Author: jmm-guest Date: 2005-12-30 01:47:39 +0000 (Fri, 30 Dec 2005) New Revision: 3184 Modified: data/CVE/list Log: scponly CVEfied a whole bunch of new mantis crap new mediawiki issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-30 01:16:51 UTC (rev 3183) +++ data/CVE/list 2005-12-30 01:47:39 UTC (rev 3184) @@ -122,77 +122,75 @@ RESERVED CVE-2005-4535 RESERVED -begin claimed by jmm CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and ...) - TODO: check + - scponly <unfixed> (bug #344418) CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system ...) - TODO: check + - scponly <unfixed> (bug #344418) CVE-2005-4531 REJECTED - TODO: check CVE-2005-4530 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) - TODO: check + NOT-FOR-US: EPay Enterprise CVE-2005-4529 (The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to ...) - TODO: check + NOT-FOR-US: phpBB addon CVE-2005-4528 (SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB ...) - TODO: check + NOT-FOR-US: phpBB addon CVE-2005-4527 (Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote ...) - TODO: check + NOT-FOR-US: Direct News CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 ...) - TODO: check + NOT-FOR-US: MIMEsweeper For Web CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local ...) - TODO: check + NOT-FOR-US: Sygate CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note private" when a ...) - TODO: check + TODO: file bug CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...) - TODO: check + TODO: file bug CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: check + TODO: file bug CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...) - TODO: check + TODO: file bug CVE-2005-4520 (Unspecified "port injection" vulnerabilities in filters in Mantis ...) - TODO: check + TODO: file bug CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page ...) - TODO: check + TODO: file bug CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...) - TODO: check + TODO: file bug CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2005-4515 (SQL injection vulnerability in WebDB 1.1 and earlier allows remote ...) - TODO: check + NOT-FOR-US: WebDB CVE-2005-4514 (The encapsulation script mechanism in Webwasher CSM Appliance Suite ...) - TODO: check + NOT-FOR-US: Webwasher CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows ...) - TODO: check + NOT-FOR-US: WANDSOFT e-SEARCH CVE-2005-4512 (Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier ...) - TODO: check + NOT-FOR-US: WAXTRAPP CVE-2005-4511 (Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows ...) - TODO: check + NOT-FOR-US: TN3270 Resource Gateway CVE-2005-4510 (Directory traversal vulnerability in server.np in NetPublish Server 7 ...) - TODO: check + NOT-FOR-US: Netpublish Server CVE-2005-4509 (SQL injection vulnerability in index.asp in pTools allows remote ...) - TODO: check + NOT-FOR-US: pTools CVE-2005-4508 (Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Nexus Concepts Dev Hound CVE-2005-4507 (Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts ...) - TODO: check + NOT-FOR-US: Nexus Concepts Dev Hound CVE-2005-4506 (Nexus Concepts Dev Hound 2.24 and earlier stores username and password ...) - TODO: check + NOT-FOR-US: Nexus Concepts Dev Hound CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan ...) - TODO: check + NOT-FOR-US: McAfee CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in ...) - TODO: check + TODO: check, whether this affects konqueror CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...) - TODO: check + NOT-FOR-US: httprint CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and ...) - TODO: check + NOT-FOR-US: httprint CVE-2005-4501 (MediaWiki before 1.5.4 uses a hard-coded "internal placeholder ...) - TODO: check + - mediawiki <unfixed> (bug filed) CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...) - TODO: check -end claimed by jmm + NOT-FOR-US: MusicBox +begin claimed by jmm CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 ...) TODO: check CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier ...) @@ -243,8 +241,7 @@ TODO: check CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier ...) TODO: check -CVE-2005-XXXX [privilege escalation in scponly] - - scponly <unfixed> (bug #344418) +end claimed by jmm CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.16.7 through ...) - bugzilla 2.18 (bug #329387; low) NOTE: The vulnerable script has been removed in the 2.18 upstream release