Author: jmm-guest Date: 2005-12-01 10:00:08 +0000 (Thu, 01 Dec 2005) New Revision: 2911 Modified: data/CVE/list Log: webcalendar CVEfied new nufw issue lots of NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-01 09:48:12 UTC (rev 2910) +++ data/CVE/list 2005-12-01 10:00:08 UTC (rev 2911) @@ -32,44 +32,43 @@ RESERVED CVE-2006-0018 REJECTED -begin claimed by jmm CVE-2005-3961 (WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar ...) - TODO: check + - webcalendar <unfixed> (bug #341208; medium) CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Kadu CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 ...) - TODO: check + NOT-FOR-US: FreeWebStat CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0 allows ...) - TODO: check + NOT-FOR-US: Entergal MX CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in DotClear ...) - TODO: check + NOT-FOR-US: DotClear CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 ...) - TODO: check + NOT-FOR-US: DMANews CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, ...) - TODO: check + NOT-FOR-US: MagpieRSS CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows ...) - TODO: check + NOT-FOR-US: blogBuddies CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers ...) - TODO: check + NOT-FOR-US: Bedeng PSP CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows remote ...) - TODO: check + NOT-FOR-US: PHP Labs Top Auction CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey Wizard ...) - TODO: check + NOT-FOR-US: PHP Labs Survey Wizard CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users ...) - TODO: check + - nufw <unfixed> (bug filed; medium) CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow ...) - TODO: check + - webcalendar <unfixed> (bug #341208; medium) CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ...) - TODO: check + NOT-FOR-US: PHPAlbum CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload Center ...) - TODO: check + NOT-FOR-US: PHP Upload Center CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: Opera CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...) - TODO: check -end claimed by jmm + NOT-FOR-US: ilyav Survey System +begin claimed by jmm CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...) TODO: check CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...) @@ -136,6 +135,7 @@ TODO: check CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...) TODO: check +end claimed by jmm CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...) TODO: check CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...) @@ -474,8 +474,6 @@ - phpgroupware 0.9.14.007 CVE-2004-2573 (PHP remote file include vulnerability in tables_update.inc.php in ...) - phpgroupware 0.9.14.007 -CVE-2005-XXXX [Multiple issues in webcalendar] - - webcalendar <unfixed> (bug #341208; medium) CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...) [sarge] - kernel-source-2.6.8 2.6.8-16sarge2 CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel before ...)