[Secure-testing-commits] r3183 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Dec 30 01:16:56 UTC 2005 

Author: jmm-guest
Date: 2005-12-30 01:16:51 +0000 (Fri, 30 Dec 2005)
New Revision: 3183

Modified:
   data/CVE/list
Log:
new ethereal issue
new bzflag issue
electricsheep CVEfied
lots of NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-29 21:31:30 UTC (rev 3182)
+++ data/CVE/list	2005-12-30 01:16:51 UTC (rev 3183)
@@ -20,90 +20,88 @@
 	RESERVED
 CVE-2006-0044
 	RESERVED
-begin claimed by jmm
 CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to ...)
-	TODO: check
+	- ethereal <unfixed> (bug filed; low)
 CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause a ...)
-	TODO: check
+	- bzflag <unfixed> (bug filed; low)
 CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX ...)
-	TODO: check
+	NOT-FOR-US: VMWare
 CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity ...)
-	TODO: check
+	- electricsheep 2.6.3+cvs20051206-1 
 CVE-2005-4581 (Buffer overflow in Electric Sheep 2.6.3 client allows local users to ...)
-	TODO: check
+	- electricsheep 2.6.3+cvs20051206-1 
 CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4 allows ...)
-	TODO: check
+	NOT-FOR-US: Day Communique 
 CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi Business ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Business Logic
 CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic - ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Business Logic
 CVE-2005-4577 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Business Logic
 CVE-2005-4576 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Fatwire Update Engine
 CVE-2005-4575 (PaperThin CommonSpot Content Server 4.5 and earlier allow remote ...)
-	TODO: check
+	NOT-FOR-US: CommonSpot Content Server
 CVE-2005-4574 (Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin ...)
-	TODO: check
+	NOT-FOR-US: CommonSpot Content Server
 CVE-2005-4573 (PHP remote file include vulnerability in plog-admin-functions.php in ...)
-	TODO: check
+	NOT-FOR-US: Plogger
 CVE-2005-4572 (Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow ...)
-	TODO: check
+	NOT-FOR-US: myEZshop Shopping Cart
 CVE-2005-4571 (Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart ...)
-	TODO: check
+	NOT-FOR-US: myEZshop Shopping Cart
 CVE-2005-4570 (The Internet Key Exchange version 1 (IKEv1) implementations in ...)
-	TODO: check
+	NOT-FOR-US: FortiOS
 CVE-2005-4569 (Stack-based buffer overflow in index.fts in FTGate Technology ...)
-	TODO: check
+	NOT-FOR-US: FTGate
 CVE-2005-4568 (Multiple format string vulnerabilities in FTGate Technology (formerly ...)
-	TODO: check
+	NOT-FOR-US: FTGate
 CVE-2005-4567 (Multiple cross-site scripting (XSS) vulnerabilities in FTGate ...)
-	TODO: check
+	NOT-FOR-US: FTGate
 CVE-2005-4566 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...)
-	TODO: check
+	NOT-FOR-US: NetVanta
 CVE-2005-4565 (Format string vulnerability in the Internet Key Exchange version 1 ...)
-	TODO: check
+	NOT-FOR-US: NetVanta
 CVE-2005-4564 (The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN ...)
-	TODO: check
+	NOT-FOR-US: NetVanta
 CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart Enterprise ...)
-	TODO: check
+	NOT-FOR-US: Enterprise Heart Enterprise Connector
 CVE-2005-4562
 	RESERVED
 CVE-2005-4561
 	RESERVED
 CVE-2005-4560 (Microsoft Windows allows remote attackers to execute arbitrary code ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...)
-	TODO: check
+	NOT-FOR-US: IceWarp Web Mail
 CVE-2005-4558 (IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and ...)
-	TODO: check
+	NOT-FOR-US: IceWarp Web Mail
 CVE-2005-4557 (dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...)
-	TODO: check
+	NOT-FOR-US: IceWarp Web Mail
 CVE-2005-4556 (PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as ...)
-	TODO: check
+	NOT-FOR-US: IceWarp Web Mail
 CVE-2005-4555 (Cross-site scripting (XSS) vulnerability in add.php in DEV web ...)
-	TODO: check
+	NOT-FOR-US: DEV web management system
 CVE-2005-4554 (Multiple SQL injection vulnerabilities in DEV web management system ...)
-	TODO: check
+	NOT-FOR-US: DEV web management system
 CVE-2005-4553 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Golden FTP Server
 CVE-2005-4552 (The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris PC NetLink
 CVE-2005-4551 (Cross-site scripting (XSS) vulnerability in sign.php in codegrrl ...)
-	TODO: check
+	NOT-FOR-US: codegrrl SimpBook
 CVE-2005-4550 (The PORTAL schema in Oracle Application Server (OracleAS) Discussion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-4549 (Cross-site scripting (XSS) vulnerability in Oracle Application Server ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-4548 (SQL injection vulnerability in the &quot;user area&quot; in RWS Statistics ...)
-	TODO: check
+	NOT-FOR-US: RWS Statistics Counter
 CVE-2005-4547 (Cross-site scripting (XSS) vulnerability in home/search.php in eggblog ...)
-	TODO: check
+	NOT-FOR-US: eggblog
 CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the full ...)
-	TODO: check
+	NOT-FOR-US: eggblog
 CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: NetDirect ShopEngine 
 CVE-2005-4544
 	RESERVED
 CVE-2005-4543
@@ -124,6 +122,7 @@
 	RESERVED
 CVE-2005-4535
 	RESERVED
+begin claimed by jmm
 CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and ...)
 	TODO: check
 CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system ...)
@@ -193,6 +192,7 @@
 	TODO: check
 CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...)
 	TODO: check
+end claimed by jmm
 CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 ...)
 	TODO: check
 CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier ...)
@@ -1256,8 +1256,6 @@
 	- curl 7.15.1-1 (bug #342339; bug #342696; medium) 
 	[sarge] - curl 7.13.2-2sarge4 (medium)
 	[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
-CVE-2005-XXXX [Buffer overflows in electricsheep]
-	- electricsheep 2.6.3+cvs20051206-1 
 CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, ...)
 	NOT-FOR-US: SAPID CMS
 CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)

More information about the Secure-testing-commits mailing list