[Secure-testing-commits] r2852 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Thu Nov 24 11:20:04 UTC 2005
Author: jmm-guest
Date: 2005-11-24 11:19:59 +0000 (Thu, 24 Nov 2005)
New Revision: 2852
Modified:
data/CVE/list
Log:
new jetty issue (contrib)
new struts issue
new ipsec-tools issue
inkscape CVEfied
old isoqlog issue
old dokuwiki issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-24 10:47:37 UTC (rev 2851)
+++ data/CVE/list 2005-11-24 11:19:59 UTC (rev 2852)
@@ -1,131 +1,129 @@
-begin claimed by jmm
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...)
- TODO: check
+ NOT-FOR-US: IPUpdate
CVE-2005-3779 (Unknown vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2005-3775 (PHP file inclusion vulnerability in pollvote.php in PollVote allows ...)
- TODO: check
+ NOT-FOR-US: PollVote
CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Cisco hardware
CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...)
- TODO: check
+ NOT-FOR-US: PHP-Post
CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...)
- TODO: check
+ NOT-FOR-US: PHP Download Manager
CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...)
- TODO: check
+ NOT-FOR-US: Symantec appliances
CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly restrict the ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user pages ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on uploaded ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS 0.96.3 and ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full installation ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3762 (SQL injection vulnerability in the navigation module ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3760 (Double-free vulnerability in the BBOORB module in IBM WebSphere ...)
- TODO: check
+ NOT-FOR-US: WebSphere
CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
- TODO: check
+ NOT-FOR-US: Google search appliance
CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly ...)
- TODO: check
+ TODO: check, whether this is related to libsaxon-java
CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, ...)
- TODO: check
+ NOT-FOR-US: Google search appliance
CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...)
- TODO: check
+ NOT-FOR-US: Google search appliance
CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
- TODO: check
+ NOT-FOR-US: Google search appliance
CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in the diagela command ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone Nuke ET ...)
- TODO: check
+ NOT-FOR-US: Tru-Zone Nuke ET
CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote ...)
- TODO: check
+ - jetty <unfixed> (bug filed; medium)
CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows remote ...)
- TODO: check
+ NOT-FOR-US: APBoard
CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and ...)
- TODO: check
+ - libstruts1.2-java
CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and ...)
- TODO: check
+ NOT-FOR-US: phpComasy
CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...)
- TODO: check
+ NOT-FOR-US: SimplePoll
CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll ...)
- TODO: check
+ NOT-FOR-US: Advanced Poll
CVE-2005-3741 (Almond Classifieds does not properly verify the password, which allows ...)
- TODO: check
+ NOT-FOR-US: Almond Classifieds
CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...)
- TODO: check
+ NOT-FOR-US: Mambo
CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 ...)
- TODO: check
+ - inkscape <unfixed> (bug #330894; medium)
CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart ...)
- TODO: check
+ NOT-FOR-US: e-Quick Cart
CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow remote ...)
- TODO: check
+ NOT-FOR-US: e-Quick Cart
CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add content" page in ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper ...)
- TODO: check
+ NOT-FOR-US: Juniper products using IKE
CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
- TODO: check
+ - ipsec-tools <unfixed> (bug filed; low)
CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: AMAX Magic Winmail
CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote ...)
- TODO: check
+ - isoqlog 2.2-0.1
CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 ...)
- TODO: check
+ NOT-FOR-US: ReciPants
CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote ...)
- TODO: check
+ NOT-FOR-US: ReciPants
CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld ...)
- TODO: check
+ NOT-FOR-US: LiveWorld
CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Serena TeamTrack
CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business ...)
- TODO: check
+ NOT-FOR-US: Leigh Business Enterprises
CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences ...)
- TODO: check
+ NOT-FOR-US: ISS Web+Center
CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits ...)
- TODO: check
+ - dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access ...)
- TODO: check
+ - dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: Sambar
CVE-2005-XXXX [Kernel DoS through integer overflow in invalidate_inode_pages2()]
- linux-2.6 <unfixed>
NOTE: Pinged Horms/dannf
@@ -239,7 +237,6 @@
CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...)
- openswan 1:2.4.4-1 (bug #339082; medium)
NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report
- TODO: Keep an eye on ipsec-tools's upstream, it's potentially affected as well
CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
NOT-FOR-US: HP-UX's IKE implementation
CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
@@ -1570,10 +1567,6 @@
NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
- thttpd 2.23beta1-4 (low)
-CVE-2005-XXXX [buffer overflow in inkscape]
- NOTE: exploit may need a shellcode that is valid xml, so may not
- NOTE: be exploitable for more than a DOS
- - inkscape <unfixed> (bug #330894; low)
CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
{DSA-880-1}
- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
More information about the Secure-testing-commits
mailing list