[Secure-testing-commits] r2655 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Nov 3 23:25:15 UTC 2005
Author: jmm-guest
Date: 2005-11-03 23:25:05 +0000 (Thu, 03 Nov 2005)
New Revision: 2655
Modified:
data/CVE/list
Log:
gnump3d and phpbb2 CVEfied
new openvpn issue
silly new thunderbird issue
about 75 NFUs
I've reset the phpbb2 urgencies to unknown after they've been
splitted, they need to be evaluated individually.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-03 22:32:59 UTC (rev 2654)
+++ data/CVE/list 2005-11-03 23:25:05 UTC (rev 2655)
@@ -1,179 +1,181 @@
-begin claimed by jmm
CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
- TODO: check
+ NOT-FOR-US: Cisco hardware
CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: IOS
CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...)
- TODO: check
+ NOT-FOR-US: Ringtail CaseBook
CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail ...)
- TODO: check
+ NOT-FOR-US: Ringtail CaseBook
CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe Tutorial Manager ...)
- TODO: check
+ NOT-FOR-US: PHPCafe Tutorial Manager
CVE-2005-3477 (Multiple interpretation error in the image upload handling code in ...)
- TODO: check
+ NOT-FOR-US: Invision Gallery
CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and ...)
- TODO: check
+ NOT-FOR-US: OpenVMS
CVE-2005-3475 (Hasbani Web Server allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Hasbani Web Server
CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...)
- TODO: check
+ NOT-FOR-US: XCP DRM
CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
- TODO: check
+ NOT-FOR-US: Simple PHP Blog
CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Communications Express
CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch ...)
- TODO: check
+ NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in ...)
- TODO: check
+ NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows ...)
- TODO: check
+ NOT-FOR-US: News2Net
CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Serv-U FTP Server
CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0 ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows ...)
- TODO: check
+ NOT-FOR-US: Nuked-Klan
CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Archilles Newsworld
CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) ...)
- TODO: check
+ NOT-FOR-US: Archilles Newsworld
CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-complicit attackers ...)
- TODO: check
+ NOT-FOR-US: Mirabilis ICQ
CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password ...)
- TODO: check
+ NOT-FOR-US: MiniGal2
CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express ...)
- TODO: check
+ NOT-FOR-US: MailSite Express
CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express ...)
- TODO: check
+ NOT-FOR-US: MailSite Express
CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save ...)
- TODO: check
+ NOT-FOR-US: MailSite Express
CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...)
- TODO: check
+ NOT-FOR-US: MailSite Express
CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...)
- TODO: check
+ NOT-FOR-US: IPS Sensors
CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...)
- TODO: check
+ NOT-FOR-US: Cisco hardware
CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...)
- TODO: check
+ - gnump3d 2.9.6-1
CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 ...)
- TODO: check
+ - gnump3d 2.9.5-1 (low)
CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow ...)
- TODO: check
+ NOT-FOR-US: Subdreamer
CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast ...)
- TODO: check
+ NOT-FOR-US: ASP Fast Forum
CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...)
- TODO: check
+ NOT-FOR-US: Hyper Estraier
CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...)
- TODO: check
+ - phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
+ NOTE: http://www.hardened-php.net/advisory_172005.75.html
+ NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
+ NOTE: Remote code execution may be possible, especially in conjunction
+ NOTE: with PHP bugs.
CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...)
- TODO: check
+ - phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...)
- TODO: check
+ - phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...)
- TODO: check
+ - phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...)
- TODO: check
+ - phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...)
- TODO: check
+ - phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...)
- TODO: check
+ NOT-FOR-US: eyeOS
CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...)
- TODO: check
+ NOT-FOR-US: eyeOS
CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...)
- TODO: check
+ NOT-FOR-US: Elite Forum
CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums ...)
- TODO: check
+ NOT-FOR-US: Snitz Forums
CVE-2005-3410
RESERVED
CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote ...)
- TODO: check
+ - openvpn <unfixed> (bug filed; low)
CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows ...)
- TODO: check
+ NOT-FOR-US: gCards
CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: phpESP
CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier ...)
- TODO: check
+ NOT-FOR-US: phpESP
CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...)
- TODO: check
+ - mozilla-thunderbird <unfixed> (low)
CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote ...)
- TODO: check
+ NOT-FOR-US: TheHacker
CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: CAT-QuickHeal
CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...)
- TODO: check
+ NOT-FOR-US: Solaris Management Console
CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...)
- TODO: check
+ NOT-FOR-US: Comersus BackOffice
CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: AIX
CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...)
NOT-FOR-US: Invision Gallery
CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...)
@@ -298,12 +300,6 @@
NOT-FOR-US: Integrity Protection Driver
CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...)
NOT-FOR-US: nylon
-CVE-2005-XXXX [phpBB issues fixed in 2.0.18]
- - phpbb2 <unfixed> (bug #336582; bug #336587; high)
- NOTE: http://www.hardened-php.net/advisory_172005.75.html
- NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
- NOTE: Remote code execution may be possible, especially in conjunction
- NOTE: with PHP bugs.
CVE-2005-XXXX [ntop format string vulnerability]
- ntop <unfixed> (bug #335996; low)
NOTE: Possibly not exploitable
@@ -941,8 +937,6 @@
- gnump3d 2.9.6-1 (medium)
CVE-2005-3122
REJECTED
- {DSA-877-1}
- - gnump3d 2.9.6-1 (low)
CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...)
{DSA-867-1}
- module-assistant 0.9.10
More information about the Secure-testing-commits
mailing list