[Secure-testing-commits] r2634 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Nov 1 09:54:52 UTC 2005
Author: jmm-guest
Date: 2005-11-01 09:54:46 +0000 (Tue, 01 Nov 2005)
New Revision: 2634
Modified:
data/CVE/list
Log:
openvpn and php CVEfied
lots of NFUs
one ntop issue not-affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-01 09:33:44 UTC (rev 2633)
+++ data/CVE/list 2005-11-01 09:54:46 UTC (rev 2634)
@@ -1,74 +1,83 @@
-begin claimed by jmm
CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...)
- TODO: check
+ NOT-FOR-US: Invision Gallery
CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...)
- TODO: check
+ NOT-FOR-US: oaboard
CVE-2005-3393 (Format string vulnerability in the foreign_option function in ...)
- TODO: check
+ - openvpn <unfixed> (bug #336751; medium)
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...)
- TODO: check
+ - php4 <unfixed> (bug #336645; unknown)
+ TODO: check PHP5
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
- TODO: check
+ - php4 <unfixed> (bug #336645; unknown)
+ TODO: check PHP5
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...)
- TODO: check
+ - php4 <unfixed> (bug #336645; high)
+ - php5 <unfixed> (bug #336654; high)
+ NOTE: http://www.hardened-php.net/advisory_202005.79.html
+ NOTE: http://www.hardened-php.net/globals-problem
CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...)
- TODO: check
+ - php4 <unfixed> (bug #336645; low)
+ - php5 <unfixed> (bug #336654; low)
+ NOTE: http://www.hardened-php.net/advisory_192005.78.html
CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
- TODO: check
+ {CVE-2002-1954}
+ - php4 <unfixed> (bug #336645; low)
+ - php5 <unfixed> (bug #336654; low)
+ NOTE: http://www.hardened-php.net/advisory_182005.77.html
CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, ...)
- TODO: check
+ - ntop <not-affected> (Red Hat specific packaging flaw)
CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script ...)
- TODO: check
+ NOT-FOR-US: Techno Dreams scripts
CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script ...)
- TODO: check
+ NOT-FOR-US: Techno Dreams scripts
CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script allows ...)
- TODO: check
+ NOT-FOR-US: Techno Dreams scripts
CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script ...)
- TODO: check
+ NOT-FOR-US: Techno Dreams scripts
CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus (UNA) ...)
- TODO: check
+ NOT-FOR-US: Ukranian National Antivirus
CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01 allows ...)
- TODO: check
+ NOT-FOR-US: Panda Titanium
CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02 engine ...)
- TODO: check
+ NOT-FOR-US: Norman
CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security Suite ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote ...)
- TODO: check
+ NOT-FOR-US: Kaspersky
CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows remote ...)
- TODO: check
+ NOT-FOR-US: Ikarus
CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: F-Prot
CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Dr. Web
CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 ...)
- TODO: check
+ NOT-FOR-US: eTrust
CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: AVG
CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21 ...)
- TODO: check
+ NOT-FOR-US: ArcaVir
CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module ...)
- TODO: check
+ NOT-FOR-US: Woltlab Burning Board
CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced module ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog ...)
- TODO: check
+ NOT-FOR-US: SparkleBlog
CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 ...)
- TODO: check
+ NOT-FOR-US: PHP iCalendar
CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier ...)
- TODO: check
+ NOT-FOR-US: DCP-Portal
CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow remote ...)
- TODO: check
+ NOT-FOR-US: DboardGear
CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 ...)
- TODO: check
+ NOT-FOR-US: saphp Lesson
CVE-2005-3362 (myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a ...)
- TODO: check
+ NOT-FOR-US: myBloggie
CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...)
- TODO: check
+ NOT-FOR-US: FlatNuke
CVE-2005-3360
RESERVED
CVE-2005-3359
@@ -110,26 +119,9 @@
CVE-2005-3340
RESERVED
CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier ...)
- TODO: check
+ NOT-FOR-US: Integrity Protection Driver
CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...)
- TODO: check
-end claimed by jmm
-CVE-2005-XXXX [Remotely exploitable format string vulnerability in openvpn]
- - openvpn <unfixed> (bug #336751; medium)
-CVE-2005-XXXX [generic XSS vulnerability in PHP's phpinfo function]
- {CVE-2002-1954}
- - php4 <unfixed> (bug #336645; low)
- - php5 <unfixed> (bug #336654; low)
- NOTE: http://www.hardened-php.net/advisory_182005.77.html
-CVE-2005-XXXX [PHP register_globals Activation Vulnerability in parse_str]
- - php4 <unfixed> (bug #336645; low)
- - php5 <unfixed> (bug #336654; low)
- NOTE: http://www.hardened-php.net/advisory_192005.78.html
-CVE-2005-XXXX [PHP File-Upload $GLOBALS Overwrite Vulnerability]
- - php4 <unfixed> (bug #336645; high)
- - php5 <unfixed> (bug #336654; high)
- NOTE: http://www.hardened-php.net/advisory_202005.79.html
- NOTE: http://www.hardened-php.net/globals-problem
+ NOT-FOR-US: nylon
CVE-2005-XXXX [phpBB issues fixed in 2.0.18]
- phpbb2 <unfixed> (bug #336582; bug #336587; high)
NOTE: http://www.hardened-php.net/advisory_172005.75.html
More information about the Secure-testing-commits
mailing list