Author: fw Date: 2005-10-31 18:17:10 +0000 (Mon, 31 Oct 2005) New Revision: 2626 Modified: data/CVE/list Log: New PHP bugs. Upgrade phpBB severity (PHP code injection could be possible). Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-31 16:23:42 UTC (rev 2625) +++ data/CVE/list 2005-10-31 18:17:10 UTC (rev 2626) @@ -1,7 +1,22 @@ +CVE-2005-XXXX [generic XSS vulnerability in PHP''s phpinfo function] + - php4 <unfixed> (bug filed; low) + - php5 <unfixed> (bug filed; low) + NOTE: http://www.hardened-php.net/advisory_182005.77.html +CVE-2005-XXXX [PHP register_globals Activation Vulnerability in parse_str] + - php4 <unfixed> (bug filed; low) + - php5 <unfixed> (bug filed; low) + NOTE: http://www.hardened-php.net/advisory_192005.78.html +CVE-2005-XXXX [PHP File-Upload $GLOBALS Overwrite Vulnerability] + - php4 <unfixed> (bug filed; high) + - php5 <unfixed> (bug filed; high) + NOTE: http://www.hardened-php.net/advisory_202005.79.html + NOTE: http://www.hardened-php.net/globals-problem CVE-2005-XXXX [phpBB issues fixed in 2.0.18] - - phpbb2 <unfixed> (bug #336582; medium) + - phpbb2 <unfixed> (bug #336582; high) NOTE: http://www.hardened-php.net/advisory_172005.75.html NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 + NOTE: Remote code execution may be possible, especially in conjunction + NOTE: with PHP bugs. CVE-2005-XXXX [ntop format string vulnerability] - ntop <unfixed> (bug #335996; low) NOTE: Possibly not exploitable