Author: joeyh
Date: 2006-02-24 21:14:25 +0000 (Fri, 24 Feb 2006)
New Revision: 3536
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-24 18:39:00 UTC (rev 3535)
+++ data/CVE/list 2006-02-24 21:14:25 UTC (rev 3536)
@@ -1,3 +1,151 @@
+CVE-2006-0883
+ RESERVED
+CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's
Classifieds ...)
+ TODO: check
+CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in
gorum/gorumlib.php ...)
+ TODO: check
+CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in
index.php in ...)
+ TODO: check
+CVE-2006-0879 (SQL injection vulnerability in the search tool in Noah's
Classifieds ...)
+ TODO: check
+CVE-2006-0878 (Noah's Classifieds 1.3 allows remote attackers to obtain the
...)
+ TODO: check
+CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows
remote ...)
+ TODO: check
+CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial
of ...)
+ TODO: check
+CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS
1.3a5 ...)
+ TODO: check
+CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser
...)
+ TODO: check
+CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in
...)
+ TODO: check
+CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine
Photo ...)
+ TODO: check
+CVE-2006-0871 (Unspecified vulnerability in Mambo 4.5.3, 4.5.3h, and possibly
...)
+ TODO: check
+CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS
System 1.8.2 ...)
+ TODO: check
+CVE-2006-0869 (Directory traversal vulnerability in the "remember
me" feature in PHP ...)
+ TODO: check
+CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified
Auth ...)
+ TODO: check
+CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT)
WebDrive, ...)
+ TODO: check
+CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct
brute ...)
+ TODO: check
+CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a
denial of ...)
+ TODO: check
+CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify
the ...)
+ TODO: check
+CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote
...)
+ TODO: check
+CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087
on ...)
+ TODO: check
+CVE-2006-0861 (Michael Salzer Guestbox 0.6 allows remote attackers to obtain
the ...)
+ TODO: check
+CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael
Salzer ...)
+ TODO: check
+CVE-2006-0859 (Michael Salzer Guestbox 0.6 allows remote attackers to post an
admin ...)
+ TODO: check
+CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe,
(2) the ...)
+ TODO: check
+CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0
in e107 ...)
+ TODO: check
+CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB
Host 1.21 ...)
+ TODO: check
+CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c
for zoo ...)
+ TODO: check
+CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in
Intensive ...)
+ TODO: check
+CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet
Anywhere ...)
+ TODO: check
+CVE-2006-0852 (Direct static code injection vulnerability in write.php in
Admbook ...)
+ TODO: check
+CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan
1.05g and ...)
+ TODO: check
+CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php
in ...)
+ TODO: check
+CVE-2006-0849
+ RESERVED
+CVE-2006-0848 (The "Open 'safe' files after downloading" option in
Safari on Apple ...)
+ TODO: check
+CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component
in ...)
+ TODO: check
+CVE-2006-0846 (Multiple cross-site scripting (XSS) vulnerabilities in Leif M.
...)
+ TODO: check
+CVE-2006-0845 (Leif M. Wright's Blog 3.5 allows remote authenticated users
with ...)
+ TODO: check
+CVE-2006-0844 (Leif M. Wright's Blog 3.5 does not make a password comparison
when ...)
+ TODO: check
+CVE-2006-0843 (Leif M. Wright's Blog 3.5 stores the config file and other txt
files ...)
+ TODO: check
+CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3
allows ...)
+ TODO: check
+CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis
1.00rc4 ...)
+ TODO: check
+CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not
properly ...)
+ TODO: check
+CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not
properly ...)
+ TODO: check
+CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext
...)
+ TODO: check
+CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has
world-readable ...)
+ TODO: check
+CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to
cause an ...)
+ TODO: check
+CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web
Calendar ...)
+ TODO: check
+CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default
password of ...)
+ TODO: check
+CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in
Barracuda ...)
+ TODO: check
+CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy
allow ...)
+ TODO: check
+CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim
Rehberi ...)
+ TODO: check
+CVE-2006-0830 (The scripting engine in Internet Explorer allows remote
attackers to ...)
+ TODO: check
+CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7
allows ...)
+ TODO: check
+CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and
MicroServer ...)
+ TODO: check
+CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller
and ...)
+ TODO: check
+CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and
MicroServer ...)
+ TODO: check
+CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller
and ...)
+ TODO: check
+CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in
Geeklog ...)
+ TODO: check
+CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before
...)
+ TODO: check
+CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before
0.99.17 ...)
+ TODO: check
+CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows
remote ...)
+ TODO: check
+CVE-2006-0820
+ RESERVED
+CVE-2006-0819
+ RESERVED
+CVE-2006-0818
+ RESERVED
+CVE-2006-0817
+ RESERVED
+CVE-2006-0816
+ RESERVED
+CVE-2006-0815
+ RESERVED
+CVE-2006-0814
+ RESERVED
+CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-complicit
...)
+ TODO: check
+CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server
...)
+ TODO: check
+CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook
before ...)
+ TODO: check
+CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web
Proxy Cache ...)
+ TODO: check
CVE-2006-XXXX [three issues in bugzilla]
- bugzilla <unfixed> (bug filed)
[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
@@ -20,15 +168,15 @@
NOT-FOR-US: php-Nuke
CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers
to ...)
- tin 1.8.1
-CVE-2006-0803
- RESERVED
+CVE-2006-0803 (The signature verification functionality in the YaST Online
Update ...)
+ TODO: check
CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages
module ...)
NOT-FOR-US: PostNuke
CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for
PostNuke ...)
NOT-FOR-US: PostNuke
CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows
remote ...)
NOT-FOR-US: PostNuke
-CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to conduct
...)
+CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a
...)
NOT-FOR-US: Microsoft
CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP
service in ...)
NOT-FOR-US: Macallan Mail Solution
@@ -198,8 +346,8 @@
NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and
1.3a ...)
NOT-FOR-US: RunCMS
-CVE-2006-0720
- RESERVED
+CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13
allows ...)
+ TODO: check
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP
Classifieds ...)
NOT-FOR-US: PHP Classifieds
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in
Avaya ...)
@@ -520,7 +668,7 @@
NOT-FOR-US: MyTopix
CVE-2006-0588 (SQL injection vulnerability in search.php in MyTopix 1.2.3
allows ...)
NOT-FOR-US: MyTopix
-CVE-2006-0587 (Unspecified vulnerability in Gallery before 1.5.2-pl2 allows
remote ...)
+CVE-2006-0587 (Unspecified vulnerability in util.php in Gallery before
1.5.2-pl2 ...)
- gallery 1.5.2-pl2-1
CVE-2006-0586 (Multiple SQL injection vulnerabilities in Oracle 10g Release 1
before ...)
NOT-FOR-US: Oracle
@@ -1074,8 +1222,7 @@
NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site
Manager ...)
NOT-FOR-US: Netrix X-Site Manager
-CVE-2006-0377 [squirrelmail IMAP injection]
- RESERVED
+CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5
allows ...)
- squirrelmail <unfixed> (bug #354063)
CVE-2006-0376 (The 802.11 wireless client in certain operating systems
including ...)
NOT-FOR-US: Windows
@@ -1252,8 +1399,7 @@
- koffice <unfixed> (medium)
- libextractor 0.5.10-1 (medium)
- pdfkit.framework 0.8-4 (medium)
-CVE-2006-0300 [buffer overflow in tar]
- RESERVED
+CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows
user-complicit ...)
- tar 1.15.1-3 (bug #354091; high)
- dpkg <not-affected> (has completely different tar implementation)
[woody] - tar <not-affected>
@@ -1501,8 +1647,7 @@
- xorg-x11 <unfixed> (bug #349251; low)
CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif)
0.4.4 ...)
NOT-FOR-US: slsnif
-CVE-2006-0195 [squirrelmail XSS]
- RESERVED
+CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail
1.4.0 ...)
- squirrelmail <unfixed> (bug #354062)
CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in
FogBugz ...)
NOT-FOR-US: FogBugz
@@ -1516,8 +1661,7 @@
NOT-FOR-US: Sun Solaris
CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46
allows ...)
NOT-FOR-US: eStara Softphone
-CVE-2006-0188 [squirrelmail XSS]
- RESERVED
+CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote
attackers to ...)
- squirrelmail <unfixed> (bug #354064)
CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other
...)
NOT-FOR-US: OcoMon
@@ -4407,8 +4551,8 @@
- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3631 (udev does not properly set permissions on certain files in
/dev/input, ...)
NOTE: does not appear to affect debian, redhat-specific
-CVE-2005-3630
- RESERVED
+CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to
obtain ...)
+ TODO: check
CVE-2005-3629
RESERVED
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
@@ -4672,8 +4816,8 @@
NOTE:
http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
CVE-2005-3526
RESERVED
-CVE-2005-3525
- RESERVED
+CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the
installer ...)
+ TODO: check
CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in
ManageEngine ...)
NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617
through ...)
@@ -6682,8 +6826,8 @@
NOT-FOR-US: Real Player
CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft
AntiSpyware ...)
NOT-FOR-US: Microsoft AntiSpyware
-CVE-2005-2934
- RESERVED
+CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and
7.1.4 ...)
+ TODO: check
CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in
mail.c ...)
{DSA-861-1}
- uw-imap 7:2002edebian1-12 (medium; bug #332215)
@@ -11069,8 +11213,8 @@
- kdelibs 4:3.4.2-1 (bug #319016; medium)
CVE-2005-1919
REJECTED
-CVE-2005-1918
- RESERVED
+CVE-2005-1918 (The original patch for a GNU tar directory traversal
vulnerability ...)
+ TODO: check
CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and
overwrite ...)
NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but
this is not the same one
CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to
overwrite ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
