[Secure-testing-commits] r3119 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Dec 22 09:14:37 UTC 2005
Author: joeyh
Date: 2005-12-22 09:14:29 +0000 (Thu, 22 Dec 2005)
New Revision: 3119
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-22 08:49:57 UTC (rev 3118)
+++ data/CVE/list 2005-12-22 09:14:29 UTC (rev 3119)
@@ -1,6 +1,279 @@
-CVE-2005-4348
+CVE-2006-0043
RESERVED
+CVE-2006-0042
+ RESERVED
+CVE-2006-0041
+ RESERVED
+CVE-2006-0040
+ RESERVED
+CVE-2006-0039
+ RESERVED
+CVE-2006-0038
+ RESERVED
+CVE-2006-0037
+ RESERVED
+CVE-2006-0036
+ RESERVED
+CVE-2006-0035
+ RESERVED
+CVE-2006-0019
+ RESERVED
+CVE-2005-4474 (Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows ...)
+ TODO: check
+CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...)
+ TODO: check
+CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) ...)
+ TODO: check
+CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server (MSS) ...)
+ TODO: check
+CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...)
+ TODO: check
+CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...)
+ TODO: check
+CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...)
+ TODO: check
+CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in PHPGedView ...)
+ TODO: check
+CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll ...)
+ TODO: check
+CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC ...)
+ TODO: check
+CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote ...)
+ TODO: check
+CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP ...)
+ TODO: check
+CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ...)
+ TODO: check
+CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ...)
+ TODO: check
+CVE-2005-4459 (Heap-based buffer overflow in vmnat.exe and vmnet-natd in VMWare ...)
+ TODO: check
+CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...)
+ TODO: check
+CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote ...)
+ TODO: check
+CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and ...)
+ TODO: check
+CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote ...)
+ TODO: check
+CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in ...)
+ TODO: check
+CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote ...)
+ TODO: check
+CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under ...)
+ TODO: check
+CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 ...)
+ TODO: check
+CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 ...)
+ TODO: check
+CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated ...)
+ TODO: check
+CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an MD5 ...)
+ TODO: check
+CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in phpCOIN ...)
+ TODO: check
+CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x ...)
+ TODO: check
+CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow ...)
+ TODO: check
+CVE-2005-4444 (Stack-based buffer overflow in Pegasus Mail 4.21a through 4.21c and ...)
+ TODO: check
+CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on ...)
+ TODO: check
+CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on ...)
+ TODO: check
+CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network ...)
+ TODO: check
+CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass network ...)
+ TODO: check
+CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in ...)
+ TODO: check
+CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing ...)
+ TODO: check
+CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented ...)
+ TODO: check
+CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man ...)
+ TODO: check
+CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x ...)
+ TODO: check
+CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in Esselbach ...)
+ TODO: check
+CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 ...)
+ TODO: check
+CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...)
+ TODO: check
+CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers ...)
+ TODO: check
+CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus ...)
+ TODO: check
+CVE-2005-4427 (Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow ...)
+ TODO: check
+CVE-2005-4426 (Interpretation conflict in YaBB before 2.1 allows remote authenticated ...)
+ TODO: check
+CVE-2005-4425 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...)
+ TODO: check
+CVE-2005-4424 (Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might ...)
+ TODO: check
+CVE-2005-4423 (Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows ...)
+ TODO: check
+CVE-2005-4422 (Unrestricted file upload vulnerability in toendaCMS before 0.6.2 ...)
+ TODO: check
+CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory outside ...)
+ TODO: check
+CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive ...)
+ TODO: check
+CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in ...)
+ TODO: check
+CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW) ...)
+ TODO: check
+CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows remote ...)
+ TODO: check
+CVE-2005-4415 (Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 ...)
+ TODO: check
+CVE-2005-4414 (Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown ...)
+ TODO: check
+CVE-2005-4413 (Multiple cross-site scripting (XSS) vulnerabilities in sample scripts ...)
+ TODO: check
+CVE-2005-4412 (Citrix Program Neighborhood client before 9.150 caches the user ...)
+ TODO: check
+CVE-2005-4411 (Buffer overflow in Mercury Mail Transport System 4.01b allows remote ...)
+ TODO: check
+CVE-2005-4410 (Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote ...)
+ TODO: check
+CVE-2005-4409 (Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier ...)
+ TODO: check
+CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and ...)
+ TODO: check
+CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS ...)
+ TODO: check
+CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and ...)
+ TODO: check
+CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x ...)
+ TODO: check
+CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier ...)
+ TODO: check
+CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and ...)
+ TODO: check
+CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier ...)
+ TODO: check
+CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in ...)
+ TODO: check
+CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in ...)
+ TODO: check
+CVE-2005-4398 (Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier ...)
+ TODO: check
+CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote ...)
+ TODO: check
+CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS ...)
+ TODO: check
+CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier ...)
+ TODO: check
+CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier ...)
+ TODO: check
+CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS ...)
+ TODO: check
+CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS ...)
+ TODO: check
+CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote ...)
+ TODO: check
+CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and ...)
+ TODO: check
+CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 ...)
+ TODO: check
+CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...)
+ TODO: check
+CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and ...)
+ TODO: check
+CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 ...)
+ TODO: check
+CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain ...)
+ TODO: check
+CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft ...)
+ TODO: check
+CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x ...)
+ TODO: check
+CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...)
+ TODO: check
+CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...)
+ TODO: check
+CVE-2005-4379 (Cross-site scripting (XSS) vulnerability in my_groups.php in Bitweaver ...)
+ TODO: check
+CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and ...)
+ TODO: check
+CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS ...)
+ TODO: check
+CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows ...)
+ TODO: check
+CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier ...)
+ TODO: check
+CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 ...)
+ TODO: check
+CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote ...)
+ TODO: check
+CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive ...)
+ TODO: check
+CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...)
+ TODO: check
+CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and ...)
+ TODO: check
+CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows ...)
+ TODO: check
+CVE-2005-4368 (roundcube webmail allows remote attackers to obtain the full path of ...)
+ TODO: check
+CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in ...)
+ TODO: check
+CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote ...)
+ TODO: check
+CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...)
+ TODO: check
+CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana ...)
+ TODO: check
+CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in ...)
+ TODO: check
+CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows ...)
+ TODO: check
+CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...)
+ TODO: check
+CVE-2005-4360 (Microsoft IIS 5.1 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...)
+ TODO: check
+CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...)
+ TODO: check
+CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...)
+ TODO: check
+CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...)
+ TODO: check
+CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...)
+ TODO: check
+CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...)
+ TODO: check
+CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when ...)
+ TODO: check
+CVE-2005-4352
+ RESERVED
+CVE-2005-4351
+ RESERVED
+CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 ...)
+ TODO: check
+CVE-2005-4349 (** DISPUTED ** ...)
+ TODO: check
+CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...)
+ TODO: check
+CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...)
+ TODO: check
CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown capabilities]
+ RESERVED
- util-vserver 0.30.208-1
[sarge] - util-vserver 0.30.204-5sarge3 (medium)
CVE-2005-4347 [Improper barrier code allows for chroot escape]
@@ -168,8 +441,8 @@
- cpio 2.6-10 (bug #344134)
[sarge] - cpio <unfixed>
[woody] - cpio <unfixed>
-CVE-2005-4267
- RESERVED
+CVE-2005-4267 (Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote ...)
+ TODO: check
CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when ...)
TODO: check
CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before ...)
@@ -541,7 +814,7 @@
NOT-FOR-US: DoceboLMS
CVE-2005-4093 (Unspecified vulnerability in Check Point VPN-1 SecureClient NG with ...)
NOT-FOR-US: Check Point
-CVE-2005-4092 (** UNVERIFIABLE, PRERELEASE ** ...)
+CVE-2005-4092 (Heap-based buffer overflow in Apple QuickTime Player 7.0.3 and iTunes ...)
NOT-FOR-US: Apple QuickTime
CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...)
NOT-FOR-US: 1-Script 1-Search
@@ -1759,8 +2032,8 @@
RESERVED
CVE-2005-3658
RESERVED
-CVE-2005-3657
- RESERVED
+CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...)
+ TODO: check
CVE-2005-3656
RESERVED
CVE-2005-3655
@@ -1814,8 +2087,8 @@
{DSA-904-1}
- netpbm-free 2:10.0-11
TODO: Check, whether this is the same as CVE-2005-3662
-CVE-2005-3631
- RESERVED
+CVE-2005-3631 (udev does not properly set permissions on certain files in /dev/input, ...)
+ TODO: check
CVE-2005-3630
RESERVED
CVE-2005-3629
@@ -1963,9 +2236,9 @@
NOT-FOR-US: PHPList
CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier ...)
NOT-FOR-US: PHPList
-CVE-2005-3554 (Multiple direct code injection vulnerabilities in the help function in ...)
+CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...)
NOT-FOR-US: PHPKIT
-CVE-2005-3553 (Multiple SQL injection vulnerabilities include.php in PHPKIT 1.6.1 R2 ...)
+CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 ...)
NOT-FOR-US: PHPKIT
CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...)
NOT-FOR-US: PHPKIT
@@ -2000,12 +2273,15 @@
RESERVED
CVE-2005-3537
RESERVED
+ {DSA-925-1}
CVE-2005-3536
RESERVED
+ {DSA-925-1}
CVE-2005-3535
RESERVED
CVE-2005-3534 [buffer overflow in the NBD server]
RESERVED
+ {DSA-924-1}
- nbd <unfixed>
CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to execute ...)
{DSA-918-1}
@@ -2546,20 +2822,26 @@
CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...)
NOT-FOR-US: Hyper Estraier
CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...)
+ {DSA-925-1}
- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
NOTE: http://www.hardened-php.net/advisory_172005.75.html
NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
NOTE: Remote code execution may be possible, especially in conjunction
NOTE: with PHP bugs.
CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...)
+ {DSA-925-1}
- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...)
+ {DSA-925-1}
- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...)
+ {DSA-925-1}
- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...)
+ {DSA-925-1}
- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...)
+ {DSA-925-1}
- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...)
NOT-FOR-US: eyeOS
@@ -2839,6 +3121,7 @@
CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...)
NOT-FOR-US: BMC Software Control-M
CVE-2005-3310 (Multiple interpretation error in phpBB 2.0.17, with remote avatars and ...)
+ {DSA-925-1}
- phpbb2 2.0.18-1 (bug #335662; low)
CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...)
NOT-FOR-US: Zomplog
@@ -4515,7 +4798,7 @@
{DSA-807-1 DSA-805-1}
- libapache-mod-ssl 2.8.24-1 (medium)
- apache2 2.0.54-5 (bug #327210; medium)
-CVE-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
+CVE-2005-2699 (Unrestricted file upload vulnerability in admin/admin.php in PHPKit ...)
NOT-FOR-US: PHPKit
CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...)
NOT-FOR-US: Nephp Publisher Enterprise
@@ -6922,7 +7205,7 @@
NOT-FOR-US: WeHelpBUS
CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...)
NOT-FOR-US: Macromedia JRun
-CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allows ...)
+CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow ...)
NOT-FOR-US: WowBB Forum
CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...)
NOT-FOR-US: WowBB Forum
More information about the Secure-testing-commits
mailing list