aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authorremko <remko@FreeBSD.org>2006-09-14 05:53:26 +0800
committerremko <remko@FreeBSD.org>2006-09-14 05:53:26 +0800
commit28fd2abc5dfbfaa81c3f6cc98ac711d1f6d48201 (patch)
tree81f22eca4c3b58372fbdd3428697b3659447df75 /security/vuxml
parent58e801b8a9fadadca8d4727b7e04cee3fbedce98 (diff)
downloadfreebsd-ports-gnome-28fd2abc5dfbfaa81c3f6cc98ac711d1f6d48201.tar.gz
freebsd-ports-gnome-28fd2abc5dfbfaa81c3f6cc98ac711d1f6d48201.tar.zst
freebsd-ports-gnome-28fd2abc5dfbfaa81c3f6cc98ac711d1f6d48201.zip
Document php -- multiple vulnerabilities
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml1541
1 files changed, 802 insertions, 739 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 8f79da2fc62f..51a69575ac71 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,69 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="ea09c5df-4362-11db-81e1-000e0c2e438a">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php4</name>
+ <name>php5</name>
+ <range><lt>4.4.4</lt></range>
+ <range><ge>5</ge><lt>5.1.5</lt></range>
+ </package>
+ <package>
+ <name>php4-cli</name>
+ <name>php5-cli</name>
+ <name>php4-cgi</name>
+ <name>php5-cgi</name>
+ <name>php4-dtc</name>
+ <name>php5-dtc</name>
+ <name>php4-horde</name>
+ <name>php5-horde</name>
+ <name>php4-nms</name>
+ <name>php5-nms</name>
+ <name>mod-php4</name>
+ <name>mod-php5</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP development team reports:</p>
+ <blockquote cite="http://www.php.net/release_5_1_5.php">
+ <ul>
+ <li>Added missing safe_mode/open_basedir checks inside the
+ error_log(), file_exists(), imap_open() and imap_reopen()
+ functions.</li>
+ <li>Fixed overflows inside str_repeat() and wordwrap()
+ functions on 64bit systems.</li>
+ <li>Fixed possible open_basedir/safe_mode bypass in cURL
+ extension and with realpath cache.</li>
+ <li>Fixed overflow in GD extension on invalid GIF
+ images.</li>
+ <li>Fixed a buffer overflow inside sscanf() function.</li>
+ <li>Fixed an out of bounds read inside stripos()
+ function.</li>
+ <li>Fixed memory_limit restriction on 64 bit system.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2006-4481</cvename>
+ <cvename>CVE-2006-4482</cvename>
+ <cvename>CVE-2006-4483</cvename>
+ <cvename>CVE-2006-4484</cvename>
+ <cvename>CVE-2006-4485</cvename>
+ <cvename>CVE-2006-4486</cvename>
+ <url>http://www.php.net/release_4_4_4.php</url>
+ <url>http://www.php.net/release_5_1_5.php</url>
+ </references>
+ <dates>
+ <discovery>2006-09-FIXME</discovery>
+ <entry>2006-09-13</entry>
+ </dates>
+ </vuln>
+
<vuln vid="c0fd7890-4346-11db-89cc-000ae42e9b93">
<topic>drupal-pubcookie -- authentication may be bypassed</topic>
<affects>
@@ -2564,764 +2627,764 @@ Note: Please add new entries to the beginning of this file.
<references>
<cvename>CVE-2006-1329</cvename>
<url>http://article.gmane.org/gmane.network.jabber.admin/27372</url>
- <url>http://jabberstudio.org/projects/jabberd2/releases/view.php?id=826</url>
- <url>http://secunia.com/advisories/19281/</url>
- </references>
- <dates>
- <discovery>2006-03-20</discovery>
- <entry>2006-05-01</entry>
- </dates>
- </vuln>
+<url>http://jabberstudio.org/projects/jabberd2/releases/view.php?id=826</url>
+<url>http://secunia.com/advisories/19281/</url>
+</references>
+<dates>
+<discovery>2006-03-20</discovery>
+<entry>2006-05-01</entry>
+</dates>
+</vuln>
- <vuln vid="79c1154d-d5a5-11da-8098-00123ffe8333">
- <topic>cacti -- ADOdb "server.php" Insecure Test Script Security Issue</topic>
- <affects>
- <package>
- <name>cacti</name>
- <range><lt>0.8.6h</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Secunia reports:</p>
- <blockquote cite="http://secunia.com/advisories/18276/">
- <p>Cacti have a security issue, which can be exploited by malicious
- people to execute arbitrary SQL code and potentially compromise a
- vulnerable system.</p>
- <p>The problem is caused due to the presence of the insecure
- "server.php" test script.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <url>http://secunia.com/advisories/18276/</url>
- <url>http://secunia.com/advisories/17418/</url>
- </references>
- <dates>
- <discovery>2006-01-09</discovery>
- <entry>2006-04-27</entry>
- </dates>
- </vuln>
+<vuln vid="79c1154d-d5a5-11da-8098-00123ffe8333">
+<topic>cacti -- ADOdb "server.php" Insecure Test Script Security Issue</topic>
+<affects>
+<package>
+<name>cacti</name>
+<range><lt>0.8.6h</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Secunia reports:</p>
+<blockquote cite="http://secunia.com/advisories/18276/">
+ <p>Cacti have a security issue, which can be exploited by malicious
+ people to execute arbitrary SQL code and potentially compromise a
+ vulnerable system.</p>
+ <p>The problem is caused due to the presence of the insecure
+ "server.php" test script.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<url>http://secunia.com/advisories/18276/</url>
+<url>http://secunia.com/advisories/17418/</url>
+</references>
+<dates>
+<discovery>2006-01-09</discovery>
+<entry>2006-04-27</entry>
+</dates>
+</vuln>
- <vuln vid="dc930435-d59f-11da-8098-00123ffe8333">
- <topic>amaya -- Attribute Value Buffer Overflow Vulnerabilities</topic>
- <affects>
- <package>
- <name>amaya</name>
- <range><lt>9.5</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Secunia reports:</p>
- <blockquote cite="http://secunia.com/advisories/19670/">
- <p>Amaya have two vulnerabilities, which can be exploited by
- malicious people to compromise a user's system.</p>
- <p>The vulnerabilities are caused due to boundary errors within the
- parsing of various attribute values. This can be exploited to cause
- stack-based buffer overflows when a user opens a specially crafted
- HTML document containing certain tags with overly long attribute
- values.</p>
- <p>Successful exploitation allows execution of arbitrary code.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2006-1900</cvename>
- <url>http://morph3us.org/advisories/20060412-amaya-94.txt</url>
- <url>http://morph3us.org/advisories/20060412-amaya-94-2.txt</url>
- <url>http://secunia.com/advisories/19670/</url>
- </references>
- <dates>
- <discovery>2006-04-14</discovery>
- <entry>2006-04-27</entry>
- </dates>
- </vuln>
+<vuln vid="dc930435-d59f-11da-8098-00123ffe8333">
+<topic>amaya -- Attribute Value Buffer Overflow Vulnerabilities</topic>
+<affects>
+<package>
+<name>amaya</name>
+<range><lt>9.5</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Secunia reports:</p>
+<blockquote cite="http://secunia.com/advisories/19670/">
+ <p>Amaya have two vulnerabilities, which can be exploited by
+ malicious people to compromise a user's system.</p>
+ <p>The vulnerabilities are caused due to boundary errors within the
+ parsing of various attribute values. This can be exploited to cause
+ stack-based buffer overflows when a user opens a specially crafted
+ HTML document containing certain tags with overly long attribute
+ values.</p>
+ <p>Successful exploitation allows execution of arbitrary code.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<cvename>CVE-2006-1900</cvename>
+<url>http://morph3us.org/advisories/20060412-amaya-94.txt</url>
+<url>http://morph3us.org/advisories/20060412-amaya-94-2.txt</url>
+<url>http://secunia.com/advisories/19670/</url>
+</references>
+<dates>
+<discovery>2006-04-14</discovery>
+<entry>2006-04-27</entry>
+</dates>
+</vuln>
- <vuln vid="116b0820-d59c-11da-8098-00123ffe8333">
- <topic>lifetype -- ADOdb "server.php" Insecure Test Script Security Issue</topic>
- <affects>
- <package>
- <name>lifetype</name>
- <range><lt>1.0.3</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Secunia reports:</p>
- <blockquote cite="http://secunia.com/advisories/19699/">
- <p>A security issue has been discovered in LifeType, which can be
- exploited by malicious people to execute arbitrary SQL code and
- potentially compromise a vulnerable system.</p>
- <p>The problem is caused due to the presence of the insecure
- "server.php" test script.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2006-0146</cvename>
- <url>http://secunia.com/advisories/19699/</url>
- <url>http://secunia.com/advisories/17418/</url>
- </references>
- <dates>
- <discovery>2006-04-19</discovery>
- <entry>2006-04-27</entry>
- </dates>
- </vuln>
+<vuln vid="116b0820-d59c-11da-8098-00123ffe8333">
+<topic>lifetype -- ADOdb "server.php" Insecure Test Script Security Issue</topic>
+<affects>
+<package>
+<name>lifetype</name>
+<range><lt>1.0.3</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Secunia reports:</p>
+<blockquote cite="http://secunia.com/advisories/19699/">
+ <p>A security issue has been discovered in LifeType, which can be
+ exploited by malicious people to execute arbitrary SQL code and
+ potentially compromise a vulnerable system.</p>
+ <p>The problem is caused due to the presence of the insecure
+ "server.php" test script.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<cvename>CVE-2006-0146</cvename>
+<url>http://secunia.com/advisories/19699/</url>
+<url>http://secunia.com/advisories/17418/</url>
+</references>
+<dates>
+<discovery>2006-04-19</discovery>
+<entry>2006-04-27</entry>
+</dates>
+</vuln>
- <vuln vid="21c223f2-d596-11da-8098-00123ffe8333">
- <topic>ethereal -- Multiple Protocol Dissector Vulnerabilities</topic>
- <affects>
- <package>
- <name>ethereal</name>
- <name>ethereal-lite</name>
- <name>tethereal</name>
- <name>tethereal-lite</name>
- <range><ge>0.8.5</ge><lt>0.99.0</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Secunia reports:</p>
- <blockquote cite="http://secunia.com/advisories/19769/">
- <p>Multiple vulnerabilities have been reported in Ethereal, which
- can be exploited by malicious people to cause a DoS (Denial of
- Service) or compromise a vulnerable system.</p>
- <p>The vulnerabilities are caused due to various types of errors
- including boundary errors, an off-by-one error, an infinite loop
- error, and several unspecified errors in a multitude of protocol
- dissectors.</p>
- <p>Successful exploitation causes Ethereal to stop responding,
- consume a large amount of system resources, crash, or execute
- arbitrary code.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2006-1932</cvename>
- <cvename>CVE-2006-1933</cvename>
- <cvename>CVE-2006-1934</cvename>
- <cvename>CVE-2006-1935</cvename>
- <cvename>CVE-2006-1936</cvename>
- <cvename>CVE-2006-1937</cvename>
- <cvename>CVE-2006-1938</cvename>
- <cvename>CVE-2006-1939</cvename>
- <cvename>CVE-2006-1940</cvename>
- <url>http://www.ethereal.com/appnotes/enpa-sa-00023.html</url>
- <url>http://secunia.com/advisories/19769/</url>
- </references>
- <dates>
- <discovery>2006-04-25</discovery>
- <entry>2006-04-27</entry>
- </dates>
- </vuln>
+<vuln vid="21c223f2-d596-11da-8098-00123ffe8333">
+<topic>ethereal -- Multiple Protocol Dissector Vulnerabilities</topic>
+<affects>
+<package>
+<name>ethereal</name>
+<name>ethereal-lite</name>
+<name>tethereal</name>
+<name>tethereal-lite</name>
+<range><ge>0.8.5</ge><lt>0.99.0</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Secunia reports:</p>
+<blockquote cite="http://secunia.com/advisories/19769/">
+ <p>Multiple vulnerabilities have been reported in Ethereal, which
+ can be exploited by malicious people to cause a DoS (Denial of
+ Service) or compromise a vulnerable system.</p>
+ <p>The vulnerabilities are caused due to various types of errors
+ including boundary errors, an off-by-one error, an infinite loop
+ error, and several unspecified errors in a multitude of protocol
+ dissectors.</p>
+ <p>Successful exploitation causes Ethereal to stop responding,
+ consume a large amount of system resources, crash, or execute
+ arbitrary code.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<cvename>CVE-2006-1932</cvename>
+<cvename>CVE-2006-1933</cvename>
+<cvename>CVE-2006-1934</cvename>
+<cvename>CVE-2006-1935</cvename>
+<cvename>CVE-2006-1936</cvename>
+<cvename>CVE-2006-1937</cvename>
+<cvename>CVE-2006-1938</cvename>
+<cvename>CVE-2006-1939</cvename>
+<cvename>CVE-2006-1940</cvename>
+<url>http://www.ethereal.com/appnotes/enpa-sa-00023.html</url>
+<url>http://secunia.com/advisories/19769/</url>
+</references>
+<dates>
+<discovery>2006-04-25</discovery>
+<entry>2006-04-27</entry>
+</dates>
+</vuln>
- <vuln vid="8b683bea-d49c-11da-a672-000e0c2e438a">
- <topic>asterisk -- denial of service vulnerability, local system access</topic>
- <affects>
- <package>
- <name>asterisk</name>
- <range><lt>1.2.7</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Emmanouel Kellenis reports a denial of service vulnerability
- within asterisk. The vulnerability is caused by a buffer
- overflow in "format_jpeg.c". A large JPEG image could
- trigger this bug, potentially allowing a local attacker to
- execute arbitrary code.</p>
- </body>
- </description>
- <references>
- <bid>17561</bid>
- <cvename>CVE-2006-1827</cvename>
- <url>http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory</url>
- </references>
- <dates>
- <discovery>2006-04-07</discovery>
- <entry>2006-04-25</entry>
- </dates>
- </vuln>
+<vuln vid="8b683bea-d49c-11da-a672-000e0c2e438a">
+<topic>asterisk -- denial of service vulnerability, local system access</topic>
+<affects>
+<package>
+<name>asterisk</name>
+<range><lt>1.2.7</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Emmanouel Kellenis reports a denial of service vulnerability
+ within asterisk. The vulnerability is caused by a buffer
+ overflow in "format_jpeg.c". A large JPEG image could
+ trigger this bug, potentially allowing a local attacker to
+ execute arbitrary code.</p>
+</body>
+</description>
+<references>
+<bid>17561</bid>
+<cvename>CVE-2006-1827</cvename>
+<url>http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory</url>
+</references>
+<dates>
+<discovery>2006-04-07</discovery>
+<entry>2006-04-25</entry>
+</dates>
+</vuln>
- <vuln vid="a813a219-d2d4-11da-a672-000e0c2e438a">
- <topic>zgv, xzgv -- heap overflow vulnerability</topic>
- <affects>
- <package>
- <name>zgv</name>
- <range><gt>0</gt></range>
- </package>
- <package>
- <name>xzgv</name>
- <range><gt>0</gt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Gentoo reports:</p>
- <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml">
- <p>Andrea Barisani of Gentoo Linux discovered xzgv and zgv
- allocate insufficient memory when rendering images with
- more than 3 output components, such as images using the
- YCCK or CMYK colour space. When xzgv or zgv attempt to
- render the image, data from the image overruns a heap
- allocated buffer.</p>
- <p>An attacker may be able to construct a malicious image that
- executes arbitrary code with the permissions of the xzgv or
- zgv user when attempting to render the image.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <bid>17409</bid>
- <cvename>CVE-2006-1060</cvename>
- <url>http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml</url>
- </references>
- <dates>
- <discovery>2006-04-21</discovery>
- <entry>2006-04-23</entry>
- </dates>
- </vuln>
+<vuln vid="a813a219-d2d4-11da-a672-000e0c2e438a">
+<topic>zgv, xzgv -- heap overflow vulnerability</topic>
+<affects>
+<package>
+<name>zgv</name>
+<range><gt>0</gt></range>
+</package>
+<package>
+<name>xzgv</name>
+<range><gt>0</gt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Gentoo reports:</p>
+<blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml">
+ <p>Andrea Barisani of Gentoo Linux discovered xzgv and zgv
+ allocate insufficient memory when rendering images with
+ more than 3 output components, such as images using the
+ YCCK or CMYK colour space. When xzgv or zgv attempt to
+ render the image, data from the image overruns a heap
+ allocated buffer.</p>
+ <p>An attacker may be able to construct a malicious image that
+ executes arbitrary code with the permissions of the xzgv or
+ zgv user when attempting to render the image.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<bid>17409</bid>
+<cvename>CVE-2006-1060</cvename>
+<url>http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml</url>
+</references>
+<dates>
+<discovery>2006-04-21</discovery>
+<entry>2006-04-23</entry>
+</dates>
+</vuln>
- <vuln vid="86cc5c6f-d2b4-11da-a672-000e0c2e438a">
- <topic>crossfire-server -- denial of service and remote code execution vulnerability</topic>
- <affects>
- <package>
- <name>crossfire-server</name>
- <range><lt>1.9.0</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>FRSIRT reports:</p>
- <blockquote cite="http://www.frsirt.com/english/advisories/2006/0760">
- <p>A vulnerability has been identified in CrossFire, which
- could be exploited by remote attackers to execute arbitrary
- commands or cause a denial of service. This flaw is due to
- a buffer overflow error in the "oldsocketmode" module that
- fails to properly handle overly large requests, which could
- be exploited by a malicious client to crash or compromise a
- vulnerable system.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <bid>16883</bid>
- <cvename>CVE-2006-1010</cvename>
- <url>http://www.frsirt.com/english/advisories/2006/0760</url>
- </references>
- <dates>
- <discovery>2006-02-28</discovery>
- <entry>2006-04-23</entry>
- </dates>
- </vuln>
+<vuln vid="86cc5c6f-d2b4-11da-a672-000e0c2e438a">
+<topic>crossfire-server -- denial of service and remote code execution vulnerability</topic>
+<affects>
+<package>
+<name>crossfire-server</name>
+<range><lt>1.9.0</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>FRSIRT reports:</p>
+<blockquote cite="http://www.frsirt.com/english/advisories/2006/0760">
+ <p>A vulnerability has been identified in CrossFire, which
+ could be exploited by remote attackers to execute arbitrary
+ commands or cause a denial of service. This flaw is due to
+ a buffer overflow error in the "oldsocketmode" module that
+ fails to properly handle overly large requests, which could
+ be exploited by a malicious client to crash or compromise a
+ vulnerable system.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<bid>16883</bid>
+<cvename>CVE-2006-1010</cvename>
+<url>http://www.frsirt.com/english/advisories/2006/0760</url>
+</references>
+<dates>
+<discovery>2006-02-28</discovery>
+<entry>2006-04-23</entry>
+</dates>
+</vuln>
- <vuln vid="8cfb6f42-d2b0-11da-a672-000e0c2e438a">
- <topic>p5-DBI -- insecure temporary file creation vulnerability</topic>
- <affects>
- <package>
- <name>p5-DBI-137</name>
- <range><ge>0</ge></range>
- </package>
- <package>
- <name>p5-DBI</name>
- <range><lt>1.37_1</lt></range>
- <range><ge>1.38</ge><lt>1.48</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Javier Fernández-Sanguino Peña reports:</p>
- <blockquote cite="http://www.debian.org/security/2005/dsa-658">
- <p>The DBI library, the Perl5 database interface, creates a
- temporary PID file in an insecure manner. This can be
- exploited by a malicious user to overwrite arbitrary files
- owned by the person executing the parts of the library.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <bid>12360</bid>
- <cvename>CAN-2005-0077</cvename>
- <url>http://www.debian.org/security/2005/dsa-658</url>
- </references>
- <dates>
- <discovery>2005-01-25</discovery>
- <entry>2006-04-23</entry>
- <modified>2006-05-11</modified>
- </dates>
- </vuln>
+<vuln vid="8cfb6f42-d2b0-11da-a672-000e0c2e438a">
+<topic>p5-DBI -- insecure temporary file creation vulnerability</topic>
+<affects>
+<package>
+<name>p5-DBI-137</name>
+<range><ge>0</ge></range>
+</package>
+<package>
+<name>p5-DBI</name>
+<range><lt>1.37_1</lt></range>
+<range><ge>1.38</ge><lt>1.48</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Javier Fernández-Sanguino Peña reports:</p>
+<blockquote cite="http://www.debian.org/security/2005/dsa-658">
+ <p>The DBI library, the Perl5 database interface, creates a
+ temporary PID file in an insecure manner. This can be
+ exploited by a malicious user to overwrite arbitrary files
+ owned by the person executing the parts of the library.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<bid>12360</bid>
+<cvename>CAN-2005-0077</cvename>
+<url>http://www.debian.org/security/2005/dsa-658</url>
+</references>
+<dates>
+<discovery>2005-01-25</discovery>
+<entry>2006-04-23</entry>
+<modified>2006-05-11</modified>
+</dates>
+</vuln>
- <vuln vid="e0b342a1-d2ae-11da-a672-000e0c2e438a">
- <topic>wordpress -- full path disclosure</topic>
- <affects>
- <package>
- <name>wordpress</name>
- <range><lt>1.5.2</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Dedi Dwianto reports:</p>
- <blockquote cite="http://echo.or.id/adv/adv24-theday-2005.txt">
- <p>A remote user can access the file directly to cause the
- system to display an error message that indicates the
- installation path. The resulting error message will
- disclose potentially sensitive installation path
- information to the remote attacker.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2005-4463</cvename>
- <url>http://echo.or.id/adv/adv24-theday-2005.txt</url>
- </references>
- <dates>
- <discovery>2005-12-20</discovery>
- <entry>2006-04-23</entry>
- </dates>
- </vuln>
+<vuln vid="e0b342a1-d2ae-11da-a672-000e0c2e438a">
+<topic>wordpress -- full path disclosure</topic>
+<affects>
+<package>
+<name>wordpress</name>
+<range><lt>1.5.2</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Dedi Dwianto reports:</p>
+<blockquote cite="http://echo.or.id/adv/adv24-theday-2005.txt">
+ <p>A remote user can access the file directly to cause the
+ system to display an error message that indicates the
+ installation path. The resulting error message will
+ disclose potentially sensitive installation path
+ information to the remote attacker.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<cvename>CVE-2005-4463</cvename>
+<url>http://echo.or.id/adv/adv24-theday-2005.txt</url>
+</references>
+<dates>
+<discovery>2005-12-20</discovery>
+<entry>2006-04-23</entry>
+</dates>
+</vuln>
- <vuln vid="8d4ae57d-d2ab-11da-a672-000e0c2e438a">
- <topic>xine -- multiple remote string vulnerabilities</topic>
- <affects>
- <package>
- <name>xine</name>
- <range><lt>0.99.4_4</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>c0ntexb reports:</p>
- <blockquote cite="http://www.open-security.org/advisories/16">
- <p>There are 2 format string bugs in the latest version of
- Xine that could be exploited by a malicious person to
- execute code on the system of a remote user running the
- media player against a malicious playlist file. By passing
- a format specifier in the path of a file that is embedded
- in a remote playlist, it is possible to trigger this bug.
- </p>
- </blockquote>
- </body>
- </description>
- <references>
- <bid>17579</bid>
- <cvename>CVE-2006-1905</cvename>
- <url>http://www.open-security.org/advisories/16</url>
- </references>
- <dates>
- <discovery>2006-04-18</discovery>
- <entry>2006-04-23</entry>
- </dates>
- </vuln>
+<vuln vid="8d4ae57d-d2ab-11da-a672-000e0c2e438a">
+<topic>xine -- multiple remote string vulnerabilities</topic>
+<affects>
+<package>
+<name>xine</name>
+<range><lt>0.99.4_4</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>c0ntexb reports:</p>
+<blockquote cite="http://www.open-security.org/advisories/16">
+ <p>There are 2 format string bugs in the latest version of
+ Xine that could be exploited by a malicious person to
+ execute code on the system of a remote user running the
+ media player against a malicious playlist file. By passing
+ a format specifier in the path of a file that is embedded
+ in a remote playlist, it is possible to trigger this bug.
+ </p>
+</blockquote>
+</body>
+</description>
+<references>
+<bid>17579</bid>
+<cvename>CVE-2006-1905</cvename>
+<url>http://www.open-security.org/advisories/16</url>
+</references>
+<dates>
+<discovery>2006-04-18</discovery>
+<entry>2006-04-23</entry>
+</dates>
+</vuln>
- <vuln vid="408f6ebf-d152-11da-962f-000b972eb521">
- <topic>cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service</topic>
- <affects>
- <package>
- <name>cyrus-sasl</name>
- <range><ge>2.*</ge><lt>2.1.21</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Unspecified vulnerability in the CMU Cyrus Simple
- Authentication and Security Layer (SASL) library, has unknown
- impact and remote unauthenticated attack vectors, related to
- DIGEST-MD5 negotiation.</p>
- </body>
- </description>
- <references>
- <cvename>CVE-2006-1721</cvename>
- </references>
- <dates>
- <discovery>2006-04-11</discovery>
- <entry>2006-04-22</entry>
- </dates>
- </vuln>
+<vuln vid="408f6ebf-d152-11da-962f-000b972eb521">
+<topic>cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service</topic>
+<affects>
+<package>
+<name>cyrus-sasl</name>
+<range><ge>2.*</ge><lt>2.1.21</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Unspecified vulnerability in the CMU Cyrus Simple
+Authentication and Security Layer (SASL) library, has unknown
+impact and remote unauthenticated attack vectors, related to
+DIGEST-MD5 negotiation.</p>
+</body>
+</description>
+<references>
+<cvename>CVE-2006-1721</cvename>
+</references>
+<dates>
+<discovery>2006-04-11</discovery>
+<entry>2006-04-22</entry>
+</dates>
+</vuln>
- <vuln vid="1fa4c9f1-cfca-11da-a672-000e0c2e438a">
- <topic>FreeBSD -- FPU information disclosure</topic>
- <affects>
- <system>
- <name>FreeBSD</name>
- <range><gt>6.0</gt><lt>6.0_7</lt></range>
- <range><gt>5.4</gt><lt>5.4_14</lt></range>
- <range><gt>5.3</gt><lt>5.3_29</lt></range>
- <range><gt>5</gt><lt>5.3</lt></range>
- <range><gt>4.11</gt><lt>4.11_17</lt></range>
- <range><gt>4.10</gt><lt>4.10_23</lt></range>
- <range><lt>4.10</lt></range>
- </system>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <h1>Problem Description</h1>
- <p>On "7th generation" and "8th generation" processors
- manufactured by AMD, including the AMD Athlon, Duron, Athlon
- MP, Athlon XP, Athlon64, Athlon64 FX, Opteron, Turion, and
- Sempron, the fxsave and fxrstor instructions do not save and
- restore the FOP, FIP, and FDP registers unless the exception
- summary bit (ES) in the x87 status word is set to 1,
- indicating that an unmasked x87 exception has occurred.</p>
- <p>This behaviour is consistent with documentation provided by
- AMD, but is different from processors from other vendors,
- which save and restore the FOP, FIP, and FDP registers
- regardless of the value of the ES bit. As a result of this
- discrepancy remaining unnoticed until now, the FreeBSD kernel
- does not restore the contents of the FOP, FIP, and FDP
- registers between context switches.</p>
- <h1>Impact</h1>
- <p>On affected processors, a local attacker can monitor the
- execution path of a process which uses floating-point
- operations. This may allow an attacker to steal
- cryptographic keys or other sensitive information.</p>
- <h1>Workaround</h1>
- <p>No workaround is available, but systems which do not use AMD
- Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64 FX,
- Opteron, Turion, or Sempron processors are not vulnerable.</p>
- </body>
- </description>
- <references>
- <cvename>CVE-2006-1056</cvename>
- <freebsdsa>SA-06:14.fpu</freebsdsa>
- </references>
- <dates>
- <discovery>2006-04-19</discovery>
- <entry>2006-04-19</entry>
- <modified>2006-06-09</modified>
- </dates>
- </vuln>
+<vuln vid="1fa4c9f1-cfca-11da-a672-000e0c2e438a">
+<topic>FreeBSD -- FPU information disclosure</topic>
+<affects>
+<system>
+<name>FreeBSD</name>
+<range><gt>6.0</gt><lt>6.0_7</lt></range>
+<range><gt>5.4</gt><lt>5.4_14</lt></range>
+<range><gt>5.3</gt><lt>5.3_29</lt></range>
+<range><gt>5</gt><lt>5.3</lt></range>
+<range><gt>4.11</gt><lt>4.11_17</lt></range>
+<range><gt>4.10</gt><lt>4.10_23</lt></range>
+<range><lt>4.10</lt></range>
+</system>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<h1>Problem Description</h1>
+<p>On "7th generation" and "8th generation" processors
+ manufactured by AMD, including the AMD Athlon, Duron, Athlon
+ MP, Athlon XP, Athlon64, Athlon64 FX, Opteron, Turion, and
+ Sempron, the fxsave and fxrstor instructions do not save and
+ restore the FOP, FIP, and FDP registers unless the exception
+ summary bit (ES) in the x87 status word is set to 1,
+ indicating that an unmasked x87 exception has occurred.</p>
+<p>This behaviour is consistent with documentation provided by
+ AMD, but is different from processors from other vendors,
+ which save and restore the FOP, FIP, and FDP registers
+ regardless of the value of the ES bit. As a result of this
+ discrepancy remaining unnoticed until now, the FreeBSD kernel
+ does not restore the contents of the FOP, FIP, and FDP
+ registers between context switches.</p>
+<h1>Impact</h1>
+<p>On affected processors, a local attacker can monitor the
+ execution path of a process which uses floating-point
+ operations. This may allow an attacker to steal
+ cryptographic keys or other sensitive information.</p>
+<h1>Workaround</h1>
+<p>No workaround is available, but systems which do not use AMD
+ Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64 FX,
+ Opteron, Turion, or Sempron processors are not vulnerable.</p>
+</body>
+</description>
+<references>
+<cvename>CVE-2006-1056</cvename>
+<freebsdsa>SA-06:14.fpu</freebsdsa>
+</references>
+<dates>
+<discovery>2006-04-19</discovery>
+<entry>2006-04-19</entry>
+<modified>2006-06-09</modified>
+</dates>
+</vuln>
- <vuln vid="22c6b826-cee0-11da-8578-00123ffe8333">
- <topic>plone -- "member_id" Parameter Portrait Manipulation Vulnerability</topic>
- <affects>
- <package>
- <name>plone</name>
- <range><lt>2.1.2_1</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Secunia reports:</p>
- <blockquote cite="http://secunia.com/advisories/19633/">
- <p>The vulnerability is caused due to missing security declarations
- in "changeMemberPortrait" and "deletePersonalPortrait". This can
- be exploited to manipulate or delete another user's portrait via
- the "member_id" parameter.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2006-1711</cvename>
- <url>http://dev.plone.org/plone/ticket/5432</url>
- <url>http://www.debian.org/security/2006/dsa-1032</url>
- <url>http://secunia.com/advisories/19633/</url>
- </references>
- <dates>
- <discovery>2006-04-13</discovery>
- <entry>2006-04-18</entry>
- </dates>
- </vuln>
+<vuln vid="22c6b826-cee0-11da-8578-00123ffe8333">
+<topic>plone -- "member_id" Parameter Portrait Manipulation Vulnerability</topic>
+<affects>
+<package>
+<name>plone</name>
+<range><lt>2.1.2_1</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Secunia reports:</p>
+<blockquote cite="http://secunia.com/advisories/19633/">
+ <p>The vulnerability is caused due to missing security declarations
+ in "changeMemberPortrait" and "deletePersonalPortrait". This can
+ be exploited to manipulate or delete another user's portrait via
+ the "member_id" parameter.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<cvename>CVE-2006-1711</cvename>
+<url>http://dev.plone.org/plone/ticket/5432</url>
+<url>http://www.debian.org/security/2006/dsa-1032</url>
+<url>http://secunia.com/advisories/19633/</url>
+</references>
+<dates>
+<discovery>2006-04-13</discovery>
+<entry>2006-04-18</entry>
+</dates>
+</vuln>
- <vuln vid="84630f4a-cd8c-11da-b7b9-000c6ec775d9">
- <topic>mozilla -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>firefox</name>
- <range><lt>1.0.8,1</lt></range>
- <range><gt>1.5.*,1</gt><lt>1.5.0.2,1</lt></range>
- </package>
- <package>
- <name>linux-firefox</name>
- <range><lt>1.5.0.2</lt></range>
- </package>
- <package>
- <name>mozilla</name>
- <range><lt>1.7.13,2</lt></range>
- <range><ge>1.8.*,2</ge></range>
- </package>
- <package>
- <name>linux-mozilla</name>
- <range><lt>1.7.13</lt></range>
- </package>
- <package>
- <name>linux-mozilla-devel</name>
- <range><gt>0</gt></range>
- </package>
- <package>
- <name>seamonkey</name>
- <name>linux-seamonkey</name>
- <range><lt>1.0.1</lt></range>
- </package>
- <package>
- <name>thunderbird</name>
- <name>mozilla-thunderbird</name>
- <range><lt>1.5.0.2</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>A Mozilla Foundation Security Advisory reports of multiple
- issues. Several of which can be used to run arbitrary code
- with the privilege of the user running the program.</p>
- <blockquote cite="http://www.mozilla.org/security/announce/">
- <ul>
- <li>MFSA 2006-29 Spoofing with translucent windows</li>
- <li>MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented</li>
- <li>MFSA 2006-26 Mail Multiple Information Disclosure</li>
- <li>MFSA 2006-25 Privilege escalation through Print Preview</li>
- <li>MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest</li>
- <li>MFSA 2006-23 File stealing by changing input type</li>
- <li>MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability</li>
- <li>MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)</li>
- <li>MFSA 2006-19 Cross-site scripting using .valueOf.call()</li>
- <li>MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability</li>
- <li>MFSA 2006-17 cross-site scripting through window.controllers</li>
- <li>MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()</li>
- <li>MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent</li>
- <li>MFSA 2006-14 Privilege escalation via XBL.method.eval</li>
- <li>MFSA 2006-13 Downloading executables with "Save Image As..."</li>
- <li>MFSA 2006-12 Secure-site spoof (requires security warning dialog)</li>
- <li>MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)</li>
- <li>MFSA 2006-10 JavaScript garbage-collection hazard audit</li>
- <li>MFSA 2006-09 Cross-site JavaScript injection using event handlers</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <certvu>179014</certvu>
- <certvu>252324</certvu>
- <certvu>329500</certvu>
- <certvu>350262</certvu>
- <certvu>488774</certvu>
- <certvu>736934</certvu>
- <certvu>813230</certvu>
- <certvu>842094</certvu>
- <certvu>932734</certvu>
- <certvu>935556</certvu>
- <certvu>968814</certvu>
- <cvename>CVE-2006-0749</cvename>
- <cvename>CVE-2006-1045</cvename>
- <cvename>CVE-2006-1529</cvename>
- <cvename>CVE-2006-1530</cvename>
- <cvename>CVE-2006-1531</cvename>
- <cvename>CVE-2006-1723</cvename>
- <cvename>CVE-2006-1724</cvename>
- <cvename>CVE-2006-1725</cvename>
- <cvename>CVE-2006-1726</cvename>
- <cvename>CVE-2006-1727</cvename>
- <cvename>CVE-2006-1728</cvename>
- <cvename>CVE-2006-1729</cvename>
- <cvename>CVE-2006-1730</cvename>
- <cvename>CVE-2006-1731</cvename>
- <cvename>CVE-2006-1732</cvename>
- <cvename>CVE-2006-1733</cvename>
- <cvename>CVE-2006-1734</cvename>
- <cvename>CVE-2006-1735</cvename>
- <cvename>CVE-2006-1736</cvename>
- <cvename>CVE-2006-1737</cvename>
- <cvename>CVE-2006-1738</cvename>
- <cvename>CVE-2006-1739</cvename>
- <cvename>CVE-2006-1740</cvename>
- <cvename>CVE-2006-1741</cvename>
- <cvename>CVE-2006-1742</cvename>
- <cvename>CVE-2006-1790</cvename>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-09.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-10.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-11.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-12.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-13.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-14.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-15.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-16.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-17.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-18.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-19.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-20.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-22.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-23.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-25.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-26.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-28.html</url>
- <url>http://www.mozilla.org/security/announce/2006/mfsa2006-29.html</url>
- <url>http://www.zerodayinitiative.com/advisories/ZDI-06-010.html</url>
- <uscertta>TA06-107A</uscertta>
- </references>
- <dates>
- <discovery>2006-04-13</discovery>
- <entry>2006-04-16</entry>
- <modified>2006-04-27</modified>
- </dates>
- </vuln>
-
- <vuln vid="8be2e304-cce6-11da-a3b1-00123ffe8333">
- <topic>mailman -- Private Archive Script Cross-Site Scripting</topic>
- <affects>
- <package>
- <name>mailman</name>
- <name>ja-mailman</name>
- <name>mailman-with-htdig</name>
- <range><lt>2.1.8</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Secunia reports:</p>
- <blockquote cite="http://secunia.com/advisories/19558/">
- <p>A vulnerability has been reported in Mailman, which can be
- exploited by malicious people to conduct cross-site scripting
- attacks.</p>
- <p>Unspecified input passed to the private archive script is not
- properly sanitised before being returned to users. This can be
- exploited to execute arbitrary HTML and script code in a user's
- browser session in context of a vulnerable site.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2006-1712</cvename>
- <mlist>http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html</mlist>
- <url>http://secunia.com/advisories/19558/</url>
- </references>
- <dates>
- <discovery>2006-04-07</discovery>
- <entry>2006-04-16</entry>
- </dates>
- </vuln>
+<vuln vid="84630f4a-cd8c-11da-b7b9-000c6ec775d9">
+<topic>mozilla -- multiple vulnerabilities</topic>
+<affects>
+<package>
+<name>firefox</name>
+<range><lt>1.0.8,1</lt></range>
+<range><gt>1.5.*,1</gt><lt>1.5.0.2,1</lt></range>
+</package>
+<package>
+<name>linux-firefox</name>
+<range><lt>1.5.0.2</lt></range>
+</package>
+<package>
+<name>mozilla</name>
+<range><lt>1.7.13,2</lt></range>
+<range><ge>1.8.*,2</ge></range>
+</package>
+<package>
+<name>linux-mozilla</name>
+<range><lt>1.7.13</lt></range>
+</package>
+<package>
+<name>linux-mozilla-devel</name>
+<range><gt>0</gt></range>
+</package>
+<package>
+<name>seamonkey</name>
+<name>linux-seamonkey</name>
+<range><lt>1.0.1</lt></range>
+</package>
+<package>
+<name>thunderbird</name>
+<name>mozilla-thunderbird</name>
+<range><lt>1.5.0.2</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>A Mozilla Foundation Security Advisory reports of multiple
+ issues. Several of which can be used to run arbitrary code
+ with the privilege of the user running the program.</p>
+<blockquote cite="http://www.mozilla.org/security/announce/">
+ <ul>
+ <li>MFSA 2006-29 Spoofing with translucent windows</li>
+ <li>MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented</li>
+ <li>MFSA 2006-26 Mail Multiple Information Disclosure</li>
+ <li>MFSA 2006-25 Privilege escalation through Print Preview</li>
+ <li>MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest</li>
+ <li>MFSA 2006-23 File stealing by changing input type</li>
+ <li>MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability</li>
+ <li>MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)</li>
+ <li>MFSA 2006-19 Cross-site scripting using .valueOf.call()</li>
+ <li>MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability</li>
+ <li>MFSA 2006-17 cross-site scripting through window.controllers</li>
+ <li>MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()</li>
+ <li>MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent</li>
+ <li>MFSA 2006-14 Privilege escalation via XBL.method.eval</li>
+ <li>MFSA 2006-13 Downloading executables with "Save Image As..."</li>
+ <li>MFSA 2006-12 Secure-site spoof (requires security warning dialog)</li>
+ <li>MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)</li>
+ <li>MFSA 2006-10 JavaScript garbage-collection hazard audit</li>
+ <li>MFSA 2006-09 Cross-site JavaScript injection using event handlers</li>
+ </ul>
+</blockquote>
+</body>
+</description>
+<references>
+<certvu>179014</certvu>
+<certvu>252324</certvu>
+<certvu>329500</certvu>
+<certvu>350262</certvu>
+<certvu>488774</certvu>
+<certvu>736934</certvu>
+<certvu>813230</certvu>
+<certvu>842094</certvu>
+<certvu>932734</certvu>
+<certvu>935556</certvu>
+<certvu>968814</certvu>
+<cvename>CVE-2006-0749</cvename>
+<cvename>CVE-2006-1045</cvename>
+<cvename>CVE-2006-1529</cvename>
+<cvename>CVE-2006-1530</cvename>
+<cvename>CVE-2006-1531</cvename>
+<cvename>CVE-2006-1723</cvename>
+<cvename>CVE-2006-1724</cvename>
+<cvename>CVE-2006-1725</cvename>
+<cvename>CVE-2006-1726</cvename>
+<cvename>CVE-2006-1727</cvename>
+<cvename>CVE-2006-1728</cvename>
+<cvename>CVE-2006-1729</cvename>
+<cvename>CVE-2006-1730</cvename>
+<cvename>CVE-2006-1731</cvename>
+<cvename>CVE-2006-1732</cvename>
+<cvename>CVE-2006-1733</cvename>
+<cvename>CVE-2006-1734</cvename>
+<cvename>CVE-2006-1735</cvename>
+<cvename>CVE-2006-1736</cvename>
+<cvename>CVE-2006-1737</cvename>
+<cvename>CVE-2006-1738</cvename>
+<cvename>CVE-2006-1739</cvename>
+<cvename>CVE-2006-1740</cvename>
+<cvename>CVE-2006-1741</cvename>
+<cvename>CVE-2006-1742</cvename>
+<cvename>CVE-2006-1790</cvename>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-09.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-10.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-11.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-12.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-13.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-14.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-15.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-16.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-17.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-18.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-19.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-20.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-22.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-23.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-25.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-26.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-28.html</url>
+<url>http://www.mozilla.org/security/announce/2006/mfsa2006-29.html</url>
+<url>http://www.zerodayinitiative.com/advisories/ZDI-06-010.html</url>
+<uscertta>TA06-107A</uscertta>
+</references>
+<dates>
+<discovery>2006-04-13</discovery>
+<entry>2006-04-16</entry>
+<modified>2006-04-27</modified>
+</dates>
+</vuln>
- <vuln vid="43cb40b3-c8c2-11da-a672-000e0c2e438a">
- <topic>f2c -- insecure temporary files</topic>
- <affects>
- <package>
- <name>f2c</name>
- <range><lt>20060506</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Javier Fernandez-Sanguino Pena reports two temporary file
- vulnerability within f2c. The vulnerabilities are caused
- due to weak temporary file handling. An attacker could
- create an symbolic link, causing a local user running f2c
- to overwrite the symlinked file. This could give the
- attacker elevated privileges.</p>
- </body>
- </description>
- <references>
- <bid>1280</bid>
- <cvename>CAN-2005-0017</cvename>
- </references>
- <dates>
- <discovery>2005-01-27</discovery>
- <entry>2006-04-10</entry>
- <modified>2006-08-15</modified>
- </dates>
- </vuln>
+<vuln vid="8be2e304-cce6-11da-a3b1-00123ffe8333">
+<topic>mailman -- Private Archive Script Cross-Site Scripting</topic>
+<affects>
+<package>
+<name>mailman</name>
+<name>ja-mailman</name>
+<name>mailman-with-htdig</name>
+<range><lt>2.1.8</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Secunia reports:</p>
+<blockquote cite="http://secunia.com/advisories/19558/">
+ <p>A vulnerability has been reported in Mailman, which can be
+ exploited by malicious people to conduct cross-site scripting
+ attacks.</p>
+ <p>Unspecified input passed to the private archive script is not
+ properly sanitised before being returned to users. This can be
+ exploited to execute arbitrary HTML and script code in a user's
+ browser session in context of a vulnerable site.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<cvename>CVE-2006-1712</cvename>
+<mlist>http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html</mlist>
+<url>http://secunia.com/advisories/19558/</url>
+</references>
+<dates>
+<discovery>2006-04-07</discovery>
+<entry>2006-04-16</entry>
+</dates>
+</vuln>
- <vuln vid="c7526a14-c4dc-11da-9699-00123ffe8333">
- <topic>mplayer -- Multiple integer overflows</topic>
- <affects>
- <package>
- <name>mplayer</name>
- <name>mplayer-esound</name>
- <name>mplayer-gtk</name>
- <name>mplayer-gtk2</name>
- <name>mplayer-gtk-esound</name>
- <name>mplayer-gtk2-esound</name>
- <range><lt>0.99.7_12</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Secunia reports:</p>
- <blockquote cite="http://secunia.com/advisories/19418/">
- <p>The vulnerabilities are caused due to integer overflow errors
- in "libmpdemux/asfheader.c" within the handling of an ASF file,
- and in "libmpdemux/aviheader.c" when parsing the "indx" chunk in
- an AVI file. This can be exploited to cause heap-based buffer
- overflows via a malicious ASF file, or via a AVI file with
- specially-crafted "wLongsPerEntry" and "nEntriesInUse" values in
- the "indx" chunk.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2006-1502</cvename>
- <url>http://www.xfocus.org/advisories/200603/11.html</url>
- <url>http://secunia.com/advisories/19418/</url>
- </references>
- <dates>
- <discovery>2006-03-29</discovery>
- <entry>2006-04-07</entry>
- </dates>
- </vuln>
+<vuln vid="43cb40b3-c8c2-11da-a672-000e0c2e438a">
+<topic>f2c -- insecure temporary files</topic>
+<affects>
+<package>
+<name>f2c</name>
+<range><lt>20060506</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Javier Fernandez-Sanguino Pena reports two temporary file
+ vulnerability within f2c. The vulnerabilities are caused
+ due to weak temporary file handling. An attacker could
+ create an symbolic link, causing a local user running f2c
+ to overwrite the symlinked file. This could give the
+ attacker elevated privileges.</p>
+</body>
+</description>
+<references>
+<bid>1280</bid>
+<cvename>CAN-2005-0017</cvename>
+</references>
+<dates>
+<discovery>2005-01-27</discovery>
+<entry>2006-04-10</entry>
+<modified>2006-08-15</modified>
+</dates>
+</vuln>
- <vuln vid="4bfcd857-c628-11da-b2fb-000e0c2e438a">
- <topic>kaffeine -- buffer overflow vulnerability</topic>
- <affects>
- <package>
- <name>kaffeine</name>
- <range><ge>0.4.2</ge><lt>0.8.0</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>The KDE team reports:</p>
- <blockquote cite="http://www.kde.org/info/security/advisory-20060404-1.txt">
- <p>Kaffeine can produce a buffer overflow in http_peek() while
- creating HTTP request headers for fetching remote playlists,
- which under certain circumstances could be used to crash the
- application and/or execute arbitrary code.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <bid>17372</bid>
- <cvename>CVE-2006-0051</cvename>
- <url>http://www.kde.org/info/security/advisory-20060404-1.txt</url>
- </references>
- <dates>
- <discovery>2006-04-04</discovery>
- <entry>2006-04-07</entry>
- </dates>
- </vuln>
+<vuln vid="c7526a14-c4dc-11da-9699-00123ffe8333">
+<topic>mplayer -- Multiple integer overflows</topic>
+<affects>
+<package>
+<name>mplayer</name>
+<name>mplayer-esound</name>
+<name>mplayer-gtk</name>
+<name>mplayer-gtk2</name>
+<name>mplayer-gtk-esound</name>
+<name>mplayer-gtk2-esound</name>
+<range><lt>0.99.7_12</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Secunia reports:</p>
+<blockquote cite="http://secunia.com/advisories/19418/">
+ <p>The vulnerabilities are caused due to integer overflow errors
+ in "libmpdemux/asfheader.c" within the handling of an ASF file,
+ and in "libmpdemux/aviheader.c" when parsing the "indx" chunk in
+ an AVI file. This can be exploited to cause heap-based buffer
+ overflows via a malicious ASF file, or via a AVI file with
+ specially-crafted "wLongsPerEntry" and "nEntriesInUse" values in
+ the "indx" chunk.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<cvename>CVE-2006-1502</cvename>
+<url>http://www.xfocus.org/advisories/200603/11.html</url>
+<url>http://secunia.com/advisories/19418/</url>
+</references>
+<dates>
+<discovery>2006-03-29</discovery>
+<entry>2006-04-07</entry>
+</dates>
+</vuln>
- <vuln vid="61349f77-c620-11da-b2fb-000e0c2e438a">
- <topic>thunderbird -- javascript execution</topic>
- <affects>
- <package>
- <name>thunderbird</name>
- <name>mozilla-thunderbird</name>
- <range><le>1.0.7</le></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Renaud Lifchitz reports a vulnerability within thunderbird.
- The vulnerability is caused by improper checking of javascript
- scripts. This could lead to javascript code execution which
- can lead to information disclosure or a denial of service
- (application crash). This vulnerability is present even if
- javascript had been disabled in the preferences.</p>
- </body>
- </description>
- <references>
- <bid>16770</bid>
- <cvename>CAN-2006-0884</cvename>
- </references>
- <dates>
- <discovery>2006-02-22</discovery>
- <entry>2006-04-07</entry>
- </dates>
- </vuln>
+<vuln vid="4bfcd857-c628-11da-b2fb-000e0c2e438a">
+<topic>kaffeine -- buffer overflow vulnerability</topic>
+<affects>
+<package>
+<name>kaffeine</name>
+<range><ge>0.4.2</ge><lt>0.8.0</lt></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>The KDE team reports:</p>
+<blockquote cite="http://www.kde.org/info/security/advisory-20060404-1.txt">
+ <p>Kaffeine can produce a buffer overflow in http_peek() while
+ creating HTTP request headers for fetching remote playlists,
+ which under certain circumstances could be used to crash the
+ application and/or execute arbitrary code.</p>
+</blockquote>
+</body>
+</description>
+<references>
+<bid>17372</bid>
+<cvename>CVE-2006-0051</cvename>
+<url>http://www.kde.org/info/security/advisory-20060404-1.txt</url>
+</references>
+<dates>
+<discovery>2006-04-04</discovery>
+<entry>2006-04-07</entry>
+</dates>
+</vuln>
- <vuln vid="fba75b43-c588-11da-9110-00123ffe8333">
- <topic>phpmyadmin -- XSS vulnerabilities</topic>
- <affects>
- <package>
- <name>phpMyAdmin</name>
+<vuln vid="61349f77-c620-11da-b2fb-000e0c2e438a">
+<topic>thunderbird -- javascript execution</topic>
+<affects>
+<package>
+<name>thunderbird</name>
+<name>mozilla-thunderbird</name>
+<range><le>1.0.7</le></range>
+</package>
+</affects>
+<description>
+<body xmlns="http://www.w3.org/1999/xhtml">
+<p>Renaud Lifchitz reports a vulnerability within thunderbird.
+ The vulnerability is caused by improper checking of javascript
+ scripts. This could lead to javascript code execution which
+ can lead to information disclosure or a denial of service
+ (application crash). This vulnerability is present even if
+ javascript had been disabled in the preferences.</p>
+</body>
+</description>
+<references>
+<bid>16770</bid>
+<cvename>CAN-2006-0884</cvename>
+</references>
+<dates>
+<discovery>2006-02-22</discovery>
+<entry>2006-04-07</entry>
+</dates>
+</vuln>
+
+<vuln vid="fba75b43-c588-11da-9110-00123ffe8333">
+<topic>phpmyadmin -- XSS vulnerabilities</topic>
+<affects>
+<package>
+<name>phpMyAdmin</name>
<range><lt>2.8.0.3</lt></range>
</package>
</affects>