Author: jmm-guest Date: 2005-12-14 09:50:56 +0000 (Wed, 14 Dec 2005) New Revision: 3036 Modified: data/CVE/list Log: four of the horde XSS issues have been CVEfied, MITRE seems to have missed turba, I''ve pinged them Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-14 09:36:36 UTC (rev 3035) +++ data/CVE/list 2005-12-14 09:50:56 UTC (rev 3036) @@ -66,25 +66,27 @@ NOT-FOR-US: MyBB CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...) NOT-FOR-US: Netref -begin claimed by jmm CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Nortel SSL VPN CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...) - TODO: check + NOT-FOR-US: Scout Portal Toolkit CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) ...) - TODO: check + NOT-FOR-US: Scout Portal Toolkit CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights ''n Sounds Streaming ...) - TODO: check + NOT-FOR-US: Sights ''n Sounds Streaming Media Server CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows ...) - TODO: check + NOT-FOR-US: UseBB +CVE-2005-XXXX [XSS in Turba] + - turba2 <unfixed> (bug #342946; medium) + NOTE: CVE requested CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + - mnemo2 <unfixed> (bug #342944; medium) CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + - nag2 <unfixed> (bug #342945; medium) CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Framework ...) - TODO: check + - horde3 <unfixed> (bug #342942; medium) CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...) - TODO: check + - kronolith <unfixed> (bug #342943; medium) CVE-2005-4188 RESERVED CVE-2005-4187 @@ -106,32 +108,31 @@ CVE-2005-4179 RESERVED CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book ...) - TODO: check + NOT-FOR-US: Magic Book Personal and Professional CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after ...) - TODO: check + NOT-FOR-US: AWARD BIOS CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the ...) - TODO: check + NOT-FOR-US: Insyde BIOS CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow ...) - TODO: check + NOT-FOR-US: eFiction CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: eFiction CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: eFiction CVE-2005-4171 (The "Upload new image" command in the "Manage Images" eFiction 1.1, ...) - TODO: check + NOT-FOR-US: eFiction CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...) - TODO: check + NOT-FOR-US: eFiction CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote ...) - TODO: check + NOT-FOR-US: eFiction CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 ...) - TODO: check + NOT-FOR-US: eFiction CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 ...) - TODO: check + NOT-FOR-US: eFiction CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare ...) - TODO: check + NOT-FOR-US: DUportal CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...) - TODO: check -end claimed by jmm + NOT-FOR-US: ASP-DEV ASP Resources Forum CVE-2005-XXXX [Another fib_lookup DoS] - linux-2.6 <unfixed> CVE-2005-XXXX [DoS in i82365 driver] @@ -185,16 +186,6 @@ NOT-FOR-US: Lyris ListManager CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 ...) NOT-FOR-US: Lyris ListManager -CVE-2005-XXXX [Multiple issues in Horde] - - horde3 <unfixed> (bug #342942; medium) -CVE-2005-XXXX [XSS in Kronolith] - - kronolith <unfixed> (bug #342943; medium) -CVE-2005-XXXX [XSS in Mnemo] - - mnemo2 <unfixed> (bug #342944; medium) -CVE-2005-XXXX [XSS in Nag] - - nag2 <unfixed> (bug #342945; medium) -CVE-2005-XXXX [XSS in Turba] - - turba2 <unfixed> (bug #342946; medium) CVE-2005-4141 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...) NOT-FOR-US: ASPMForum CVE-2005-4140 (SQL injection vulnerability in admin/login/index.php in Website Baker ...)