[Secure-testing-commits] r2891 - data/CVE
Joey Hess
joeyh at costa.debian.org
Tue Nov 29 21:14:31 UTC 2005
Author: joeyh
Date: 2005-11-29 21:14:25 +0000 (Tue, 29 Nov 2005)
New Revision: 2891
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-29 14:56:28 UTC (rev 2890)
+++ data/CVE/list 2005-11-29 21:14:25 UTC (rev 2891)
@@ -1,3 +1,261 @@
+CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu ...)
+ TODO: check
+CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP ...)
+ TODO: check
+CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing ...)
+ TODO: check
+CVE-2005-3881 (SQL injection vulnerability in search.php in AltantisFAQ Knowledge ...)
+ TODO: check
+CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and ...)
+ TODO: check
+CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository ...)
+ TODO: check
+CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...)
+ TODO: check
+CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management ...)
+ TODO: check
+CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ...)
+ TODO: check
+CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 ...)
+ TODO: check
+CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and ...)
+ TODO: check
+CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 ...)
+ TODO: check
+CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier ...)
+ TODO: check
+CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) ...)
+ TODO: check
+CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...)
+ TODO: check
+CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API ...)
+ TODO: check
+CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier ...)
+ TODO: check
+CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...)
+ TODO: check
+CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine ...)
+ TODO: check
+CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and ...)
+ TODO: check
+CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...)
+ TODO: check
+CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...)
+ TODO: check
+CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to ...)
+ TODO: check
+CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz ...)
+ TODO: check
+CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May ...)
+ TODO: check
+CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 ...)
+ TODO: check
+CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux ...)
+ TODO: check
+CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...)
+ TODO: check
+CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...)
+ TODO: check
+CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...)
+ TODO: check
+CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier ...)
+ TODO: check
+CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ...)
+ TODO: check
+CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...)
+ TODO: check
+CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...)
+ TODO: check
+CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ...)
+ TODO: check
+CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 ...)
+ TODO: check
+CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article ...)
+ TODO: check
+CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows ...)
+ TODO: check
+CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a ...)
+ TODO: check
+CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...)
+ TODO: check
+CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...)
+ TODO: check
+CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk ...)
+ TODO: check
+CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft ...)
+ TODO: check
+CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in ...)
+ TODO: check
+CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...)
+ TODO: check
+CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in ...)
+ TODO: check
+CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 ...)
+ TODO: check
+CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier ...)
+ TODO: check
+CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, ...)
+ TODO: check
+CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, ...)
+ TODO: check
+CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote ...)
+ TODO: check
+CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows ...)
+ TODO: check
+CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign ...)
+ TODO: check
+CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ...)
+ TODO: check
+CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...)
+ TODO: check
+CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...)
+ TODO: check
+CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote ...)
+ TODO: check
+CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...)
+ TODO: check
+CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...)
+ TODO: check
+CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger ...)
+ TODO: check
+CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...)
+ TODO: check
+CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 ...)
+ TODO: check
+CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory ...)
+ TODO: check
+CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 ...)
+ TODO: check
+CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and ...)
+ TODO: check
+CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro ...)
+ TODO: check
+CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and ...)
+ TODO: check
+CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...)
+ TODO: check
+CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...)
+ TODO: check
+CVE-2005-3806 (The IPv6 flowlabel handling code (ip6_flowlabel.c) in Linux kernels ...)
+ TODO: check
+CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...)
+ TODO: check
+CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...)
+ TODO: check
+CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...)
+ TODO: check
+CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...)
+ TODO: check
+CVE-2005-3801 (PasswordSafe 1.x and 2.x allows local users to test possible ...)
+ TODO: check
+CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak ...)
+ TODO: check
+CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template ...)
+ TODO: check
+CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in ...)
+ TODO: check
+CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...)
+ TODO: check
+CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
+ TODO: check
+CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
+ TODO: check
+CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in ...)
+ TODO: check
+CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 ...)
+ TODO: check
+CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...)
+ TODO: check
+CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...)
+ TODO: check
+CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
+ TODO: check
+CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ...)
+ TODO: check
+CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...)
+ TODO: check
+CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...)
+ TODO: check
+CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...)
+ TODO: check
+CVE-2005-3782
+ RESERVED
+CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...)
+ TODO: check
+CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a ...)
+ TODO: check
+CVE-2004-2604 (Cross-site scripting (XSS) vulnerability in index.php in PHProxy ...)
+ TODO: check
+CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
+ TODO: check
+CVE-2004-2602 (PHP remote file include vulnerability in UberTec Help Center Live ...)
+ TODO: check
+CVE-2004-2601 (PHP file include vulnerability in UberTec Help Center Live (HCL) ...)
+ TODO: check
+CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) ...)
+ TODO: check
+CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as used in ...)
+ TODO: check
+CVE-2004-2598 (Quake II server before R1Q2, as used in multiple products, allows ...)
+ TODO: check
+CVE-2004-2597 (Quake II server before R1Q2, as used in multiple products, allows ...)
+ TODO: check
+CVE-2004-2596 (Quake II server before R1Q2, as used in multiple products, allows ...)
+ TODO: check
+CVE-2004-2595 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...)
+ TODO: check
+CVE-2004-2594 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...)
+ TODO: check
+CVE-2004-2593 (Buffer overflow in command-packet processing of Quake II server before ...)
+ TODO: check
+CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, allows ...)
+ TODO: check
+CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does ...)
+ TODO: check
+CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) ...)
+ TODO: check
+CVE-2004-2589 (Gaim before 0.82 allows remote servers to cause a denial of service ...)
+ TODO: check
+CVE-2004-2588 (Intentional information leak in phpinfo.php in XMB (aka extreme ...)
+ TODO: check
+CVE-2004-2587 (login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...)
+ TODO: check
+CVE-2004-2586 (Directory traversal vulnerability in frmGetAttachment.aspx in ...)
+ TODO: check
+CVE-2004-2585 (Cross-site scripting (XSS) vulnerability in frmCompose.aspx in ...)
+ TODO: check
+CVE-2004-2584 (frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 ...)
+ TODO: check
+CVE-2004-2583 (SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...)
+ TODO: check
+CVE-2004-2582 (Novell iChain 2.3 includes the build number in the VIA line of the ...)
+ TODO: check
+CVE-2004-2581 (Novell iChain 2.3 allows attackers to cause a denial of service via a ...)
+ TODO: check
+CVE-2004-2580 (Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows ...)
+ TODO: check
+CVE-2004-2579 (ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access ...)
+ TODO: check
+CVE-2004-2578 (phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) ...)
+ TODO: check
+CVE-2004-2577 (The acl_check function in phpGroupWare 0.9.16RC2 always returns True, ...)
+ TODO: check
+CVE-2004-2576 (class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create ...)
+ TODO: check
+CVE-2004-2575 (phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain ...)
+ TODO: check
+CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare ...)
+ TODO: check
+CVE-2004-2573 (PHP remote file include vulnerability in tables_update.inc.php in ...)
+ TODO: check
CVE-2005-XXXX [Multiple issues in webcalendar]
- webcalendar <unfixed> (bug filed; medium)
CVE-2005-XXXX [Buffer overflow in ktools library used in centericq]
@@ -3,9 +261,9 @@
- centericq <unfixed> (bug #340959; medium)
TODO: Check orpheus and motor
-CVE-2005-3848 [ Memory leak in the icmp_push_reply function in Linux 2.6 before ... ]
+CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...)
[sarge] - kernel-source-2.6.8 2.6.8-16sarge2
-CVE-2005-3847 [ signal.c in Linux kernel before 2.6.13 and 2.6.12.6 and earlier allows ... ]
+CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel before ...)
[sarge] - kernel-source-2.6.8 2.6.8-16sarge2
-CVE-2005-3849 [ Cross-site scripting (XSS) vulnerability in the Search module in PmWiki ... ]
+CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
NOT-FOR-US: PmWiki
TODO: track RFP: #330117
@@ -143,15 +401,15 @@
NOT-FOR-US: Sambar
CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain ...)
NOT-FOR-US: Sambar
-CVE-2005-3808 [Kernel DoS through integer overflow in invalidate_inode_pages2()]
+CVE-2005-3808 (Integer overflow in the invalidate_inode_pages2_range function in ...)
- linux-2.6 2.6.14-4 (medium)
[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
-CVE-2005-3809 [netfilter protoinfo dos]
+CVE-2005-3809 (The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in ...)
- linux-2.6 2.6.14-4 (medium)
[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
-CVE-2005-3810 [netfilter icmp id DoS]
+CVE-2005-3810 (ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to ...)
- linux-2.6 2.6.14-4 (medium)
[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
@@ -417,7 +675,7 @@
NOT-FOR-US: Folder Guard
CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in ...)
NOT-FOR-US: phpAdsNews
-CVE-2005-3645 (phpAdsNew 2.0.6 and possibly earlier versions allows remote attackers ...)
+CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows ...)
NOT-FOR-US: phpAdsNews
CVE-2005-3644 (upnp_getdevicelist in UPnP for Windows 2000 Server SP3 and earlier, ...)
NOT-FOR-US: Windows
@@ -563,7 +821,7 @@
NOT-FOR-US: Peel
CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...)
NOT-FOR-US: protection.php from several crappy web apps not in Debian
-CVE-2005-3570 (Unknown cross-site scripting (XSS) vulnerability in Horde before 2.2.9 ...)
+CVE-2005-3570 (Unspecified cross-site scripting (XSS) vulnerability in Horde before ...)
- horde2 2.2.9-1 (bug #338983; unknown)
CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX ...)
NOT-FOR-US: DB2
@@ -571,7 +829,7 @@
NOT-FOR-US: DB2
CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server 5.2.0 and 6.0.0 binds ...)
NOT-FOR-US: Tivoli
-CVE-2005-3566 (Buffer overflow in the ha command of VERITAS Cluster Server for UNIX ...)
+CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server for ...)
NOT-FOR-US: VERITAS Cluster Server
CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and ...)
NOT-FOR-US: HP-UX
@@ -1012,10 +1270,10 @@
CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
{DSA-896-1}
- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
-CVE-2005-3807 [kernel: NFS leases mem leak]
+CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...)
- linux-2.6 <unfixed>
- kernel-source-2.4.27 <not-affected>
-CVE-2005-3857 [kernel: NFS leases printk syslog spam]
+CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before 2.6.15 ...)
- linux-2.6 <unfixed>
- kernel-source-2.4.27 <not-affected>
CVE-2005-XXXX [Insecure temp file usage in migrationtools]
@@ -3057,7 +3315,7 @@
CVE-2005-2709 (sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a ...)
- linux-2.6 2.6.14-3
NOTE: Send to Horms as usual
-CVE-2005-2708 (The search_binary_handler function in exec.c in Linux kernel on 64-bit ...)
+CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on ...)
- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
{DSA-868-1 DSA-866-1 DSA-838-1}
@@ -8494,7 +8752,7 @@
NOT-FOR-US: no_package
CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...)
NOT-FOR-US: no_package
-CVE-2004-1863 (Cross-site scripting (XSS) vulnerability in editprofile.php in Extreme ...)
+CVE-2004-1863 (Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka ...)
NOT-FOR-US: no_package
CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...)
NOT-FOR-US: no_package
@@ -12209,7 +12467,7 @@
NOT-FOR-US: vBulletin
CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...)
- pdns 2.9.16-6
-CVE-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in the ...)
+CVE-2005-0427 (The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the ...)
- webmin <not-affected> (Gentoo specific)
CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...)
NOT-FOR-US: Solaris
More information about the Secure-testing-commits
mailing list