thr3ads.net - Secure testing commits - [Secure-testing-commits] r2653

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Nov-03 21:14 UTC
[Secure-testing-commits] r2653 - data/CVE

Author: joeyh
Date: 2005-11-03 21:14:22 +0000 (Thu, 03 Nov 2005)
New Revision: 2653

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-03 11:40:23 UTC (rev 2652)
+++ data/CVE/list	2005-11-03 21:14:22 UTC (rev 2653)
@@ -1,3 +1,177 @@
+CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating
in ...)
+	TODO: check
+CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute
...)
+	TODO: check
+CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error
messages ...)
+	TODO: check
+CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in
Ringtail ...)
+	TODO: check
+CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe Tutorial
Manager ...)
+	TODO: check
+CVE-2005-3477 (Multiple interpretation error in the image upload handling code
in ...)
+	TODO: check
+CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2,
and ...)
+	TODO: check
+CVE-2005-3475 (Hasbani Web Server allows remote attackers to cause a denial of
...)
+	TODO: check
+CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software
hides any ...)
+	TODO: check
+CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple
PHP Blog ...)
+	TODO: check
+CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications
Express ...)
+	TODO: check
+CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for
MailWatch ...)
+	TODO: check
+CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in
...)
+	TODO: check
+CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0
allows ...)
+	TODO: check
+CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for
Microsoft ...)
+	TODO: check
+CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a
denial of ...)
+	TODO: check
+CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81
up to ...)
+	TODO: check
+CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle
...)
+	TODO: check
+CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft
...)
+	TODO: check
+CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft
...)
+	TODO: check
+CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft
...)
+	TODO: check
+CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft
...)
+	TODO: check
+CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise
Manager ...)
+	TODO: check
+CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and
Applications ...)
+	TODO: check
+CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and
Applications ...)
+	TODO: check
+CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and
Applications ...)
+	TODO: check
+CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
+	TODO: check
+CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
+	TODO: check
+CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration
Suite 10g ...)
+	TODO: check
+CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...)
+	TODO: check
+CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application
Server ...)
+	TODO: check
+CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle
Application ...)
+	TODO: check
+CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle
Application ...)
+	TODO: check
+CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application
Server 9.0 ...)
+	TODO: check
+CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle
Application ...)
+	TODO: check
+CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database
Server ...)
+	TODO: check
+CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle
Database ...)
+	TODO: check
+CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle
Database ...)
+	TODO: check
+CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic
Interface in ...)
+	TODO: check
+CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle
Database ...)
+	TODO: check
+CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server
8i up ...)
+	TODO: check
+CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle
Database ...)
+	TODO: check
+CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle
Database ...)
+	TODO: check
+CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server
10g up ...)
+	TODO: check
+CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server
9i up ...)
+	TODO: check
+CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle
Database ...)
+	TODO: check
+CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7
allows ...)
+	TODO: check
+CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows
attackers to ...)
+	TODO: check
+CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and
(2) ...)
+	TODO: check
+CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-complicit
attackers ...)
+	TODO: check
+CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password
...)
+	TODO: check
+CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite
Express ...)
+	TODO: check
+CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express
...)
+	TODO: check
+CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to
save ...)
+	TODO: check
+CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite
Express ...)
+	TODO: check
+CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1
can omit ...)
+	TODO: check
+CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL
termination ...)
+	TODO: check
+CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6
...)
+	TODO: check
+CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5
...)
+	TODO: check
+CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow
...)
+	TODO: check
+CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP
Fast ...)
+	TODO: check
+CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote
...)
+	TODO: check
+CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to
modify ...)
+	TODO: check
+CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB
2.0.17 ...)
+	TODO: check
+CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB
2.0.17 ...)
+	TODO: check
+CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays
directive is ...)
+	TODO: check
+CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and
the ...)
+	TODO: check
+CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass
protection ...)
+	TODO: check
+CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with
...)
+	TODO: check
+CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS
0.8.4 ...)
+	TODO: check
+CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0
allows ...)
+	TODO: check
+CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz
Forums ...)
+	TODO: check
+CVE-2005-3410
+	RESERVED
+CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows
remote ...)
+	TODO: check
+CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43
allows ...)
+	TODO: check
+CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows
remote ...)
+	TODO: check
+CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and
earlier ...)
+	TODO: check
+CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to
execute ...)
+	TODO: check
+CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1
through ...)
+	TODO: check
+CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor
1.4.1 ...)
+	TODO: check
+CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and
possibly ...)
+	TODO: check
+CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows
remote ...)
+	TODO: check
+CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote
...)
+	TODO: check
+CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote
...)
+	TODO: check
+CVE-2005-3398 (The default configuration of the web server for the Solaris
Management ...)
+	TODO: check
+CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice
allows ...)
+	TODO: check
+CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and
5.3, ...)
+	TODO: check
 CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows
remote ...)
 	NOT-FOR-US: Invision Gallery
 CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard
forum ...)
@@ -161,7 +335,7 @@
 	NOT-FOR-US: Belchior Foundry vCard
 CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite
arbitrary ...)
 	- mgdiff 1.0-28 (bug #335188; unimportant)
-CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2 allows remote attackers
to ...)
+CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products
such as ...)
 	- wordpress <unfixed> (bug #335817; high)
 CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication
Agent ...)
 	NOT-FOR-US: RSA Authentication Agent
@@ -622,7 +796,7 @@
 	- curl 7.15.0-1 (bug #333734; medium)
 CVE-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote
attackers to ...)
 	- clamav <unfixed> (bug #333566; medium)
-CVE-2005-3181 (Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is
enabled, ...)
+CVE-2005-3181 (The audit system in Linux kernel before 2.6.13.4, when ...)
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
 	- kernel-source-2.4.27 <not-affected> (2.4 kernels don''t have
CONFIG_AUDITSYSCALL)
 CVE-2005-XXXX [Missing safemode checks in PHP''s _php_image_output
functions]
@@ -763,7 +937,8 @@
 CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows
...)
 	{DSA-877-1}
 	- gnump3d 2.9.6-1 (medium)
-CVE-2005-3122 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6
...)
+CVE-2005-3122
+	REJECTED
 	{DSA-877-1}
 	- gnump3d 2.9.6-1 (low)
 CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary
file ...)
@@ -984,7 +1159,7 @@
 	- eric 3.7.2-1 (bug #330608; medium)
 CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in
PerlDiver ...)
 	NOT-FOR-US: PerlDiver
-CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in
PerlDiver ...)
+CVE-2005-3066 (** DISPUTED **  NOTE: this issue has been disputed by the
vendor. ...)
 	NOT-FOR-US: PerlDiver
 CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers
cause a ...)
 	NOT-FOR-US: MultiTheftAuto
@@ -1379,7 +1554,7 @@
 	NOT-FOR-US: CjLinkOut
 CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in
details.php in ...)
 	NOT-FOR-US: CjTagBoard
-CVE-2005-2898 (** DISPUTED ** ...)
+CVE-2005-2898 (** DISPUTED ** NOTE: this issue has been disputed by the vendor.
...)
 	NOT-FOR-US: Filezilla
 CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive
information ...)
 	NOT-FOR-US: WEB//NEWS
@@ -1715,14 +1890,14 @@
 	RESERVED
 CVE-2005-2753
 	RESERVED
-CVE-2005-2752
-	RESERVED
-CVE-2005-2751
-	RESERVED
-CVE-2005-2750
-	RESERVED
-CVE-2005-2749
-	RESERVED
+CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier
does ...)
+	TODO: check
+CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations,
does not ...)
+	TODO: check
+CVE-2005-2750 (Software Update in Mac OS X 10.4.2, when the user marks all
updates to ...)
+	TODO: check
+CVE-2005-2749 (Unspecified vulnerability in the Finder Get Info window for Mac
OS X ...)
+	TODO: check
 CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X
10.3.9 ...)
 	TODO: check
 CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by
...)
@@ -1741,8 +1916,8 @@
 	TODO: check
 CVE-2005-2740
 	RESERVED
-CVE-2005-2739
-	RESERVED
+CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password
...)
+	TODO: check
 CVE-2005-2738
 	RESERVED
 CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro
5.1 ...)
@@ -12926,7 +13101,7 @@
 CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3)
...)
 	{DSA-608-1}
 	- zgv 5.7-1.3 (bug #284124)
-CVE-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through
RealPlayer ...)
+CVE-2004-1094 (Buffer overflow in a third-party compression library, InnerMedia
...)
 	NOT-FOR-US: RealPlayer
 CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
 	{DSA-639-1}
Secure testing commits - Nov 2005 - r2653 - data/CVE

[Secure-testing-commits] r2653 - data/CVE
