Author: joeyh
Date: 2006-12-15 21:14:18 +0100 (Fri, 15 Dec 2006)
New Revision: 5127
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-15 20:05:38 UTC (rev 5126)
+++ data/CVE/list 2006-12-15 20:14:18 UTC (rev 5127)
@@ -1,3 +1,159 @@
+CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced
...)
+ TODO: check
+CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control
(AAC) ...)
+ TODO: check
+CVE-2006-6571 (Multiple cross-site scripting (XSS) vulnerabilities in form.php
in ...)
+ TODO: check
+CVE-2006-6570 (Unrestricted file upload vulnerability in upload.php in
GenesisTrader ...)
+ TODO: check
+CVE-2006-6569 (form.php in GenesisTrader 1.0 allows remote attackers to read
source ...)
+ TODO: check
+CVE-2006-6568 (Directory traversal vulnerability in includes/kb_constants.php
in the ...)
+ TODO: check
+CVE-2006-6567 (PHP remote file inclusion vulnerability in
includes/kb_constants.php ...)
+ TODO: check
+CVE-2006-6566 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause
a ...)
+ TODO: check
+CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause
a ...)
+ TODO: check
+CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request
function in ...)
+ TODO: check
+CVE-2006-6562
+ RESERVED
+CVE-2006-6561 (Unspecified vulnerability in Microsoft Word allows user-assisted
...)
+ TODO: check
+CVE-2006-6560 (PHP remote file inclusion vulnerability in includes/common.php
in the ...)
+ TODO: check
+CVE-2006-6559 (SQL injection vulnerability in ProductDetails.asp in Lotfian
Request ...)
+ TODO: check
+CVE-2006-6558 (Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2006-6557 (Multiple unspecified vulnerabilities in Skulls! before 0.2.6
have ...)
+ TODO: check
+CVE-2006-6556 (The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS
before ...)
+ TODO: check
+CVE-2006-6555 (Multiple SQL injection vulnerabilities in EasyFill before 0.5.1
allow ...)
+ TODO: check
+CVE-2006-6554 (Unspecified vulnerability in Kerio MailServer before 6.3.1
allows ...)
+ TODO: check
+CVE-2006-6553 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-6552 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-6551 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2006-6550 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-6549 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-6548 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel
WebHost ...)
+ TODO: check
+CVE-2006-6547 (Buffer overflow in the readAA function in read_aa.cpp in Winamp
iPod ...)
+ TODO: check
+CVE-2006-6546 (PHP remote file inclusion vulnerability in inc/shows.inc.php in
...)
+ TODO: check
+CVE-2006-6545 (PHP remote file inclusion vulnerability in includes/common.php
in the ...)
+ TODO: check
+CVE-2006-6544 (Cross-site scripting (XSS) vulnerability in CM68 News allows
remote ...)
+ TODO: check
+CVE-2006-6543 (Multiple SQL injection vulnerabilities in login.asp in
AppIntellect ...)
+ TODO: check
+CVE-2006-6542 (SQL injection vulnerability in news.php in Fantastic News 2.1.4
and ...)
+ TODO: check
+CVE-2006-6541 (PHP remote file inclusion vulnerability in signer/final.php in
...)
+ TODO: check
+CVE-2006-6540 (SQL injection vulnerability in bt-trackback.php in Bluetrait
before ...)
+ TODO: check
+CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13
and ...)
+ TODO: check
+CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to
cause (1) ...)
+ TODO: check
+CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly
10, ...)
+ TODO: check
+CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem
Haber ...)
+ TODO: check
+CVE-2006-6535
+ RESERVED
+CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in
osCommerce ...)
+ TODO: check
+CVE-2006-6533 (Directory traversal vulnerability in
admin/templates_boxes_layout.php ...)
+ TODO: check
+CVE-2006-6532 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum
Lite ...)
+ TODO: check
+CVE-2006-6531 (Cross-site scripting (XSS) vulnerability in the Help Tip module
before ...)
+ TODO: check
+CVE-2006-6530 (SQL injection vulnerability in the Help Tip module before
4.7.x-1.0 ...)
+ TODO: check
+CVE-2006-6529 (The Chatroom Module before 4.7.x.-1.0 for Drupal displays
private ...)
+ TODO: check
+CVE-2006-6528 (The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts
Chatroom ...)
+ TODO: check
+CVE-2006-6527 (PHP remote file inclusion vulnerability in guest.php in Gizzar
...)
+ TODO: check
+CVE-2006-6526 (PHP remote file inclusion vulnerability in index.php in Gizzar
...)
+ TODO: check
+CVE-2006-6525 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist
1.05 ...)
+ TODO: check
+CVE-2006-6524 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist
1.05 ...)
+ TODO: check
+CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in
...)
+ TODO: check
+CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in
WikiTimeScale ...)
+ TODO: check
+CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in
Messageriescripthp 2.0 ...)
+ TODO: check
+CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5
allows ...)
+ TODO: check
+CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews
1.5 ...)
+ TODO: check
+CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics
1.16 and ...)
+ TODO: check
+CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics
1.16 and ...)
+ TODO: check
+CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of ...)
+ TODO: check
+CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an
insufficient ...)
+ TODO: check
+CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web
Interface ...)
+ TODO: check
+CVE-2006-6512 (Directory traversal vulnerability in the Browse function
(/browse URI) ...)
+ TODO: check
+CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch
directive ...)
+ TODO: check
+CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is
...)
+ TODO: check
+CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature
in ...)
+ TODO: check
+CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21
allows ...)
+ TODO: check
+CVE-2006-6507
+ RESERVED
+CVE-2006-6506
+ RESERVED
+CVE-2006-6505
+ RESERVED
+CVE-2006-6504
+ RESERVED
+CVE-2006-6503
+ RESERVED
+CVE-2006-6502
+ RESERVED
+CVE-2006-6501
+ RESERVED
+CVE-2006-6500
+ RESERVED
+CVE-2006-6499
+ RESERVED
+CVE-2006-6498
+ RESERVED
+CVE-2006-6497
+ RESERVED
+CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA
Anti-Virus ...)
+ TODO: check
CVE-2006-XXXX [proftpd mod_ctrls local root]
- proftpd-dfsg 1.3.0-17 (medium)
[sarge] - proftpd <not-affected> (Vulnerable code not activated in
binary build)
@@ -5,7 +161,7 @@
NOT-FOR-US: Solaris
CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8,
9, and ...)
NOT-FOR-US: Solaris
-CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function vin ...)
+CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function in ...)
TODO: check
CVE-2006-6492
RESERVED
@@ -43,8 +199,8 @@
RESERVED
CVE-2006-6475
RESERVED
-CVE-2006-6474
- RESERVED
+CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for
Linux ...)
+ TODO: check
CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and
...)
NOT-FOR-US: Xerox WorkCentre
CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro
before ...)
@@ -387,8 +543,8 @@
TODO: check
CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when
...)
TODO: check
-CVE-2006-6304
- RESERVED
+CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19
sets ...)
+ TODO: check
CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2
does not ...)
NOTE:
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
- ruby1.8 1.8.5-4 (low)
@@ -561,8 +717,8 @@
NOT-FOR-US: Puntal
CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search
Appliance ...)
NOT-FOR-US: Google Search Appliance
-CVE-2006-6222
- RESERVED
+CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon
(bpcd.exe) in ...)
+ TODO: check
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows
remote ...)
NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website
(Recipes ...)
@@ -814,13 +970,11 @@
NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before
1.0.1a-beta ...)
NOT-FOR-US: EC-CUBE
-CVE-2006-6107
- RESERVED
+CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in
...)
- dbus 1.0.2-1
CVE-2006-6106
RESERVED
-CVE-2006-6105 [gdmchooser format string issue]
- RESERVED
+CVE-2006-6105 (Format string vulnerability in the host chooser window
(gdmchooser) in ...)
- gdm <unfixed> (medium)
[sarge] - gdm <not-affected> (Vulnerable code not present)
CVE-2006-6104
@@ -960,7 +1114,7 @@
NOT-FOR-US: Oliver (formerly Webshare)
CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in
...)
NOT-FOR-US: phpWebThings
-CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in WORK
system ...)
+CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in Laurent
Van den ...)
NOT-FOR-US: WORK system e-commerce
CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: vBulletin
@@ -1313,8 +1467,7 @@
RESERVED
CVE-2006-5876
RESERVED
-CVE-2006-5875 [EoC shell command injection]
- RESERVED
+CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote
...)
- enemies-of-carlotta 1.2.4-1 (medium)
CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers
to ...)
{DSA-1232-1}
@@ -1425,8 +1578,8 @@
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
- linux-2.6 <unfixed>
-CVE-2006-5822
- RESERVED
+CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon
(bpcd.exe) in ...)
+ TODO: check
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1
function in ...)
NOT-FOR-US: Citrix
CVE-2006-5820
@@ -1800,10 +1953,10 @@
NOT-FOR-US: DigiOz Guestbook
CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online
ICQ ...)
NOT-FOR-US: ICQPhone.SipxPhoneManager
-CVE-2006-5649
- RESERVED
-CVE-2006-5648
- RESERVED
+CVE-2006-5649 (Unspecified vulnerability in the "alignment check
exception handling" ...)
+ TODO: check
+CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to
cause a ...)
+ TODO: check
CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus
for ...)
NOT-FOR-US: Sophos
CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint
Security ...)
@@ -1861,7 +2014,7 @@
NOT-FOR-US: Electronic Engineering Tool (EE Tool)
CVE-2006-5622 (SQL injection vulnerability in picmgr.php in Coppermine Photo
Gallery ...)
NOT-FOR-US: Coppermine Photo Gallery
-CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave
0.9 PR ...)
+CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave
0.9 PR, ...)
NOT-FOR-US: ask_rave
CVE-2006-5620 (PHP remote file inclusion vulnerability in
include/menu_builder.php in ...)
NOT-FOR-US: MiniBILL
@@ -1941,7 +2094,7 @@
NOT-FOR-US: Microsoft
CVE-2006-5580
RESERVED
-CVE-2006-5579 (Microsoft Internet Explorer 6 accesses previously freed memory,
which ...)
+CVE-2006-5579 (Microsoft Internet Explorer 6 allows remote attackers to execute
...)
NOT-FOR-US: Microsoft
CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote
attackers to read ...)
NOT-FOR-US: Microsoft
@@ -3421,8 +3574,8 @@
NOT-FOR-US: X-Cart
CVE-2006-4903
RESERVED
-CVE-2006-4902
- RESERVED
+CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas
NetBackup 5.0 ...)
+ TODO: check
CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and
r8 up ...)
NOT-FOR-US: CA eTrust
CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA)
eTrust ...)