Author: joeyh
Date: 2006-07-03 09:14:28 +0000 (Mon, 03 Jul 2006)
New Revision: 4331
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-07-03 01:46:16 UTC (rev 4330)
+++ data/CVE/list 2006-07-03 09:14:28 UTC (rev 4331)
@@ -1,3 +1,51 @@
+CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in
pngrutil.c in ...)
+ TODO: check
+CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum
Forum ...)
+ TODO: check
+CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5
allows ...)
+ TODO: check
+CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after
displaying ...)
+ TODO: check
+CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in
PHP/MySQL ...)
+ TODO: check
+CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL
Classifieds ...)
+ TODO: check
+CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to
steal ...)
+ TODO: check
+CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz
dating ...)
+ TODO: check
+CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows
remote ...)
+ TODO: check
+CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the
Icculus ...)
+ TODO: check
+CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and
the ...)
+ TODO: check
+CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in
MF ...)
+ TODO: check
+CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php
in ...)
+ TODO: check
+CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in
openforum.asp ...)
+ TODO: check
+CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in
SiteBar ...)
+ TODO: check
+CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in
PHP ...)
+ TODO: check
+CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6
and ...)
+ TODO: check
+CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows
remote ...)
+ TODO: check
+CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid
3.0.5 ...)
+ TODO: check
+CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an
unspecified ...)
+ TODO: check
+CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an
unspecified ...)
+ TODO: check
+CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in
Netsoft ...)
+ TODO: check
+CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans
and ...)
+ TODO: check
+CVE-2006-3311
+ RESERVED
CVE-2006-XXXX [several setuid privledge escalations]
- xbase-clients 1:7.1.ds-2
- xtrans 1.0.0-6
@@ -69,7 +117,7 @@
NOT-FOR-US: aeDating
CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta
1 and ...)
NOT-FOR-US: H-Sphere
-CVE-2006-3277 (Unspecified vulnerability in the SMTP service of MailEnable
Standard ...)
+CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier,
Professional ...)
NOT-FOR-US: MailEnable
CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server
10.0 and ...)
NOT-FOR-US: Helix DNA Server
@@ -87,8 +135,8 @@
NOT-FOR-US: THoRCMS
CVE-2006-3269 (PHP remote file inclusion vulnerability in
includes/functions_cms.php ...)
NOT-FOR-US: THoRCMS
-CVE-2006-3268
- RESERVED
+CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell
...)
+ TODO: check
CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core
Technologies ...)
NOT-FOR-US: Infinite Core Technologies
CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive
Lite ...)
@@ -391,16 +439,15 @@
RESERVED
CVE-2006-3119
RESERVED
-CVE-2006-3118
- RESERVED
-CVE-2006-3117
- RESERVED
+CVE-2006-3118 (spread uses a temporary file with a static filename based on
the port ...)
+ TODO: check
+CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org 1.1.x up to 1.1.5
and ...)
{DSA-1104}
- openoffice.org 2.0.3-1
-CVE-2006-3116
- RESERVED
-CVE-2006-3115
- RESERVED
+CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid
3.0.4 ...)
+ TODO: check
+CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and
possibly ...)
+ TODO: check
CVE-2006-3114
RESERVED
CVE-2006-3113
@@ -601,7 +648,7 @@
NOT-FOR-US: phpCMS
CVE-2006-3018 (Unspecified vulnerability in the session extension
functionality in ...)
- php5 5.1.4-0.1 (medium)
-CVE-2006-3017 (Unspecified vulnerability in PHP before 5.1.3 can prevent a
variable ...)
+CVE-2006-3017 (zend_hash.c in PHP before 5.1.3 can cause the internal
zend_hash_del ...)
- php5 5.1.4-0.1 (medium)
CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has
unknown ...)
- php5 5.1.4-0.1 (medium)
@@ -780,8 +827,8 @@
RESERVED
CVE-2006-2935
RESERVED
-CVE-2006-2934
- RESERVED
+CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for
Linux ...)
+ TODO: check
CVE-2006-2933
RESERVED
CVE-2006-2932
@@ -1442,7 +1489,7 @@
CVE-2006-2658
RESERVED
CVE-2006-2657
- RESERVED
+ REJECTED
CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1
accidentally ...)
NOT-FOR-US: FreeBSD
CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD
4.10 up to ...)
@@ -2483,12 +2530,10 @@
CVE-2006-2200 (Stack-based buffer overflow in MiMMS 0.0.9 allows remote
attackers to ...)
- libmms 0.2-5 (bug #374577; medium)
- mimms 2.0.0-1 (bug #374577; medium)
-CVE-2006-2199
- RESERVED
+CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org
1.1.x up ...)
{DSA-1104}
- openoffice.org 2.0.3-1
-CVE-2006-2198
- RESERVED
+CVE-2006-2198 (OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows
...)
{DSA-1104}
- openoffice.org 2.0.3-1
CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow
context-dependent ...)
@@ -4376,17 +4421,17 @@
RESERVED
CVE-2006-1472
RESERVED
-CVE-2006-1471 (Format string vulnerability in launchd in Apple Mac OS X 10.4
up to ...)
+CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd
in Apple ...)
TODO: check
CVE-2006-1470 (OpenLDAP Apple Mac OS X 10.4 up to 10.4.6 allows remote
attackers to ...)
- openldap2 <not-affected> (Vulnerable code not present)
- openldap2.2 <unfixed> (medium)
CVE-2006-1469 (Stack-based buffer overflow ImageIO in Apple Mac OS X 10.4 up
to ...)
TODO: check
-CVE-2006-1468 (Unspecified vulnerability in AFP server in Apple Mac OS X 10.4
up to ...)
+CVE-2006-1468 (Unspecified vulnerability in Apple File Protocol (AFP) server
in Apple ...)
TODO: check
-CVE-2006-1467
- RESERVED
+CVE-2006-1467 (Integer overflow in the AAC file parsing code in Apple iTunes
before ...)
+ TODO: check
CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the
WebObjects ...)
NOT-FOR-US: Apple
CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote
attackers ...)
@@ -5687,7 +5732,7 @@
NOT-FOR-US: DEV web management system
CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in
CuteNews ...)
NOT-FOR-US: CuteNews
-CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and
earlier ...)
+CVE-2006-0884 (The WYSIWYG rendering engine ("rich mail" editor) in
Mozilla ...)
{DSA-1051-1 DSA-1046-1}
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- thunderbird 1.5.0.2-1
@@ -7724,7 +7769,8 @@
NOTE: Unclear, whether this is really exploitable, re-pinged Dann and
Horms
CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign
SupportTrio ...)
NOT-FOR-US: ActiveCampaign SupportTrio
-CVE-2005-4633 (SQL injection vulnerability in index.php in phpoutsourcing
Zorum Forum ...)
+CVE-2005-4633
+ REJECTED
NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0
and ...)
NOT-FOR-US: Vote!Pro
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
