[Secure-testing-commits] r2940 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Dec 5 10:04:49 UTC 2005
Author: jmm-guest
Date: 2005-12-05 10:04:44 +0000 (Mon, 05 Dec 2005)
New Revision: 2940
Modified:
data/CVE/list
Log:
two new webcalendar issues
new openmotif issues
trac CVEfied
drupal CVEfied
lots of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-05 09:29:15 UTC (rev 2939)
+++ data/CVE/list 2005-12-05 10:04:44 UTC (rev 2940)
@@ -1,96 +1,96 @@
begin claimed by jmm
CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, ...)
- TODO: check
+ NOT-FOR-US: SAPID CMS
CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: SAPID CMS
CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in ...)
- TODO: check
+ NOT-FOR-US: MyTemplateSite
CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package ...)
- TODO: check
+ NOT-FOR-US: Absolute Shopping Package Solutions (ASPS) Shopping Cart
CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, ...)
- TODO: check
+ NOT-FOR-US: WebEOC
CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and ...)
- TODO: check
+ NOT-FOR-US: phpYellowTM Pro Edition
CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater ...)
- TODO: check
+ NOT-FOR-US: SiteBeater News System
CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater ...)
- TODO: check
+ NOT-FOR-US: SiteBeater MP3 Catalog
CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress ...)
- TODO: check
+ NOT-FOR-US: Solupress News
CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX ...)
- TODO: check
+ NOT-FOR-US: Sobexsrv
+ NOTE: Checked obexserver source package, not vulnerable
CVE-2005-3994 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence 2.0.1 ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence
CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...)
- TODO: check
+ NOT-FOR-US: WinEggDropShell
CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat ...)
- TODO: check
+ NOT-FOR-US: phpMyChat
CVE-2005-3990 (Directory traversal vulnerability in FastJar 0.93 allows remote ...)
- TODO: check
+ TODO: check, whether fastjar from the gcc source packages is affected
CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...)
- TODO: check
+ NOT-FOR-US: Avaya hardware
CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...)
- TODO: check
+ NOT-FOR-US: Pineapple Technologies Lore
CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote ...)
- TODO: check
+ NOT-FOR-US: Tradesoft CMS
CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and ...)
- TODO: check
+ NOT-FOR-US: Instant Photo Gallery
CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro ...)
- TODO: check
+ NOT-FOR-US: Astaro Security Linux
CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote ...)
- TODO: check
+ - webcalendar <unfixed> (bug filed)
CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...)
- TODO: check
+ NOT-FOR-US: HP Systems Insight Manager
CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...)
- TODO: check
+ - webcalendar <unfixed> (bug filed)
CVE-2005-3981 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Windows
CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall ...)
- TODO: check
+ - trac 0.9.1-1 (medium)
CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 ...)
- TODO: check
+ NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...)
- TODO: check
+ NOT-FOR-US: NetClassifieds Premium Edition
CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC ...)
- TODO: check
+ NOT-FOR-US: QualityEBiz Quality PPC
CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...)
- TODO: check
+ NOT-FOR-US: Multipke DuWare products
CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...)
- TODO: check
+ - drupal 4.5.6-1 (medium)
CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...)
- TODO: check
+ - drupal 4.5.6-1 (low)
+ [sarge] - drupal <not-affected> (Only vulnerable if running PHP 5)
CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 ...)
- TODO: check
+ - drupal 4.5.6-1 (unknown)
CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...)
- TODO: check
+ NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...)
- TODO: check
+ NOT-FOR-US: MXChange
CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 ...)
- TODO: check
+ NOT-FOR-US: MXChange
CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier ...)
- TODO: check
+ NOT-FOR-US: PHPX
CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence
CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: Java Search Engine
CVE-2005-3965
REJECTED
- TODO: check
CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, ...)
- TODO: check
+ - openmotif <unfixed> (bug filed; medium)
CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 ...)
- TODO: check
+ NOT-FOR-US: DotClear
CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...)
TODO: check
CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...)
@@ -180,8 +180,6 @@
CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
- kernel-source-2.4.27 2.4.27-8
-CVE-2005-XXXX [SQL injection in trac's ticket query module]
- - trac 0.9.1-1 (medium)
CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...)
- perl <unfixed> (bug #341542; medium)
CVE-2006-0034
@@ -374,12 +372,6 @@
NOT-FOR-US: Cisco Security Agent
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...)
- inkscape 0.42-1 (bug #321501; low)
-CVE-2005-XXXX [drupal: Unspecified XSS]
- - drupal 4.5.6-1 (unknown)
-CVE-2005-XXXX [drupal: Protect against IE interpretation flaw]
- - drupal 4.5.6-1 (medium)
-CVE-2005-XXXX [drupal: Hidden user profile information disclosure]
- - drupal 4.5.6-1 (low)
CVE-2005-XXXX [gallery2 zipcart information disclosure]
- gallery2 2.0.2-1 (medium)
CVE-2005-XXXX [gallery2 add-from-web XSS]
More information about the Secure-testing-commits
mailing list