[Secure-testing-commits] r3094 - data/CVE
Joey Hess
joeyh at costa.debian.org
Mon Dec 19 09:14:26 UTC 2005
Author: joeyh
Date: 2005-12-19 09:14:20 +0000 (Mon, 19 Dec 2005)
New Revision: 3094
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-19 00:11:32 UTC (rev 3093)
+++ data/CVE/list 2005-12-19 09:14:20 UTC (rev 3094)
@@ -1,3 +1,174 @@
+CVE-2005-4348
+ RESERVED
+CVE-2005-4347
+ RESERVED
+CVE-2005-4346 (SQL injection vulnerability in index.php in phpBB Blog 2.2.2 and ...)
+ TODO: check
+CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...)
+ TODO: check
+CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...)
+ TODO: check
+CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...)
+ TODO: check
+CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, ...)
+ TODO: check
+CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite ...)
+ TODO: check
+CVE-2005-4340
+ REJECTED
+ TODO: check
+CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and ...)
+ TODO: check
+CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in ...)
+ TODO: check
+CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in ...)
+ TODO: check
+CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ...)
+ TODO: check
+CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a ...)
+ TODO: check
+CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers ...)
+ TODO: check
+CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board ...)
+ TODO: check
+CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
+ TODO: check
+CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant ...)
+ TODO: check
+CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall ...)
+ TODO: check
+CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB ...)
+ TODO: check
+CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...)
+ TODO: check
+CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt ...)
+ TODO: check
+CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute ...)
+ TODO: check
+CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have ...)
+ TODO: check
+CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through ...)
+ TODO: check
+CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal ...)
+ TODO: check
+CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
+ TODO: check
+CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani ...)
+ TODO: check
+CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 ...)
+ TODO: check
+CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and ...)
+ TODO: check
+CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not ...)
+ TODO: check
+CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers ...)
+ TODO: check
+CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...)
+ TODO: check
+CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal ...)
+ TODO: check
+CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
+ TODO: check
+CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
+ TODO: check
+CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, ...)
+ TODO: check
+CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based ...)
+ TODO: check
+CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows ...)
+ TODO: check
+CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...)
+ TODO: check
+CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...)
+ TODO: check
+CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...)
+ TODO: check
+CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and ...)
+ TODO: check
+CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...)
+ TODO: check
+CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and ...)
+ TODO: check
+CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in ...)
+ TODO: check
+CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...)
+ TODO: check
+CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum ...)
+ TODO: check
+CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier ...)
+ TODO: check
+CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...)
+ TODO: check
+CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
+ TODO: check
+CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...)
+ TODO: check
+CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and ...)
+ TODO: check
+CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS ...)
+ TODO: check
+CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...)
+ TODO: check
+CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...)
+ TODO: check
+CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb ...)
+ TODO: check
+CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...)
+ TODO: check
+CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote ...)
+ TODO: check
+CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick ...)
+ TODO: check
+CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine ...)
+ TODO: check
+CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and ...)
+ TODO: check
+CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and ...)
+ TODO: check
+CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and ...)
+ TODO: check
+CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...)
+ TODO: check
+CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on ...)
+ TODO: check
+CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo ...)
+ TODO: check
+CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS ...)
+ TODO: check
+CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to ...)
+ TODO: check
+CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x ...)
+ TODO: check
+CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) ...)
+ TODO: check
+CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote ...)
+ TODO: check
+CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...)
+ TODO: check
+CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows ...)
+ TODO: check
+CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...)
+ TODO: check
+CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...)
+ TODO: check
+CVE-2005-4267
+ RESERVED
+CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when ...)
+ TODO: check
+CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before ...)
+ TODO: check
+CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through ...)
+ TODO: check
CVE-2005-XXXX [SQL Injection in server_privileges.php]
- phpmyadmin <unfixed> (bug #343858; high)
CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
@@ -121,7 +292,7 @@
NOT-FOR-US: Flatnuke
CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...)
NOT-FOR-US: BTGrup Admin WebController Script
-CVE-2005-4206 (frameset.jsp in Blackboard Learning and Community Port Systems ...)
+CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic Suite ...)
NOT-FOR-US: Blackboard Learning and Community Port Systems
CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...)
NOT-FOR-US: LocazoList
@@ -221,7 +392,7 @@
NOT-FOR-US: MilliScripts
CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 ...)
NOT-FOR-US: Torrential
-CVE-2005-4159 (SQL injection vulnerability in Memberlist.php in Simple Machines Forum ...)
+CVE-2005-4159 (** DISPUTED ** ...)
NOT-FOR-US: Simple Machines Forum
CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...)
- sudo <unfixed> (bug #342948; medium)
@@ -370,7 +541,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...)
NOT-FOR-US: phpForumPro
-CVE-2005-4087 (PHP remote file inclusion vulnerability in acceptDecline.php in Sugar ...)
+CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar ...)
NOT-FOR-US: SugarCRM
CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...)
NOT-FOR-US: SugarCRM
@@ -536,7 +707,7 @@
NOT-FOR-US: PHP Lite Calender Express
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...)
NOT-FOR-US: Jax Calendar
-CVE-2005-4077 (Multiple off-by-one errors in libcurl 7.11.2 through 7.15.0 and ...)
+CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 ...)
{DSA-919-1}
- curl 7.15.1-1 (bug #342339; medium)
[sarge] - curl 7.13.2-2sarge4 (medium)
@@ -1588,8 +1759,8 @@
RESERVED
CVE-2005-3653
RESERVED
-CVE-2005-3652
- RESERVED
+CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 ...)
+ TODO: check
CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix ...)
{DSA-920-1}
- ethereal <unfixed> (bug #342911; medium)
@@ -2916,8 +3087,8 @@
CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
{DSA-889-1}
- enigmail 2:0.93-1 (bug #335731; medium)
-CVE-2005-3253
- RESERVED
+CVE-2005-3253 (Avaya Wireless Access Points (AP) AP-3 through AP-6 2.5 to 2.5.4, and ...)
+ TODO: check
CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...)
- snort 2.3.3-2 (bug #328134; low)
- snort <not-affected> (Vulnerable code was introduced later, see bug #334606)
@@ -5584,7 +5755,7 @@
NOT-FOR-US: nbsmtp
CVE-2005-2408
RESERVED
-CVE-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform "link ...)
+CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-complicit ...)
NOT-FOR-US: Opera
CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
NOT-FOR-US: Opera
@@ -11933,7 +12104,7 @@
- kernel-source-2.4.27 2.4.27-11 (bug #311164)
- linux-2.6 <not-affected> (Fixed before upload in archive)
TODO: Check, when this was fixed upstream
-CVE-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...)
+CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on ...)
{DSA-922-1 DSA-921-1}
- kernel-source-2.4.27 2.4.27-11 (medium)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
@@ -18333,7 +18504,7 @@
CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
NOT-FOR-US: IBM DB2
CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
- - mplayer <itp> (bug #113238)
+ - mplayer <itp> (bug #113238)
CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
NOT-FOR-US: CDE
CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
@@ -32188,5 +32359,5 @@
TODO: check
CVE-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...)
TODO: check
-CVE-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as described ...)
+CVE-1999-0001 (ip_input.c in BSD-derived TCP/IP implementations allows remote ...)
TODO: check
More information about the Secure-testing-commits
mailing list