[Secure-testing-commits] r3035 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Dec 14 09:36:40 UTC 2005 

Author: jmm-guest
Date: 2005-12-14 09:36:36 +0000 (Wed, 14 Dec 2005)
New Revision: 3035

Modified:
   data/CVE/list
Log:
one potential perl issue, needs to be tested
lots of NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-14 09:33:18 UTC (rev 3034)
+++ data/CVE/list	2005-12-14 09:36:36 UTC (rev 3035)
@@ -1,73 +1,72 @@
-begin claimed by jmm
 CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and ...)
-	TODO: check
+	NOT-FOR-US: Link Up Gold
 CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and ...)
-	TODO: check
+	NOT-FOR-US: Link Up Gold
 CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...)
-	TODO: check
+	NOT-FOR-US: EveryAuction
 CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and ...)
-	TODO: check
+	NOT-FOR-US: PhpWebGallery 
 CVE-2005-4227 (Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 ...)
-	TODO: check
+	NOT-FOR-US: DCP-Portal
 CVE-2005-4226 (Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 ...)
-	TODO: check
+	NOT-FOR-US: pgpWebThings
 CVE-2005-4225 (Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 ...)
-	TODO: check
+	NOT-FOR-US: myBloggie
 CVE-2005-4224 (Multiple "potential" SQL injection vulnerabilities in e107 0.7 might ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2005-4223 (Multiple "potential" SQL injection vulnerabilities in Utopia News Pro ...)
-	TODO: check
+	NOT-FOR-US: Utopia News Pro
 CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi ...)
-	TODO: check
+	NOT-FOR-US: Lars Ellingsen Guestserver
 CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...)
-	TODO: check
+	NOT-FOR-US: Arab Portal System
 CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...)
-	TODO: check
+	NOT-FOR-US: Netgear hardware issue 
 CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains ...)
-	TODO: check
+	NOT-FOR-US: Innovative CMS
 CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows ...)
-	TODO: check
+	NOT-FOR-US: PHPWebThings
 CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...)
-	TODO: check
+	TODO: check, whether this affects Debian's perl
 CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media ...)
-	TODO: check
+	NOT-FOR-US: Macromedia Flash Media Server
 CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: Motorola hardware
 CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers obtain the installation path via ...)
-	TODO: check
+	NOT-FOR-US: phpCOIN
 CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: phpCOIN
 CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN ...)
-	TODO: check
+	NOT-FOR-US: phpCOIN
 CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in ...)
-	TODO: check
+	NOT-FOR-US: phpCOIN
 CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Alt-N MDaemon
 CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Flatnuke
 CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...)
-	TODO: check
+	NOT-FOR-US: BTGrup Admin WebController Script
 CVE-2005-4206 (frameset.jsp in Blackboard Learning and Community Port Systems ...)
-	TODO: check
+	NOT-FOR-US: Blackboard Learning and Community Port Systems
 CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...)
-	TODO: check
+	NOT-FOR-US: LocazoList
 CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows ...)
-	TODO: check
+	NOT-FOR-US: LogiSphere
 CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...)
-	TODO: check
+	NOT-FOR-US: LogiSphere
 CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j ...)
-	TODO: check
+	NOT-FOR-US: LogiSphere
 CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: My Album Online
 CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: Netref
+begin claimed by jmm
 CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...)
 	TODO: check
 CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...)
@@ -132,6 +131,7 @@
 	TODO: check
 CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...)
 	TODO: check
+end claimed by jmm
 CVE-2005-XXXX [Another fib_lookup DoS]
 	- linux-2.6 <unfixed>
 CVE-2005-XXXX [DoS in i82365 driver]

More information about the Secure-testing-commits mailing list