[Secure-testing-commits] r2938 - data/CVE
Joey Hess
joeyh at costa.debian.org
Mon Dec 5 09:14:26 UTC 2005
Author: joeyh
Date: 2005-12-05 09:14:20 +0000 (Mon, 05 Dec 2005)
New Revision: 2938
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-05 09:03:36 UTC (rev 2937)
+++ data/CVE/list 2005-12-05 09:14:20 UTC (rev 2938)
@@ -1,9 +1,186 @@
-CVE-2004-2607 [kernel: Information disclosure in sdla_xfer()]
+CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, ...)
+ TODO: check
+CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
+ TODO: check
+CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in ...)
+ TODO: check
+CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package ...)
+ TODO: check
+CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, ...)
+ TODO: check
+CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and ...)
+ TODO: check
+CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater ...)
+ TODO: check
+CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater ...)
+ TODO: check
+CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress ...)
+ TODO: check
+CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows ...)
+ TODO: check
+CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in ...)
+ TODO: check
+CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX ...)
+ TODO: check
+CVE-2005-3994 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence 2.0.1 ...)
+ TODO: check
+CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...)
+ TODO: check
+CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...)
+ TODO: check
+CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat ...)
+ TODO: check
+CVE-2005-3990 (Directory traversal vulnerability in FastJar 0.93 allows remote ...)
+ TODO: check
+CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...)
+ TODO: check
+CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...)
+ TODO: check
+CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote ...)
+ TODO: check
+CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and ...)
+ TODO: check
+CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro ...)
+ TODO: check
+CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote ...)
+ TODO: check
+CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...)
+ TODO: check
+CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...)
+ TODO: check
+CVE-2005-3981 (** DISPUTED ** ...)
+ TODO: check
+CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall ...)
+ TODO: check
+CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 ...)
+ TODO: check
+CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...)
+ TODO: check
+CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC ...)
+ TODO: check
+CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...)
+ TODO: check
+CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...)
+ TODO: check
+CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...)
+ TODO: check
+CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 ...)
+ TODO: check
+CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...)
+ TODO: check
+CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...)
+ TODO: check
+CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...)
+ TODO: check
+CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 ...)
+ TODO: check
+CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier ...)
+ TODO: check
+CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action ...)
+ TODO: check
+CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search ...)
+ TODO: check
+CVE-2005-3965
+ REJECTED
+ TODO: check
+CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, ...)
+ TODO: check
+CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 ...)
+ TODO: check
+CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...)
+ TODO: check
+CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...)
+ TODO: check
+CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows ...)
+ TODO: check
+CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
+ TODO: check
+CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
+ TODO: check
+CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote ...)
+ TODO: check
+CVE-2004-2642 (Yeemp 0.9.9 and earlier does properly encrypt inbound files, which ...)
+ TODO: check
+CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire ...)
+ TODO: check
+CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before ...)
+ TODO: check
+CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows ...)
+ TODO: check
+CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote ...)
+ TODO: check
+CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...)
+ TODO: check
+CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...)
+ TODO: check
+CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System ...)
+ TODO: check
+CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX ...)
+ TODO: check
+CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous ...)
+ TODO: check
+CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify ...)
+ TODO: check
+CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to ...)
+ TODO: check
+CVE-2004-2630 (The MIME transformation system ...)
+ TODO: check
+CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
+ TODO: check
+CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, ...)
+ TODO: check
+CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...)
+ TODO: check
+CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular ...)
+ TODO: check
+CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows ...)
+ TODO: check
+CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki ...)
+ TODO: check
+CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when ...)
+ TODO: check
+CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not ...)
+ TODO: check
+CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when ...)
+ TODO: check
+CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly ...)
+ TODO: check
+CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail ...)
+ TODO: check
+CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) ...)
+ TODO: check
+CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 ...)
+ TODO: check
+CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
+ TODO: check
+CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions ...)
+ TODO: check
+CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2004-2613 (Unspecified vulnerability in the Linux-VServer stable branch for the ...)
+ TODO: check
+CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, ...)
+ TODO: check
+CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28 ...)
+ TODO: check
+CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain ...)
+ TODO: check
+CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 ...)
+ TODO: check
+CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news ...)
+ TODO: check
+CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel ...)
+ TODO: check
+CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
- kernel-source-2.4.27 2.4.27-8
CVE-2005-XXXX [SQL injection in trac's ticket query module]
- trac 0.9.1-1 (medium)
-CVE-2005-3962 [integer overflow in perl's format string code]
+CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...)
- perl <unfixed> (bug #341542; medium)
CVE-2006-0034
RESERVED
@@ -5945,7 +6122,7 @@
NOT-FOR-US: Cold Fusion
CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...)
NOT-FOR-US: Ansel
-CVE-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows remote ...)
+CVE-2004-2202 (Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 ...)
NOT-FOR-US: DUclassified
CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...)
NOT-FOR-US: DUforum
@@ -8218,7 +8395,7 @@
NOT-FOR-US: Postnuke mod
CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...)
NOT-FOR-US: Skull-Splitter Guestbook
-CVE-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...)
+CVE-2005-1619 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: PHPMyChat
CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...)
NOT-FOR-US: Yahoo Messenger
More information about the Secure-testing-commits
mailing list