Author: joeyh
Date: 2006-03-10 09:14:24 +0000 (Fri, 10 Mar 2006)
New Revision: 3578
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-10 09:07:56 UTC (rev 3577)
+++ data/CVE/list 2006-03-10 09:14:24 UTC (rev 3578)
@@ -1,3 +1,164 @@
+CVE-2006-1128 (Directory traversal vulnerability in the session handling class
...)
+ TODO: check
+CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to
2.0.2 ...)
+ TODO: check
+CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP
...)
+ TODO: check
+CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308,
sets ...)
+ TODO: check
+CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows
remote ...)
+ TODO: check
+CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows
remote ...)
+ TODO: check
+CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in
D2KBlog ...)
+ TODO: check
+CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1
allows ...)
+ TODO: check
+CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in
DCP-Portal ...)
+ TODO: check
+CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has
insufficient ...)
+ TODO: check
+CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1
allows ...)
+ TODO: check
+CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2)
nForce, (3) ...)
+ TODO: check
+CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before
2.18 ...)
+ TODO: check
+CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman ...)
+ TODO: check
+CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before
0.42 ...)
+ TODO: check
+CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before
0.42 ...)
+ TODO: check
+CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0
allows ...)
+ TODO: check
+CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0
allows ...)
+ TODO: check
+CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before
1.0.1 ...)
+ TODO: check
+CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in
NMDeluxe ...)
+ TODO: check
+CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta
1 and ...)
+ TODO: check
+CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to
obtain ...)
+ TODO: check
+CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1
and ...)
+ TODO: check
+CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from
the Cube ...)
+ TODO: check
+CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows
remote ...)
+ TODO: check
+CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten
2006_02_28, as ...)
+ TODO: check
+CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...)
+ TODO: check
+CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4
allows ...)
+ TODO: check
+CVE-2006-1098 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in
Datenbank MOD ...)
+ TODO: check
+CVE-2006-1096 (** DISPUTED ** ...)
+ TODO: check
+CVE-2006-1095 (Unspecified vulnerability in the FileSession object in
Mod_python ...)
+ TODO: check
+CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier
for ...)
+ TODO: check
+CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through
5.0.2.15 ...)
+ TODO: check
+CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the
process ...)
+ TODO: check
+CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause
an ...)
+ TODO: check
+CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB
1.2.10 ...)
+ TODO: check
+CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain
...)
+ TODO: check
+CVE-2006-1087 (Direct static code injection vulnerability in the modify_config
action ...)
+ TODO: check
+CVE-2006-1086
+ REJECTED
+ TODO: check
+CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote
attackers to ...)
+ TODO: check
+CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and
...)
+ TODO: check
+CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats
0.1.9.1 and ...)
+ TODO: check
+CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in
phpArcadeScript ...)
+ TODO: check
+CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in
Jonathan ...)
+ TODO: check
+CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in
Game-Panel ...)
+ TODO: check
+CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other
products ...)
+ TODO: check
+CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd
2.25b, ...)
+ TODO: check
+CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Evo-Dev
evoBlog ...)
+ TODO: check
+CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a
showtopic ...)
+ TODO: check
+CVE-2006-1075 (Format string vulnerability in the visualization function in
Jason ...)
+ TODO: check
+CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote
attackers ...)
+ TODO: check
+CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave
Simplog ...)
+ TODO: check
+CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog
1.0.2 and ...)
+ TODO: check
+CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in
DVguestbook ...)
+ TODO: check
+CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...)
+ TODO: check
+CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog
1.4.x ...)
+ TODO: check
+CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow
remote ...)
+ TODO: check
+CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote
...)
+ TODO: check
+CVE-2006-1066
+ RESERVED
+CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard
(MyBB) ...)
+ TODO: check
+CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker
2.0 and ...)
+ TODO: check
+CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows
remote ...)
+ TODO: check
+CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and
earlier ...)
+ TODO: check
+CVE-2006-1061
+ RESERVED
+CVE-2006-1060
+ RESERVED
+CVE-2006-1059
+ RESERVED
+CVE-2006-1058
+ RESERVED
+CVE-2006-1057
+ RESERVED
+CVE-2006-1056
+ RESERVED
+CVE-2006-1055
+ RESERVED
+CVE-2006-1054
+ RESERVED
+CVE-2006-1053
+ RESERVED
+CVE-2006-1052
+ RESERVED
+CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine
before ...)
+ TODO: check
+CVE-2006-1050 (Kwik-Pay Payroll 4.2.20, and possibly other versions, stores
the ...)
+ TODO: check
+CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on
Debian ...)
+ TODO: check
CVE-2006-XXXX [runit local privilege escalation]
- runit <unfixed> (bug #356016; medium)
[sarge] - runit <not-affected>
@@ -644,18 +805,16 @@
RESERVED
CVE-2006-0747
RESERVED
-CVE-2006-0746 [kpdf security fix regression]
- RESERVED
+CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches
from xpdf ...)
- kdegraphics 3.5.0-3
NOTE: Only affected the 3.3.2 KDE backport
CVE-2006-0745
RESERVED
CVE-2006-0744
RESERVED
-CVE-2006-0743
- RESERVED
-CVE-2006-0742 [[IA64] die_if_kernel() can return]
- RESERVED
+CVE-2006-0743 (Unspecified vulnerability in LocalSyslogAppender in Apache
log4net ...)
+ TODO: check
+CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in
Linux ...)
- linux-2.6 2.6.15-8
CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors,
allows ...)
- linux-2.6 2.6.15-8
@@ -835,6 +994,7 @@
CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i
cell ...)
NOT-FOR-US: Sony Ericsson
CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote
attackers to ...)
+ {DSA-990-1}
- bluez-hcidump 1.30-1 (bug #351881; medium)
CVE-2006-0669 (** DISPUTED ** ...)
NOT-FOR-US: Forum Light
@@ -2694,7 +2854,7 @@
NOT-FOR-US: PHP-Fusion
CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in
PHP-Fusion ...)
NOT-FOR-US: PHP-Fusion
-CVE-2005-4515 (SQL injection vulnerability in WebDB 1.1 and earlier allows
remote ...)
+CVE-2005-4515 (** DISPUTED ** ...)
NOT-FOR-US: WebDB
CVE-2005-4514 (** DISPUTED ** ...)
NOT-FOR-US: Webwasher
@@ -4919,8 +5079,8 @@
NOTE: does not appear to affect debian, redhat-specific
CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to
obtain ...)
TODO: check
-CVE-2005-3629
- RESERVED
+CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly
handle ...)
+ TODO: check
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1
DSA-932-1 DSA-931-1 DTSA-28-1}
- kdegraphics 3.5.0-3
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
