[Secure-testing-commits] r2989 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Dec 9 09:36:13 UTC 2005
Author: jmm-guest
Date: 2005-12-09 09:36:08 +0000 (Fri, 09 Dec 2005)
New Revision: 2989
Modified:
data/CVE/list
Log:
phpmyadmin CVEfied
new imp4 issue
another mediawiki not-affected
lots of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-09 09:16:45 UTC (rev 2988)
+++ data/CVE/list 2005-12-09 09:36:08 UTC (rev 2989)
@@ -1,62 +1,59 @@
-begin claimed by jmm
CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...)
- TODO: check
+ NOT-FOR-US: DoceboLMS
CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...)
- TODO: check
+ NOT-FOR-US: DoceboLMS
CVE-2005-4093 (Unspecified vulnerability in Check Point VPN-1 SecureClient NG with ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2005-4092 (Heap-based buffer overflow in Apple QuickTime Player 7.0.3 and iTunes ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...)
- TODO: check
+ NOT-FOR-US: 1-Script 1-Search
CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...)
- TODO: check
+ NOT-FOR-US: phpForumPro
CVE-2005-4087 (PHP remote file inclusion vulnerability in acceptDecline.php in Sugar ...)
- TODO: check
+ NOT-FOR-US: SugarCRM
CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...)
- TODO: check
+ NOT-FOR-US: SugarCRM
CVE-2005-4085
RESERVED
CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...)
- TODO: check
+ NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...)
- TODO: check
+ NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by ...)
- TODO: check
+ NOT-FOR-US: QNX
CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...)
- TODO: check
+ NOT-FOR-US: Alisveristr E-commerce
CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...)
- TODO: check
+ - imp4 <unfixed> (bug filed; medium)
CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...)
- TODO: check
+ - phpmyadmin <not-affected> (Affects only 2.7.0)
CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...)
- TODO: check
+ NOT-FOR-US: Ideal BB.NET
CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...)
- TODO: check
+ NOT-FOR-US: Appfluent Technology Database IDS 2.0
CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...)
- TODO: check
+ NOT-FOR-US: CF_Nuke
CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...)
- TODO: check
+ NOT-FOR-US: CF_Nuke
CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in Magic List Pro 2.5 ...)
- TODO: check
+ NOT-FOR-US: Magic List Pro
CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in Magic Forum Personal 2.5 ...)
- TODO: check
+ NOT-FOR-US: Magic Personal Forum
CVE-2005-4071 (Multiple SQL injection vulnerabilities in Magic Forum Personal 2.5 and ...)
- TODO: check
+ NOT-FOR-US: Magic Personal Forum
CVE-2005-4070
REJECTED
- TODO: check
CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0 assigns insecure permissions to the ...)
- TODO: check
+ NOT-FOR-US: Sony root kit
CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2005-4067 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...)
- TODO: check
-end claimed by jmm
+ - mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...)
NOT-FOR-US: Total Commander
CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...)
@@ -176,8 +173,6 @@
NOT-FOR-US: PHP Lite Calender Express
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...)
NOT-FOR-US: Jax Calendar
-CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin]
- - phpmyadmin <not-affected> (Apparently affects only 2.7.0)
CVE-2005-4077 (Multiple off-by-one errors in libcurl 7.11.2 through 7.15.0 and ...)
- curl 7.15.1-1 (bug #342339; medium)
[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
More information about the Secure-testing-commits
mailing list