[Secure-testing-commits] r2989 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Dec 9 09:36:13 UTC 2005


Author: jmm-guest
Date: 2005-12-09 09:36:08 +0000 (Fri, 09 Dec 2005)
New Revision: 2989

Modified:
   data/CVE/list
Log:
phpmyadmin CVEfied
new imp4 issue
another mediawiki not-affected
lots of NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-09 09:16:45 UTC (rev 2988)
+++ data/CVE/list	2005-12-09 09:36:08 UTC (rev 2989)
@@ -1,62 +1,59 @@
-begin claimed by jmm
 CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...)
-	TODO: check
+	NOT-FOR-US: DoceboLMS
 CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...)
-	TODO: check
+	NOT-FOR-US: DoceboLMS
 CVE-2005-4093 (Unspecified vulnerability in Check Point VPN-1 SecureClient NG with ...)
-	TODO: check
+	NOT-FOR-US: Check Point
 CVE-2005-4092 (Heap-based buffer overflow in Apple QuickTime Player 7.0.3 and iTunes ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...)
-	TODO: check
+	NOT-FOR-US: 1-Script 1-Search
 CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...)
-	TODO: check
+	NOT-FOR-US: phpForumPro
 CVE-2005-4087 (PHP remote file inclusion vulnerability in acceptDecline.php in Sugar ...)
-	TODO: check
+	NOT-FOR-US: SugarCRM
 CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...)
-	TODO: check
+	NOT-FOR-US: SugarCRM
 CVE-2005-4085
 	RESERVED
 CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...)
-	TODO: check
+	NOT-FOR-US: phpBB eXtreme Styles module
 CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...)
-	TODO: check
+	NOT-FOR-US: phpBB eXtreme Styles module
 CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by ...)
-	TODO: check
+	NOT-FOR-US: QNX
 CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...)
-	TODO: check
+	NOT-FOR-US: Alisveristr E-commerce
 CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...)
-	TODO: check
+	- imp4 <unfixed> (bug filed; medium)
 CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...)
-	TODO: check
+	- phpmyadmin <not-affected> (Affects only 2.7.0)
 CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...)
-	TODO: check
+	NOT-FOR-US: Ideal BB.NET
 CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...)
-	TODO: check
+	NOT-FOR-US: Appfluent Technology Database IDS 2.0
 CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...)
-	TODO: check
+	NOT-FOR-US: CF_Nuke
 CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...)
-	TODO: check
+	NOT-FOR-US: CF_Nuke
 CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in Magic List Pro 2.5 ...)
-	TODO: check
+	NOT-FOR-US: Magic List Pro
 CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in Magic Forum Personal 2.5 ...)
-	TODO: check
+	NOT-FOR-US: Magic Personal Forum
 CVE-2005-4071 (Multiple SQL injection vulnerabilities in Magic Forum Personal 2.5 and ...)
-	TODO: check
+	NOT-FOR-US: Magic Personal Forum
 CVE-2005-4070
 	REJECTED
-	TODO: check
 CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0 assigns insecure permissions to the ...)
-	TODO: check
+	NOT-FOR-US: Sony root kit
 CVE-2005-4068 (Unspecified &quot;absolute path vulnerability&quot; in umountall in IBM AIX 5.1 ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2005-4067 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...)
-	TODO: check
-end claimed by jmm
+	- mediawiki <not-affected> (Only affects the 1.5 branch)
 CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...)
 	NOT-FOR-US: Total Commander
 CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...)
@@ -176,8 +173,6 @@
 	NOT-FOR-US: PHP Lite Calender Express
 CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...)
 	NOT-FOR-US: Jax Calendar
-CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin]
-	- phpmyadmin <not-affected> (Apparently affects only 2.7.0)
 CVE-2005-4077 (Multiple off-by-one errors in libcurl 7.11.2 through 7.15.0 and ...)
 	- curl 7.15.1-1 (bug #342339; medium) 
 	[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)




More information about the Secure-testing-commits mailing list