Author: joeyh
Date: 2006-03-14 09:14:27 +0000 (Tue, 14 Mar 2006)
New Revision: 3610
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-03-13 21:14:23 UTC (rev 3609)
+++ data/CVE/list 2006-03-14 09:14:27 UTC (rev 3610)
@@ -1,3 +1,187 @@
+CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel
for Mac ...)
+ TODO: check
+CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier,
and ...)
+ TODO: check
+CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell
BorderManager ...)
+ TODO: check
+CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote
attackers to ...)
+ TODO: check
+CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in
Runcms 1.x ...)
+ TODO: check
+CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab
...)
+ TODO: check
+CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an
unspecified ...)
+ TODO: check
+CVE-2006-1213 (JiRo's Banner System Experience and Professional 1.0 and
earlier ...)
+ TODO: check
+CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1
allows ...)
+ TODO: check
+CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a
MySQL ...)
+ TODO: check
+CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure
3.0.236 ...)
+ TODO: check
+CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores
sensitive ...)
+ TODO: check
+CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to
execute ...)
+ TODO: check
+CVE-2006-1207 (PHP Upload Center stores password hashes under the web root
with ...)
+ TODO: check
+CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in
...)
+ TODO: check
+CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in
myWebland ...)
+ TODO: check
+CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum
...)
+ TODO: check
+CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum
...)
+ TODO: check
+CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in
textfileBB 1.0 ...)
+ TODO: check
+CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net
...)
+ TODO: check
+CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in
daverave ...)
+ TODO: check
+CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in
daverave ...)
+ TODO: check
+CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to
encrypt a ...)
+ TODO: check
+CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver
with ...)
+ TODO: check
+CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in
QwikiWiki 1.5 ...)
+ TODO: check
+CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c
for ENet ...)
+ TODO: check
+CVE-2006-1194 (Integer signedness error in the
enet_protocol_handle_incoming_commands ...)
+ TODO: check
+CVE-2006-1193
+ RESERVED
+CVE-2006-1192
+ RESERVED
+CVE-2006-1191
+ RESERVED
+CVE-2006-1190
+ RESERVED
+CVE-2006-1189
+ RESERVED
+CVE-2006-1188
+ RESERVED
+CVE-2006-1187
+ RESERVED
+CVE-2006-1186
+ RESERVED
+CVE-2006-1185
+ RESERVED
+CVE-2006-1184
+ RESERVED
+CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords
from the ...)
+ TODO: check
+CVE-2006-1182
+ RESERVED
+CVE-2006-1181
+ RESERVED
+CVE-2006-1180
+ RESERVED
+CVE-2006-1179
+ RESERVED
+CVE-2006-1178
+ RESERVED
+CVE-2006-1177
+ RESERVED
+CVE-2006-1176
+ RESERVED
+CVE-2006-1175
+ RESERVED
+CVE-2006-1174
+ RESERVED
+CVE-2006-1173
+ RESERVED
+CVE-2006-1172
+ RESERVED
+CVE-2006-1171
+ RESERVED
+CVE-2006-1170
+ RESERVED
+CVE-2006-1169
+ RESERVED
+CVE-2006-1168
+ RESERVED
+CVE-2006-1167
+ RESERVED
+CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager
module in ...)
+ TODO: check
+CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the
list.gtdat file ...)
+ TODO: check
+CVE-2006-1163 (Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1
allows ...)
+ TODO: check
+CVE-2006-1162 (Directory traversal vulnerability in Nodez 4.6.1.1 and earlier
allows ...)
+ TODO: check
+CVE-2006-1161 (Absolute path traversal vulnerability in Easy File Sharing
(EFS) Web ...)
+ TODO: check
+CVE-2006-1160 (Cross-site scripting (XSS) vulnerability in Easy File Sharing
(EFS) ...)
+ TODO: check
+CVE-2006-1159 (Format string vulnerability in Easy File Sharing (EFS) Web
Server 3.2 ...)
+ TODO: check
+CVE-2006-1158 (Kerio MailServer before 6.1.3 Patch 1 allows remote attackers
to cause ...)
+ TODO: check
+CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP
Forum 2.0.3 ...)
+ TODO: check
+CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership
Script ...)
+ TODO: check
+CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site
...)
+ TODO: check
+CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in
Fantastic ...)
+ TODO: check
+CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote
attackers ...)
+ TODO: check
+CVE-2006-1152 (PHP remote file inclusion vulnerability in index.php in
M-Phorum 0.2 ...)
+ TODO: check
+CVE-2006-1151 (Cross-site scripting vulnerability in index.php in M-Phorum 0.2
allows ...)
+ TODO: check
+CVE-2006-1150 (Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, ...)
+ TODO: check
+CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in
OWL ...)
+ TODO: check
+CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs
function ...)
+ TODO: check
+CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold
...)
+ TODO: check
+CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in
g_cmds.c in ...)
+ TODO: check
+CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in ...)
+ TODO: check
+CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0
allows ...)
+ TODO: check
+CVE-2006-1143 (Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine
1.1 ...)
+ TODO: check
+CVE-2006-1142 (Unspecified vulnerability in Ravenous Web Server before 0.7.1
allows ...)
+ TODO: check
+CVE-2006-1141 (Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10
allows ...)
+ TODO: check
+CVE-2006-1140 (SQL injection vulnerability in rss.php in RedBLoG 0.5 allows
remote ...)
+ TODO: check
+CVE-2006-1139 (Unspecified vulnerability in the ESS/ Network Controller in
Xerox ...)
+ TODO: check
+CVE-2006-1138 (Unspecified vulnerability in the web server code in Xerox
CopyCentre ...)
+ TODO: check
+CVE-2006-1137 (Multiple unspecified vulnerabilities in Xerox CopyCentre and
Xerox ...)
+ TODO: check
+CVE-2006-1136 (Buffer overflow in the PostScript file interpreter code for
Xerox ...)
+ TODO: check
+CVE-2006-1135 (Multiple cross-site scripting (XSS) vulnerabilities in sBlog
0.7.2 ...)
+ TODO: check
+CVE-2006-1134 (SQL injection vulnerability in CyBoards PHP Lite 1.25, when ...)
+ TODO: check
+CVE-2006-1133 (Multiple cross-site scripting (XSS) vulnerabilities in vbzoom
1.11 ...)
+ TODO: check
+CVE-2006-1132 (SQL injection vulnerability in show.php in vbzoom 1.11 allow
remote ...)
+ TODO: check
+CVE-2006-1131 (Cross-site scripting (XSS) vulnerability in read.php in
bitweaver CMS ...)
+ TODO: check
+CVE-2006-1130 (Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3
allows ...)
+ TODO: check
+CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3
allows ...)
+ TODO: check
+CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows
remote ...)
+ TODO: check
CVE-2006-XXXX [gallery2: local file inclusion]
- gallery2 2.0.4-1
CVE-2006-XXXX [Unspecified security problem in Peercast]
@@ -4,7 +188,7 @@
- peercast 0.1217-1
CVE-2006-XXXX [Directory traversal issue in Namazu2]
- namazu2 2.0.16-1
-CVE-2006-1166 [Lua code execution in Monotone]
+CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a
directory ...)
- monotone <unfixed> (low)
NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on
NOTE: the client.
@@ -115,7 +299,7 @@
CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd
2.25b, ...)
- thttpd 2.23beta1-2.4 (bug #253816; low)
NOTE: apache's htpasswd not vulnerable
-CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Evo-Dev
evoBlog ...)
+CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the
commentary ...)
NOT-FOR-US: Evo-Dev evoBlog
CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a
showtopic ...)
NOT-FOR-US: checkInvision Power Board
@@ -359,7 +543,7 @@
TODO: check
CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers
to ...)
TODO: check
-CVE-2006-0961 (SQL injection vulnerability in Cilem News 1.1 allows remote
attackers ...)
+CVE-2006-0961 (SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1
allows ...)
TODO: check
CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote
...)
TODO: check
@@ -381,8 +565,8 @@
RESERVED
CVE-2006-0951
RESERVED
-CVE-2006-0950
- RESERVED
+CVE-2006-0950 (unalz 0.53 allows user-complicit attackers to overwrite
arbitrary ...)
+ TODO: check
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source
code of ...)
TODO: check
CVE-2006-0948
@@ -669,10 +853,10 @@
TODO: check
CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows
remote ...)
TODO: check
-CVE-2006-0820
- RESERVED
-CVE-2006-0819
- RESERVED
+CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server
1.3.2 ...)
+ TODO: check
+CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the
source ...)
+ TODO: check
CVE-2006-0818
RESERVED
CVE-2006-0817
@@ -1019,8 +1203,8 @@
NOT-FOR-US: Forum Light
CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows
remote ...)
NOT-FOR-US: PwsPHP
-CVE-2006-0667
- RESERVED
+CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify
arbitrary ...)
+ TODO: check
CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64
kernels ...)
NOT-FOR-US: AIX
CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
@@ -1275,8 +1459,8 @@
RESERVED
CVE-2006-0558
RESERVED
-CVE-2006-0557
- RESERVED
+CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier
does not ...)
+ TODO: check
CVE-2006-0556
RESERVED
CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a
denial ...)
@@ -1576,8 +1760,8 @@
RESERVED
CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...)
TODO: check
-CVE-2006-0457
- RESERVED
+CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3)
keyctl ...)
+ TODO: check
CVE-2006-0456
RESERVED
CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature
...)
@@ -2704,8 +2888,7 @@
RESERVED
CVE-2006-0050
RESERVED
-CVE-2006-0049
- RESERVED
+CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify
non-detached ...)
{DSA-993-2}
- gnupg 1.4.2.2-1 (medium)
CVE-2006-0048
@@ -2975,8 +3158,7 @@
- libapreq2 2.07-1
CVE-2006-0041
RESERVED
-CVE-2006-0040 [Evolution local DoS through malformed mbox]
- RESERVED
+CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to
cause a ...)
- evolution <unfixed>
CVE-2006-0039
RESERVED
@@ -5360,8 +5542,8 @@
- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced
later)
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was
introduced later)
NOTE:
http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
-CVE-2005-3526
- RESERVED
+CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration
Suite ...)
+ TODO: check
CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the
installer ...)
TODO: check
CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in
ManageEngine ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
