diff options
author | Joey Hess <joeyh@debian.org> | 2006-09-13 09:14:40 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2006-09-13 09:14:40 +0000 |
commit | 4117764403c291fb4ce5b373c3743fd0f5c2c85b (patch) | |
tree | 6736393b6e59c9010d9c1894418f1eb160a5544d /data/CVE | |
parent | bca3a5d85491447ae28dad40bf6ff3b2f48a1bcf (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4724 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2001.list | 2 | ||||
-rw-r--r-- | data/CVE/2002.list | 8 | ||||
-rw-r--r-- | data/CVE/2003.list | 8 | ||||
-rw-r--r-- | data/CVE/2004.list | 54 | ||||
-rw-r--r-- | data/CVE/2005.list | 88 | ||||
-rw-r--r-- | data/CVE/2006.list | 298 |
6 files changed, 339 insertions, 119 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 27aed5deda..a72bf34910 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -239,7 +239,7 @@ CVE-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol CVE-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...) NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol -CVE-2001-1468 (PHP remote code injection vulnerability in checklogin.php in ...) +CVE-2001-1468 (PHP remote file inclusion vulnerability in checklogin.php in ...) NOT-FOR-US: phpSecurePages CVE-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...) - expect <not-affected> (in expect 5.42.1, mkpasswd does not seed by pid) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index f7702a6d78..fa533d750b 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1,3 +1,5 @@ +CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...) + TODO: check CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL ...) NOT-FOR-US: 04WebServer CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before ...) @@ -690,11 +692,11 @@ CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in cont NOT-FOR-US: Logsurfer CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...) NOT-FOR-US: CommonName Toolbar -CVE-2002-1887 (PHP remote code injection vulnerability in customize.php for ...) +CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for ...) NOT-FOR-US: phpMyNewsletter CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...) NOT-FOR-US: TightAuction -CVE-2002-1885 (PHP remote code injection vulnerability in showhits.php3 for ...) +CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for ...) NOT-FOR-US: PPhlogger CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...) NOT-FOR-US: Py-Membres @@ -708,7 +710,7 @@ CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages NOT-FOR-US: LokwaBB CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...) NOT-FOR-US: LokwaBB -CVE-2002-1878 (PHP remote code injection vulnerability in w-Agora 4.1.3 allows remote ...) +CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote ...) NOT-FOR-US: w-Agora CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...) NOT-FOR-US: Netgear hardware diff --git a/data/CVE/2003.list b/data/CVE/2003.list index a2f828497c..fbe5a038f3 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -263,7 +263,7 @@ CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive . NOT-FOR-US: Advanced Poll CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...) NOT-FOR-US: Advanced Poll -CVE-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced Poll ...) +CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll ...) NOT-FOR-US: Advanced Poll CVE-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to execute ...) NOT-FOR-US: Advanced Poll @@ -323,7 +323,7 @@ CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell Ne NOT-FOR-US: Novell portmapper CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...) NOT-FOR-US: Symantec Norton Internet Security -CVE-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php and (2) ...) +CVE-2003-1148 (PHP remote file inclusion vulnerability in (1) config.inc.php and (2) ...) NOT-FOR-US: Les Visiteurs CVE-2003-1147 REJECTED @@ -357,7 +357,7 @@ CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new account NOT-FOR-US: The Bat! CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...) NOT-FOR-US: Cisco -CVE-2003-1131 (PHP remote code injection vulnerability in index.php in ...) +CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in ...) NOT-FOR-US: ActiveCampaign KnowledgeBuilder CVE-2003-1130 REJECTED @@ -447,7 +447,7 @@ CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3 NOT-FOR-US: Zorum CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...) NOT-FOR-US: diagmond on HP-UX -CVE-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in pMachine ...) +CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine ...) NOT-FOR-US: pMachine CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...) NOT-FOR-US: Thomson cable modem diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 7d180bc723..bd09879586 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1295,7 +1295,7 @@ CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other . - firebird2 1.5.3.4870-3 (bug #357580) CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...) NOT-FOR-US: no_package -CVE-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php in ...) +CVE-2004-2041 (PHP remote file inclusion vulnerability in secure_img_render.php in ...) NOT-FOR-US: no_package CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...) NOT-FOR-US: no_package @@ -1341,7 +1341,7 @@ CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6 NOT-FOR-US: php-nuke CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...) NOT-FOR-US: php-nuke -CVE-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke 6.x ...) +CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x ...) NOT-FOR-US: php-nuke CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...) NOT-FOR-US: Turbo Traffic Trader C (TTT-C) @@ -1357,7 +1357,7 @@ CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-cur NOT-FOR-US: NetBSD CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...) NOT-FOR-US: MSIE -CVE-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop 0.7.1 ...) +CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 ...) NOT-FOR-US: phpShop CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...) NOT-FOR-US: NukeJokes @@ -1399,9 +1399,9 @@ CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 NOT-FOR-US: aweb CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...) NOT-FOR-US: aweb -CVE-2004-1989 (PHP remote code injection vulnerability in theme.php in Coppermine ...) +CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in Coppermine ...) NOT-FOR-US: Coppermine -CVE-2004-1988 (PHP remote code injection vulnerability in init.inc.php in Coppermine ...) +CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in Coppermine ...) NOT-FOR-US: Coppermine CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...) NOT-FOR-US: Coppermine @@ -1491,7 +1491,7 @@ CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attacke NOT-FOR-US: Kinesphere eXchange POP3 CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...) NOT-FOR-US: Eudora -CVE-2004-1943 (PHP remote code injection vulnerability in album_portal.php in phpBB ...) +CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in phpBB ...) NOT-FOR-US: phpbb as modified by przemo CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...) NOT-FOR-US: Solaris @@ -1509,7 +1509,7 @@ CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remo NOT-FOR-US: ZoneAlarm CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...) NOT-FOR-US: SCT Campus Pipeline -CVE-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel 3.50 ...) +CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 ...) NOT-FOR-US: Gemitel CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...) NOT-FOR-US: Citadel @@ -1735,7 +1735,7 @@ CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 NOT-FOR-US: no_package CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...) NOT-FOR-US: no_package -CVE-2004-1820 (PHP remote code injection vulnerability in displaycategory.php in ...) +CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php in ...) NOT-FOR-US: no_package CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...) NOT-FOR-US: no_package @@ -1783,7 +1783,7 @@ CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbi NOT-FOR-US: no_package CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...) NOT-FOR-US: no_package -CVE-2004-1796 (PHP remote code injection vulnerability in HotNews 0.7.2 and earlier ...) +CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier ...) NOT-FOR-US: no_package CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...) NOT-FOR-US: no_package @@ -1911,7 +1911,7 @@ CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive informatio - cacti 0.8.5a-5 CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...) - sympa 4.1.5-4 (bug #298105; low) -CVE-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows ...) +CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a allows ...) - mantis 0.19.2-1 CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...) NOT-FOR-US: MyDMS @@ -1995,7 +1995,7 @@ CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attacke NOT-FOR-US: EmuLive Server4 CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...) NOT-FOR-US: Symantec -CVE-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo 4.5 ...) +CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 ...) NOT-FOR-US: Mambo CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...) NOT-FOR-US: Mambo @@ -2061,7 +2061,7 @@ CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive informa NOT-FOR-US: YaBB CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass ...) NOT-FOR-US: MailWorks -CVE-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and earlier ...) +CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier ...) NOT-FOR-US: CuteNews CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...) NOT-FOR-US: CuteNews @@ -2212,7 +2212,7 @@ CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows r NOT-FOR-US: FuseTalk CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: SCT email client -CVE-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal 1.0.3 ...) +CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 ...) NOT-FOR-US: ocPortal CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...) NOT-FOR-US: Micronet Wireless Router @@ -2232,7 +2232,7 @@ CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 all - wordpress 1.2.1-1.1 CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...) NOT-FOR-US: FTP server in TriDComm -CVE-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1 allows ...) +CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows ...) NOT-FOR-US: BlackBoard CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...) NOT-FOR-US: BlackBoard @@ -2291,7 +2291,7 @@ CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of se NOT-FOR-US: MyWebServer CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...) NOT-FOR-US: BroadBoard Instant ASP Message Board -CVE-2004-1554 (PHP remote code injection vulnerability in livre_include.php in @lex ...) +CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in @lex ...) NOT-FOR-US: @lex GuestBook CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...) NOT-FOR-US: aspWebAlbum @@ -2329,7 +2329,7 @@ CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1 NOT-FOR-US: PHPKIT CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...) NOT-FOR-US: Invision Power Board -CVE-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for the Cash ...) +CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for the Cash ...) NOT-FOR-US: Cash Mod module of phpbb2 CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...) NOT-FOR-US: ZoneAlarm @@ -2559,7 +2559,7 @@ CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of tim NOT-FOR-US: ArGoSoft CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...) NOT-FOR-US: ArGoSoft -CVE-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog ...) +CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in KorWeblog ...) NOT-FOR-US: KorWeblog CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...) NOT-FOR-US: KorWeblog @@ -2567,15 +2567,15 @@ CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and - moodle 1.4.3-1 CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...) - moodle 1.4.3-1 -CVE-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1) calendar.php ...) +CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in (1) calendar.php ...) NOT-FOR-US: PHP-Calendar CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...) NOT-FOR-US: WHM AutoPilot -CVE-2004-1421 (Multiple PHP remote code injection vulnerabilities (1) step_one.php, ...) +CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, ...) NOT-FOR-US: WHM AutoPilot CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...) NOT-FOR-US: WHM AutoPilot -CVE-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and ...) +CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and ...) NOT-FOR-US: ZeroBoard CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...) NOT-FOR-US: WPKontakt @@ -2607,7 +2607,7 @@ CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does - mediawiki 1.4.9 (bug #276057) CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...) NOT-FOR-US: Attachment Mod for phpBB -CVE-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...) +CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 ...) NOT-FOR-US: GNUBoard CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...) NOT-FOR-US: iWebNegar @@ -3310,7 +3310,7 @@ CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus prog CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...) {DSA-608-1} - zgv 5.7-1.3 (bug #284124) -CVE-2004-1094 (Buffer overflow in a third-party compression library, InnerMedia ...) +CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version ...) NOT-FOR-US: RealPlayer CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...) {DSA-639-1} @@ -4546,7 +4546,7 @@ CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8) CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...) NOT-FOR-US: Infinity WEB -CVE-2004-0624 (PHP remote code injection vulnerability in index.php for Artmedic ...) +CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for Artmedic ...) NOT-FOR-US: Artmedic links CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...) {DSA-590-1} @@ -5323,7 +5323,7 @@ CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause NOT-FOR-US: Xlight FTP server 1.52; CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...) NOT-FOR-US: RobotFTP; -CVE-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) ...) +CVE-2004-0285 (PHP remote file inclusion vulnerabilities in (1) AllMyVisitors, (2) ...) NOT-FOR-US: PHP scripts CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...) NOT-FOR-US: MSIE bugs @@ -5610,7 +5610,7 @@ CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...) - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc2) TODO: Check 2.6 -CVE-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 ...) +CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 ...) NOT-FOR-US: ezContents CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...) NOT-FOR-US: phpGedView @@ -5698,7 +5698,7 @@ CVE-2004-0076 REJECTED CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...) - xsok <not-affected> (Not vulnerable. See bug #278777) -CVE-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...) +CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and (2) ...) NOT-FOR-US: EasyDynamicPages CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...) NOT-FOR-US: Accipiter Direct Server 6.0 @@ -5768,7 +5768,7 @@ CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute NOT-FOR-US: FistClass Desktop Client CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...) NOT-FOR-US: Phorum -CVE-2004-0030 (PHP remote code injection vulnerability in (1) functions.php, (2) ...) +CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php, (2) ...) NOT-FOR-US: PHPGEDVIEW CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...) NOT-FOR-US: Lotus Notes Domino diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 2ae61301fc..6d3ed566cf 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -35,7 +35,7 @@ CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 NOT-FOR-US: Sun Java System Application Server CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server ...) NOT-FOR-US: Sun Java System Application Server -CVE-2005-1755 (PHP remote code injection vulnerability in poll_vote.php in PHP Poll ...) +CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll ...) NOT-FOR-US: PHP Poll Creator CVE-2005-1754 (JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, ...) NOT-FOR-US: JavaMail API @@ -4751,7 +4751,7 @@ CVE-2005-2795 CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...) {DSA-809-3 DSA-809-1} - squid 2.5.10-5 (medium) -CVE-2005-2793 (PHP remote code injection vulnerability in welcome.php in phpLDAPadmin ...) +CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin ...) [sarge] - phpldapadmin <not-affected> (code not present in sarge) - phpldapadmin 0.9.6c-7 (bug #325785; medium) - egroupware <not-affected> (copy included is older and not vulnerable; bug #339583) @@ -6730,7 +6730,7 @@ CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 a NOT-FOR-US: McGallery CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...) NOT-FOR-US: McGallery -CVE-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix Site ...) +CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix Site ...) NOT-FOR-US: Bitrix Site Manager CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...) NOT-FOR-US: Bitrix Site Manager @@ -6795,9 +6795,9 @@ CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce b NOT-FOR-US: ProductCart Ecommerce CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...) NOT-FOR-US: e107 -CVE-2005-1965 (PHP remote code injection vulnerability in siteframe.php for Broadpool ...) +CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for Broadpool ...) NOT-FOR-US: Broadpool Siteframe -CVE-2005-1964 (PHP remote code injection vulnerability in utilit.php for Ovidentia ...) +CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for Ovidentia ...) NOT-FOR-US: Ovidentia Portal CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Cerberus Helpdesk @@ -6978,7 +6978,7 @@ CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir . NOT-FOR-US: YaPiG CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...) NOT-FOR-US: YaPiG -CVE-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...) +CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in YaPiG ...) NOT-FOR-US: YaPiG CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...) NOT-FOR-US: YaPiG @@ -7002,9 +7002,9 @@ CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere .. NOT-FOR-US: WebSphere CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...) - drupal 4.5.3-1 -CVE-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...) +CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php in ...) NOT-FOR-US: Popper -CVE-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...) +CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in MWChat ...) NOT-FOR-US: MWChat CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...) NOT-FOR-US: I-Man @@ -7014,7 +7014,7 @@ CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calen NOT-FOR-US: Calendarix CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...) NOT-FOR-US: Calendarix -CVE-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...) +CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in ...) NOT-FOR-US: Calendarix CVE-2005-1863 RESERVED @@ -7129,7 +7129,7 @@ CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam NOT-FOR-US: Qualiteam X-Cart CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...) NOT-FOR-US: Qualiteam X-Cart -CVE-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in ...) +CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php in ...) NOT-FOR-US: PowerDownload CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...) NOT-FOR-US: Zeroboard @@ -7784,7 +7784,7 @@ CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...) {DSA-892-1} - awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium) -CVE-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...) +CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php in ...) {DSA-764-1} - cacti 0.8.6e-1 (bug #315703; high) CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...) @@ -8011,7 +8011,7 @@ CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ... - serendipity 1.0-1 CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...) - serendipity 1.0-1 -CVE-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel 2.6.1 ...) +CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 ...) NOT-FOR-US: SitePanel CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...) NOT-FOR-US: SitePanel @@ -8029,7 +8029,7 @@ CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop NOT-FOR-US: ViArt Shop CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...) NOT-FOR-US: osTicket -CVE-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket allows ...) +CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket allows ...) NOT-FOR-US: osTicket CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...) NOT-FOR-US: osTicket @@ -8153,7 +8153,7 @@ CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on . - lam <not-affected> (Mandrake specific packaging flaw) CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...) NOT-FOR-US: phpbb mod -CVE-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline 1.5.3 ...) +CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 ...) NOT-FOR-US: Claroline CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...) NOT-FOR-US: Claroline @@ -8195,7 +8195,7 @@ CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal NOT-FOR-US: MetaCart CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...) NOT-FOR-US: MetaCart -CVE-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS 1.1 ...) +CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 ...) NOT-FOR-US: GrayCMS CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...) NOT-FOR-US: text.cgi @@ -8296,7 +8296,7 @@ CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith modul - kronolith 1.1.4-1 CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...) - sork-passwd 2.2.2-1 -CVE-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2 ...) +CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 ...) NOT-FOR-US: Yappa-NG CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...) NOT-FOR-US: Yappa-NG @@ -8544,7 +8544,7 @@ CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware - egroupware 1.0.0.007-2.dfsg-1 CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...) NOT-FOR-US: AZbb -CVE-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ ...) +CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ ...) NOT-FOR-US: AZbb CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...) NOT-FOR-US: UBB.threads @@ -8735,7 +8735,7 @@ CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbit NOTE: That's a policy violation, but not a security problem CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...) NOT-FOR-US: RSA authentication agent -CVE-2005-1117 (PHP remote code injection vulnerability in index.php in ...) +CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in ...) NOT-FOR-US: All4WWW Homepage creator CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...) NOT-FOR-US: phpbb2 calendar addon @@ -8871,7 +8871,7 @@ CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6 NOT-FOR-US: HP OpenView Network Node Manager CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...) NOT-FOR-US: TowerBlog -CVE-2005-1054 (PHP remote code injection vulnerability in news.php in ModernBill ...) +CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in ModernBill ...) NOT-FOR-US: ModernBill CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...) NOT-FOR-US: ModernBill @@ -9041,7 +9041,7 @@ CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Anothe NOT-FOR-US: Yet Another Forum.net CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) NOT-FOR-US: Alstrasoft EPay -CVE-2005-0980 (PHP remote code injection vulnerability in index.php in AlstraSoft ...) +CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...) NOT-FOR-US: Alstrasoft EPay CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...) NOT-FOR-US: Rumba @@ -9154,7 +9154,7 @@ CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2. NOT-FOR-US: phpCOIN CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...) NOT-FOR-US: phpCOIN -CVE-2005-0931 (PHP remote code injection vulnerability in The Includer 1.0 and 1.1 ...) +CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 ...) NOT-FOR-US: The Includer CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...) NOT-FOR-US: Chatness @@ -9183,7 +9183,7 @@ CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to i NOT-FOR-US: Adventia E-Data CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...) NOT-FOR-US: Adobe SVG Viewer -CVE-2005-0917 (PHP remote code injection vulnerability in index_header.php for ...) +CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for ...) NOT-FOR-US: EncapsBB CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...) - kernel-source-2.6.8 2.6.8-16 @@ -9202,7 +9202,7 @@ CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote NOT-FOR-US: exoops CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...) NOT-FOR-US: exoops -CVE-2005-0909 (PHP remote code injection vulnerability in shoutact.php for TKai's ...) +CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for TKai's ...) NOT-FOR-US: THai's Shoutbox CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...) NOT-FOR-US: Valdersoft Shopping Cart @@ -9226,7 +9226,7 @@ CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, wh NOT-FOR-US: AS/400 running OS400 CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...) NOT-FOR-US: E-Store Kit-2 PayPal Edition -CVE-2005-0897 (PHP remote code injection vulnerability in catalog.php in E-Store ...) +CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in E-Store ...) NOT-FOR-US: E-Store Kit-2 PayPal Edition CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...) NOT-FOR-US: phpMyDirectory @@ -9310,13 +9310,13 @@ CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 an NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...) NOT-FOR-US: PHPOpenChat -CVE-2005-0862 (Multiple PHP remote code injection vulnerabilities in PHPOpenChat ...) +CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat ...) NOT-FOR-US: PHPOpenChat CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...) NOT-FOR-US: Delegate -CVE-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0 allows ...) +CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0 allows ...) NOT-FOR-US: TRG News Script -CVE-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b allows ...) +CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows ...) NOT-FOR-US: CzarNews CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...) NOT-FOR-US: CoolForum @@ -9443,7 +9443,7 @@ CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blo NOT-FOR-US: ACS Blog CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...) NOT-FOR-US: The Includer -CVE-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews 1.3 ...) +CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in mcNews 1.3 ...) NOT-FOR-US: mcNews CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...) NOT-FOR-US: MySQL on Windows @@ -9457,7 +9457,7 @@ CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes . NOT-FOR-US: Hola CMS CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...) NOT-FOR-US: ZPanel -CVE-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel allows ...) +CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows ...) NOT-FOR-US: ZPanel CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...) NOT-FOR-US: ZPanel @@ -9570,7 +9570,7 @@ CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable - wine 0.0.20050310-1.1 CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...) - openslp 1.0.11a-2 -CVE-2005-0748 (PHP remote code injection vulnerability in initdb.php for WEBInsta ...) +CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for WEBInsta ...) NOT-FOR-US: WEBInsta CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...) NOT-FOR-US: ApplyYourself @@ -9627,9 +9627,9 @@ CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function NOT-FOR-US: paFileDB CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...) NOT-FOR-US: eXPerience2 -CVE-2005-0721 (PHP remote code injection vulnerability in modules.php in eXPerience2 ...) +CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in eXPerience2 ...) NOT-FOR-US: eXPerience2 -CVE-2005-0720 (PHP remote code injection vulnerability in header.php in PHP mcNews ...) +CVE-2005-0720 (PHP remote file inclusion vulnerability in header.php in PHP mcNews ...) NOT-FOR-US: mcNews CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...) NOT-FOR-US: Tru64 @@ -9683,7 +9683,7 @@ CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows NOT-FOR-US: Aztek CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...) - ethereal 0.10.9-2 -CVE-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and earlier ...) +CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier ...) NOT-FOR-US: PHPWebLog CVE-2005-0697 (SQL injection vulnerability in the process_picture function ...) NOT-FOR-US: CopperExport @@ -9697,7 +9697,7 @@ CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote . NOT-FOR-US: JoWood Chaser (for Windows) CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...) NOT-FOR-US: PHP-Fusion -CVE-2005-0691 (PHP remote code injection vulnerability in article mode for ...) +CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for ...) NOT-FOR-US: SocialMPN CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...) NOT-FOR-US: Gene6 FTP Server for Win @@ -9719,11 +9719,11 @@ CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal - drupal 4.5.2 CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Nokia -CVE-2005-0680 (PHP remote code injection vulnerability in ...) +CVE-2005-0680 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Download Center Lite -CVE-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php for ...) +CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php for ...) NOT-FOR-US: Tell A Friend Script -CVE-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for Form ...) +CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for Form ...) NOT-FOR-US: Form Mail Script CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...) NOT-FOR-US: Zorum @@ -9973,7 +9973,7 @@ CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remot NOT-FOR-US: PunBB CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...) NOT-FOR-US: Soldier of Fortune II -CVE-2005-0567 (Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1 ...) +CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...) - phpmyadmin 3:2.6.1-pl2-1 CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote attackers ...) NOT-FOR-US: Golden FTP Server @@ -10096,9 +10096,9 @@ CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other .. NOT-FOR-US: My Firewall Plus CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...) NOT-FOR-US: Verity Ultraseek -CVE-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in the ...) +CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php in the ...) NOT-FOR-US: pMachine -CVE-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo 4.5.2 ...) +CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 ...) NOT-FOR-US: Mambo CVE-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin 3.0.6 ...) NOT-FOR-US: vBulletin @@ -10412,7 +10412,7 @@ CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a deni NOT-FOR-US: Breed game CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...) NOT-FOR-US: forumKIT -CVE-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...) +CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) NOT-FOR-US: ZeroBoard CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...) NOT-FOR-US: ZeroBoard @@ -10421,7 +10421,7 @@ CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 TODO: check horde3 CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...) NOT-FOR-US: sgallery -CVE-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows local ...) +CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows local ...) NOT-FOR-US: sgallery CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...) NOT-FOR-US: sgallery @@ -10932,7 +10932,7 @@ CVE-2005-0154 RESERVED CVE-2005-0153 RESERVED -CVE-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...) +CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows ...) {DSA-662-1} - squirrelmail 1:1.2.7-1 NOTE: This bug exists only in version 1.2.6. @@ -11054,7 +11054,7 @@ CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...) {DSA-662-1} - squirrelmail 2:1.4.4 -CVE-2005-0103 (PHP remote code injection vulnerability in webmail.php in SquirrelMail ...) +CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...) - squirrelmail 2:1.4.4-1 CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...) {DSA-673-1} diff --git a/data/CVE/2006.list b/data/CVE/2006.list index a0c2216e76..268044d825 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -1,3 +1,221 @@ +CVE-2006-4731 (Directory traversal vulnerability in login.pl in (1) SQL-Ledger before ...) + TODO: check +CVE-2006-4730 + RESERVED +CVE-2006-4729 + RESERVED +CVE-2006-4728 + RESERVED +CVE-2006-4727 + RESERVED +CVE-2006-4726 + RESERVED +CVE-2006-4725 + RESERVED +CVE-2006-4724 + RESERVED +CVE-2006-4723 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board ...) + TODO: check +CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro Sports ...) + TODO: check +CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO ...) + TODO: check +CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb ...) + TODO: check +CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in ...) + TODO: check +CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie module ...) + TODO: check +CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in Fire Soft ...) + TODO: check +CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo ...) + TODO: check +CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in SpoonLabs ...) + TODO: check +CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA ...) + TODO: check +CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow ...) + TODO: check +CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow ...) + TODO: check +CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator ...) + TODO: check +CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b allows ...) + TODO: check +CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...) + TODO: check +CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php (aka the ...) + TODO: check +CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) + TODO: check +CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic ...) + TODO: check +CVE-2006-4704 + RESERVED +CVE-2006-4703 + RESERVED +CVE-2006-4702 + RESERVED +CVE-2006-4701 + RESERVED +CVE-2006-4700 + RESERVED +CVE-2006-4699 + RESERVED +CVE-2006-4698 + RESERVED +CVE-2006-4697 + RESERVED +CVE-2006-4696 + RESERVED +CVE-2006-4695 + RESERVED +CVE-2006-4694 + RESERVED +CVE-2006-4693 + RESERVED +CVE-2006-4692 + RESERVED +CVE-2006-4691 + RESERVED +CVE-2006-4690 + RESERVED +CVE-2006-4689 + RESERVED +CVE-2006-4688 + RESERVED +CVE-2006-4687 + RESERVED +CVE-2006-4686 + RESERVED +CVE-2006-4685 + RESERVED +CVE-2006-4684 + RESERVED +CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...) + TODO: check +CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM Director ...) + TODO: check +CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords ...) + TODO: check +CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, ...) + TODO: check +CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...) + TODO: check +CVE-2006-4677 (** DISPUTED ** ...) + TODO: check +CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and ...) + TODO: check +CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in ...) + TODO: check +CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki ...) + TODO: check +CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion ...) + TODO: check +CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...) + TODO: check +CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in Fantastic ...) + TODO: check +CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn ...) + TODO: check +CVE-2006-4669 (PHP remote file inclusion vulnerability in admin/system/include.php in ...) + TODO: check +CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley ...) + TODO: check +CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote ...) + TODO: check +CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in WM-News 0.5 ...) + TODO: check +CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...) + TODO: check +CVE-2006-4664 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-4663 (** DISPUTED ** ...) + TODO: check +CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ ...) + TODO: check +CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not ...) + TODO: check +CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed ...) + TODO: check +CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...) + TODO: check +CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses ...) + TODO: check +CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...) + TODO: check +CVE-2006-4656 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD extension in X ...) + TODO: check +CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2 allows ...) + TODO: check +CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll store ...) + TODO: check +CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have a ...) + TODO: check +CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and possibly ...) + TODO: check +CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the ...) + TODO: check +CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo News ...) + TODO: check +CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News ...) + TODO: check +CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 ...) + TODO: check +CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto ...) + TODO: check +CVE-2006-4645 (PHP remote file inclusion vulnerability in akarru.gui/main_content.php ...) + TODO: check +CVE-2006-4644 (PHP remote file inclusion vulnerability in modules/home.module.php in ...) + TODO: check +CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert ...) + TODO: check +CVE-2006-4642 (AuditWizard 6.3.2, when using "Remote Audit," logs the administrator ...) + TODO: check +CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal ...) + TODO: check +CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...) + TODO: check +CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...) + TODO: check +CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...) + TODO: check +CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 ...) + TODO: check +CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and ...) + TODO: check +CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and possibly ...) + TODO: check +CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows ...) + TODO: check +CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote attackers ...) + TODO: check +CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly ...) + TODO: check +CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php in ...) + TODO: check +CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING ...) + TODO: check +CVE-2006-4629 (PHP remote file inclusion vulnerability in affichage/commentaires.php ...) + TODO: check +CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows ...) + TODO: check +CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed via ...) + TODO: check +CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before ...) + TODO: check +CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...) + TODO: check +CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 ...) + TODO: check +CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation ...) + TODO: check CVE-2006-XXXX [gnutls signature forgery] NOTE: GNUTLS-SA-2006-4 NOTE: fix for gnutls13 reverted in 1.4.3-2 @@ -15,7 +233,7 @@ CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap NOT-FOR-US: Pheap CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with ...) NOT-FOR-US: Alt-N WebAdmin -CVE-2006-4619 (The start update window in Avira AntiVir PersonalEdition Classic ...) +CVE-2006-4619 (The start update window in update.exe in Avira AntiVir PersonalEdition ...) NOT-FOR-US: Avira CVE-2006-4618 (PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in ...) - libphp-adodb <not-affected> (vulnerable code seems to be In-link specific) @@ -132,7 +350,7 @@ CVE-2006-4565 RESERVED CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple ...) NOT-FOR-US: Simple Machines Forum -CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...) +CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines before ...) NOT-FOR-US: PHP-Nuke CVE-2006-4562 (** DISPUTED ** ...) NOT-FOR-US: Symantec @@ -507,31 +725,31 @@ CVE-2006-4391 RESERVED CVE-2006-4390 RESERVED -CVE-2006-4389 - RESERVED -CVE-2006-4388 - RESERVED +CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to ...) + TODO: check +CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) + TODO: check CVE-2006-4387 RESERVED -CVE-2006-4386 - RESERVED -CVE-2006-4385 - RESERVED -CVE-2006-4384 - RESERVED +CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) + TODO: check +CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) + TODO: check +CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...) + TODO: check CVE-2006-4383 RESERVED -CVE-2006-4382 - RESERVED -CVE-2006-4381 - RESERVED +CVE-2006-4382 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) + TODO: check +CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) + TODO: check CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...) {DSA-1169} - mysql-dfsg-5.0 <not-affected> (only 4.1 affected) - mysql-dfsg <not-affected> (only 4.1 affected) - mysql-dfsg-4.1 <removed> -CVE-2006-4379 - RESERVED +CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...) + TODO: check CVE-2006-4378 (** DISPUTED ** ...) NOT-FOR-US: Rssxt component for Joomla! (com_rssxt) CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...) @@ -607,7 +825,7 @@ CVE-2006-4343 CVE-2006-4342 RESERVED CVE-2006-4341 - RESERVED + REJECTED CVE-2006-4340 RESERVED CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...) @@ -694,7 +912,7 @@ CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 NOT-FOR-US: Solaris CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote ...) - maxdb-7.5.00 <unfixed> (high; bug #386182) -CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1 and ...) +CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...) NOT-FOR-US: FreeBSD NetBSD CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...) NOT-FOR-US: Solaris @@ -714,8 +932,8 @@ CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ... NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...) NOT-FOR-US: Panda ActiveScan -CVE-2006-4294 - RESERVED +CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 ...) + TODO: check CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...) NOT-FOR-US: cPanel CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...) @@ -960,7 +1178,7 @@ CVE-2006-4182 CVE-2006-4181 RESERVED CVE-2006-4180 - RESERVED + REJECTED CVE-2006-4179 RESERVED CVE-2006-4178 @@ -1619,8 +1837,8 @@ CVE-2006-3875 RESERVED CVE-2006-3874 RESERVED -CVE-2006-3873 - RESERVED +CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...) + TODO: check CVE-2006-3872 RESERVED CVE-2006-3871 @@ -1936,7 +2154,7 @@ CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site a NOT-FOR-US: Diesel Joke Site CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to ...) NOT-FOR-US: Touch Control ActiveX control -CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/function_post.php in ...) +CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...) NOT-FOR-US: MyBB CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: MyBB @@ -2330,9 +2548,9 @@ CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allow NOT-FOR-US: Microsoft PowerPoint CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure ...) NOT-FOR-US: VMware -CVE-2006-3588 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0 allows ...) +CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) NOT-FOR-US: Macromedia Flash Player 8 -CVE-2006-3587 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0 allows ...) +CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...) NOT-FOR-US: Macromedia Flash Player 8 CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...) NOT-FOR-US: Jetbox CMS @@ -2633,8 +2851,8 @@ CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 NOT-FOR-US: Microsoft CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows ...) NOT-FOR-US: Microsoft -CVE-2006-3442 - RESERVED +CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM) in ...) + TODO: check CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP ...) @@ -2916,8 +3134,8 @@ CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft NOT-FOR-US: Netsoft smartNet CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and ...) NOT-FOR-US: QaTraq -CVE-2006-3311 - RESERVED +CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...) + TODO: check CVE-2006-3310 RESERVED CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...) @@ -4368,8 +4586,8 @@ CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5 NOTE: tempnam function is taking unsanitized input, it's an NOTE: application error - php5 5.1.6-1 (low) -CVE-2006-2658 - RESERVED +CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in ...) + TODO: check CVE-2006-2657 REJECTED CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...) @@ -4749,8 +4967,8 @@ CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in IceWarp NOT-FOR-US: IceWarp CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in ...) NOT-FOR-US: Squirrelcart -CVE-2006-2482 - RESERVED +CVE-2006-2482 (Heap-based buffer overflow in ZipTV for Delphi 7 2006.1.26 and for C++ ...) + TODO: check CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...) NOT-FOR-US: VMware ESX CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted ...) @@ -10393,8 +10611,8 @@ CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildConte NOT-FOR-US: Microsoft CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) NOT-FOR-US: Microsoft -CVE-2006-0032 - RESERVED +CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing Service in ...) + TODO: check CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, ...) NOT-FOR-US: Microsoft CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) @@ -10454,5 +10672,5 @@ CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, w NOT-FOR-US: RDS.Dataspace CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, ...) NOT-FOR-US: Microsoft -CVE-2006-0001 - RESERVED +CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 ...) + TODO: check |