Author: jmm-guest Date: 2005-11-30 08:53:28 +0000 (Wed, 30 Nov 2005) New Revision: 2894 Modified: data/CVE/list Log: phpbb2 fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-11-29 22:40:49 UTC (rev 2893) +++ data/CVE/list 2005-11-30 08:53:28 UTC (rev 2894) @@ -1429,21 +1429,21 @@ CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...) NOT-FOR-US: Hyper Estraier CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...) - - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) + - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown) NOTE: http://www.hardened-php.net/advisory_172005.75.html NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 NOTE: Remote code execution may be possible, especially in conjunction NOTE: with PHP bugs. CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...) - - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) + - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown) CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...) - - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) + - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown) CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...) - - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) + - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown) CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...) - - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) + - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown) CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...) - - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) + - phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown) CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...) NOT-FOR-US: eyeOS CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...) @@ -1714,7 +1714,7 @@ CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...) NOT-FOR-US: BMC Software Control-M CVE-2005-3310 (Multiple interpretation error in phpBB 2.0.17, with remote avatars and ...) - - phpbb2 <unfixed> (bug #335662; low) + - phpbb2 2.0.18-1 (bug #335662; low) CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...) NOT-FOR-US: Zomplog CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 ...)