Author: jmm-guest Date: 2005-10-27 09:47:42 +0000 (Thu, 27 Oct 2005) New Revision: 2592 Modified: data/CVE/list Log: new php issues chmlib CVEfied phpbb2 CVEfied lots if NFUs claim more Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-27 09:41:46 UTC (rev 2591) +++ data/CVE/list 2005-10-27 09:47:42 UTC (rev 2592) @@ -39,17 +39,17 @@ TODO: check CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...) NOT-FOR-US: SuSE-specific tool -begin claimed by jmm CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...) - TODO: check + NOT-FOR-US: SiteTurn Domain Manager CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...) - TODO: check + - php4 <unfixed> + - php5 <unfixed> CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib ...) - TODO: check + - chmlib <unfixed> (bug #335931; medium) CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and ...) - TODO: check + NOT-FOR-US: ZipGenius CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...) - TODO: check + NOT-FOR-US: Symantec Discovery CVE-2005-3315 RESERVED CVE-2005-3314 @@ -57,26 +57,26 @@ CVE-2005-3313 RESERVED CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...) - TODO: check + NOT-FOR-US: BMC Software Control-M CVE-2005-3310 (Multiple interpretation error in phpBB 2.0.17, with remote avatars and ...) - TODO: check + - phpbb2 <unfixed> (bug filed) CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...) - TODO: check + NOT-FOR-US: Zomplog CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 ...) - TODO: check + NOT-FOR-US: Zomplog CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 ...) - TODO: check + NOT-FOR-US: FlatNuke CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke ...) - TODO: check + NOT-FOR-US: FlatNuke CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote ...) - TODO: check + NOT-FOR-US: Nuked Klan CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2005-3303 RESERVED -end claimed by jmm +begin claimed by jmm CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...) TODO: check CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...) @@ -135,6 +135,7 @@ TODO: check CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...) TODO: check +end claimed by jmm CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...) TODO: check CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...) @@ -194,14 +195,10 @@ [sarge] - kernel-source-2.4.27 <not-affected> [sarge] - kernel-source-2.6.8 <not-affected> NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e -CVE-2005-XXXX [chmlib buffer overflow] - - chmlib <unfixed> (bug #335931; medium) CVE-2005-XXXX [Insecure temp file usage in thttpd''s syslogtocern] - thttpd 2.23beta1-4 (low) CVE-2005-XXXX [buffer overflow in inkscape] - inkscape <unfixed> (bug #330894) -CVE-2005-XXXX [phpbb2 cookie disclosure when using IE as a browser] - - phpbb2 <unfixed> (bug filed) CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium) CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...)