[Secure-testing-commits] r2976 - data/CVE
Joey Hess
joeyh at costa.debian.org
Wed Dec 7 21:14:25 UTC 2005
Author: joeyh
Date: 2005-12-07 21:14:19 +0000 (Wed, 07 Dec 2005)
New Revision: 2976
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-07 17:16:22 UTC (rev 2975)
+++ data/CVE/list 2005-12-07 21:14:19 UTC (rev 2976)
@@ -1,3 +1,121 @@
+CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernams and ...)
+ TODO: check
+CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...)
+ TODO: check
+CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote ...)
+ TODO: check
+CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp ...)
+ TODO: check
+CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in ...)
+ TODO: check
+CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in ...)
+ TODO: check
+CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in rwAuction ...)
+ TODO: check
+CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and ...)
+ TODO: check
+CVE-2005-4058 (SQL injection vulnerability in saralblog v.1 and earlier allows remote ...)
+ TODO: check
+CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in PluggedOut ...)
+ TODO: check
+CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 ...)
+ TODO: check
+CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and ...)
+ TODO: check
+CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and ...)
+ TODO: check
+CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote ...)
+ TODO: check
+CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other web ...)
+ TODO: check
+CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a ...)
+ TODO: check
+CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with ...)
+ TODO: check
+CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote ...)
+ TODO: check
+CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function ...)
+ TODO: check
+CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ...)
+ TODO: check
+CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java ...)
+ TODO: check
+CVE-2005-4045 (Unknown vulnerability in System Communications Services 6 Delegated ...)
+ TODO: check
+CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon ...)
+ TODO: check
+CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and ...)
+ TODO: check
+CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and ...)
+ TODO: check
+CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy ...)
+ TODO: check
+CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier allows ...)
+ TODO: check
+CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future Portal ...)
+ TODO: check
+CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future Portal ...)
+ TODO: check
+CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future Affiliate ...)
+ TODO: check
+CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future ...)
+ TODO: check
+CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce ...)
+ TODO: check
+CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating ...)
+ TODO: check
+CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data ...)
+ TODO: check
+CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search ...)
+ TODO: check
+CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.0 through 1.5.3 allows ...)
+ TODO: check
+CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows ...)
+ TODO: check
+CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid usernames ...)
+ TODO: check
+CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember allow ...)
+ TODO: check
+CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers ...)
+ TODO: check
+CVE-2005-4026 (search.php in Geeklog 1.4.0 Beta 1 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect ...)
+ TODO: check
+CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 ...)
+ TODO: check
+CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before ...)
+ TODO: check
+CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the "Add Image From Web" ...)
+ TODO: check
+CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install log ...)
+ TODO: check
+CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and ...)
+ TODO: check
+CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate ...)
+ TODO: check
+CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate Commerce ...)
+ TODO: check
+CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows remote ...)
+ TODO: check
+CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit the ...)
+ TODO: check
+CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web root with ...)
+ TODO: check
+CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web ...)
+ TODO: check
+CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar ...)
+ TODO: check
+CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier allows ...)
+ TODO: check
+CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...)
+ TODO: check
+CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...)
+ TODO: check
CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin]
- phpmyadmin <not-affected> (Apparently affects only 2.7.0)
NOTE: http://www.hardened-php.net/advisory_252005.110.html
@@ -177,7 +295,7 @@
TODO: check
CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...)
TODO: check
-CVE-2004-2613 (Unspecified vulnerability in the Linux-VServer stable branch for the ...)
+CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable branch ...)
TODO: check
CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, ...)
TODO: check
@@ -385,6 +503,7 @@
CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and ...)
NOT-FOR-US: Cisco Security Agent
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...)
+ {DSA-916-1}
- inkscape 0.42-1 (bug #321501; low)
CVE-2005-XXXX [gallery2 zipcart information disclosure]
- gallery2 2.0.2-1 (medium)
@@ -397,7 +516,7 @@
- php4 <unfixed> (bug #341726; medium)
CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing ...)
NOT-FOR-US: FAQRing Knowledge Base
-CVE-2005-3881 (SQL injection vulnerability in search.php in AltantisFAQ Knowledge ...)
+CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ Knowledge ...)
NOT-FOR-US: AtlantisFAQ Knowledge Base
CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and ...)
NOT-FOR-US: Omnistar KBase
@@ -434,6 +553,7 @@
CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...)
NOT-FOR-US: SourceWell
CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...)
+ {DTSA-23-1}
- centericq 4.21.0-6 (bug #340959; medium)
TODO: Check orpheus and motor
CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to ...)
@@ -756,6 +876,7 @@
CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...)
NOT-FOR-US: Mambo
CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 ...)
+ {DSA-916-1 DTSA-24-1}
- inkscape 0.43-1 (bug #330894; medium)
CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart ...)
NOT-FOR-US: e-Quick Cart
@@ -1202,11 +1323,11 @@
- gdal <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to ...)
- qdbm <not-affected> (Gentoo-specific packaging flaw)
-CVE-2005-3579 (ts.cgi in Walla TeleSite 3.0 and earlier allows remote attackers to ...)
+CVE-2005-3579 (ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote ...)
NOT-FOR-US: Walla TeleSite
-CVE-2005-3578 (SQL injection vulnerability in ts.exe in Walla TeleSite 3.0 and ...)
+CVE-2005-3578 (SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite ...)
NOT-FOR-US: Walla TeleSite
-CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe in Walla TeleSite ...)
+CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in ...)
NOT-FOR-US: Walla TeleSite
CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ...)
NOT-FOR-US: Walla TeleSite
@@ -2496,8 +2617,7 @@
REJECTED
CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
NOT-FOR-US: ALZip
-CVE-2005-3193 [xpdf jpx stream reader heap overflow]
- RESERVED
+CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function ...)
- xpdf 3.01-3 (bug #342281; medium)
- gpdf <unfixed> (bug #342286; medium)
- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
@@ -2516,8 +2636,7 @@
- tetex-bin 3.0-11 (bug #342292; medium)
- koffice <unfixed> (bug #342294; medium)
- libextractor 0.5.8-1 (medium)
-CVE-2005-3191 [xpdf dctstream heap overflow]
- RESERVED
+CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
- xpdf 3.01-3 (bug #342281; medium)
- gpdf <unfixed> (bug #342286; medium)
- pdftohtml <unfixed> (bug #342289; medium)
@@ -2640,7 +2759,7 @@
{DSA-855-1}
- weex 2.6.1-6sarge1 (bug #332424; medium)
CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...)
- {DSA-895-1}
+ {DSA-895-1 DTSA-22-1}
- uim 1:0.4.7-2 (bug #331620; medium)
CVE-2005-3148 (StoreBackup before 1.19 in SUSE Linux does not properly set the uid ...)
- storebackup 1.19-1 (bug #332434)
@@ -3260,8 +3379,8 @@
- uw-imap 7:2002edebian1-12 (medium; bug #332215)
CVE-2005-2932
RESERVED
-CVE-2005-2931
- RESERVED
+CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 ...)
+ TODO: check
CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote ...)
- lynx <not-affected> (Debian's default config is not vulnerable)
CVE-2005-2928
@@ -3274,8 +3393,8 @@
NOT-FOR-US: IRIX
CVE-2005-2924
RESERVED
-CVE-2005-2923
- RESERVED
+CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ...)
+ TODO: check
CVE-2005-2922
RESERVED
CVE-2005-2921
@@ -3452,6 +3571,7 @@
CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...)
NOT-FOR-US: Novell Netware
CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...)
+ {DTSA-25-1}
- smb4k 0.6.4-1 (bug #337471; medium)
NOTE: fix in 0.6.3-1 was incomplete according to maintainer
CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...)
@@ -3906,7 +4026,7 @@
CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...)
{DSA-839-1}
- apachetop 0.12.5-3 (unknown)
-CVE-2005-2659 (Buffer overflow in LZX decompression in CHM Lib (chmlib) 0.35 with ...)
+CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as ...)
{DSA-886-1}
- chmlib 0.37-2 (medium)
CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
@@ -10636,7 +10756,7 @@
NOT-FOR-US: SurgeFTP
CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
NOT-FOR-US: CubeCart
-CVE-2005-1032 (SQL injection vulnerability in cart.php in LiteCommerce allows remote ...)
+CVE-2005-1032 (** DISPUTED ** NOTE: the vendor has disputed this issue. SQL ...)
NOT-FOR-US: LiteCommerce
CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
NOT-FOR-US: exoops
More information about the Secure-testing-commits
mailing list