[Secure-testing-commits] r3154 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sat Dec 24 15:06:45 UTC 2005
Author: jmm-guest
Date: 2005-12-24 15:06:39 +0000 (Sat, 24 Dec 2005)
New Revision: 3154
Modified:
data/CVE/list
Log:
unimportant phpbb and phpmyadmin issues
new phpbb issue
lots of crappy web apps fortunately not in Debian
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-24 14:43:37 UTC (rev 3153)
+++ data/CVE/list 2005-12-24 15:06:39 UTC (rev 3154)
@@ -121,7 +121,6 @@
NOT-FOR-US: WowBB
CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...)
NOT-FOR-US: LogicBill
-begin claimed by jmm
CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers ...)
NOT-FOR-US: CS-Cart
CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus ...)
@@ -170,122 +169,121 @@
NOT-FOR-US: Mercury CMS
CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to ...)
NOT-FOR-US: Red Queen
-begin claimed by jmm
CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x ...)
- TODO: check
+ NOT-FOR-US: Media2 CMS
CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier ...)
- TODO: check
+ NOT-FOR-US: Marwel
CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and ...)
- TODO: check
+ NOT-FOR-US: MailEnable Professional
CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier ...)
- TODO: check
+ NOT-FOR-US: Lutece
CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal Professional
CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in ...)
- TODO: check
+ NOT-FOR-US: Libertas Enterprise CMS
CVE-2005-4398 (Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: lemoon
CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote ...)
- TODO: check
+ NOT-FOR-US: iCMS
CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS ...)
- TODO: check
+ NOT-FOR-US: iCMS
CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: FarCry
CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: EPiX
CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS ...)
- TODO: check
+ NOT-FOR-US: e-publish CMS
CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS ...)
- TODO: check
+ NOT-FOR-US: e-publish CMS
CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote ...)
- TODO: check
+ NOT-FOR-US: damoon
CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and ...)
- TODO: check
+ NOT-FOR-US: ContentServ
CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: CONTENS
CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 ...)
- TODO: check
+ NOT-FOR-US: CONTENS
CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...)
- TODO: check
+ NOT-FOR-US: contenite
CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and ...)
- TODO: check
+ NOT-FOR-US: Colony CMS
CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 ...)
- TODO: check
+ NOT-FOR-US: Cofax
CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft ...)
- TODO: check
+ NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x ...)
- TODO: check
+ NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...)
- TODO: check
+ NOT-FOR-US: Caravel CMS
CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...)
- TODO: check
+ NOT-FOR-US: Bitweaver
CVE-2005-4379 (Cross-site scripting (XSS) vulnerability in my_groups.php in Bitweaver ...)
- TODO: check
+ NOT-FOR-US: Bitweaver
CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and ...)
- TODO: check
+ NOT-FOR-US: Baseline CMS
CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS ...)
- TODO: check
+ NOT-FOR-US: Baseline CMS
CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Amaxus
CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier ...)
- TODO: check
+ NOT-FOR-US: Amaxus
CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 ...)
- TODO: check
+ NOT-FOR-US: Allinta
CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Adaptive Website Framework
CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive ...)
- TODO: check
+ NOT-FOR-US: Adaptive Website Framework
CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...)
- TODO: check
+ NOT-FOR-US: Acidcat
CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and ...)
- TODO: check
+ NOT-FOR-US: Acidcat
CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows ...)
- TODO: check
+ NOT-FOR-US: Acuity CMS
CVE-2005-4368 (roundcube webmail allows remote attackers to obtain the full path of ...)
- TODO: check
+ NOT-FOR-US: roundcube webmail
CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in ...)
- TODO: check
+ NOT-FOR-US: DRZES HMS
CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote ...)
- TODO: check
+ NOT-FOR-US: DRZES HMS
CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...)
- TODO: check
+ NOT-FOR-US: FLIP
CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana ...)
- TODO: check
+ NOT-FOR-US: Hot Banana Web Content Management Suite
CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in ...)
- TODO: check
+ NOT-FOR-US: Komodo CMS
CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows ...)
- TODO: check
+ NOT-FOR-US: Komodo CMS
CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...)
- TODO: check
+ NOT-FOR-US: Magnolia Content Management Suite
CVE-2005-4360 (Microsoft IIS 5.1 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: IIS
CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...)
- TODO: check
+ NOT-FOR-US: ODFaq
CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...)
- TODO: check
+ - phpbb2 <unfixed> (unimportant)
CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...)
- TODO: check
+ - phpbb2 <unfixed> (bug filed)
CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: UStore
CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...)
- TODO: check
+ NOT-FOR-US: UStore
CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...)
- TODO: check
+ NOT-FOR-US: Webglimpse
CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when ...)
- TODO: check
+ NOT-FOR-US: toendaCMS
CVE-2005-4352
RESERVED
CVE-2005-4351
RESERVED
CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 ...)
- TODO: check
+ NOT-FOR-US: WBEM Services
CVE-2005-4349 (** DISPUTED ** ...)
- TODO: check
+ - phpmyadmin <unfixed> (unimportant)
+ NOTE: Only for authenticated used, will possibly be rejected
CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: IOS
CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...)
- fetchmail <unfixed> (bug #343836; low)
CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown capabilities]
More information about the Secure-testing-commits
mailing list