[Secure-testing-commits] r3031 - data/CVE
Joey Hess
joeyh at costa.debian.org
Wed Dec 14 09:14:25 UTC 2005
Author: joeyh
Date: 2005-12-14 09:14:19 +0000 (Wed, 14 Dec 2005)
New Revision: 3031
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-14 09:08:44 UTC (rev 3030)
+++ data/CVE/list 2005-12-14 09:14:19 UTC (rev 3031)
@@ -1,3 +1,135 @@
+CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and ...)
+ TODO: check
+CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and ...)
+ TODO: check
+CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...)
+ TODO: check
+CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and ...)
+ TODO: check
+CVE-2005-4227 (Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 ...)
+ TODO: check
+CVE-2005-4226 (Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 ...)
+ TODO: check
+CVE-2005-4225 (Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 ...)
+ TODO: check
+CVE-2005-4224 (Multiple "potential" SQL injection vulnerabilities in e107 0.7 might ...)
+ TODO: check
+CVE-2005-4223 (Multiple "potential" SQL injection vulnerabilities in Utopia News Pro ...)
+ TODO: check
+CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi ...)
+ TODO: check
+CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...)
+ TODO: check
+CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...)
+ TODO: check
+CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains ...)
+ TODO: check
+CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows ...)
+ TODO: check
+CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...)
+ TODO: check
+CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media ...)
+ TODO: check
+CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers obtain the installation path via ...)
+ TODO: check
+CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...)
+ TODO: check
+CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN ...)
+ TODO: check
+CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in ...)
+ TODO: check
+CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor ...)
+ TODO: check
+CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote ...)
+ TODO: check
+CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...)
+ TODO: check
+CVE-2005-4206 (frameset.jsp in Blackboard Learning and Community Port Systems ...)
+ TODO: check
+CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...)
+ TODO: check
+CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows ...)
+ TODO: check
+CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...)
+ TODO: check
+CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j ...)
+ TODO: check
+CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...)
+ TODO: check
+CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
+ TODO: check
+CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
+ TODO: check
+CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...)
+ TODO: check
+CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...)
+ TODO: check
+CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) ...)
+ TODO: check
+CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming ...)
+ TODO: check
+CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows ...)
+ TODO: check
+CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Framework ...)
+ TODO: check
+CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
+ TODO: check
+CVE-2005-4188
+ RESERVED
+CVE-2005-4187
+ RESERVED
+CVE-2005-4186
+ RESERVED
+CVE-2005-4185
+ RESERVED
+CVE-2005-4184
+ RESERVED
+CVE-2005-4183
+ RESERVED
+CVE-2005-4182
+ RESERVED
+CVE-2005-4181
+ RESERVED
+CVE-2005-4180
+ RESERVED
+CVE-2005-4179
+ RESERVED
+CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book ...)
+ TODO: check
+CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after ...)
+ TODO: check
+CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the ...)
+ TODO: check
+CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow ...)
+ TODO: check
+CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2005-4171 (The "Upload new image" command in the "Manage Images" eFiction 1.1, ...)
+ TODO: check
+CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote ...)
+ TODO: check
+CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 ...)
+ TODO: check
+CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 ...)
+ TODO: check
+CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare ...)
+ TODO: check
+CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...)
+ TODO: check
CVE-2005-XXXX [Another fib_lookup DoS]
- linux-2.6 <unfixed>
CVE-2005-XXXX [DoS in i82365 driver]
@@ -2,3 +134,3 @@
- linux-2.6 <unfixed>
-CVE-2005-4178 [Heap overflow in Dropbear sshd]
+CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows authenticated ...)
- dropbear 0.47-1 (high)
@@ -673,8 +805,8 @@
TODO: They're speaking of API issues, check whether free JREs are affected
CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java ...)
NOT-FOR-US: Sun Java
-CVE-2005-3903
- RESERVED
+CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows ...)
+ TODO: check
CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...)
NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not ...)
@@ -921,9 +1053,9 @@
NOT-FOR-US: PHProxy
CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
NOT-FOR-US: UberTec Help Center Live
-CVE-2004-2602 (PHP remote file include vulnerability in UberTec Help Center Live ...)
+CVE-2004-2602 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...)
NOT-FOR-US: UberTec Help Center Live
-CVE-2004-2601 (PHP file include vulnerability in UberTec Help Center Live (HCL) ...)
+CVE-2004-2601 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...)
NOT-FOR-US: UberTec Help Center Live
CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) ...)
NOT-FOR-US: Intel hardware
@@ -981,7 +1113,7 @@
- phpgroupware 0.9.14.007
CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare ...)
- phpgroupware 0.9.14.007
-CVE-2004-2573 (PHP remote file include vulnerability in tables_update.inc.php in ...)
+CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ...)
- phpgroupware 0.9.14.007
CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...)
[sarge] - kernel-source-2.6.8 2.6.8-16sarge2
@@ -1006,7 +1138,7 @@
NOT-FOR-US: MyBB
CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
NOT-FOR-US: MyBB
-CVE-2005-3775 (PHP file inclusion vulnerability in pollvote.php in PollVote allows ...)
+CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote ...)
NOT-FOR-US: PollVote
CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Cisco hardware
@@ -1353,7 +1485,7 @@
CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 ...)
NOT-FOR-US: Mac OS X
CVE-2005-3703
- RESERVED
+ REJECTED
CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote ...)
NOT-FOR-US: Safari
CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 ...)
@@ -2310,8 +2442,8 @@
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...)
- php4 <unfixed> (bug #339577; medium)
- php5 <unfixed> (bug #336654; medium)
-CVE-2005-3352
- RESERVED
+CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module allows ...)
+ TODO: check
CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)
- spamassassin <unfixed> (bug #339526; medium)
CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and ...)
@@ -2805,7 +2937,7 @@
NOT-FOR-US: Oracle
CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...)
NOT-FOR-US: Oracle
-CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro 1.1.3 when ...)
+CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro (UNP) ...)
NOT-FOR-US: Utopia News Pro
CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...)
NOT-FOR-US: Utopia News Pro
@@ -3816,16 +3948,16 @@
RESERVED
CVE-2005-2832
RESERVED
-CVE-2005-2831
- RESERVED
-CVE-2005-2830
- RESERVED
-CVE-2005-2829
- RESERVED
+CVE-2005-2831 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
+ TODO: check
+CVE-2005-2830 (Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS ...)
+ TODO: check
+CVE-2005-2829 (Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 ...)
+ TODO: check
CVE-2005-2828
RESERVED
-CVE-2005-2827
- RESERVED
+CVE-2005-2827 (The thread termination routine in the kernel for Windows NT 4.0 and ...)
+ TODO: check
CVE-2005-2826
RESERVED
CVE-2005-2825
@@ -8192,7 +8324,7 @@
NOT-FOR-US: Microsoft
CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...)
NOT-FOR-US: Microsoft
-CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...)
+CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and ...)
- mozilla-firefox <unfixed> (bug #340283; low)
- mozilla <unfixed> (bug #340282; low)
CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...)
More information about the Secure-testing-commits
mailing list