[Secure-testing-commits] r3005 - data/CVE
Joey Hess
joeyh at costa.debian.org
Sun Dec 11 21:14:24 UTC 2005
Author: joeyh
Date: 2005-12-11 21:14:19 +0000 (Sun, 11 Dec 2005)
New Revision: 3005
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-11 21:07:05 UTC (rev 3004)
+++ data/CVE/list 2005-12-11 21:14:19 UTC (rev 3005)
@@ -1,3 +1,49 @@
+CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows ...)
+ TODO: check
+CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 ...)
+ TODO: check
+CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME ...)
+ TODO: check
+CVE-2005-4161 (Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts ...)
+ TODO: check
+CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 ...)
+ TODO: check
+CVE-2005-4159 (SQL injection vulnerability in Memberlist.php in Simple Machines Forum ...)
+ TODO: check
+CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...)
+ TODO: check
+CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...)
+ TODO: check
+CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), ...)
+ TODO: check
+CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...)
+ TODO: check
+CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop ...)
+ TODO: check
+CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in ...)
+ TODO: check
+CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain ...)
+ TODO: check
+CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, ...)
+ TODO: check
+CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote ...)
+ TODO: check
+CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain ...)
+ TODO: check
+CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the ...)
+ TODO: check
+CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add ...)
+ TODO: check
+CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a ...)
+ TODO: check
+CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 ...)
+ TODO: check
CVE-2005-XXXX [Multiple issues in Horde]
- horde3 <unfixed> (bug filed; medium)
CVE-2005-XXXX [XSS in Kronolith]
@@ -22,7 +68,7 @@
NOT-FOR-US: DRZES HMS
CVE-2005-4135 (Direct static code injection vulnerability in includes/newtopic.php in ...)
NOT-FOR-US: SimpleBBS
-CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon up to 0.9 ...)
+CVE-2005-4134 (** DISPUTED ** ...)
- mozilla-firefox <unfixed> (unimportant)
NOTE: Not exploitable beyond a sluggish browser startup, see
NOTE: http://www.mozilla.org/security/history-title.html
@@ -146,11 +192,11 @@
NOT-FOR-US: CF_Nuke
CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...)
NOT-FOR-US: CF_Nuke
-CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in Magic List Pro 2.5 ...)
+CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in CFMagic Magic List ...)
NOT-FOR-US: Magic List Pro
-CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in Magic Forum Personal 2.5 ...)
+CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum ...)
NOT-FOR-US: Magic Personal Forum
-CVE-2005-4071 (Multiple SQL injection vulnerabilities in Magic Forum Personal 2.5 and ...)
+CVE-2005-4071 (Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal ...)
NOT-FOR-US: Magic Personal Forum
CVE-2005-4070
REJECTED
@@ -158,7 +204,8 @@
NOT-FOR-US: Sony root kit
CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 ...)
NOT-FOR-US: AIX
-CVE-2005-4067 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...)
+CVE-2005-4067
+ REJECTED
- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...)
NOT-FOR-US: Total Commander
@@ -203,7 +250,7 @@
NOT-FOR-US: IISWorks ASPKnowledgeBase
CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java ...)
NOT-FOR-US: Sun Java System Application Server
-CVE-2005-4045 (Unknown vulnerability in System Communications Services 6 Delegated ...)
+CVE-2005-4045 (Unspecified vulnerability in System Communications Services 6 ...)
NOT-FOR-US: Sun Java System Messaging Server
CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon ...)
NOT-FOR-US: Amazon Search Directory
@@ -231,7 +278,7 @@
NOT-FOR-US: Nodezilla
CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search ...)
NOT-FOR-US: Easy Search System
-CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.0 through 1.5.3 allows ...)
+CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...)
- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows ...)
NOT-FOR-US: Quicksilver Forums
@@ -802,7 +849,7 @@
NOT-FOR-US: freeFTPd
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...)
NOT-FOR-US: AMAX Magic Winmail Server
-CVE-2005-3806 (The IPv6 flowlabel handling code (ip6_flowlabel.c) in Linux kernels ...)
+CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels ...)
- linux-2.6 2.6.14-1 (medium)
- kernel-source-2.4.27 <unfixed> (medium)
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...)
@@ -1332,8 +1379,7 @@
RESERVED
CVE-2005-3652
RESERVED
-CVE-2005-3651 [Buffer overflow in ethereal's OSPF dissector]
- RESERVED
+CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix ...)
- ethereal <unfixed> (bug filed; medium)
CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...)
NOT-FOR-US: Sony Root Kit Uninstaller
@@ -1506,9 +1552,11 @@
NOT-FOR-US: HP-UX
CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to ...)
NOT-FOR-US: HP-UX
-CVE-2005-3563 (ATutor 1.5.1 stores temporary chat logs as world readable under the ...)
+CVE-2005-3563
+ REJECTED
NOT-FOR-US: ATutor
-CVE-2005-3562 (Direct code injection vulnerability in ATutor 1.5.1 allows remote ...)
+CVE-2005-3562
+ REJECTED
NOT-FOR-US: ATutor
CVE-2005-3561 ( ...)
NOT-FOR-US: ATutor
@@ -1567,12 +1615,10 @@
RESERVED
CVE-2005-3534
RESERVED
-CVE-2005-3533 [osh cwd buffer overflow]
- RESERVED
+CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to execute ...)
{DSA-918-1}
- osh 1.7-15
-CVE-2005-3532 [courier-authdaemon grants access to deactivated user accounts]
- RESERVED
+CVE-2005-3532 (authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through ...)
{DSA-917-1}
- courier 0.47-12 (bug #211920; medium)
CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows ...)
@@ -2232,7 +2278,8 @@
NOT-FOR-US: DboardGear
CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 ...)
NOT-FOR-US: saphp Lesson
-CVE-2005-3362 (myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a ...)
+CVE-2005-3362
+ REJECTED
NOT-FOR-US: myBloggie
CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...)
NOT-FOR-US: FlatNuke
@@ -2899,7 +2946,7 @@
NOT-FOR-US: MailEnable Enterprise
CVE-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...)
NOT-FOR-US: Bitdefender Antivirus
-CVE-2005-3153 (login.php in MyBloggie 2.1.3 beta allows remote attackers to bypass a ...)
+CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers ...)
NOT-FOR-US: MyBloggie
CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...)
NOT-FOR-US: CubeCart
@@ -3478,7 +3525,7 @@
- libgda2 1.2.2-1 (medium)
CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
NOT-FOR-US: AVIRA Desktop
-CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive data ...)
+CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores temporary chat ...)
NOT-FOR-US: ATutor
CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...)
NOT-FOR-US: ATutor
@@ -11299,7 +11346,7 @@
NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- dcl 1:0.9.4.4-1
-CVE-2005-0887 (Code injection vulnerability in Double Choco Latte before 0.9.4.3 ...)
+CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before 0.9.4.3 ...)
- dcl 1:0.9.4.4-1
CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
NOT-FOR-US: Invision Power Board
@@ -11393,7 +11440,7 @@
NOT-FOR-US: CoolForum
CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...)
NOT-FOR-US: CoolForum
-CVE-2005-0854 (betaparticle blog (bp blog) allows remote attackers to bypass ...)
+CVE-2005-0854 (betaparticle blog (bp blog), posisbly before version 4, allows remote ...)
NOT-FOR-US: betaparticle blog
CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...)
NOT-FOR-US: betaparticle blog
More information about the Secure-testing-commits
mailing list