[Secure-testing-commits] r3097 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Dec 19 12:23:40 UTC 2005
Author: jmm-guest
Date: 2005-12-19 12:23:34 +0000 (Mon, 19 Dec 2005)
New Revision: 3097
Modified:
data/CVE/list
Log:
new trac issue
lots of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-19 11:58:39 UTC (rev 3096)
+++ data/CVE/list 2005-12-19 12:23:34 UTC (rev 3097)
@@ -2,127 +2,126 @@
RESERVED
CVE-2005-4347
RESERVED
-begin claimed by jmm
CVE-2005-4346 (SQL injection vulnerability in index.php in phpBB Blog 2.2.2 and ...)
- TODO: check
+ NOT-FOR-US: phpBB Blog
+ TODO: Double-check please, this doesn't seem to be included in stock phpbb
CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...)
- TODO: check
+ NOT-FOR-US: ColdFusion MX
CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...)
- TODO: check
+ NOT-FOR-US: ColdFusion MX
CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...)
- TODO: check
+ NOT-FOR-US: ColdFusion MX
CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, ...)
- TODO: check
+ NOT-FOR-US: ColdFusion MX
CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite ...)
- TODO: check
+ NOT-FOR-US: Academic Suite
CVE-2005-4340
REJECTED
- TODO: check
CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and ...)
- TODO: check
+ NOT-FOR-US: Academic Suite
CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in ...)
- TODO: check
+ NOT-FOR-US: Academic Suite
CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in ...)
- TODO: check
+ NOT-FOR-US: Academic Suite
CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ...)
- TODO: check
+ NOT-FOR-US: ProjectForum
CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: ProjectForum
CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: ZixForum
CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board ...)
- TODO: check
+ NOT-FOR-US: Binary Board System
CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
- TODO: check
+ NOT-FOR-US: Secure Smart Manager
CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant ...)
- TODO: check
+ NOT-FOR-US: iHTML Merchant
CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall ...)
- TODO: check
+ NOT-FOR-US: iHTML Merchant
CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB ...)
- TODO: check
+ NOT-FOR-US: paFileDB
CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...)
- TODO: check
+ NOT-FOR-US: WebGlimpse
CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt ...)
- TODO: check
+ NOT-FOR-US: Michael Arndt WebCal
CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute ...)
- TODO: check
+ NOT-FOR-US: APC hardware issue
CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have ...)
- TODO: check
+ NOT-FOR-US: Driverse
CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through ...)
- TODO: check
+ NOT-FOR-US: Hitachi Groupmax Mail SMTP
CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal ...)
- TODO: check
+ NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
- TODO: check
+ NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani ...)
- TODO: check
+ NOT-FOR-US: Apani Networks EpiForce
CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the ...)
- TODO: check
+ NOT-FOR-US: Limbo CMS
CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 ...)
- TODO: check
+ NOT-FOR-US: Limbo CMS
CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and ...)
- TODO: check
+ NOT-FOR-US: Limbo CMS
CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not ...)
- TODO: check
+ NOT-FOR-US: Limbo CMS
CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...)
- TODO: check
+ NOT-FOR-US: Plexum PLEXCART
CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal ...)
- TODO: check
+ NOT-FOR-US: PPCal Shopping Cart
CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
- TODO: check
+ NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
- TODO: check
+ NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, ...)
- TODO: check
+ NOT-FOR-US: DCForum
CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based ...)
- TODO: check
+ NOT-FOR-US: SSH Tectia Server
CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: ezUpload Pro
CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: ezUpload Pro
CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...)
- TODO: check
+ NOT-FOR-US: ScareCrow
CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...)
- TODO: check
+ NOT-FOR-US: SiteNet BBS
CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...)
- TODO: check
+ - trac <unfixed> (bug filed)
CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: ezDatabase
CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and ...)
- TODO: check
+ NOT-FOR-US: ezDatabase
CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...)
- TODO: check
+ NOT-FOR-US: ezDatabase
CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and ...)
- TODO: check
+ NOT-FOR-US: pgpXplorer
CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in ...)
- TODO: check
+ NOT-FOR-US: libremail
CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...)
- TODO: check
+ NOT-FOR-US: Atlant Pro
CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum ...)
- TODO: check
+ NOT-FOR-US: AtlantForum
CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier ...)
- TODO: check
+ NOT-FOR-US: bbBoard
CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: AppServ Open Project
CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...)
- TODO: check
+ NOT-FOR-US: Absolute Image Gallery XE
CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
- TODO: check
+ NOT-FOR-US: Alkacon OpenCms
CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...)
- TODO: check
+ NOT-FOR-US: ClickCartPro
CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and ...)
- TODO: check
+ NOT-FOR-US: CommerceSQL
CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS ...)
- TODO: check
+ NOT-FOR-US: ECTOOLS Onlineshop
CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...)
- TODO: check
+ NOT-FOR-US: ECW-Cart
CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...)
- TODO: check
+ NOT-FOR-US: eDatCat
CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: MarmaraWeb E-commerce
+begin claimed by jmm
CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...)
TODO: check
CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote ...)
@@ -171,6 +170,7 @@
TODO: check
CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through ...)
TODO: check
+end claimed by jmm
CVE-2005-XXXX [SQL Injection in server_privileges.php]
- phpmyadmin <unfixed> (bug #343858; high)
CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
More information about the Secure-testing-commits
mailing list