thr3ads.net - Secure testing commits - [Secure-testing-commits] r4972

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Nov-18 09:14 UTC
[Secure-testing-commits] r4972 - data/CVE

Author: joeyh
Date: 2006-11-18 09:14:20 +0100 (Sat, 18 Nov 2006)
New Revision: 4972

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-16 18:13:25 UTC (rev 4971)
+++ data/CVE/list	2006-11-18 08:14:20 UTC (rev 4972)
@@ -1,3 +1,181 @@
+CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2
wireless ...)
+	TODO: check
+CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in
Verity ...)
+	TODO: check
+CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain
...)
+	TODO: check
+CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in
fvwm ...)
+	TODO: check
+CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other
versions, ...)
+	TODO: check
+CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions
before ...)
+	TODO: check
+CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01,
allows ...)
+	TODO: check
+CVE-2006-5965
+	RESERVED
+CVE-2006-5964
+	RESERVED
+CVE-2006-5963
+	RESERVED
+CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart
allow ...)
+	TODO: check
+CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for
Windows has ...)
+	TODO: check
+CVE-2006-5960 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-5959 (SQL injection vulnerability in browse.asp in A+ Store E-Commerce
...)
+	TODO: check
+CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in
INFINICART ...)
+	TODO: check
+CVE-2006-5957 (Multiple SQL injection vulnerabilities in INFINICART allow
remote ...)
+	TODO: check
+CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2)
...)
+	TODO: check
+CVE-2006-5955 (SQL injection vulnerability in listings.asp in 20/20 DataShed
(aka ...)
+	TODO: check
+CVE-2006-5954 (SQL injection vulnerability in page.asp in NetVIOS 2.0 and
earlier ...)
+	TODO: check
+CVE-2006-5953 (SQL injection vulnerability in viewcart.asp in Evolve shopping
cart ...)
+	TODO: check
+CVE-2006-5952 (SQL injection vulnerability in admin/default.asp in ASP Smiley
1.0 ...)
+	TODO: check
+CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in
Exophpdesk 1.2 ...)
+	TODO: check
+CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta
1, and ...)
+	TODO: check
+CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server
4.1 beta ...)
+	TODO: check
+CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php
in ...)
+	TODO: check
+CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP
Server ...)
+	TODO: check
+CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in
FunkyASP ...)
+	TODO: check
+CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site
Manager ...)
+	TODO: check
+CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp
in ...)
+	TODO: check
+CVE-2006-5943 (Multiple SQL injection vulnerabilities in
inventory/display/imager.asp ...)
+	TODO: check
+CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2006-5941
+	RESERVED
+CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before
7.1.407 has ...)
+	TODO: check
+CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to
cause ...)
+	TODO: check
+CVE-2006-5938 (Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and
remote ...)
+	TODO: check
+CVE-2006-5937 (Multiple integer overflows in Grisoft AVG Anti-Virus before
7.1.407 ...)
+	TODO: check
+CVE-2006-5936 (SQL injection vulnerability in dept.asp in SiteXpress E-Commerce
...)
+	TODO: check
+CVE-2006-5935 (SQL injection vulnerability in index.php in ShopSystems 4.0 and
...)
+	TODO: check
+CVE-2006-5934 (SQL injection vulnerability in admin/default.asp in Estate Agent
...)
+	TODO: check
+CVE-2006-5933 (SQL injection vulnerability in update.asp in UltraSite 1.0
allows ...)
+	TODO: check
+CVE-2006-5932 (Kahua before 0.7, when running multiple applications under a
single ...)
+	TODO: check
+CVE-2006-5931 (Multiple PHP remote file inclusion vulnerabilities in Aigaion
Web ...)
+	TODO: check
+CVE-2006-5930 (Multiple PHP remote file inclusion vulnerabilities in Aigaion
Web ...)
+	TODO: check
+CVE-2006-5929 (PHP remote file inclusion vulnerability in firepjs.php in ...)
+	TODO: check
+CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in
Phpjobscheduler ...)
+	TODO: check
+CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy
Portal ...)
+	TODO: check
+CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru
before ...)
+	TODO: check
+CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient
installed ...)
+	TODO: check
+CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in
Efficient IP ...)
+	TODO: check
+CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris
Mac ...)
+	TODO: check
+CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain
...)
+	TODO: check
+CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in
add_comment.php ...)
+	TODO: check
+CVE-2006-5920 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5919 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP
Rapid ...)
+	TODO: check
+CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article
Manager ...)
+	TODO: check
+CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to
bypass ...)
+	TODO: check
+CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in
...)
+	TODO: check
+CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows
...)
+	TODO: check
+CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1)
cause a ...)
+	TODO: check
+CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has
...)
+	TODO: check
+CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware
...)
+	TODO: check
+CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware
...)
+	TODO: check
+CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And
Research ...)
+	TODO: check
+CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user
function in ...)
+	TODO: check
+CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php
in ...)
+	TODO: check
+CVE-2006-5906 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the
database ...)
+	TODO: check
+CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro
7.0 ...)
+	TODO: check
+CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to
...)
+	TODO: check
+CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to
perform ...)
+	TODO: check
+CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP
...)
+	TODO: check
+CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the ...)
+	TODO: check
+CVE-2006-5899 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-5898 (Directory traversal vulnerability in
localization/languages.lib.php3 ...)
+	TODO: check
+CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus
1.9 and ...)
+	TODO: check
+CVE-2006-5896
+	RESERVED
+CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in
EncapsCMS ...)
+	TODO: check
+CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68
and ...)
+	TODO: check
+CVE-2006-5893 (Multiple PHP remote file inclusion vulnerabilities in iWonder
Designs ...)
+	TODO: check
+CVE-2006-5892 (SQL injection vulnerability in MoreInfo.asp in The Net Guys ...)
+	TODO: check
+CVE-2006-5891 (SQL injection vulnerability in detail.asp in Superfreaker
Studios ...)
+	TODO: check
+CVE-2006-5890 (SQL injection vulnerability in detail.asp in Superfreaker
Studios ...)
+	TODO: check
+CVE-2006-5889 (SQL injection vulnerability in printLog.php in BrewBlogger (BB)
1.3.1 ...)
+	TODO: check
+CVE-2006-5888 (SQL injection vulnerability in viewarticle.asp in Superfreaker
Studios ...)
+	TODO: check
+CVE-2006-5887 (SQL injection vulnerability in CampusNewsDetails.asp in Dynamic
...)
+	TODO: check
+CVE-2006-5886 (SQL injection vulnerability in propertysdetails.asp in Dynamic
...)
+	TODO: check
+CVE-2006-5885 (SQL injection vulnerability in Products.asp in NuStore 1.0
allows ...)
+	TODO: check
+CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm
2.5.x ...)
+	TODO: check
 CVE-2006-XXXX [chetcpasswd multiple vulnerabilities]
 	- chetcpasswd <unfixed> (bug #394454)
 	NOTE: I''ve filed a removal bug, this doesn''t have a security
perspective
@@ -131,8 +309,8 @@
 	TODO: check
 CVE-2006-5820
 	RESERVED
-CVE-2006-5819
-	RESERVED
+CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the
server ...)
+	TODO: check
 CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c
for GNU ...)
 	- gv 1:3.6.2-2 (medium; bug #398292)
 CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x
before ...)
@@ -188,8 +366,8 @@
 CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation
Monitor in ...)
 	- openssh <unfixed> (unimportant)
 	NOTE: Not a direct vulnerability
-CVE-2006-5793
-	RESERVED
+CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c)
in ...)
+	TODO: check
 CVE-2006-XXXX [obexpushd arbitrary command execution]
 	- obexpushd 0.4+svn10-1 (bug #397297; medium)
 CVE-2006-XXXX [motion insecure tempfile creation]
@@ -2558,7 +2736,7 @@
 	NOT-FOR-US: Microsoft Word
 CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager
...)
 	NOT-FOR-US: Microsoft Word
-CVE-2006-4691 (Buffer overflow in the Workstation service in Microsoft Windows
2000 ...)
+CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function
in ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-4690
 	RESERVED
@@ -2821,7 +2999,7 @@
 CVE-2006-4573 (Multiple unspecified vulnerabilities in the &quot;utf8
combining characters ...)
 	{DSA-1202-1}
 	- screen 4.0.3-0.1 (bug #395225; medium)
-CVE-2006-4572 (Multiple unspecified vulnerabilities in netfilter for IPv6 code
in ...)
+CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31
allows ...)
 	TODO: check
 CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7,
...)
 	{DSA-1210 DSA-1192-1 DSA-1191-1}
@@ -3221,8 +3399,8 @@
 	RESERVED
 CVE-2006-4414
 	RESERVED
-CVE-2006-4413
-	RESERVED
+CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for
certain ...)
+	TODO: check
 CVE-2006-4412
 	RESERVED
 CVE-2006-4411
@@ -23735,7 +23913,7 @@
 	NOT-FOR-US: phpbb attachment mod
 CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro
allows ...)
 	NOT-FOR-US: Photopost
-CVE-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary
commands ...)
+CVE-2005-1628 (apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions,
allows ...)
 	NOT-FOR-US: WebAPP
 CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to
&quot;a ...)
 	- viewglob 2.0.1-1
Secure testing commits - Nov 2006 - r4972 - data/CVE

[Secure-testing-commits] r4972 - data/CVE
