[Secure-testing-commits] r2979 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Dec 7 22:08:06 UTC 2005 

Author: jmm-guest
Date: 2005-12-07 22:08:01 +0000 (Wed, 07 Dec 2005)
New Revision: 2979

Modified:
   data/CVE/list
Log:
gallery2 CVEfied
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-07 21:50:32 UTC (rev 2978)
+++ data/CVE/list	2005-12-07 22:08:01 UTC (rev 2979)
@@ -73,52 +73,50 @@
 	- mediawiki <not-affected> (Only affects the 1.5 branch)
 CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows ...)
 	NOT-FOR-US: Quicksilver Forums
-begin claimed by jmm
 CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid usernames ...)
-	TODO: check
+	NOT-FOR-US: WebEOC
 CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember allow ...)
-	TODO: check
+	NOT-FOR-US: aMember
 CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: SimpleBBS
 CVE-2005-4026 (search.php in Geeklog 1.4.0 Beta 1 and earlier allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Geeklog
 CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect ...)
-	TODO: check
+	NOT-FOR-US: Help Desk Reloaded Free Help Desk
 CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 ...)
-	TODO: check
+	NOT-FOR-US: Interspire FastFind 
 CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before ...)
-	TODO: check
+	- gallery2 2.0.2-1 (medium)
 CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the &quot;Add Image From Web&quot; ...)
-	TODO: check
+	- gallery2 2.0.2-1 (medium)
 CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install log ...)
-	TODO: check
+	- gallery2 2.0.2-1 (low)
 CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and ...)
-	TODO: check
+	NOT-FOR-US: Widget Imprint
 CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate ...)
-	TODO: check
+	NOT-FOR-US: Relative Real Estate Systems
 CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate Commerce ...)
-	TODO: check
+	NOT-FOR-US: Landshop Real Estate Commerce System
 CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Widget Property
 CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Widget Property
 CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit the ...)
-	TODO: check
+	NOT-FOR-US: PHP Web Statistik
 CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: PHP Web Statistik
 CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web root with ...)
-	TODO: check
+	NOT-FOR-US: PHP Web Statistik
 CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web ...)
-	TODO: check
+	NOT-FOR-US: PHP Web Statistik
 CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar ...)
-	TODO: check
+	NOT-FOR-US: Codewalkers ltwCalendar
 CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: Kbase Express
 CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...)
-	TODO: check
+	NOT-FOR-US: PHP Lite Calender Express
 CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: Jax Calendar
 CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin]
 	- phpmyadmin <not-affected> (Apparently affects only 2.7.0)
 	NOTE: http://www.hardened-php.net/advisory_252005.110.html
@@ -502,10 +500,6 @@
 CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...)
 	{DSA-916-1}
 	- inkscape 0.42-1 (bug #321501; low)
-CVE-2005-XXXX [gallery2 zipcart information disclosure]
-	- gallery2 2.0.2-1 (medium)
-CVE-2005-XXXX [gallery2 add-from-web XSS]
-	- gallery2 2.0.2-1 (medium)
 CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu ...)
 	NOT-FOR-US: Zaimu
 CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP ...)

More information about the Secure-testing-commits mailing list