Search
Tool allows read ...)
+CVE-1999-0270 (Directory traversal vulnerability in pfdispaly.cgi program
(sometimes ...)
 	TODO: check
 CVE-1999-0269 (Netscape Enterprise servers may list files through the
PageServices query. ...)
 	TODO: check
-CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload and execute
scripts. ...)
+CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload, execute, and
read ...)
 	TODO: check
 CVE-1999-0267 (Buffer overflow in NCSA HTTP daemon v1.3 allows remote command
execution. ...)
 	TODO: check
@@ -41481,7 +41493,7 @@
 	TODO: check
 CVE-1999-0263 (Solaris SUNWadmap can be exploited to obtain root access. ...)
 	TODO: check
-CVE-1999-0262 (faxsurvey CGI script on Linux allows remote command execution
via ...)
+CVE-1999-0262 (Hylafax faxsurvey CGI script on Linux allows remote attackers to
...)
 	TODO: check
 CVE-1999-0260 (The jj CGI program allows command execution via shell
metacharacters. ...)
 	TODO: check
@@ -41509,7 +41521,7 @@
 	TODO: check
 CVE-1999-0234 (Bash treats any character with a value of 255 as a command
separator. ...)
 	TODO: check
-CVE-1999-0233 (IIS allows users to execute arbitrary commands using .bat or
.cmd ...)
+CVE-1999-0233 (IIS 1.0 allows users to execute arbitrary commands using .bat or
.cmd ...)
 	NOT-FOR-US: Microsoft
 CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service.
...)
 	NOT-FOR-US: Cisco
@@ -41525,7 +41537,7 @@
 	TODO: check
 CVE-1999-0221 (Denial of service of Ascend routers through port 150 (remote
...)
 	TODO: check
-CVE-1999-0219 (Buffer overflow in Serv-U FTP server when user performs a cwd to
a ...)
+CVE-1999-0219 (Buffer overflow in FTP Serv-U 2.5 allows remote authenticated
users to ...)
 	TODO: check
 CVE-1999-0218 (Livingston portmaster machines could be rebooted via a series
...)
 	TODO: check
@@ -41557,7 +41569,7 @@
 	TODO: check
 CVE-1999-0201 (A quote cwd command on FTP servers can reveal the full path of
the ...)
 	TODO: check
-CVE-1999-0196 (The websendmail program in the Webgais program allows a remote
user to ...)
+CVE-1999-0196 (websendmail in Webgais 1.0 allows a remote user to access
arbitrary ...)
 	TODO: check
 CVE-1999-0194 (Denial of service in in.comsat allows attackers to generate
messages. ...)
 	TODO: check
@@ -41585,7 +41597,7 @@
 	TODO: check
 CVE-1999-0179 (Windows NT crashes or locks up when a Samba client executes a
&quot;cd ..&quot; ...)
 	TODO: check
-CVE-1999-0178 (The win-c-sample program in the WebSite web server has a buffer
...)
+CVE-1999-0178 (Buffer overflow in the win-c-sample program (win-c-sample.exe)
in the ...)
 	TODO: check
 CVE-1999-0177 (The uploader program in the WebSite web server allows a remote
...)
 	TODO: check
@@ -41661,7 +41673,7 @@
 	TODO: check
 CVE-1999-0133 (fm_fls license server for Adobe Framemaker allows local users to
...)
 	TODO: check
-CVE-1999-0132 (Expreserve, used in vi and ex, allows local users to overwrite
...)
+CVE-1999-0132 (Expreserve, as used in vi and ex, allows local users to
overwrite ...)
 	TODO: check
 CVE-1999-0131 (Buffer overflow and denial of service in Sendmail 8.7.5 and ...)
 	TODO: check
@@ -41691,11 +41703,11 @@
 	NOT-FOR-US: AIX
 CVE-1999-0113 (Some implementations of rlogin allow root access if given a ...)
 	TODO: check
-CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE ...)
+CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE. ...)
 	NOT-FOR-US: AIX
 CVE-1999-0111 (RIP v1 is susceptible to spoofing. ...)
 	TODO: check
-CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1 ...)
+CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1. ...)
 	TODO: check
 CVE-1999-0108 (The printers program in IRIX has a buffer overflow that gives
root ...)
 	TODO: check
@@ -41711,7 +41723,7 @@
 	TODO: check
 CVE-1999-0097 (The AIX FTP client can be forced to execute commands from a
malicious ...)
 	NOT-FOR-US: AIX
-CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files
...)
+CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files.
...)
 	TODO: check
 CVE-1999-0095 (The debug command in Sendmail is enabled, allowing attackers to
...)
 	TODO: check
@@ -41725,17 +41737,17 @@
 	NOT-FOR-US: AIX
 CVE-1999-0087 (Denial of service in AIX telnet can freeze a system and prevent
...)
 	NOT-FOR-US: AIX
-CVE-1999-0085 (rwhod buffer overflow in AIX ...)
+CVE-1999-0085 (Buffer overflow in rwhod on AIX and other operating systems
allows ...)
 	NOT-FOR-US: AIX
-CVE-1999-0084 (NFS mknod bug ...)
+CVE-1999-0084 (Certain NFS servers allow users to use mknod to gain privileges
by ...)
 	TODO: check
-CVE-1999-0083 (getcwd() file descriptor leak in FTP ...)
+CVE-1999-0083 (getcwd() file descriptor leak in FTP. ...)
 	TODO: check
 CVE-1999-0082 (CWD ~root command in ftpd allows root access. ...)
 	TODO: check
 CVE-1999-0081 (wu-ftp allows files to be overwritten via the rnfr command. ...)
 	TODO: check
-CVE-1999-0080 (wu-ftp FTP server allows root access via &quot;site
exec&quot; command. ...)
+CVE-1999-0080 (Certain configurations of wu-ftp FTP server 2.4 use a
_PATH_EXECPATH ...)
 	TODO: check
 CVE-1999-0079 (Remote attackers can cause a denial of service in FTP by issuing
...)
 	TODO: check
@@ -41751,15 +41763,15 @@
 	NOT-FOR-US: AIX
 CVE-1999-0071 (Apache httpd cookie buffer overflow for versions 1.1.1 and
earlier. ...)
 	TODO: check
-CVE-1999-0070 (test-cgi program allows an attacker to list files on the server
...)
+CVE-1999-0070 (test-cgi program allows an attacker to list files on the server.
...)
 	TODO: check
 CVE-1999-0069 (Solaris ufsrestore buffer overflow. ...)
 	TODO: check
 CVE-1999-0068 (CGI PHP mylog script allows an attacker to read any file on the
...)
 	TODO: check
-CVE-1999-0067 (CGI phf program allows remote command execution through shell
...)
+CVE-1999-0067 (phf CGI program allows remote command execution through shell
...)
 	TODO: check
-CVE-1999-0066 (AnyForm CGI remote execution ...)
+CVE-1999-0066 (AnyForm CGI remote execution. ...)
 	TODO: check
 CVE-1999-0065 (Multiple buffer overflows in how dtmail handles attachments
allows a ...)
 	TODO: check
@@ -41783,13 +41795,13 @@
 	TODO: check
 CVE-1999-0054 (Sun''s ftpd daemon can be subjected to a denial of
service. ...)
 	TODO: check
-CVE-1999-0053 (TCP RST denial of service in FreeBSD ...)
+CVE-1999-0053 (TCP RST denial of service in FreeBSD. ...)
 	TODO: check
 CVE-1999-0052 (IP fragmentation denial of service in FreeBSD allows a remote
attacker ...)
 	TODO: check
 CVE-1999-0051 (Arbitrary file creation and program execution using FLEXlm ...)
 	TODO: check
-CVE-1999-0050 (Buffer overflow in HP-UX newgrp program ...)
+CVE-1999-0050 (Buffer overflow in HP-UX newgrp program. ...)
 	TODO: check
 CVE-1999-0049 (Csetup under IRIX allows arbitrary file creation or overwriting.
...)
 	TODO: check
@@ -41799,7 +41811,7 @@
 	TODO: check
 CVE-1999-0046 (Buffer overflow of rlogin program using TERM environmental
variable. ...)
 	TODO: check
-CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script ...)
+CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script.
...)
 	TODO: check
 CVE-1999-0044 (fsdump command in IRIX allows local users to obtain root access
...)
 	TODO: check
@@ -41807,11 +41819,11 @@
 	TODO: check
 CVE-1999-0042 (Buffer overflow in University of Washington''s
implementation of ...)
 	TODO: check
-CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service) ...)
+CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service). ...)
 	TODO: check
 CVE-1999-0040 (Buffer overflow in Xt library of X Windowing System allows local
...)
 	TODO: check
-CVE-1999-0039 (Arbitrary command execution using webdist CGI program in IRIX.
...)
+CVE-1999-0039 (webdist CGI program (webdist.cgi) in SGI IRIX allows remote
attackers ...)
 	TODO: check
 CVE-1999-0038 (Buffer overflow in xlock program allows local users to execute
...)
 	TODO: check
@@ -41821,9 +41833,9 @@
 	TODO: check
 CVE-1999-0035 (Race condition in signal handling routine in ftpd, allowing
read/write ...)
 	TODO: check
-CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x ...)
+CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ...)
 	TODO: check
-CVE-1999-0032 (Buffer overflow in BSD-based lpr package allows local users to
gain ...)
+CVE-1999-0032 (Buffer overflow in lpr, as used in BSD-based systems including
Linux, ...)
 	TODO: check
 CVE-1999-0031 (JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x,
3.x and ...)
 	NOT-FOR-US: Microsoft
@@ -41851,7 +41863,7 @@
 	TODO: check
 CVE-1999-0017 (FTP servers can allow an attacker to connect to arbitrary ports
on ...)
 	TODO: check
-CVE-1999-0016 (Land IP denial of service ...)
+CVE-1999-0016 (Land IP denial of service. ...)
 	TODO: check
 CVE-1999-0014 (Unauthorized privileged access or denial of service via
dtappgather ...)
 	TODO: check
@@ -41865,9 +41877,9 @@
 	TODO: check
 CVE-1999-0009 (Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
...)
 	TODO: check
-CVE-1999-0008 (Buffer overflow in NIS+, in Sun''s rpc.nisd program ...)
+CVE-1999-0008 (Buffer overflow in NIS+, in Sun''s rpc.nisd program.
...)
 	TODO: check
-CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1 ...)
+CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1. ...)
 	TODO: check
 CVE-1999-0006 (Buffer overflow in POP servers based on BSD/Qualcomm''s
qpopper allows ...)
 	TODO: check
Secure testing commits - Nov 2006 - r4909 - data/CVE

[Secure-testing-commits] r4909 - data/CVE
