Author: joeyh Date: 2006-12-07 21:14:35 +0100 (Thu, 07 Dec 2006) New Revision: 5085 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-07 07:43:37 UTC (rev 5084) +++ data/CVE/list 2006-12-07 20:14:35 UTC (rev 5085) @@ -1,6 +1,192 @@ -CVE-2006-6302 [fail2ban remote DoS] +CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...) + TODO: check +CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware ...) + TODO: check +CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...) + TODO: check +CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside ...) + TODO: check +CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket ...) + TODO: check +CVE-2006-6362 (Buffer overflow in the cluster_process_heartbeat function in cluster.c ...) + TODO: check +CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file ...) + TODO: check +CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...) + TODO: check +CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...) + TODO: check +CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in ...) + TODO: check +CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...) + TODO: check +CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate ...) + TODO: check +CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews ...) + TODO: check +CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X ...) + TODO: check +CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted ...) + TODO: check +CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with ...) + TODO: check +CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient ...) + TODO: check +CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The ...) + TODO: check +CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 ...) + TODO: check +CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote ...) + TODO: check +CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 ...) + TODO: check +CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service ...) + TODO: check +CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and ...) + TODO: check +CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and ...) + TODO: check +CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. ...) + TODO: check +CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...) + TODO: check +CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...) + TODO: check +CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...) + TODO: check +CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...) + TODO: check +CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee Ziyaretci ...) + TODO: check +CVE-2006-6336 + RESERVED +CVE-2006-6335 + RESERVED +CVE-2006-6334 + RESERVED +CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...) + TODO: check +CVE-2006-6332 + RESERVED +CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is ...) + TODO: check +CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...) + TODO: check +CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files ...) + TODO: check +CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 ...) + TODO: check +CVE-2006-6327 + RESERVED +CVE-2006-6326 + RESERVED +CVE-2006-6325 + RESERVED +CVE-2006-6324 + RESERVED +CVE-2006-6323 + RESERVED +CVE-2006-6322 + RESERVED +CVE-2006-6321 + RESERVED +CVE-2006-6320 + RESERVED +CVE-2006-6319 + RESERVED +CVE-2006-6318 + RESERVED +CVE-2006-6317 + RESERVED +CVE-2006-6316 + RESERVED +CVE-2006-6315 + RESERVED +CVE-2006-6314 + RESERVED +CVE-2006-6313 + RESERVED +CVE-2006-6312 + RESERVED +CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...) + TODO: check +CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote ...) + TODO: check +CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...) + TODO: check +CVE-2006-6308 (** DISPUTED ** ...) + TODO: check +CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...) + TODO: check +CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...) + TODO: check +CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...) + TODO: check +CVE-2006-6304 + RESERVED +CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...) + TODO: check +CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...) + TODO: check +CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...) + TODO: check +CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...) + TODO: check +CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3, ...) + TODO: check +CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...) + TODO: check +CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...) + TODO: check +CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot ...) + TODO: check +CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before ...) + TODO: check +CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 allows remote ...) + TODO: check +CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable ...) + TODO: check +CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...) + TODO: check +CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset ...) + TODO: check +CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 215 and earlier ...) + TODO: check +CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...) + TODO: check +CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions ...) + TODO: check +CVE-2006-6285 (** DISPUTED ** ...) + TODO: check +CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 ...) + TODO: check +CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) + TODO: check +CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a ...) + TODO: check +CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in ...) + TODO: check +CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP ...) + TODO: check +CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain ...) + TODO: check +CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex ...) + TODO: check +CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ...) + TODO: check +CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server ...) + TODO: check +CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...) + TODO: check +CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...) + TODO: check +CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which ...) - fail2ban <unfixed> (medium; bug filed) -CVE-2006-6301 [denyhosts remote DoS] +CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows remote ...) - denyhosts <unfixed> (medium; bug filed) CVE-2006-XXXX [l2tpns Heartbeat Packets Buffer Overflow Vulnerability] - l2tpns 2.1.21-1 (medium; bug #401742) @@ -88,8 +274,7 @@ NOT-FOR-US: Woltlab Burning Board Lite CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...) TODO: check -CVE-2006-6235 [arbitrary indirect call in GnuPG] - RESERVED +CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) before 1.2.1 allows ...) - gnupg <unfixed> (high; bug #401894; bug #401914) - gnupg2 <unfixed> (high; bug #401895; bug #401913) CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in ...) @@ -287,8 +472,7 @@ RESERVED CVE-2006-6143 RESERVED -CVE-2006-6142 [squirrelmail XSS] - RESERVED +CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) - squirrelmail 2:1.4.9a-1 CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a ...) NOT-FOR-US: Tftpd32 @@ -304,7 +488,7 @@ NOTE: NOT-FOR-US (IBM WebSphere) CVE-2006-6135 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) NOTE: NOT-FOR-US (IBM WebSphere) -CVE-2006-6134 (Windows Media 10.00.00.4036 allows remote attackers to cause a denial ...) +CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in ...) NOTE: NOT-FOR-US (Windows Media) CVE-2006-6133 (Stack-based buffer overflow in Business Objects Crystal Reports XI ...) NOTE: NOT-FOR-US (Business Objects Crystal Reports) @@ -359,8 +543,8 @@ NOT-FOR-US: Novell CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Monkey Boards -CVE-2006-6112 - RESERVED +CVE-2006-6112 (LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP ...) + TODO: check CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 ...) NOT-FOR-US: Alan Ward A-Cart Pro CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech ...) @@ -602,8 +786,8 @@ RESERVED CVE-2006-5995 RESERVED -CVE-2006-5994 - RESERVED +CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...) + TODO: check CVE-2006-5993 RESERVED CVE-2006-5992 @@ -685,7 +869,7 @@ NOT-FOR-US: A+ Store E-Commerce CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART ...) NOT-FOR-US: INFINICART -CVE-2006-5957 (Multiple SQL injection vulnerabilities in INFINICART allow remote ...) +CVE-2006-5957 (** DISPUTED ** ...) NOT-FOR-US: INFINICART CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) ...) NOT-FOR-US: PHPRunner @@ -896,10 +1080,10 @@ RESERVED CVE-2006-5857 RESERVED -CVE-2006-5856 - RESERVED -CVE-2006-5855 - RESERVED +CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 ...) + TODO: check +CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 ...) + TODO: check CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in ...) TODO: check CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy ...) @@ -1519,7 +1703,7 @@ NOT-FOR-US: Discuz! GBK CVE-2006-5560 (Cross-site scripting (XSS) vulnerability in heading.php in Boesch ...) NOT-FOR-US: ProgSys -CVE-2006-5559 (The ADODB.Connection 2.7 ActiveX control object (ADODB.Connection.2.7) ...) +CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control ...) NOT-FOR-US: ADODB.Connection 2.7 ActiveX control CVE-2006-5558 (Format string vulnerability in the swask command in HP-UX B.11.11 and ...) NOT-FOR-US: HP-UX @@ -2115,7 +2299,7 @@ CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...) - mutt <unfixed> (bug #396104; low) [sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios) -CVE-2006-5296 (Buffer overflow in Microsoft Office 2003 PowerPoint allows ...) +CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a ...) NOT-FOR-US: Microsoft CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...) NOT-FOR-US: phplist @@ -5247,8 +5431,8 @@ RESERVED CVE-2006-3894 RESERVED -CVE-2006-3893 - RESERVED +CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...) + TODO: check CVE-2006-3892 RESERVED CVE-2006-3891 @@ -17066,7 +17250,7 @@ NOT-FOR-US: phpAdsNews CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows ...) NOT-FOR-US: phpAdsNews -CVE-2005-3644 (upnp_getdevicelist in UPnP for Windows 2000 Server SP3 and earlier, ...) +CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows ...) NOT-FOR-US: Windows CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...) NOT-FOR-US: DB2