Author: joeyh Date: 2005-10-24 09:14:21 +0000 (Mon, 24 Oct 2005) New Revision: 2544 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-24 08:47:17 UTC (rev 2543) +++ data/CVE/list 2005-10-24 09:14:21 UTC (rev 2544) @@ -1,3 +1,53 @@ +CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) + TODO: check +CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...) + TODO: check +CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...) + TODO: check +CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote ...) + TODO: check +CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote ...) + TODO: check +CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote ...) + TODO: check +CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...) + TODO: check +CVE-2005-3294 (Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows ...) + TODO: check +CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of ...) + TODO: check +CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 ...) + TODO: check +CVE-2005-3291 (Stani''s Python Editor (SPE) 0.7.5 is installed with world-writable ...) + TODO: check +CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows ...) + TODO: check +CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...) + TODO: check +CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files ...) + TODO: check +CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote ...) + TODO: check +CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall ...) + TODO: check +CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before ...) + TODO: check +CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 ...) + TODO: check +CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...) + TODO: check +CVE-2005-3281 (Directory traversal vulnerability in NukeFix 3.1 for PHP-Nuke 7.8 ...) + TODO: check +CVE-2005-3280 (Paros 3.2.5 uses a default password for the "sa" account in the ...) + TODO: check +CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...) + TODO: check +CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...) + TODO: check +CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote ...) + TODO: check CVE-2005-XXXX [adduser''s deluser creates backup files with world readable permissions] - adduser 3.77 (bug #331720; low) CVE-2005-XXXX [yet another local file inclusion vulnverability in phpmyadmin] @@ -28,7 +78,7 @@ CVE-2005-3267 RESERVED CVE-2005-3266 - RESERVED + REJECTED CVE-2005-3265 RESERVED CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog ...) @@ -248,7 +298,7 @@ - xloadimage 4.1-15 (bug #332524; medium) - xli 1.17.0-20 (medium) NOTE: xli couldn''t load the provided test images when I checked? -CVE-2005-3302 [Arbitrary command execution in import script for bvh files in Blender] +CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 allows ...) - blender <unfixed> (bug #330895; medium) CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...) NOT-FOR-US: Microsoft @@ -280,7 +330,8 @@ NOT-FOR-US: Hitachi Cosminexus Application Server CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...) - polipo <unfixed> (bug #332411; medium) -CVE-2005-3162 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.109 allow ...) +CVE-2005-3162 + REJECTED NOT-FOR-US: PHP-Fusion CVE-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows ...) NOT-FOR-US: PHP-Fusion @@ -822,8 +873,7 @@ RESERVED - linux-2.6 <unfixed> NOTE: Pinged Horms as usual -CVE-2005-2972 [Further RTF buffer overflows in abiword] - RESERVED +CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...) - abiword 2.4.1-1 (bug #333740; medium) CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...) - koffice 1:1.3.5-5 (bug #333497; medium) @@ -3971,7 +4021,7 @@ NOT-FOR-US: EtoShop CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...) NOT-FOR-US: NetBSD -CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CAN-2005-1915. Reason: ...) +CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1915. Reason: ...) NOT-FOR-US: log4sh CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...) NOT-FOR-US: SCO UnixWare @@ -3985,26 +4035,26 @@ NOT-FOR-US: Windows CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) NOT-FOR-US: Windows -CVE-2005-2126 - RESERVED +CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet ...) + TODO: check CVE-2005-2125 RESERVED CVE-2005-2124 RESERVED CVE-2005-2123 RESERVED -CVE-2005-2122 - RESERVED +CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...) + TODO: check CVE-2005-2121 RESERVED CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...) NOT-FOR-US: Windows CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...) NOT-FOR-US: Microsoft -CVE-2005-2118 - RESERVED -CVE-2005-2117 - RESERVED +CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...) + TODO: check +CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...) + TODO: check CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...) - cupsys 1.1.20final+rc1-1 (low) CVE-2005-2116