[Secure-testing-commits] r2783 - data/CVE

Fri Nov 18 10:23:56 UTC 2005

Author: jmm-guest
Date: 2005-11-18 10:23:51 +0000 (Fri, 18 Nov 2005)
New Revision: 2783

Modified:
   data/CVE/list
Log:
scorched3d CVEfied
lots of n-f-us


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2005-11-18 10:12:30 UTC (rev 2782)
+++ data/CVE/list	2005-11-18 10:23:51 UTC (rev 2783)
@@ -337,84 +337,82 @@
 	RESERVED
 CVE-2005-3525
 	RESERVED
-begin claimed by jmm
 CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine NetflowAnalyzer
 CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 ...)
-	TODO: check
+	NOT-FOR-US: MySource
 CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow ...)
-	TODO: check
+	NOT-FOR-US: MySource
 CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 ...)
-	TODO: check
+	NOT-FOR-US: PunBB
 CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the ...)
-	TODO: check
+	NOT-FOR-US: Chipmunk Scripts Guestbook
 CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...)
-	TODO: check
+	NOT-FOR-US: Chipmunk Directory
 CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...)
-	TODO: check
+	NOT-FOR-US: Chipmunk Topsites
 CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum ...)
-	TODO: check
+	NOT-FOR-US: Chipmunk Forum
 CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain the ...)
-	TODO: check
+	NOT-FOR-US: VUBB
 CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha ...)
-	TODO: check
+	NOT-FOR-US: VUBB
 CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS ...)
-	TODO: check
+	NOT-FOR-US: Spymac Web OS
 CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a ...)
-	TODO: check
+	- tomcat5 <not-affected> (Debian's 5.0 version is not vulnerable)
 CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote ...)
-	TODO: check
+	NOT-FOR-US: JPortal
 CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery (Galerie) ...)
 	TODO: check
 CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: CuteNews
 CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server ...)
-	TODO: check
+	NOT-FOR-US: Sambar
 CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat script in ...)
-	TODO: check
+	NOT-FOR-US: Entropy Chat Script
 CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other ...)
-	TODO: check
+	NOT-FOR-US: SuSE fork of passwd
 CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Cerberus Helpdesk
 CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass protection ...)
-	TODO: check
+	NOT-FOR-US: F-Prot Antivirus
 CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2005-3497 (SQL injection vulnerability in process_signup.php in PHP Handicapper ...)
-	TODO: check
+	NOT-FOR-US: PHP Handicapper
 CVE-2005-3496 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Handicapper ...)
-	TODO: check
+	NOT-FOR-US: PHP Handicapper
 CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Ar-blog
 CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Ar-blog
 CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Battle Carry
 CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: FlatFrag
 CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in ...)
-	TODO: check
+	NOT-FOR-US: FlatFrag
 CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video ...)
-	TODO: check
+	NOT-FOR-US: Asus Video Security 
 CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...)
-	TODO: check
+	NOT-FOR-US: Asus Video Security 
 CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a ...)
-	TODO: check
+	- scorched3d <unfixed> (bug #337403; medium)
 CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow ...)
-	TODO: check
+	- scorched3d <unfixed> (bug #337403; medium)
 CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and ...)
-	TODO: check
+	- scorched3d <unfixed> (bug #337403; medium)
 CVE-2005-3485 (Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Glider Collect'n kill
 CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier ...)
-	TODO: check
+	NOT-FOR-US: NeroNET
 CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: GO-Global
 CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software ...)
 	TODO: check
 CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...)
@@ -723,8 +721,6 @@
 CVE-2005-3501 (The cabd_find function in cabd.c of the the libmspack library (mspack) ...)
 	{DSA-887-1 DTSA-21-1}
 	- clamav 0.87.1-1 (medium)
-CVE-2005-XXXX [Multiple security issues in Scorched 3D]
-	- scorched3d <unfixed> (bug #337403; medium)
 CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
 	NOT-FOR-US: Cisco hardware
 CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...)


