Author: joeyh
Date: 2006-06-27 09:14:34 +0000 (Tue, 27 Jun 2006)
New Revision: 4305
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-06-26 22:28:32 UTC (rev 4304)
+++ data/CVE/list 2006-06-27 09:14:34 UTC (rev 4305)
@@ -1,3 +1,191 @@
+CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web
...)
+ TODO: check
+CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses
the ...)
+ TODO: check
+CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application
Server ...)
+ TODO: check
+CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote
...)
+ TODO: check
+CVE-2006-3223
+ RESERVED
+CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before
2.80 MR12 ...)
+ TODO: check
+CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1
and ...)
+ TODO: check
+CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in
Woltlab ...)
+ TODO: check
+CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning
Board ...)
+ TODO: check
+CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning
Board ...)
+ TODO: check
+CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier
allows ...)
+ TODO: check
+CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper
for ...)
+ TODO: check
+CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper
for ...)
+ TODO: check
+CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7
and ...)
+ TODO: check
+CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote
...)
+ TODO: check
+CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in
cjGuestbook ...)
+ TODO: check
+CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in
cjGuestbook ...)
+ TODO: check
+CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and earlier, when
register_globals is ...)
+ TODO: check
+CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows
XP ...)
+ TODO: check
+CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP
Board (UPB) ...)
+ TODO: check
+CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate
PHP Board ...)
+ TODO: check
+CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier
allows ...)
+ TODO: check
+CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a
cryptographically ...)
+ TODO: check
+CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier
...)
+ TODO: check
+CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under
certain ...)
+ TODO: check
+CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00,
B.11.11, and ...)
+ TODO: check
+CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote
attackers to ...)
+ TODO: check
+CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service
(crash) ...)
+ TODO: check
+CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power
Board (IPB) ...)
+ TODO: check
+CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in
singapore ...)
+ TODO: check
+CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore
0.10.0 and ...)
+ TODO: check
+CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale
...)
+ TODO: check
+CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6
allows ...)
+ TODO: check
+CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS
0.2 ...)
+ TODO: check
+CVE-2006-3190 (SQL injection vulnerability in
administration/includes/login/auth.php ...)
+ TODO: check
+CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05
and ...)
+ TODO: check
+CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky
e-shop ...)
+ TODO: check
+CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS
Faethon ...)
+ TODO: check
+CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in
CMS ...)
+ TODO: check
+CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats
Generator ...)
+ TODO: check
+CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in Mobile
Space ...)
+ TODO: check
+CVE-2006-3182 (Directory traversal vulnerability in index.php in Mobile Space
...)
+ TODO: check
+CVE-2006-3181 (SQL injection vulnerability in index.php in Mobile Space
Community 2.0 ...)
+ TODO: check
+CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in
Confixx ...)
+ TODO: check
+CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in
tools_ftp_pwaendern.php in ...)
+ TODO: check
+CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example
program in ...)
+ TODO: check
+CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php
in The ...)
+ TODO: check
+CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms
2.0 ...)
+ TODO: check
+CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in
mcGuestbook 1.3 ...)
+ TODO: check
+CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in
SquirrelMail ...)
+ TODO: check
+CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in
Content*Builder ...)
+ TODO: check
+CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in
Content*Builder ...)
+ TODO: check
+CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows
remote ...)
+ TODO: check
+CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum
0.81 ...)
+ TODO: check
+CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows
remote ...)
+ TODO: check
+CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the
full path ...)
+ TODO: check
+CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in
Free ...)
+ TODO: check
+CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty
2.9-0.7 and ...)
+ TODO: check
+CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design
tplShop 2.0 ...)
+ TODO: check
+CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in
IMGallery 2.4 ...)
+ TODO: check
+CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php
in ...)
+ TODO: check
+CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and
earlier ...)
+ TODO: check
+CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in Simple
File ...)
+ TODO: check
+CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16
(built ...)
+ TODO: check
+CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file
extensions ...)
+ TODO: check
+CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in
Thinkfactory ...)
+ TODO: check
+CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in
Ultimate ...)
+ TODO: check
+CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate
...)
+ TODO: check
+CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0
and ...)
+ TODO: check
+CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in
Ultimate ...)
+ TODO: check
+CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and
...)
+ TODO: check
+CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in
AssoCIateD ...)
+ TODO: check
+CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and
...)
+ TODO: check
+CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in
phpMyForum ...)
+ TODO: check
+CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in ...)
+ TODO: check
+CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka
Hotfix ...)
+ TODO: check
+CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.23 and
earlier ...)
+ TODO: check
+CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33
allows ...)
+ TODO: check
+CVE-2006-3144 (PHP remote file inclusion vulnerability in microcms-include.php
in IBD ...)
+ TODO: check
+CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in
Maximus ...)
+ TODO: check
+CVE-2006-3142 (SQL injection vulnerability in Forum.php in VBZooM 1.11 allows
remote ...)
+ TODO: check
+CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in
Tradingeye ...)
+ TODO: check
+CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA
0.20.1 and ...)
+ TODO: check
+CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual
War 1.5.0 ...)
+ TODO: check
+CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyDirectory ...)
+ TODO: check
+CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp
in Edge ...)
+ TODO: check
+CVE-2006-3136 (Multiple PHP remote file inclusion vulnerabilities in Nucleus
3.23 ...)
+ TODO: check
+CVE-2006-3135
+ RESERVED
+CVE-2006-3134
+ RESERVED
CVE-2006-3133
RESERVED
CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in ...)
@@ -104,8 +292,7 @@
CVE-2006-3100 [termnetd buffer overflow]
RESERVED
- termnetd 3.3-7 (bug #358028; medium)
-CVE-2006-3085 [linux endless loop in xt_sctp]
- RESERVED
+CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows
attackers ...)
- linux-2.6 2.6.16-15
CVE-2006-XXXX [webalizer-stonesteps XSS]
- webalizer-stonesteps 2.4.1.2-1
@@ -167,9 +354,9 @@
NOT-FOR-US: PHORUM
CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration
allows ...)
NOT-FOR-US: Event Registration
-CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS
6.0 and ...)
+CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS
6.0, ...)
NOT-FOR-US: SixCMS
-CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0
and ...)
+CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0,
and ...)
NOT-FOR-US: SixCMS
CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in
booking3.php in ...)
NOT-FOR-US: Mole Group Ticket Booking Script
@@ -187,7 +374,7 @@
NOT-FOR-US: LogiSphere
CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in
CreaFrameXe ...)
NOT-FOR-US: CFXe-CMS
-CVE-2006-3042 (Multiple PHP remote file inclusion vulnerabilities in ISPConfig
2.2.3 ...)
+CVE-2006-3042 (** DISPUTED ** ...)
NOT-FOR-US: ISPConfig
CVE-2006-3041 (** DISPUTED ** ...)
TODO: check
@@ -451,18 +638,18 @@
- sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low)
CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows
remote ...)
NOT-FOR-US: Microsoft
-CVE-2006-2918
- RESERVED
+CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0
stores ...)
+ TODO: check
CVE-2006-2917
RESERVED
CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or
later ...)
- arts 1.5.3-2 (bug #374003; low)
[sarge] - arts <not-affected> (Not setuid root in Debian)
NOTE: artswrapper is not suid root by default, but README.Debian
describes it
-CVE-2006-2915
- RESERVED
-CVE-2006-2914
- RESERVED
+CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow
remote ...)
+ TODO: check
+CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows
remote ...)
+ TODO: check
CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31
allows ...)
NOT-FOR-US: SelectaPix
CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow
remote ...)
@@ -1557,16 +1744,14 @@
RESERVED
CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local
users ...)
- kdebase 4:3.5.2-2 (bug #374002; medium)
-CVE-2006-2448 [linux machine check problem on powerpc]
- RESERVED
+CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on
PowerPC, ...)
- linux-2.6 2.6.16-15
CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the
paranoid ...)
{DSA-1090-1}
- spamassassin 3.1.3-1 (medium)
CVE-2006-2446
RESERVED
-CVE-2006-2445 [linux vuln in check_process_timers (DoS?)]
- RESERVED
+CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before
...)
- linux-2.6 2.6.16-15
CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux
kernel ...)
- linux-2.6 2.6.16-15
@@ -1869,10 +2054,10 @@
NOTE: it's marked as fixed here. (Previous versions are vulnerable.)
CVE-2006-2312 (Unspecified vulnerability in the URI handler in Skype 2.0.*.104
and ...)
NOT-FOR-US: Skype
-CVE-2006-2311
- RESERVED
-CVE-2006-2310
- RESERVED
+CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server
and ...)
+ TODO: check
+CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows
remote ...)
+ TODO: check
CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to
obtain ...)
NOT-FOR-US: EServ
CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in
EServ/3 3.25 ...)
@@ -2126,11 +2311,10 @@
RESERVED
CVE-2006-2198
RESERVED
-CVE-2006-2197 (Integer overflow in wv2 before 0.2.2 might allow
context-dependent ...)
+CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow
context-dependent ...)
{DSA-1100}
- wv2 0.2.2-6 (medium)
-CVE-2006-2196 [pinball loads levels and compiled plugins from
user-controllable locations]
- RESERVED
+CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users
to gain ...)
{DSA-1102}
- pinball 0.3.1-6
CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3)
before ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
