[Secure-testing-commits] r2912 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Dec 1 10:11:19 UTC 2005 

Author: jmm-guest
Date: 2005-12-01 10:11:15 +0000 (Thu, 01 Dec 2005)
New Revision: 2912

Modified:
   data/CVE/list
Log:
webmin CVEfied
lots of web crap NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-01 10:00:08 UTC (rev 2911)
+++ data/CVE/list	2005-12-01 10:11:15 UTC (rev 2912)
@@ -68,74 +68,74 @@
 	NOT-FOR-US: Microsoft
 CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...)
 	NOT-FOR-US: ilyav Survey System 
-begin claimed by jmm
 CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...)
-	TODO: check
+	NOT-FOR-US: ilyav Survey System 
 CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...)
-	TODO: check
+	NOT-FOR-US: Orca Knowledgebase
 CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier ...)
-	TODO: check
+	NOT-FOR-US: Orca Blog
 CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c ...)
-	TODO: check
+	NOT-FOR-US: Orca Ringmaker
 CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...)
-	TODO: check
+	NOT-FOR-US: WSN Knowledge Base
 CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler ...)
-	TODO: check
+	NOT-FOR-US: Softbiz FAQ
 CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script ...)
-	TODO: check
+	NOT-FOR-US: Softbiz B2B
 CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: SocketKB
 CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: SocketKB
 CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other ...)
-	TODO: check
+	NOT-FOR-US: pcAnywhere
 CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script's Event Calendar ...)
-	TODO: check
+	NOT-FOR-US: 88Script's Event Calendar
 CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and ...)
-	TODO: check
+	NOT-FOR-US: O-Kiraku Nikki
 CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows ...)
-	TODO: check
+	NOT-FOR-US: ASP-Rider
 CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows ...)
-	TODO: check
+	NOT-FOR-US: N-13 News
 CVE-2005-3929 (Directory traversal vulnerability in the create function in ...)
-	TODO: check
+	NOT-FOR-US: Xaraya
+	NOTE: xarMLSXML2PHPBackend.php, 'nuff said
 CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.3.0 allows local users to execute ...)
-	TODO: check
+	NOT-FOR-US: QNX
 CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and ...)
-	TODO: check
+	NOT-FOR-US: GuppY
 CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...)
-	TODO: check
+	NOT-FOR-US: GuppY
 CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC ...)
-	TODO: check
+	NOT-FOR-US: Central Manchester CLC Helpdesk Issue Manager
 CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop ...)
-	TODO: check
+	NOT-FOR-US: Randshop
 CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: NetObjects Fusion
 CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus ...)
-	TODO: check
+	NOT-FOR-US: Panda Antivirus
 CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for ...)
-	TODO: check
+	NOT-FOR-US: IOS
 CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Babe Logger
 CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote ...)
-	TODO: check
+	NOT-FOR-US: PBLang 
 CVE-2005-3918 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: OvBB
 CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 ...)
-	TODO: check
+	NOT-FOR-US: CommidityRentals
 CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...)
-	TODO: check
+	NOT-FOR-US: WSN Forum
 CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in ...)
-	TODO: check
+	NOT-FOR-US: Clavister Web Client
 CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow ...)
-	TODO: check
+	NOT-FOR-US: AFFcommerce
 CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...)
-	TODO: check
+	NOT-FOR-US: Virtual Hosting Control System 
 CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...)
-	TODO: check
+	- webmin <unfixed> (bug #341394; medium)
 CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: BosDates
+begin claimed by jmm
 CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...)
 	TODO: check
 CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...)
@@ -189,8 +189,7 @@
 	TODO: check
 CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...)
 	TODO: check
-CVE-2005-XXXX [webmin format string vulnerability]
-	- webmin <unfixed> (bug #341394; medium)
+end claimed by jmm
 CVE-2005-XXXX [drupal: Unspecified XSS]
 	- drupal 4.5.6-1 (unknown)
 CVE-2005-XXXX [drupal: Protect against IE interpretation flaw]

More information about the Secure-testing-commits mailing list