diff options
author | Joey Hess <joeyh@debian.org> | 2006-12-11 08:14:15 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2006-12-11 08:14:15 +0000 |
commit | ed68113f25dd5f4fc322d3f2e7c41e1bae0fdd59 (patch) | |
tree | ec16d0d8d43bd7116da24daaf8e57bb6869b7d19 /data/CVE | |
parent | e8da3eb11674da489e2b861e3bb2cbe033990b31 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5105 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2000.list | 2 | ||||
-rw-r--r-- | data/CVE/2005.list | 4 | ||||
-rw-r--r-- | data/CVE/2006.list | 205 |
3 files changed, 191 insertions, 20 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list index 7607216538..43c0c9c253 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -1,3 +1,5 @@ +CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a ...) + TODO: check CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 5328cdc1fa..a55751f95b 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -4150,7 +4150,7 @@ CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6 - linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium) CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...) NOT-FOR-US: jportal -CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA allows ...) +CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA, as ...) NOT-FOR-US: 7-Zip CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: PhpMyFaq @@ -6639,7 +6639,7 @@ CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attack - tor 0.0.9.10-1 (medium) CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...) NOT-FOR-US: Duware -CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...) +CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and ...) NOT-FOR-US: Duware CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...) NOT-FOR-US: Duware diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 482fefb4f8..78e185dfc0 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -1,4 +1,176 @@ -CVE-2006-6385 [intel NIC driver privilege escalation] +CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in DUware ...) + TODO: check +CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows ...) + TODO: check +CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in ...) + TODO: check +CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles ...) + TODO: check +CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk ...) + TODO: check +CVE-2006-6450 (Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in ...) + TODO: check +CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under the ...) + TODO: check +CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and ...) + TODO: check +CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...) + TODO: check +CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4, ...) + TODO: check +CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...) + TODO: check +CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and ...) + TODO: check +CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print ...) + TODO: check +CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the ...) + TODO: check +CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) + TODO: check +CVE-2006-6440 (Multple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre ...) + TODO: check +CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) + TODO: check +CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...) + TODO: check +CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, ...) + TODO: check +CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network controller in ...) + TODO: check +CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before ...) + TODO: check +CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox ...) + TODO: check +CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) + TODO: check +CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in Xerox ...) + TODO: check +CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro ...) + TODO: check +CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before ...) + TODO: check +CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) + TODO: check +CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...) + TODO: check +CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro before ...) + TODO: check +CVE-2006-6426 (PHP remote file inclusion vulnerability in design/thinkedit/render.php ...) + TODO: check +CVE-2006-6425 + RESERVED +CVE-2006-6424 + RESERVED +CVE-2006-6423 + RESERVED +CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ...) + TODO: check +CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box ...) + TODO: check +CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the ...) + TODO: check +CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content ...) + TODO: check +CVE-2006-6418 (Unspecified vulnerability in the POSIX Threads library (libpthread) on ...) + TODO: check +CVE-2006-6417 (PHP remote file inclusion vulnerability in ...) + TODO: check +CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - ...) + TODO: check +CVE-2006-6415 (** DISPUTED ** ...) + TODO: check +CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye ...) + TODO: check +CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and ...) + TODO: check +CVE-2006-6412 + RESERVED +CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows ...) + TODO: check +CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local ...) + TODO: check +CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...) + TODO: check +CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote ...) + TODO: check +CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote ...) + TODO: check +CVE-2006-6406 (ClamAV 0.88.6 allows remote attackers to bypass virus detection by ...) + TODO: check +CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...) + TODO: check +CVE-2006-6404 + RESERVED +CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...) + TODO: check +CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...) + TODO: check +CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in ...) + TODO: check +CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...) + TODO: check +CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 ...) + TODO: check +CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios ...) + TODO: check +CVE-2006-6397 (** DISPUTED ** ...) + TODO: check +CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and ...) + TODO: check +CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...) + TODO: check +CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas ...) + TODO: check +CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera ...) + TODO: check +CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka ...) + TODO: check +CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution ...) + TODO: check +CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution ...) + TODO: check +CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...) + TODO: check +CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in ...) + TODO: check +CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management ...) + TODO: check +CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...) + TODO: check +CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...) + TODO: check +CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...) + TODO: check +CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...) + TODO: check +CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...) + TODO: check +CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate ...) + TODO: check +CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...) + TODO: check +CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with ...) + TODO: check +CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root ...) + TODO: check +CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File ...) + TODO: check +CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...) + TODO: check +CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...) + TODO: check +CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...) + TODO: check +CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB ...) + TODO: check +CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in ...) + TODO: check +CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision ...) + TODO: check +CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and ...) - linux-2.6 <not-affected> (Affects only Windows despite other claims) CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...) TODO: check @@ -68,13 +240,12 @@ CVE-2006-6336 RESERVED CVE-2006-6335 RESERVED -CVE-2006-6334 - RESERVED +CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...) + TODO: check CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...) - linux-2.6 <unfixed> [etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18) -CVE-2006-6332 [madwifi code injection] - RESERVED +CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in ...) - madwifi 1:0.9.2+r1842.20061207-1 (high) [etch] - madwifi <no-dsa> (Non-free not supported) CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is ...) @@ -141,7 +312,7 @@ CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management TODO: check CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...) TODO: check -CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3, ...) +CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, ...) TODO: check CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...) TODO: check @@ -278,7 +449,7 @@ CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in ...) NOT-FOR-US: Woltlab Burning Board Lite CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...) TODO: check -CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) before 1.2.1 allows ...) +CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...) {DSA-1231-1} - gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914) - gnupg2 2.0.0-5.2 (high; bug #401895; bug #401913) @@ -308,8 +479,8 @@ CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Applian NOT-FOR-US: Google Search Appliance CVE-2006-6222 RESERVED -CVE-2006-6221 - RESERVED +CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...) + TODO: check CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...) NOT-FOR-US: Recipes Complete Website CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) @@ -336,7 +507,7 @@ CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping C NOT-FOR-US: MidiCart ASP Shopping Cart CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds ...) NOT-FOR-US: Enthreallweb eClassifieds -CVE-2006-6207 (SQL injection vulnerability in products.asp in Evolve shopping cart ...) +CVE-2006-6207 (** DISPUTED ** ...) NOT-FOR-US: Evolve Merchant CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping ...) NOT-FOR-US: WarHound General Shopping Cart @@ -1047,8 +1218,7 @@ CVE-2006-5876 RESERVED CVE-2006-5875 RESERVED -CVE-2006-5874 [clamav mime64 DoS] - RESERVED +CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ...) {DSA-1232-1} - clamav 0.86-1 CVE-2006-5873 [l2tpns Heartbeat Packets Buffer Overflow Vulnerability] @@ -1121,7 +1291,7 @@ CVE-2006-5842 (The keystore file in Unicore Client before 5.6 build 5, when runn NOT-FOR-US: Unicore CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in ...) NOT-FOR-US: DodosMail -CVE-2006-5840 (Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow ...) +CVE-2006-5840 (** DISPUTED ** ...) NOT-FOR-US: Abarcar Realty Portal CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure ...) NOT-FOR-US: PHPAdventure @@ -1272,7 +1442,7 @@ CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in FreeWebsho NOT-FOR-US: FreeWebshop CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 ...) NOT-FOR-US: Arkoon SSL360 -CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in Mobile allow ...) +CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...) NOT-FOR-US: Mobile CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS ...) NOT-FOR-US: admin.tool CMS @@ -1539,7 +1709,7 @@ CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus NOT-FOR-US: Sophos CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...) NOT-FOR-US: Sophos -CVE-2006-5645 (Unspecified vulnerability in Sophos Anti-Virus and Endpoint Security ...) +CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...) NOT-FOR-US: Sophos CVE-2006-5644 RESERVED @@ -4515,7 +4685,7 @@ CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.p NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...) NOT-FOR-US: NES Game and NES System -CVE-2006-4286 (PHP remote file inclusion vulnerability in contentpublisher.php in the ...) +CVE-2006-4286 (** DISPUTED ** ...) NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...) NOT-FOR-US: Fantastic News @@ -4603,8 +4773,7 @@ CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allo CVE-2006-4250 [buffer overflow in man-db] RESERVED - man-db 2.4.3-5 -CVE-2006-4249 [plone group creation privilege escalation] - RESERVED +CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ...) - zope-cmfplone <unfixed> (bug #401796) [sarge] - zope-cmfplone <not-affected> (Vulnerable code not present) CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows ...) |