Author: joeyh
Date: 2006-02-07 21:14:23 +0000 (Tue, 07 Feb 2006)
New Revision: 3441
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-07 20:42:50 UTC (rev 3440)
+++ data/CVE/list 2006-02-07 21:14:23 UTC (rev 3441)
@@ -1,3 +1,77 @@
+CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows
remote ...)
+ TODO: check
+CVE-2006-0565 (PHP remote file include vulnerability in
inc/backend_settings.php in ...)
+ TODO: check
+CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...)
+ TODO: check
+CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog
1.9.9c ...)
+ TODO: check
+CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in
PluggedOut ...)
+ TODO: check
+CVE-2006-0561
+ RESERVED
+CVE-2006-0560
+ RESERVED
+CVE-2006-0559
+ RESERVED
+CVE-2006-0558
+ RESERVED
+CVE-2006-0557
+ RESERVED
+CVE-2006-0556
+ RESERVED
+CVE-2006-0555
+ RESERVED
+CVE-2006-0554
+ RESERVED
+CVE-2006-0553
+ RESERVED
+CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of
Oracle ...)
+ TODO: check
+CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in
Oracle ...)
+ TODO: check
+CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might
allow ...)
+ TODO: check
+CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL
package in ...)
+ TODO: check
+CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of
Oracle ...)
+ TODO: check
+CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated
users to ...)
+ TODO: check
+CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application
...)
+ TODO: check
+CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee
(formerly known ...)
+ TODO: check
+CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka
7.0.5296.0) ...)
+ TODO: check
+CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in
NukedWeb ...)
+ TODO: check
+CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon
Vanilla ...)
+ TODO: check
+CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla
Guestbook ...)
+ TODO: check
+CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local
users to ...)
+ TODO: check
+CVE-2006-0538 (IronMail 5.0.1, when "Denial of Service Protection"
is enabled, allows ...)
+ TODO: check
+CVE-2006-0537 (Buffer overflow in eXchange POP3 before 5.0.060125 allows
remote ...)
+ TODO: check
+CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in
NeoMail 1.27 ...)
+ TODO: check
+CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in
Community ...)
+ TODO: check
+CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in
default.asp in ...)
+ TODO: check
+CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in
cPanel ...)
+ TODO: check
+CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in
SoftMaker ...)
+ TODO: check
+CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0
allows ...)
+ TODO: check
+CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb
...)
+ TODO: check
CVE-2006-XXXX [kphone creates world-readable config file with passwords]
- kphone <unfixed> (bug #337830; low)
CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before
1.07 ...)
@@ -18,7 +92,7 @@
NOTE: applies to BIND on other operating systems."
CVE-2006-0526 (The default configuration of the America Online (AOL) client
software ...)
NOT-FOR-US: AOL
-CVE-2006-0525 (Multiple unspecified Adobe products install a large number of
.EXE and ...)
+CVE-2006-0525 (Multiple Adobe products, including (1) Photoshop CS2, (2)
Illustrator ...)
NOT-FOR-US: Windows issue
CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in
Derek ...)
NOT-FOR-US: Derek Ashauer ashnews
@@ -42,8 +116,8 @@
RESERVED
CVE-2006-0514
RESERVED
-CVE-2006-0513
- RESERVED
+CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web
Server ...)
+ TODO: check
CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely,
which ...)
NOT-FOR-US: PADL MigrationTools
CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does
not ...)
@@ -68,7 +142,7 @@
NOT-FOR-US: FarsiNews
CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0
allows ...)
NOT-FOR-US: MyCo Guestbook
-CVE-2006-0500 (MyCO Guestbook 1.0 admin directory under the web document root
with ...)
+CVE-2006-0500 (MyCO Guestbook 1.0 stores the admin directory under the web
document ...)
NOT-FOR-US: MyCo Guestbook
CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink
1.0.0 ...)
NOT-FOR-US: Rlink module add-on for phpbb (not included in Debian
package)
@@ -210,7 +284,7 @@
TODO: check
CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to
execute ...)
TODO: check
-CVE-2006-0467 (Unspecified vulnerability in pioneers before 0.9.49 allows
remote ...)
+CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan)
before ...)
{DSA-964-1}
[woody] - gnocatan 0.6.1-5woody3
[sarge] - gnocatan 0.8.1.59-1sarge1
@@ -277,10 +351,10 @@
NOT-FOR-US: Text Rider
CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory
under the ...)
NOT-FOR-US: Text Rider
-CVE-2006-0438
- RESERVED
-CVE-2006-0437
- RESERVED
+CVE-2006-0438 (Cross-site request forgery (CSRF) vulnerability in phpBB
2.0.19, when ...)
+ TODO: check
+CVE-2006-0437 (Cross-site scripting (XSS) vulnerability in admin_smilies.php
in phpBB ...)
+ TODO: check
CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and
B.11.11 ...)
NOT-FOR-US: HP-UX
CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL) allows
attackers to ...)
@@ -688,7 +762,8 @@
NOT-FOR-US: Oracle
CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server
...)
NOT-FOR-US: Oracle
-CVE-2006-0264 (Unspecified vulnerability in the Net Listener component of
Oracle ...)
+CVE-2006-0264
+ REJECTED
NOT-FOR-US: Oracle
CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server
...)
NOT-FOR-US: Oracle
@@ -698,7 +773,7 @@
NOT-FOR-US: Oracle
CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server
9.2.0.7 ...)
NOT-FOR-US: Oracle
-CVE-2006-0259 (Multiple unspecified vulnerabilities in the Data Pump component
of ...)
+CVE-2006-0259 (Multiple unspecified vulnerabilities in Oracle Database server
...)
NOT-FOR-US: Oracle
CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component
of ...)
NOT-FOR-US: Oracle
@@ -5269,8 +5344,8 @@
NOT-FOR-US: iGateway
CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP
Server ...)
NOT-FOR-US: Qualcomm WorldMail IMAP Server
-CVE-2005-3188
- RESERVED
+CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote
attackers to ...)
+ TODO: check
CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before
6.1a ...)
NOT-FOR-US: WinProxy
CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering
library in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
