thr3ads.net - Secure testing commits - [Secure-testing-commits] r2655

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Nov-03 23:25 UTC
[Secure-testing-commits] r2655 - data/CVE

Author: jmm-guest
Date: 2005-11-03 23:25:05 +0000 (Thu, 03 Nov 2005)
New Revision: 2655

Modified:
   data/CVE/list
Log:
gnump3d and phpbb2 CVEfied
new openvpn issue
silly new thunderbird issue
about 75 NFUs
I''ve reset the phpbb2 urgencies to unknown after they''ve been
splitted, they need to be evaluated individually.


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-03 22:32:59 UTC (rev 2654)
+++ data/CVE/list	2005-11-03 23:25:05 UTC (rev 2655)
@@ -1,179 +1,181 @@
-begin claimed by jmm
 CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating
in ...)
-	TODO: check
+	NOT-FOR-US: Cisco hardware
 CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute
...)
-	TODO: check
+	NOT-FOR-US: IOS
 CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error
messages ...)
-	TODO: check
+	NOT-FOR-US: Ringtail CaseBook
 CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in
Ringtail ...)
-	TODO: check
+	NOT-FOR-US: Ringtail CaseBook
 CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe Tutorial
Manager ...)
-	TODO: check
+	NOT-FOR-US: PHPCafe Tutorial Manager
 CVE-2005-3477 (Multiple interpretation error in the image upload handling code
in ...)
-	TODO: check
+	NOT-FOR-US: Invision Gallery
 CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2,
and ...)
-	TODO: check
+	NOT-FOR-US: OpenVMS
 CVE-2005-3475 (Hasbani Web Server allows remote attackers to cause a denial of
...)
-	TODO: check
+	NOT-FOR-US: Hasbani Web Server
 CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software
hides any ...)
-	TODO: check
+	NOT-FOR-US: XCP DRM 
 CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple
PHP Blog ...)
-	TODO: check
+	NOT-FOR-US: Simple PHP Blog
 CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications
Express ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Communications Express
 CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for
MailWatch ...)
-	TODO: check
+	NOT-FOR-US: MailWatch for MailScanner
 CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in
...)
-	TODO: check
+	NOT-FOR-US: MailWatch for MailScanner
 CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0
allows ...)
-	TODO: check
+	NOT-FOR-US: News2Net
 CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for
Microsoft ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a
denial of ...)
-	TODO: check
+	NOT-FOR-US: Serv-U FTP Server
 CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81
up to ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle
...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft
...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft
...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft
...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft
...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise
Manager ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and
Applications ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and
Applications ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and
Applications ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite
and ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration
Suite 10g ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application
Server ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle
Application ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle
Application ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application
Server 9.0 ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle
Application ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database
Server ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle
Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle
Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic
Interface in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle
Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server
8i up ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle
Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle
Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server
10g up ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server
9i up ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle
Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7
allows ...)
-	TODO: check
+	NOT-FOR-US: Nuked-Klan
 CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Archilles Newsworld
 CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and
(2) ...)
-	TODO: check
+	NOT-FOR-US: Archilles Newsworld
 CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-complicit
attackers ...)
-	TODO: check
+	NOT-FOR-US: Mirabilis ICQ
 CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password
...)
-	TODO: check
+	NOT-FOR-US: MiniGal2
 CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite
Express ...)
-	TODO: check
+	NOT-FOR-US: MailSite Express
 CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express
...)
-	TODO: check
+	NOT-FOR-US: MailSite Express
 CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to
save ...)
-	TODO: check
+	NOT-FOR-US: MailSite Express
 CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite
Express ...)
-	TODO: check
+	NOT-FOR-US: MailSite Express
 CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1
can omit ...)
-	TODO: check
+	NOT-FOR-US: IPS Sensors
 CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL
termination ...)
-	TODO: check
+	NOT-FOR-US: Cisco hardware
 CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6
...)
-	TODO: check
+	- gnump3d 2.9.6-1
 CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5
...)
-	TODO: check
+	- gnump3d 2.9.5-1 (low)
 CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow
...)
-	TODO: check
+	NOT-FOR-US: Subdreamer
 CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP
Fast ...)
-	TODO: check
+	NOT-FOR-US: ASP Fast Forum
 CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote
...)
-	TODO: check
+	NOT-FOR-US: Hyper Estraier
 CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to
modify ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
+	NOTE: http://www.hardened-php.net/advisory_172005.75.html
+	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
+	NOTE: Remote code execution may be possible, especially in conjunction
+	NOTE: with PHP bugs.
 CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB
2.0.17 ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
 CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB
2.0.17 ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
 CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays
directive is ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
 CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and
the ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
 CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass
protection ...)
-	TODO: check
+	- phpbb2 <unfixed> (bug #336582; bug #336587; unknown)
 CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with
...)
-	TODO: check
+	NOT-FOR-US: eyeOS
 CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS
0.8.4 ...)
-	TODO: check
+	NOT-FOR-US: eyeOS
 CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Elite Forum
 CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz
Forums ...)
-	TODO: check
+	NOT-FOR-US: Snitz Forums
 CVE-2005-3410
 	RESERVED
 CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows
remote ...)
-	TODO: check
+	- openvpn <unfixed> (bug filed; low)
 CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43
allows ...)
-	TODO: check
+	NOT-FOR-US: gCards
 CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows
remote ...)
-	TODO: check
+	NOT-FOR-US: phpESP
 CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: phpESP
 CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to
execute ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1
through ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor
1.4.1 ...)
-	TODO: check
+	NOT-FOR-US: ATutor
 CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and
possibly ...)
-	TODO: check
+	- mozilla-thunderbird <unfixed> (low)
 CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: TheHacker
 CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote
...)
-	TODO: check
+	NOT-FOR-US: CAT-QuickHeal
 CVE-2005-3398 (The default configuration of the web server for the Solaris
Management ...)
-	TODO: check
+	NOT-FOR-US: Solaris Management Console
 CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice
allows ...)
-	TODO: check
+	NOT-FOR-US: Comersus BackOffice
 CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and
5.3, ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: AIX
 CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows
remote ...)
 	NOT-FOR-US: Invision Gallery
 CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard
forum ...)
@@ -298,12 +300,6 @@
 	NOT-FOR-US: Integrity Protection Driver
 CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the
recv ...)
 	NOT-FOR-US: nylon
-CVE-2005-XXXX [phpBB issues fixed in 2.0.18]
-	- phpbb2 <unfixed> (bug #336582; bug #336587; high)
-	NOTE: http://www.hardened-php.net/advisory_172005.75.html
-	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
-	NOTE: Remote code execution may be possible, especially in conjunction
-	NOTE: with PHP bugs.
 CVE-2005-XXXX [ntop format string vulnerability]
 	- ntop <unfixed> (bug #335996; low)
 	NOTE: Possibly not exploitable
@@ -941,8 +937,6 @@
 	- gnump3d 2.9.6-1 (medium)
 CVE-2005-3122
 	REJECTED
-	{DSA-877-1}
-	- gnump3d 2.9.6-1 (low)
 CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary
file ...)
 	{DSA-867-1}
 	- module-assistant 0.9.10
Secure testing commits - Nov 2005 - r2655 - data/CVE

[Secure-testing-commits] r2655 - data/CVE
