[Secure-testing-commits] r2895 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Nov 30 10:14:27 UTC 2005
Author: jmm-guest
Date: 2005-11-30 10:14:23 +0000 (Wed, 30 Nov 2005)
New Revision: 2895
Modified:
data/CVE/list
Log:
new php issue
centericq/ktools CVEfied
unalz CVEfied
ipv6 mem leak dos CVEfied
three new kernel dos issues
new unimportant phpbb2 "issue"
new phpmyadmin issue already fixed
83 not-for-us
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-30 08:53:28 UTC (rev 2894)
+++ data/CVE/list 2005-11-30 10:14:23 UTC (rev 2895)
@@ -1,192 +1,204 @@
-begin claimed by jmm
CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu ...)
- TODO: check
+ NOT-FOR-US: Zaimu
CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP ...)
- TODO: check
+ - php5 <unfixed> (bug filed; medium)
+ TODO: check php4
CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing ...)
- TODO: check
+ NOT-FOR-US: FAQRing Knowledge Base
CVE-2005-3881 (SQL injection vulnerability in search.php in AltantisFAQ Knowledge ...)
- TODO: check
+ NOT-FOR-US: AtlantisFAQ Knowledge Base
CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and ...)
- TODO: check
+ NOT-FOR-US: Omnistar KBase
CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository ...)
- TODO: check
+ NOT-FOR-US: Softbiz Resource Repository Script
CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...)
- TODO: check
+ NOT-FOR-US: PHP Doc System
CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management ...)
- TODO: check
+ NOT-FOR-US: Simple Document Management System
CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ...)
- TODO: check
+ NOT-FOR-US: AD Center ADC2000 NG Pro
CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 ...)
- TODO: check
+ NOT-FOR-US: Enterprise Connector
CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and ...)
- TODO: check
+ NOT-FOR-US: Netzbrett
CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 ...)
- TODO: check
+ NOT-FOR-US: ShockBoard
CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: Ugroup
CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) ...)
- TODO: check
+ NOT-FOR-US: JBB
CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...)
- TODO: check
+ NOT-FOR-US: edmoBBS
CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API ...)
- TODO: check
+ NOT-FOR-US: Google API
CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: K-Search
CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...)
- TODO: check
+ NOT-FOR-US: RevenuePilot Search Engine
CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine ...)
- TODO: check
+ NOT-FOR-US: SearchFeed Search Engine
CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and ...)
- TODO: check
+ NOT-FOR-US: AllWeb search
CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...)
- TODO: check
+ NOT-FOR-US: SourceWell
CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...)
- TODO: check
+ - centericq <unfixed> (bug #340959; medium)
+ TODO: Check orpheus and motor
CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to ...)
- TODO: check
+ - unalz <unfixed> (bug #340842; medium)
CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz ...)
- TODO: check
+ NOT-FOR-US: phpGreetz
CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May ...)
- TODO: check
+ NOT-FOR-US: Oliver May Athena PHP Website Administration
CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 ...)
- TODO: check
+ NOT-FOR-US: Q-News
CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux ...)
- TODO: check
+ - linux-2.6 2.6.12-6
CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...)
- TODO: check
+ - krusader <unfixed> (bug #336169; low)
CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...)
- TODO: check
+ NOT-FOR-US: 1-2-3 music store
CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...)
- TODO: check
+ NOT-FOR-US: EasyPageCMS
CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier ...)
- TODO: check
+ NOT-FOR-US: sNews
CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ...)
- TODO: check
+ NOT-FOR-US: Online Work Order Suite
CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...)
- TODO: check
+ NOT-FOR-US: Online Attendance System
CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...)
- TODO: check
+ NOT-FOR-US: Online Knowledge Base System
CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ...)
- TODO: check
+ NOT-FOR-US: Fantastic News
CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 ...)
- TODO: check
+ NOT-FOR-US: EZ Invoice Inc
CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article ...)
- TODO: check
+ NOT-FOR-US: phpWordpress, this is not the same as Wordpress
CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows ...)
- TODO: check
+ NOT-FOR-US: Nicecode iDesk
CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a ...)
- TODO: check
+ NOT-FOR-US: pdjk-support suite
CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...)
- TODO: check
+ NOT-FOR-US: kPlaylist
CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: Omnistar Live
CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk ...)
- TODO: check
+ NOT-FOR-US: SupportPRO Supportdesk
CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft ...)
- TODO: check
+ NOT-FOR-US: IsolSoft Support Center
CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in ...)
- TODO: check
+ NOT-FOR-US: sCssBoard
CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: DeskLance
CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in ...)
- TODO: check
+ NOT-FOR-US: DeskLance
CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 ...)
- TODO: check
+ NOT-FOR-US: Tunez
CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier ...)
- TODO: check
+ NOT-FOR-US: Tunez
CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, ...)
- TODO: check
+ NOT-FOR-US: SpeedProject products
CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, ...)
- TODO: check
+ NOT-FOR-US: SpeedProject products
CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign ...)
- TODO: check
+ NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ...)
- TODO: check
+ NOT-FOR-US: AgileBill
CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...)
- TODO: check
+ NOT-FOR-US: Ezyhelpdesk
CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...)
- TODO: check
+ NOT-FOR-US: Comdev Vote Caster
CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 ...)
- TODO: check
+ NOT-FOR-US: vTiger CRM
CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory ...)
- TODO: check
+ NOT-FOR-US: Softbiz Web Host Directory
CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 ...)
- TODO: check
+ NOT-FOR-US: freeForum
CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and ...)
- TODO: check
+ NOT-FOR-US: Orca Forum
CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro ...)
- TODO: check
+ NOT-FOR-US: SmartPPC Pro
CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: freeFTPd
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...)
- TODO: check
+ NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806 (The IPv6 flowlabel handling code (ip6_flowlabel.c) in Linux kernels ...)
- TODO: check
+ - linux-2.6 2.6.14-1 (medium)
+ - kernel-source-2.4.27 <unfixed> (medium)
+ NOTE: Added to the kernel patch tracker
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...)
- TODO: check
+ - linux-2.6 <unfixed> (medium)
+ - kernel-source-2.4.27 <unfixed> (medium)
+ NOTE: Added to the kernel patch tracker
CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...)
- TODO: check
+ NOT-FOR-US: Cisco hardware
CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...)
- TODO: check
+ NOT-FOR-US: Cisco hardware
CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...)
- TODO: check
+ NOT-FOR-US: Belkin hardware
CVE-2005-3801 (PasswordSafe 1.x and 2.x allows local users to test possible ...)
- TODO: check
+ NOT-FOR-US: PasswordSafe
+ TODO: the problem might affect mypasswordsafe
CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak ...)
- TODO: check
+ NOT-FOR-US: Macromedia Contribute Publishing Server
CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ - phpbb2 <unfixed> (unimportant)
+ NOTE: Not a real security problem, error messages might disclose the installation
+ NOTE: which is known for the Debian package anyway
CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
- TODO: check
+ NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 ...)
- TODO: check
+ NOT-FOR-US: phpAdsNew and phpPgAds
CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: phpwcms
CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...)
- TODO: check
+ NOT-FOR-US: phpwcms
CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...)
- TODO: check
+ NOT-FOR-US: Cisco appliance
CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- TODO: check
+ - phpmyadmin 4:2.6.4-pl4-1
CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ...)
- TODO: check
+ NOT-FOR-US: Novell ZENworks
CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...)
- TODO: check
+ NOT-FOR-US: Ebuild IndeX
CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...)
- TODO: check
+ - linux-2.6 <unfixed> (medium)
+ - kernel-source-2.4.27 <unfixed> (medium)
+ NOTE: Added to the kernel patch tracker
CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...)
- TODO: check
+ - linux-2.6 <unfixed> (medium)
+ - kernel-source-2.4.27 <unfixed> (medium)
+ NOTE: Added to the kernel patch tracker
CVE-2005-3782
RESERVED
CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...)
@@ -259,12 +271,8 @@
TODO: check
CVE-2004-2573 (PHP remote file include vulnerability in tables_update.inc.php in ...)
TODO: check
-end claimed by jmm
CVE-2005-XXXX [Multiple issues in webcalendar]
- webcalendar <unfixed> (bug filed; medium)
-CVE-2005-XXXX [Buffer overflow in ktools library used in centericq]
- - centericq <unfixed> (bug #340959; medium)
- TODO: Check orpheus and motor
CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...)
[sarge] - kernel-source-2.6.8 2.6.8-16sarge2
CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel before ...)
@@ -275,8 +283,6 @@
CVE-2003-XXXX [Insecure tempfile in x-face-el]
- x-face-el 1.3.6.23-1
NOTE: DSA-340
-CVE-2005-XXXX [Buffer overflow in unalz]
- - unalz <unfixed> (bug #340842; medium)
CVE-2005-XXXX [potential dos against gaim-encryption]
- gaim-encryption <unfixed> (bug #337127)
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
More information about the Secure-testing-commits
mailing list