[Secure-testing-commits] r3123 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Dec 22 11:08:24 UTC 2005
Author: jmm-guest
Date: 2005-12-22 11:08:18 +0000 (Thu, 22 Dec 2005)
New Revision: 3123
Modified:
data/CVE/list
Log:
new blender and elog issues (bugs still need to be filed)
unimportant wordpress issue
some vlan issues that might affect the kernel
lots of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-22 10:19:06 UTC (rev 3122)
+++ data/CVE/list 2005-12-22 11:08:18 UTC (rev 3123)
@@ -18,98 +18,101 @@
RESERVED
CVE-2006-0019
RESERVED
-begin claimed by jmm
CVE-2005-4474 (Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows ...)
- TODO: check
+ NOT-FOR-US: WinRAR
CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...)
- TODO: check
+ NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) ...)
- TODO: check
+ NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server (MSS) ...)
- TODO: check
+ NOT-FOR-US: Avaya Modular Messaging Message Storage Server
CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...)
- TODO: check
+ - blender <unfixed>
CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...)
- TODO: check
+ NOT-FOR-US: PHPGedView
CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...)
- TODO: check
+ NOT-FOR-US: PHPGedView
CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in PHPGedView ...)
- TODO: check
+ NOT-FOR-US: PHPGedView
CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll ...)
- TODO: check
+ NOT-FOR-US: SIP Proxy
CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC ...)
- TODO: check
+ NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote ...)
- TODO: check
+ NOT-FOR-US: Ingate Firewall / SIParator
CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive ...)
- TODO: check
+ - wordpress 1.5.2-1 (unimportant)
+ NOTE: Only path disclosure
CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP ...)
- TODO: check
+ NOT-FOR-US: Tolva PHP website system
CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ...)
- TODO: check
+ NOT-FOR-US: Beehive Forum
CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ...)
- TODO: check
+ NOT-FOR-US: Beehive Forum
CVE-2005-4459 (Heap-based buffer overflow in vmnat.exe and vmnet-natd in VMWare ...)
- TODO: check
+ NOT-FOR-US: VMWare
CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...)
- TODO: check
+ NOT-FOR-US: Metadot Portal Server
CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote ...)
- TODO: check
+ TODO: check, whether liblivejournal-perl embeds some of the code
CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in ...)
- TODO: check
+ TODO: check, whether liblivejournal-perl embeds some of the code
CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Ultraapps Issue Manager
CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under ...)
- TODO: check
+ NOT-FOR-US: Information Call Center
CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 ...)
- TODO: check
+ NOTE: According to the description possibly a dupe of the non-issue CVE-2005-4349
+ TODO: check back with Secunia, they're the only source for this issue
CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: FlatNuke
CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an MD5 ...)
- TODO: check
+ NOT-FOR-US: FlatNuke
CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in phpCOIN ...)
- TODO: check
+ NOT-FOR-US: phpCOIN
CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x ...)
- TODO: check
+ NOT-FOR-US: ASPBite
CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow ...)
- TODO: check
+ NOT-FOR-US: Pegasus Mail
CVE-2005-4444 (Stack-based buffer overflow in Pegasus Mail 4.21a through 4.21c and ...)
- TODO: check
+ NOT-FOR-US: Pegasus Mail
CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on ...)
- TODO: check
+ - gauche <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on ...)
- TODO: check
+ - openldap2 <not-affected> (Gentoo-specific packaging flaw)
+ - openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network ...)
- TODO: check
+ TODO: check, whether this has ramifications on the kernel's VLAN implementation
+ TODO: or whether it's a generic unfixable protocol flaw
CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass network ...)
- TODO: check
+ TODO: check, whether this has ramifications on the kernel's VLAN implementation
+ TODO: or whether it's a generic unfixable protocol flaw
CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to ...)
- TODO: check
+ - elog <unfixed>
CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in ...)
- TODO: check
+ NOT-FOR-US: Dec2Rar
CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing ...)
- TODO: check
+ NOT-FOR-US: IOS
CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented ...)
- TODO: check
+ NOT-FOR-US: IOS
CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man ...)
- TODO: check
+ NOT-FOR-US: AbleDesign D-Man
CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x ...)
- TODO: check
+ NOT-FOR-US: AbleDesign ReSearch
CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in Esselbach ...)
- TODO: check
+ NOT-FOR-US: Esselbach Storyteller CMS
CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 ...)
- TODO: check
+ NOT-FOR-US: PlaySMS
CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: WowBB
CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: LogicBill
CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers ...)
TODO: check
CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus ...)
More information about the Secure-testing-commits
mailing list