[Secure-testing-commits] r2655 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Nov 3 23:25:15 UTC 2005


Author: jmm-guest
Date: 2005-11-03 23:25:05 +0000 (Thu, 03 Nov 2005)
New Revision: 2655

Modified:
   data/CVE/list
Log:
gnump3d and phpbb2 CVEfied
new openvpn issue
silly new thunderbird issue
about 75 NFUs
I've reset the phpbb2 urgencies to unknown after they've been
splitted, they need to be evaluated individually.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-03 22:32:59 UTC (rev 2654)
+++ data/CVE/list	2005-11-03 23:25:05 UTC (rev 2655)
@@ -1,179 +1,181 @@
-begin claimed by jmm
 CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
-	TODO: check
+	NOT-FOR-US: Cisco hardware
 CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: IOS
 CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...)
-	TODO: check
+	NOT-FOR-US: Ringtail CaseBook
 CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail ...)
-	TODO: check
+	NOT-FOR-US: Ringtail CaseBook
 CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe Tutorial Manager ...)
-	TODO: check
+	NOT-FOR-US: PHPCafe Tutorial Manager
 CVE-2005-3477 (Multiple interpretation error in the image upload handling code in ...)
-	TODO: check
+	NOT-FOR-US: Invision Gallery
 CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and ...)
-	TODO: check
+	NOT-FOR-US: OpenVMS
 CVE-2005-3475 (Hasbani Web Server allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Hasbani Web Server
 CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...)
-	TODO: check
+	NOT-FOR-US: XCP DRM 
 CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
-	TODO: check
+	NOT-FOR-US: Simple PHP Blog
 CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Communications Express
 CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch ...)
-	TODO: check
+	NOT-FOR-US: MailWatch for MailScanner
 CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in ...)
-	TODO: check
+	NOT-FOR-US: MailWatch for MailScanner
 CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows ...)
-	TODO: check
+	NOT-FOR-US: News2Net
 CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Serv-U FTP Server
 CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0 ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows ...)
-	TODO: check
+	NOT-FOR-US: Nuked-Klan
 CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to ...)
-	TODO: check
+	NOT-FOR-US: Archilles Newsworld
 CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) ...)
-	TODO: check
+	NOT-FOR-US: Archilles Newsworld
 CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-complicit attackers ...)
-	TODO: check
+	NOT-FOR-US: Mirabilis ICQ
 CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password ...)
-	TODO: check
+	NOT-FOR-US: MiniGal2
 CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express ...)
-	TODO: check
+	NOT-FOR-US: MailSite Express
 CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express ...)
-	TODO: check
+	NOT-FOR-US: MailSite Express
 CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save ...)
-	TODO: check
+	NOT-FOR-US: MailSite Express
 CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...)
-	TODO: check
+	NOT-FOR-US: MailSite Express
 CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...)
-	TODO: check
+	NOT-FOR-US: IPS Sensors
 CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...)
-	TODO: check
+	NOT-FOR-US: Cisco hardware
 CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...)
-	TODO: check
+	- gnump3d 2.9.6-1
 CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 ...)
-	TODO: check
+	- gnump3d 2.9.5-1 (low)
 CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow ...)
-	TODO: check
+	NOT-FOR-US: Subdreamer
 CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast ...)
-	TODO: check
+	NOT-FOR-US: ASP Fast Forum
 CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...)
-	TODO: check
+	NOT-FOR-US: Hyper Estraier
 CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
+	NOTE: http://www.hardened-php.net/advisory_172005.75.html
+	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
+	NOTE: Remote code execution may be possible, especially in conjunction
+	NOTE: with PHP bugs.
 CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
 CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
 CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
 CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
 CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
 CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...)
-	TODO: check
+	NOT-FOR-US: eyeOS
 CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...)
-	TODO: check
+	NOT-FOR-US: eyeOS
 CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Elite Forum
 CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums ...)
-	TODO: check
+	NOT-FOR-US: Snitz Forums
 CVE-2005-3410
 	RESERVED
 CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote ...)
-	TODO: check
+	- openvpn <unfixed> (bug filed; low)
 CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows ...)
-	TODO: check
+	NOT-FOR-US: gCards
 CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: phpESP
 CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier ...)
-	TODO: check
+	NOT-FOR-US: phpESP
 CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...)
-	TODO: check
+	- mozilla-thunderbird <unfixed> (low)
 CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote ...)
-	TODO: check
+	NOT-FOR-US: TheHacker
 CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: CAT-QuickHeal
 CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...)
-	TODO: check
+	NOT-FOR-US: Solaris Management Console
 CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...)
-	TODO: check
+	NOT-FOR-US: Comersus BackOffice
 CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: AIX
 CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...)
 	NOT-FOR-US: Invision Gallery
 CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...)
@@ -298,12 +300,6 @@
 	NOT-FOR-US: Integrity Protection Driver
 CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...)
 	NOT-FOR-US: nylon
-CVE-2005-XXXX [phpBB issues fixed in 2.0.18]
-	- phpbb2 <unfixed> (bug #336582; bug #336587; high)
-	NOTE: http://www.hardened-php.net/advisory_172005.75.html
-	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
-	NOTE: Remote code execution may be possible, especially in conjunction
-	NOTE: with PHP bugs.
 CVE-2005-XXXX [ntop format string vulnerability]
 	- ntop <unfixed> (bug #335996; low)
 	NOTE: Possibly not exploitable
@@ -941,8 +937,6 @@
 	- gnump3d 2.9.6-1 (medium)
 CVE-2005-3122
 	REJECTED
-	{DSA-877-1}
-	- gnump3d 2.9.6-1 (low)
 CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...)
 	{DSA-867-1}
 	- module-assistant 0.9.10




More information about the Secure-testing-commits mailing list