[Secure-testing-commits] r2653 - data/CVE
Joey Hess
joeyh at costa.debian.org
Thu Nov 3 21:14:28 UTC 2005
Author: joeyh
Date: 2005-11-03 21:14:22 +0000 (Thu, 03 Nov 2005)
New Revision: 2653
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-03 11:40:23 UTC (rev 2652)
+++ data/CVE/list 2005-11-03 21:14:22 UTC (rev 2653)
@@ -1,3 +1,177 @@
+CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
+ TODO: check
+CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...)
+ TODO: check
+CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...)
+ TODO: check
+CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail ...)
+ TODO: check
+CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe Tutorial Manager ...)
+ TODO: check
+CVE-2005-3477 (Multiple interpretation error in the image upload handling code in ...)
+ TODO: check
+CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and ...)
+ TODO: check
+CVE-2005-3475 (Hasbani Web Server allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...)
+ TODO: check
+CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
+ TODO: check
+CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express ...)
+ TODO: check
+CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch ...)
+ TODO: check
+CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in ...)
+ TODO: check
+CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows ...)
+ TODO: check
+CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...)
+ TODO: check
+CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...)
+ TODO: check
+CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...)
+ TODO: check
+CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle ...)
+ TODO: check
+CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
+ TODO: check
+CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
+ TODO: check
+CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
+ TODO: check
+CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
+ TODO: check
+CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...)
+ TODO: check
+CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
+ TODO: check
+CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
+ TODO: check
+CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
+ TODO: check
+CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
+ TODO: check
+CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
+ TODO: check
+CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...)
+ TODO: check
+CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...)
+ TODO: check
+CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server ...)
+ TODO: check
+CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application ...)
+ TODO: check
+CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application ...)
+ TODO: check
+CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0 ...)
+ TODO: check
+CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application ...)
+ TODO: check
+CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server ...)
+ TODO: check
+CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database ...)
+ TODO: check
+CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...)
+ TODO: check
+CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in ...)
+ TODO: check
+CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
+ TODO: check
+CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up ...)
+ TODO: check
+CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database ...)
+ TODO: check
+CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database ...)
+ TODO: check
+CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up ...)
+ TODO: check
+CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up ...)
+ TODO: check
+CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...)
+ TODO: check
+CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows ...)
+ TODO: check
+CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to ...)
+ TODO: check
+CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) ...)
+ TODO: check
+CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-complicit attackers ...)
+ TODO: check
+CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password ...)
+ TODO: check
+CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express ...)
+ TODO: check
+CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express ...)
+ TODO: check
+CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save ...)
+ TODO: check
+CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...)
+ TODO: check
+CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...)
+ TODO: check
+CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...)
+ TODO: check
+CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...)
+ TODO: check
+CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 ...)
+ TODO: check
+CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow ...)
+ TODO: check
+CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast ...)
+ TODO: check
+CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...)
+ TODO: check
+CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...)
+ TODO: check
+CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...)
+ TODO: check
+CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...)
+ TODO: check
+CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...)
+ TODO: check
+CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...)
+ TODO: check
+CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...)
+ TODO: check
+CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...)
+ TODO: check
+CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...)
+ TODO: check
+CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...)
+ TODO: check
+CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums ...)
+ TODO: check
+CVE-2005-3410
+ RESERVED
+CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote ...)
+ TODO: check
+CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows ...)
+ TODO: check
+CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote ...)
+ TODO: check
+CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier ...)
+ TODO: check
+CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute ...)
+ TODO: check
+CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through ...)
+ TODO: check
+CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...)
+ TODO: check
+CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...)
+ TODO: check
+CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote ...)
+ TODO: check
+CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote ...)
+ TODO: check
+CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote ...)
+ TODO: check
+CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...)
+ TODO: check
+CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...)
+ TODO: check
+CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, ...)
+ TODO: check
CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...)
NOT-FOR-US: Invision Gallery
CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...)
@@ -161,7 +335,7 @@
NOT-FOR-US: Belchior Foundry vCard
CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary ...)
- mgdiff 1.0-28 (bug #335188; unimportant)
-CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2 allows remote attackers to ...)
+CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products such as ...)
- wordpress <unfixed> (bug #335817; high)
CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...)
NOT-FOR-US: RSA Authentication Agent
@@ -622,7 +796,7 @@
- curl 7.15.0-1 (bug #333734; medium)
CVE-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote attackers to ...)
- clamav <unfixed> (bug #333566; medium)
-CVE-2005-3181 (Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, ...)
+CVE-2005-3181 (The audit system in Linux kernel before 2.6.13.4, when ...)
- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL)
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
@@ -763,7 +937,8 @@
CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows ...)
{DSA-877-1}
- gnump3d 2.9.6-1 (medium)
-CVE-2005-3122 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...)
+CVE-2005-3122
+ REJECTED
{DSA-877-1}
- gnump3d 2.9.6-1 (low)
CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...)
@@ -984,7 +1159,7 @@
- eric 3.7.2-1 (bug #330608; medium)
CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...)
NOT-FOR-US: PerlDiver
-CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...)
+CVE-2005-3066 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. ...)
NOT-FOR-US: PerlDiver
CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...)
NOT-FOR-US: MultiTheftAuto
@@ -1379,7 +1554,7 @@
NOT-FOR-US: CjLinkOut
CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...)
NOT-FOR-US: CjTagBoard
-CVE-2005-2898 (** DISPUTED ** ...)
+CVE-2005-2898 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. ...)
NOT-FOR-US: Filezilla
CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...)
NOT-FOR-US: WEB//NEWS
@@ -1715,14 +1890,14 @@
RESERVED
CVE-2005-2753
RESERVED
-CVE-2005-2752
- RESERVED
-CVE-2005-2751
- RESERVED
-CVE-2005-2750
- RESERVED
-CVE-2005-2749
- RESERVED
+CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does ...)
+ TODO: check
+CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not ...)
+ TODO: check
+CVE-2005-2750 (Software Update in Mac OS X 10.4.2, when the user marks all updates to ...)
+ TODO: check
+CVE-2005-2749 (Unspecified vulnerability in the Finder Get Info window for Mac OS X ...)
+ TODO: check
CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X 10.3.9 ...)
TODO: check
CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by ...)
@@ -1741,8 +1916,8 @@
TODO: check
CVE-2005-2740
RESERVED
-CVE-2005-2739
- RESERVED
+CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password ...)
+ TODO: check
CVE-2005-2738
RESERVED
CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
@@ -12926,7 +13101,7 @@
CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...)
{DSA-608-1}
- zgv 5.7-1.3 (bug #284124)
-CVE-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...)
+CVE-2004-1094 (Buffer overflow in a third-party compression library, InnerMedia ...)
NOT-FOR-US: RealPlayer
CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
{DSA-639-1}
More information about the Secure-testing-commits
mailing list