Secure testing commits - Dec 2006 - r5058 - data/CVE

Author: joeyh
Date: 2006-12-04 09:14:14 +0100 (Mon, 04 Dec 2006)
New Revision: 5058

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-12-03 22:27:35 UTC (rev 5057)
+++ data/CVE/list	2006-12-04 08:14:14 UTC (rev 5058)
@@ -1,3 +1,197 @@
+CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers
to ...)
+	TODO: check
+CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in
Simple PHP ...)
+	TODO: check
+CVE-2006-6271 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL
0.96 ...)
+	TODO: check
+CVE-2006-6270 (Multiple SQL injection vulnerabilities in ASPMForum allow remote
...)
+	TODO: check
+CVE-2006-6269 (Multiple SQL injection vulnerabilities in Infinitytechs
Restaurants CM ...)
+	TODO: check
+CVE-2006-6268 (SQL injection vulnerability in
system/core/profile/profile.inc.php in ...)
+	TODO: check
+CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote
attackers ...)
+	TODO: check
+CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3,
start ...)
+	TODO: check
+CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow
remote ...)
+	TODO: check
+CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming
source ...)
+	TODO: check
+CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a
Routing ...)
+	TODO: check
+CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard
(aka ...)
+	TODO: check
+CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier
allows ...)
+	TODO: check
+CVE-2006-6260 (SQL injection vulnerability in login.asp in Redbinaria Sistema
...)
+	TODO: check
+CVE-2006-6259 (Multiple directory traversal vulnerabilities in (a) ...)
+	TODO: check
+CVE-2006-6258 (The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits
the ...)
+	TODO: check
+CVE-2006-6257 (The file manager in AlternC 0.9.5 and earlier, when warnings are
...)
+	TODO: check
+CVE-2006-6256 (Cross-site scripting (XSS) vulnerability in the file manager in
...)
+	TODO: check
+CVE-2006-6255 (Direct static code injection vulnerability in util.php in the
NukeAI ...)
+	TODO: check
+CVE-2006-6254 (administration/telecharger.php in Cahier de texte 2.0 allows
remote ...)
+	TODO: check
+CVE-2006-6253 (Cahier de texte 2.0 stores sensitive information under the web
root, ...)
+	TODO: check
+CVE-2006-6252 (Microsoft Windows Live Messenger 8.0 and earlier, when gestual
...)
+	TODO: check
+CVE-2006-6251 (Stack-based buffer overflow in VUPlayer 2.44 and earlier allows
remote ...)
+	TODO: check
+CVE-2006-6250 (Format string vulnerability in Songbird Media Player 0.2 and
earlier ...)
+	TODO: check
+CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and
...)
+	TODO: check
+CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication
UPhotoGallery ...)
+	TODO: check
+CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the
...)
+	TODO: check
+CVE-2006-6245 (Multiple SQL injection vulnerabilities in Photo Organizer (PO)
2.32b ...)
+	TODO: check
+CVE-2006-6244 (Coalescent Systems freePBX (formerly Asterisk Management Portal)
...)
+	TODO: check
+CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP
allow ...)
+	TODO: check
+CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity
1.0.3 and ...)
+	TODO: check
+CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated
users to ...)
+	TODO: check
+CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP
Server 1.0 ...)
+	TODO: check
+CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Profession 2.32 and
Enterprise 2.32 ...)
+	TODO: check
+CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly
verify ...)
+	TODO: check
+CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in
...)
+	TODO: check
+CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows
remote ...)
+	TODO: check
+CVE-2006-6235
+	RESERVED
+CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in
...)
+	TODO: check
+CVE-2006-6233 (SQL injection vulnerability in the Downloads module for unknown
...)
+	TODO: check
+CVE-2006-6232 (PHP remote file inclusion vulnerability in admin/index.php in
...)
+	TODO: check
+CVE-2006-6231 (vuBB 0.2.1 and earlier allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2006-6230 (SQL injection vulnerability in vuBB 0.2.1 and earlier allows
remote ...)
+	TODO: check
+CVE-2006-6229 (Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1
logs ...)
+	TODO: check
+CVE-2006-6228 (Cross-site scripting (XSS) vulnerability in Codewalkers
ltwCalendar ...)
+	TODO: check
+CVE-2006-6227 (The Core::Receive function in neonet/core.cpp for NeoEngine
0.8.2 and ...)
+	TODO: check
+CVE-2006-6226 (Multiple format string vulnerabilities in NeoEngine 0.8.2 and
earlier, ...)
+	TODO: check
+CVE-2006-6225 (Multiple PHP remote file inclusion vulnerabilities in GeekLog
1.4 ...)
+	TODO: check
+CVE-2006-6224 (PHP remote file inclusion vulnerability in the installation
scripts in ...)
+	TODO: check
+CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search
Appliance ...)
+	TODO: check
+CVE-2006-6222
+	RESERVED
+CVE-2006-6221
+	RESERVED
+CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website
(Recipes ...)
+	TODO: check
+CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2006-6218 (Multiple SQL injection vulnerabilities in index.php in dev4u CMS
allow ...)
+	TODO: check
+CVE-2006-6217 (PHP remote file inclusion vulnerability in formdisp.php in the
Mermaid ...)
+	TODO: check
+CVE-2006-6216 (SQL injection vulnerability in admin_hacks_list.php in the
Nivisec ...)
+	TODO: check
+CVE-2006-6215 (Multiple SQL injection vulnerabilities in Wallpaper Website
(Wallpaper ...)
+	TODO: check
+CVE-2006-6214 (SQL injection vulnerability in wallpaper.php in Wallpaper
Website ...)
+	TODO: check
+CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite
critical ...)
+	TODO: check
+CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site
News ...)
+	TODO: check
+CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog
1.4.0 ...)
+	TODO: check
+CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0
allows ...)
+	TODO: check
+CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping
Cart ...)
+	TODO: check
+CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb
eClassifieds ...)
+	TODO: check
+CVE-2006-6207 (SQL injection vulnerability in products.asp in Evolve shopping
cart ...)
+	TODO: check
+CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General
Shopping ...)
+	TODO: check
+CVE-2006-6205 (Multiple cross-site scripting (XSS) vulnerabilities in
result.asp in ...)
+	TODO: check
+CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes
allow ...)
+	TODO: check
+CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the
Flyspray ME ...)
+	TODO: check
+CVE-2006-6202 (PHP remote file inclusion vulnerability in
modules/NukeAI/util.php in ...)
+	TODO: check
+CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as
used by ...)
+	TODO: check
+CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article
and (2) ...)
+	TODO: check
+CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and
...)
+	TODO: check
+CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel
WebHost ...)
+	TODO: check
+CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in
b2evolution ...)
+	TODO: check
+CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search
functionality ...)
+	TODO: check
+CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image
Gallery ...)
+	TODO: check
+CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate
Survey ...)
+	TODO: check
+CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and
earlier ...)
+	TODO: check
+CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net
SimpleBlog ...)
+	TODO: check
+CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net
simpleblog ...)
+	TODO: check
+CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before
0.30 ...)
+	TODO: check
+CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech
Click ...)
+	TODO: check
+CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in
...)
+	TODO: check
+CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click
Gallery ...)
+	TODO: check
+CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0
allow ...)
+	TODO: check
+CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP
Gallery ...)
+	TODO: check
+CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP
Server ...)
+	TODO: check
+CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1,
and ...)
+	TODO: check
+CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop
...)
+	TODO: check
+CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in
ClickTech ...)
+	TODO: check
+CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...)
+	TODO: check
+CVE-2006-6179 (Buffer overflow in ...)
+	TODO: check
+CVE-2006-6178 (Buffer overflow in
PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for ...)
+	TODO: check
+CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount
...)
+	TODO: check
 CVE-2006-XXXX [libxslt segfault / DoS]
 	- libxslt 1.1.18-3 (low)
 	[sarge] - libxslt <not-affected> (vulnerability added later)
@@ -103,7 +297,7 @@
 	NOT-FOR-US: Kerio WebSTAR
 CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of
...)
 	NOTE: NOT-FOR-US (Apple Mac OS X)
-CVE-2006-6169 (Buffer overflow in the ask_outfile_name function in openfile.c
for ...)
+CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in
...)
 	- gnupg 1.4.5-3 (medium)
 	- gnupg2 <unfixed> (medium; bug #400777)
 CVE-2006-XXXX [several security issues in phpmyadmin]
@@ -131,8 +325,7 @@
 	- tin 1:1.8.2-1
 CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote
attackers ...)
 	NOT-FOR-US: Acer
-CVE-2006-6120 [KOffice PowerPoint Files Integer Overflow Vulnerability]
-	RESERVED
+CVE-2006-6120 (Integer overflow in the KPresenter import filter for Microsoft
...)
 	- koffice 1:1.6.1-1 (bug #401230; medium)
 CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive
information ...)
 	NOT-FOR-US: mmgallery
@@ -233,8 +426,7 @@
 	NOT-FOR-US: Enthrallweb eShopping Cart
 CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...)
 	NOT-FOR-US: BPG-InfoTech Easy Publisher
-CVE-2006-6071 [TWiki Authentication Bypass Vulnerability]
-	RESERVED
+CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using
...)
 	- twiki 1:4.0.5-2 (bug #401303)
 CVE-2006-6070 (SQL injection vulnerability in
module/account/register/register.asp in ...)
 	NOT-FOR-US: ASP Nuke
@@ -688,8 +880,8 @@
 	RESERVED
 CVE-2006-5855
 	RESERVED
-CVE-2006-5854
-	RESERVED
+CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll)
in ...)
+	TODO: check
 CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in
Immediacy ...)
 	NOT-FOR-US: Immediacy CMS
 CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL
before ...)
@@ -904,10 +1096,9 @@
 	RESERVED
 CVE-2006-5752
 	RESERVED
-CVE-2006-5751 [Linux Kernel "get_fdb_entries()" Integer Overflow
Vulnerability]
-	RESERVED
+CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
 	- linux-2.6 <unfixed> (medium)
-CVE-2006-5750 (Directory traversal vulnerability in JBoss Application Server
...)
+CVE-2006-5750 (Directory traversal vulnerability in the
DeploymentFileRepository ...)
 	NOT-FOR-US: JBoss
 CVE-2006-5749
 	RESERVED
@@ -2060,7 +2251,7 @@
 	NOT-FOR-US: User Viewed Posts Tracker module for phpBB
 CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension
of ...)
 	NOT-FOR-US: Dimension of phpBB
-CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de textes 2.0
allow ...)
+CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de texte 2.0
allow ...)
 	NOT-FOR-US: Cahier de textes
 CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep
1.1.9, ...)
 	NOT-FOR-US: WebYep
@@ -3625,8 +3816,7 @@
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-4515
 	RESERVED
-CVE-2006-4514 [unspecified libgsf security issue (IDEF1622)]
-	RESERVED
+CVE-2006-4514 (Heap-based buffer overflow in the ole_info_read_metabat function
in ...)
 	{DSA-1221-1}
 	- libgsf 1.14.2-1
 CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly
...)
@@ -6528,7 +6718,8 @@
 	NOT-FOR-US: Windows Live Messenger
 CVE-2006-3249 (** DISPUTED ** ...)
 	NOT-FOR-US: Phorum
-CVE-2006-3248 (SQL injection vulnerability in calendar.php in Codewalkers PHP
Event ...)
+CVE-2006-3248
+	REJECTED
 	NOT-FOR-US: PHP Event Calendar
 CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php
in ...)
 	NOT-FOR-US: GL-SH Deaf Forum
@@ -7816,7 +8007,7 @@
 	NOT-FOR-US: DGNews
 CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload
Pro ...)
 	NOT-FOR-US: EzUpload
-CVE-2006-2693 (Directory traversal vulnerability in admin_hacks_list.php in
Nivisec ...)
+CVE-2006-2693 (Directory traversal vulnerability in admin/admin_hacks_list.php
in ...)
 	NOT-FOR-US: Nivisec
 CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule
before ...)
 	- amule 2.1.2-1 (medium)
@@ -8668,7 +8859,7 @@
 	NOT-FOR-US: Ideal Science
 CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly
...)
 	NOT-FOR-US: Intel Windows software
-CVE-2006-2315 (PHP remote file inclusion vulnerability in session.inc.php in
...)
+CVE-2006-2315 (** DISPUTED ** ...)
 	NOT-FOR-US: ISPConfig
 CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before
...)
 	{DSA-1087-1}