thr3ads.net - Secure testing commits - [Secure-testing-commits] r4993

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Nov-22 09:14 UTC
[Secure-testing-commits] r4993 - data/CVE

Author: joeyh
Date: 2006-11-22 09:14:21 +0100 (Wed, 22 Nov 2006)
New Revision: 4993

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-21 22:20:07 UTC (rev 4992)
+++ data/CVE/list	2006-11-22 08:14:21 UTC (rev 4993)
@@ -1,3 +1,185 @@
+CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly
other ...)
+	TODO: check
+CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and
...)
+	TODO: check
+CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and
...)
+	TODO: check
+CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for
NetGear ...)
+	TODO: check
+CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x up to 2.6.18,
and ...)
+	TODO: check
+CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other
versions, on ...)
+	TODO: check
+CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions,
when ...)
+	TODO: check
+CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link
...)
+	TODO: check
+CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local
users to ...)
+	TODO: check
+CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local
users ...)
+	TODO: check
+CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error
messages ...)
+	TODO: check
+CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in
the ...)
+	TODO: check
+CVE-2006-6050 (Multiple SQL injection vulnerabilities in ClickTech Texas
Rank''em ...)
+	TODO: check
+CVE-2006-6049 (PHP remote file inclusion vulnerability in shambo2.php in the
Shambo2 ...)
+	TODO: check
+CVE-2006-6048 (SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2,
when ...)
+	TODO: check
+CVE-2006-6047 (Directory traversal vulnerability in manager/index.php in
Etomite ...)
+	TODO: check
+CVE-2006-6046 (Multiple cross-site scripting (XSS) vulnerabilities in eggblog
3.1.0 ...)
+	TODO: check
+CVE-2006-6045 (Multiple PHP remote file inclusion vulnerabilities in Comdev One
Admin ...)
+	TODO: check
+CVE-2006-6044 (PHP remote file inclusion vulnerability in gallery_top.inc.php
in ...)
+	TODO: check
+CVE-2006-6043 (PHP file inclusion vulnerability in loginform-inc.php in Oliver
...)
+	TODO: check
+CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in
...)
+	TODO: check
+CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in WORK
system ...)
+	TODO: check
+CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-6039 (SQL injection vulnerability in matchdetail.php in
Powie''s PHP ...)
+	TODO: check
+CVE-2006-6038 (SQL injection vulnerability in editpoll.php in Powie''s
PHP Forum ...)
+	TODO: check
+CVE-2006-6037 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-6036 (SQL injection vulnerability in OpenHuman before 1.0 allows
remote ...)
+	TODO: check
+CVE-2006-6035 (Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS
4.1.3 ...)
+	TODO: check
+CVE-2006-6034 (Multiple SQL injection vulnerabilities in SitesOutlet E-commerce
Kit-1 ...)
+	TODO: check
+CVE-2006-6033 (Multiple directory traversal vulnerabilities in Simple PHP Blog
...)
+	TODO: check
+CVE-2006-6032 (Multiple cross-site scripting (XSS) vulnerabilities in Simple
PHP Blog ...)
+	TODO: check
+CVE-2006-6031 (Multiple SQL injection vulnerabilities in Greater Cincinnati
Internet ...)
+	TODO: check
+CVE-2006-6030 (Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0
allow ...)
+	TODO: check
+CVE-2006-6029 (SQL injection vulnerability in vir_Login.asp in Property Pro 1.0
...)
+	TODO: check
+CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton
Vlasov ...)
+	TODO: check
+CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows
remote ...)
+	TODO: check
+CVE-2006-6026 (Heap-based buffer overflow in Helix DNA Server 11.0 and 11.1 has
...)
+	TODO: check
+CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a
...)
+	TODO: check
+CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly
Worldmail 3 ...)
+	TODO: check
+CVE-2006-6023 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in
...)
+	TODO: check
+CVE-2006-6021 (SQL injection vulnerability in the login component in BestWebApp
...)
+	TODO: check
+CVE-2006-6020 (Cross-site scripting (XSS) vulnerability in announce.php in Blog
...)
+	TODO: check
+CVE-2006-6019 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2006-6018 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-6017 (WordPress before 2.0.5 does not properly store a profile
containing a ...)
+	TODO: check
+CVE-2006-6016 (wp-admin/user-edit.php in WordPress before 2.0.5 allows remote
...)
+	TODO: check
+CVE-2006-6015 (Buffer overflow in the JavaScript implementation in Safari on
Apple ...)
+	TODO: check
+CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly
perform ...)
+	TODO: check
+CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in
the ...)
+	TODO: check
+CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp
in ...)
+	TODO: check
+CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before
6.40 ...)
+	TODO: check
+CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive ...)
+	TODO: check
+CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE)
Swing ...)
+	TODO: check
+CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other
versions, ...)
+	TODO: check
+CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration
Template) 2.0 ...)
+	TODO: check
+CVE-2006-6006
+	RESERVED
+CVE-2006-6005
+	RESERVED
+CVE-2006-6004
+	RESERVED
+CVE-2006-6003
+	RESERVED
+CVE-2006-6002
+	RESERVED
+CVE-2006-6001
+	RESERVED
+CVE-2006-6000
+	RESERVED
+CVE-2006-5999
+	RESERVED
+CVE-2006-5998
+	RESERVED
+CVE-2006-5997
+	RESERVED
+CVE-2006-5996
+	RESERVED
+CVE-2006-5995
+	RESERVED
+CVE-2006-5994
+	RESERVED
+CVE-2006-5993
+	RESERVED
+CVE-2006-5992
+	RESERVED
+CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts
CactuShop ...)
+	TODO: check
+CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build
33643) and ...)
+	TODO: check
+CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb
5.0 ...)
+	TODO: check
+CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4
running ...)
+	TODO: check
+CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet 2.1
allows ...)
+	TODO: check
+CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does
not ...)
+	TODO: check
+CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web
...)
+	TODO: check
+CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC
Software ...)
+	TODO: check
+CVE-2006-5982 (Selenium Server 1.0, and possibly earlier, stores user passwords
in ...)
+	TODO: check
+CVE-2006-5981 (Multiple directory traversal vulnerabilities in Selenium Server
1.0, ...)
+	TODO: check
+CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and
possibly ...)
+	TODO: check
+CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses
insecure ...)
+	TODO: check
+CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown
...)
+	TODO: check
+CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow
remote ...)
+	TODO: check
+CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in
BlogMe ...)
+	TODO: check
+CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in
comments.asp in ...)
+	TODO: check
+CVE-2006-5974
+	RESERVED
+CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through
1.0.rc14, and ...)
+	TODO: check
+CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6
before ...)
+	TODO: check
 CVE-2006-XXXX [dovecot off-by-one]
 	- dovecot 1.0.rc15-1
 	[sarge] - dovecot <not-affected> (Vulnerable code not present)
@@ -222,8 +404,7 @@
 	RESERVED
 CVE-2006-5869
 	RESERVED
-CVE-2006-5868
-	RESERVED
+CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and
6.2 ...)
 	{DSA-1213}
 CVE-2006-5867
 	RESERVED
@@ -331,7 +512,7 @@
 	NOT-FOR-US: Parallels
 CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry
Sheiko ...)
 	NOT-FOR-US: Business Card Web Builder
-CVE-2006-5815 (Unspecified vulnerability in ProFTPD allows remote attackers to
...)
+CVE-2006-5815 (Buffer overflow in ProFTPD 1.3.0 and earlier, when configured to
use ...)
 	{DSA-1218}
 	- proftpd-dfsg 1.3.0-13 (bug #399070) 
 	- proftpd <removed>
@@ -411,7 +592,7 @@
 	NOT-FOR-US: iodine
 CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server
5.2 ...)
 	NOT-FOR-US: XLink Omni-NFS
-CVE-2006-5779 (Unspecified vulnerability in the openldap-2.2.29-1 package of
OpenLDAP ...)
+CVE-2006-5779 (OpenLDAP 2.2.29 and earlier allows remote attackers to cause a
denial ...)
 	- openldap2.2 <unfixed> (bug #397673)
 	- openldap2.3 2.3.29-1
 CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote
attackers to ...)
@@ -1905,7 +2086,7 @@
 	NOT-FOR-US: HP-UX Samba
 CVE-2006-5090 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix
...)
 	NOT-FOR-US: Phoenix Evolution CMS (PECMS)
-CVE-2006-5089 (PHP remote file inclusion vulnerability in mybic_server.php in
My-BIC ...)
+CVE-2006-5089 (** DISPUTED ** ...)
 	NOT-FOR-US: My-BIC
 CVE-2006-5088 (PHP remote file inclusion vulnerability in
connected_users.lib.php3 in ...)
 	NOT-FOR-US: phpMyChat
@@ -2513,7 +2694,6 @@
 CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity
Manager ...)
 	NOT-FOR-US: Novell Identity Manager
 CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service
in ...)
-	{DSA-1216}
 	NOT-FOR-US: Symantec
 CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and
...)
 	NOT-FOR-US: Roxio Toast
@@ -4593,8 +4773,8 @@
 	RESERVED
 CVE-2006-3891
 	RESERVED
-CVE-2006-3890
-	RESERVED
+CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX
...)
+	TODO: check
 CVE-2006-3889
 	RESERVED
 CVE-2006-3888 (Buffer overflow in AOL You''ve Got Pictures (YGP) Pic
Downloader ...)
@@ -8116,6 +8296,7 @@
 	{DSA-857-1}
 	- graphviz 2.2.1-1sarge1 (bug #336985; low) 
 CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite
files and ...)
+	{DSA-1216}
 	- flexbackup 1.2.1-3 (bug #334350; low)
 CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Yet ...)
 	NOT-FOR-US: YaPIG
Secure testing commits - Nov 2006 - r4993 - data/CVE

[Secure-testing-commits] r4993 - data/CVE
