thr3ads.net - Secure testing commits - [Secure-testing-commits] r5010

If this information is useful, please help other people find it:
Share via:
Joey Hess
2006-Nov-27 09:14 UTC
[Secure-testing-commits] r5010 - data/CVE

Author: joeyh
Date: 2006-11-27 09:14:16 +0100 (Mon, 27 Nov 2006)
New Revision: 5010

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-11-26 07:21:32 UTC (rev 5009)
+++ data/CVE/list	2006-11-27 08:14:16 UTC (rev 5010)
@@ -1,3 +1,137 @@
+CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X
allows ...)
+	TODO: check
+CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly
other ...)
+	TODO: check
+CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of
service ...)
+	TODO: check
+CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service
(memory ...)
+	TODO: check
+CVE-2006-6125 (Heap-based buffer overflow in the wireless driver (WG311ND5.SYS)
...)
+	TODO: check
+CVE-2006-6124 (Cross-site scripting (XSS) vulnerability in SeleniumServer Web
Server ...)
+	TODO: check
+CVE-2006-6123 (Coppermine Photo Gallery (CPG) 1.4.8 stable, with
register_globals ...)
+	TODO: check
+CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified
impact ...)
+	TODO: check
+CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote
attackers ...)
+	TODO: check
+CVE-2006-6120
+	RESERVED
+CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CVE-2006-6118 (Cross-site scripting (XSS) vulnerability in thumbs.php in
mmgallery ...)
+	TODO: check
+CVE-2006-6117 (SQL injection vulnerability in index1.asp in fipsGallery 1.5 and
...)
+	TODO: check
+CVE-2006-6116 (SQL injection vulnerability in default2.asp in fipsForum 2.6 and
...)
+	TODO: check
+CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and
earlier ...)
+	TODO: check
+CVE-2006-6114 (Buffer overflow in NWSPOOL.DLL in Novell Client 4.91 Post-SP3
for ...)
+	TODO: check
+CVE-2006-6113
+	RESERVED
+CVE-2006-6112
+	RESERVED
+CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro
2.0 ...)
+	TODO: check
+CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified
BPG-InfoTech ...)
+	TODO: check
+CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store
3.5.2.14 ...)
+	TODO: check
+CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before
1.0.1a-beta ...)
+	TODO: check
+CVE-2006-6107
+	RESERVED
+CVE-2006-6106
+	RESERVED
+CVE-2006-6105
+	RESERVED
+CVE-2006-6104
+	RESERVED
+CVE-2006-6103
+	RESERVED
+CVE-2006-6102
+	RESERVED
+CVE-2006-6101
+	RESERVED
+CVE-2006-6100
+	RESERVED
+CVE-2006-6099
+	RESERVED
+CVE-2006-6098
+	RESERVED
+CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows
...)
+	TODO: check
+CVE-2006-6096 (Cross-site scripting (XSS) vulnerability in
activenews_search.asp in ...)
+	TODO: check
+CVE-2006-6095 (Multiple SQL injection vulnerabilities in ActiveNews Manager
allow ...)
+	TODO: check
+CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager
allow ...)
+	TODO: check
+CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in
adminprint.php ...)
+	TODO: check
+CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in
20/20 ...)
+	TODO: check
+CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB
before ...)
+	TODO: check
+CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow
remote ...)
+	TODO: check
+CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in
addpost1.asp in ...)
+	TODO: check
+CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in
BlueCollar ...)
+	TODO: check
+CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my
little ...)
+	TODO: check
+CVE-2006-6086 (PHP remote file inclusion vulnerability in ark_inc.php in e-Ark
1.0 ...)
+	TODO: check
+CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same
permissions ...)
+	TODO: check
+CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in
aBitWhizzy ...)
+	TODO: check
+CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts
Creadirectory ...)
+	TODO: check
+CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in
CreaScripts ...)
+	TODO: check
+CVE-2006-6081 (PHP remote file inclusion vulnerability in
Smarty_Compiler.class.php ...)
+	TODO: check
+CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in
gNews ...)
+	TODO: check
+CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth
2.4 ...)
+	TODO: check
+CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in
a-ConMan ...)
+	TODO: check
+CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and
...)
+	TODO: check
+CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in Computer
...)
+	TODO: check
+CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in
BaalAsp ...)
+	TODO: check
+CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping
Cart ...)
+	TODO: check
+CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping
Cart ...)
+	TODO: check
+CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...)
+	TODO: check
+CVE-2006-6071
+	RESERVED
+CVE-2006-6070 (SQL injection vulnerability in
module/account/register/register.asp in ...)
+	TODO: check
+CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2006-6068 (Directory traversal vulnerability in the cached_album function
in ...)
+	TODO: check
+CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka
Real ...)
+	TODO: check
+CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar /
Events ...)
+	TODO: check
+CVE-2006-6065 (PHP remote file inclusion vulnerability in
includes/mx_common.php in ...)
+	TODO: check
+CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter
(MPI) in ...)
+	TODO: check
+CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and
earlier ...)
+	TODO: check
 CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly
other ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and
...)
@@ -150,7 +284,7 @@
 	- libapache-mod-auth-kerb 5.3-1 (low)
 CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4
running ...)
 	NOT-FOR-US: Windows
-CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet 2.1
allows ...)
+CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet,
possibly ...)
 	NOT-FOR-US: ASPintranet
 CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does
not ...)
 	NOT-FOR-US: Extreme CMS
@@ -160,9 +294,9 @@
 	NOT-FOR-US: Helm Hosting Control Panel
 CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC
Software ...)
 	NOT-FOR-US: DirectAdmin
-CVE-2006-5982 (Selenium Server 1.0, and possibly earlier, stores user passwords
in ...)
+CVE-2006-5982 (SeleniumServer FTP Server 1.0, and possibly earlier, stores user
...)
 	NOT-FOR-US: Selenium Server
-CVE-2006-5981 (Multiple directory traversal vulnerabilities in Selenium Server
1.0, ...)
+CVE-2006-5981 (Multiple directory traversal vulnerabilities in SeleniumServer
FTP ...)
 	NOT-FOR-US: Selenium Server
 CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and
possibly ...)
 	NOT-FOR-US: NetJetServer
@@ -202,8 +336,8 @@
 	NOT-FOR-US: Panda ActiveScan
 CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01,
allows ...)
 	NOT-FOR-US: Panda ActiveScan
-CVE-2006-5965
-	RESERVED
+CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses
insecure ...)
+	TODO: check
 CVE-2006-5964
 	RESERVED
 CVE-2006-5963
@@ -250,8 +384,8 @@
 	TODO: check
 CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
 	TODO: check
-CVE-2006-5941
-	RESERVED
+CVE-2006-5941 (snmpd in (1) the SUNWsmagt package in Solaris 10 before 20061122
and ...)
+	TODO: check
 CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before
7.1.407 has ...)
 	NOT-FOR-US: Grisoft AVG Anti-Virus
 CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to
cause ...)
@@ -402,8 +536,8 @@
 	RESERVED
 CVE-2006-5870
 	RESERVED
-CVE-2006-5869
-	RESERVED
+CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute
...)
+	TODO: check
 CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and
6.2 ...)
 	{DSA-1213}
 	- imagemagick 7:6.2.4.5.dfsg1-0.11
@@ -593,7 +727,7 @@
 	NOT-FOR-US: iodine
 CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server
5.2 ...)
 	NOT-FOR-US: XLink Omni-NFS
-CVE-2006-5779 (OpenLDAP 2.2.29 and earlier allows remote attackers to cause a
denial ...)
+CVE-2006-5779 (OpenLDAP before 2.3.29 allows remote attackers to cause a denial
of ...)
 	- openldap2.2 <unfixed> (bug #397673)
 	- openldap2.3 2.3.29-1
 CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote
attackers to ...)
@@ -4598,8 +4732,8 @@
 	NOT-FOR-US: CA eTrust Antivirus WebScan
 CVE-2006-3974
 	RESERVED
-CVE-2006-3973
-	RESERVED
+CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe
is ...)
+	TODO: check
 CVE-2006-3972 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: Ajax Chat
 CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
Secure testing commits - Nov 2006 - r5010 - data/CVE

[Secure-testing-commits] r5010 - data/CVE
