thr3ads.net - Secure testing commits - [Secure-testing-commits] r3123

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Dec-22 11:09 UTC
[Secure-testing-commits] r3123 - data/CVE

Author: jmm-guest
Date: 2005-12-22 11:08:18 +0000 (Thu, 22 Dec 2005)
New Revision: 3123

Modified:
   data/CVE/list
Log:
new blender and elog issues (bugs still need to be filed)
unimportant wordpress issue
some vlan issues that might affect the kernel
lots of NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-22 10:19:06 UTC (rev 3122)
+++ data/CVE/list	2005-12-22 11:08:18 UTC (rev 3123)
@@ -18,98 +18,101 @@
 	RESERVED
 CVE-2006-0019
 	RESERVED
-begin claimed by jmm
 CVE-2005-4474 (Buffer overflow in the &quot;Add to archive&quot;
command in WinRAR 3.51 allows ...)
-	TODO: check
+	NOT-FOR-US: WinRAR
 CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS)
allows ...)
-	TODO: check
+	NOT-FOR-US: Macromedia JRun 4 web server
 CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server
(JWS) ...)
-	TODO: check
+	NOT-FOR-US: Macromedia JRun 4 web server
 CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server
(MSS) ...)
-	TODO: check
+	NOT-FOR-US: Avaya Modular Messaging Message Storage Server
 CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in
readfile.c in ...)
-	TODO: check
+	- blender <unfixed>
 CVE-2005-4469 (Multiple direct static code injection vulnerabilities in
PHPGedView ...)
-	TODO: check
+	NOT-FOR-US: PHPGedView
 CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in
...)
-	TODO: check
+	NOT-FOR-US: PHPGedView
 CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in
PHPGedView ...)
-	TODO: check
+	NOT-FOR-US: PHPGedView
 CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in
i3sipmsg.dll ...)
-	TODO: check
+	NOT-FOR-US: SIP Proxy
 CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in
NEC ...)
-	TODO: check
+	NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000 
 CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Ingate Firewall / SIParator
 CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain
sensitive ...)
-	TODO: check
+	- wordpress 1.5.2-1 (unimportant)
+	NOTE: Only path disclosure
 CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva
PHP ...)
-	TODO: check
+	NOT-FOR-US: Tolva PHP website system
 CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2
and ...)
-	TODO: check
+	NOT-FOR-US: Beehive Forum 
 CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2
and ...)
-	TODO: check
+	NOT-FOR-US: Beehive Forum 
 CVE-2005-4459 (Heap-based buffer overflow in vmnat.exe and vmnet-natd in VMWare
...)
-	TODO: check
+	NOT-FOR-US: VMWare
 CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not
properly ...)
-	TODO: check
+	NOT-FOR-US: Metadot Portal Server 
 CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote
...)
-	TODO: check
+	NOT-FOR-US: MailEnable
 CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and
...)
-	TODO: check
+	NOT-FOR-US: MailEnable
 CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows
remote ...)
-	TODO: check
+	TODO: check, whether liblivejournal-perl embeds some of the code
 CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in
...)
-	TODO: check
+	TODO: check, whether liblivejournal-perl embeds some of the code
 CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Ultraapps Issue Manager 
 CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database
under ...)
-	TODO: check
+	NOT-FOR-US: Information Call Center
 CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX
B.11.11 ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin
2.7.0 ...)
-	TODO: check
+	NOTE: According to the description possibly a dupe of the non-issue
CVE-2005-4349
+	TODO: check back with Secunia, they''re the only source for this issue
 CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: FlatNuke
 CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an
MD5 ...)
-	TODO: check
+	NOT-FOR-US: FlatNuke
 CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in
phpCOIN ...)
-	TODO: check
+	NOT-FOR-US: phpCOIN
 CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite
8.x ...)
-	TODO: check
+	NOT-FOR-US: ASPBite
 CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1
allow ...)
-	TODO: check
+	NOT-FOR-US: Pegasus Mail
 CVE-2005-4444 (Stack-based buffer overflow in Pegasus Mail 4.21a through 4.21c
and ...)
-	TODO: check
+	NOT-FOR-US: Pegasus Mail
 CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on
...)
-	TODO: check
+	- gauche <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3
on ...)
-	TODO: check
+	- openldap2 <not-affected>  (Gentoo-specific packaging flaw)
+	- openldap2.2 <not-affected>  (Gentoo-specific packaging flaw)
 CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network
...)
-	TODO: check
+	TODO: check, whether this has ramifications on the kernel''s VLAN
implementation
+	TODO: or whether it''s a generic unfixable protocol flaw
 CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass
network ...)
-	TODO: check
+	TODO: check, whether this has ramifications on the kernel''s VLAN
implementation
+	TODO: or whether it''s a generic unfixable protocol flaw
 CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote
attackers to ...)
-	TODO: check
+	- elog <unfixed>
 CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as
distributed in ...)
-	TODO: check
+	NOT-FOR-US: Dec2Rar
 CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing
...)
-	TODO: check
+	NOT-FOR-US: IOS
 CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as
implemented ...)
-	TODO: check
+	NOT-FOR-US: IOS
 CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign
D-Man ...)
-	TODO: check
+	NOT-FOR-US: AbleDesign D-Man
 CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch
2.x ...)
-	TODO: check
+	NOT-FOR-US: AbleDesign ReSearch
 CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in
Esselbach ...)
-	TODO: check
+	NOT-FOR-US: Esselbach Storyteller CMS
 CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS
0.8 ...)
-	TODO: check
+	NOT-FOR-US: PlaySMS
 CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: WowBB
 CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows
remote ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: LogicBill
 CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote
attackers ...)
 	TODO: check
 CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in
Cerberus ...)
Secure testing commits - Dec 2005 - r3123 - data/CVE

[Secure-testing-commits] r3123 - data/CVE
