thr3ads.net - Secure testing commits - [Secure-testing-commits] r2779

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Nov-18 09:15 UTC
[Secure-testing-commits] r2779 - data/CVE

Author: joeyh
Date: 2005-11-18 09:14:18 +0000 (Fri, 18 Nov 2005)
New Revision: 2779

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-18 00:03:03 UTC (rev 2778)
+++ data/CVE/list	2005-11-18 09:14:18 UTC (rev 2779)
@@ -1,11 +1,695 @@
-CVE-2005-3621 [phpmyadmin HTTP response splitting]
+CVE-2006-0017
+	RESERVED
+CVE-2006-0016
+	RESERVED
+CVE-2006-0015
+	RESERVED
+CVE-2006-0014
+	RESERVED
+CVE-2006-0013
+	RESERVED
+CVE-2006-0012
+	RESERVED
+CVE-2006-0011
+	RESERVED
+CVE-2006-0010
+	RESERVED
+CVE-2006-0009
+	RESERVED
+CVE-2006-0008
+	RESERVED
+CVE-2006-0007
+	RESERVED
+CVE-2006-0006
+	RESERVED
+CVE-2006-0005
+	RESERVED
+CVE-2006-0004
+	RESERVED
+CVE-2006-0003
+	RESERVED
+CVE-2006-0002
+	RESERVED
+CVE-2006-0001
+	RESERVED
+CVE-2005-3714
+	RESERVED
+CVE-2005-3713
+	RESERVED
+CVE-2005-3712
+	RESERVED
+CVE-2005-3711
+	RESERVED
+CVE-2005-3710
+	RESERVED
+CVE-2005-3709
+	RESERVED
+CVE-2005-3708
+	RESERVED
+CVE-2005-3707
+	RESERVED
+CVE-2005-3706
+	RESERVED
+CVE-2005-3705
+	RESERVED
+CVE-2005-3704
+	RESERVED
+CVE-2005-3703
+	RESERVED
+CVE-2005-3702
+	RESERVED
+CVE-2005-3701
+	RESERVED
+CVE-2005-3700
+	RESERVED
+CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as
used in ...)
+	TODO: check
+CVE-2005-3663 (Untrusted Windows search path vulnerability in Kaspersky
Anti-Virus ...)
+	TODO: check
+CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using
the ...)
+	TODO: check
+CVE-2005-3661
+	RESERVED
+CVE-2005-3660
+	RESERVED
+CVE-2005-3659
+	RESERVED
+CVE-2005-3658
+	RESERVED
+CVE-2005-3657
+	RESERVED
+CVE-2005-3656
+	RESERVED
+CVE-2005-3655
+	RESERVED
+CVE-2005-3654
+	RESERVED
+CVE-2005-3653
+	RESERVED
+CVE-2005-3652
+	RESERVED
+CVE-2005-3651
+	RESERVED
+CVE-2005-3650 (CodeSupport.ocx ActiveX control, as used by Sony to uninstall
the ...)
+	TODO: check
+CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect
users ...)
+	TODO: check
+CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record
function in ...)
+	TODO: check
+CVE-2005-3647 (Folder Guard allows local users to bypass protections by running
from ...)
+	TODO: check
+CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php
in ...)
+	TODO: check
+CVE-2005-3645 (phpAdsNew 2.0.6 and possibly earlier versions allows remote
attackers ...)
+	TODO: check
+CVE-2005-3644 (upnp_getdevicelist in UPnP for Windows 2000 Server SP3 and
earlier, ...)
+	TODO: check
+CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File
Sharing ...)
+	TODO: check
+CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with
Simple ...)
+	TODO: check
+CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing
...)
+	TODO: check
+CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of
...)
+	TODO: check
+CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help
Center ...)
+	TODO: check
+CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3
allow ...)
+	TODO: check
+CVE-2005-3637 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows
remote ...)
+	TODO: check
+CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application
Server ...)
+	TODO: check
+CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web
...)
+	TODO: check
+CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server
(WAS) ...)
+	TODO: check
+CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web
...)
+	TODO: check
+CVE-2005-3632
+	RESERVED
+CVE-2005-3631
+	RESERVED
+CVE-2005-3630
+	RESERVED
+CVE-2005-3629
+	RESERVED
+CVE-2005-3628
+	RESERVED
+CVE-2005-3627
+	RESERVED
+CVE-2005-3626
+	RESERVED
+CVE-2005-3625
+	RESERVED
+CVE-2005-3624
+	RESERVED
+CVE-2005-3623
+	RESERVED
+CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2005-3620
+	RESERVED
+CVE-2005-3619
+	RESERVED
+CVE-2005-3618
+	RESERVED
+CVE-2005-3617
+	RESERVED
+CVE-2005-3616
+	RESERVED
+CVE-2005-3615
+	RESERVED
+CVE-2005-3614
+	RESERVED
+CVE-2005-3613
+	RESERVED
+CVE-2005-3612
+	RESERVED
+CVE-2005-3611
+	RESERVED
+CVE-2005-3610
+	RESERVED
+CVE-2005-3609
+	RESERVED
+CVE-2005-3608
+	RESERVED
+CVE-2005-3607
+	RESERVED
+CVE-2005-3606
+	RESERVED
+CVE-2005-3605
+	RESERVED
+CVE-2005-3604
+	RESERVED
+CVE-2005-3603
+	RESERVED
+CVE-2005-3602
+	RESERVED
+CVE-2005-3601
+	RESERVED
+CVE-2005-3600
+	RESERVED
+CVE-2005-3599
+	RESERVED
+CVE-2005-3598
+	RESERVED
+CVE-2005-3597
+	RESERVED
+CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote
...)
+	TODO: check
+CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a
blank ...)
+	TODO: check
+CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high
scores ...)
+	TODO: check
+CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and
earlier ...)
+	TODO: check
+CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow
remote ...)
+	TODO: check
+CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook
2.2 ...)
+	TODO: check
+CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV)
before ...)
+	TODO: check
+CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote
attackers to ...)
+	TODO: check
+CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 0.4.4
allows ...)
+	TODO: check
+CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in
PhpWebThings ...)
+	TODO: check
+CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development
Kit ...)
+	TODO: check
+CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage
group ...)
+	TODO: check
+CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to
...)
+	TODO: check
+CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to
...)
+	TODO: check
+CVE-2005-3579 (ts.cgi in Walla TeleSite 3.0 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2005-3578 (SQL injection vulnerability in ts.exe in Walla TeleSite 3.0 and
...)
+	TODO: check
+CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe in Walla
TeleSite ...)
+	TODO: check
+CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and
earlier ...)
+	TODO: check
+CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows
remote ...)
+	TODO: check
+CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8
character ...)
+	TODO: check
+CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7
...)
+	TODO: check
+CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl
(a) ...)
+	TODO: check
+CVE-2005-3570 (Unknown cross-site scripting (XSS) vulnerability in Horde before
2.2.9 ...)
+	TODO: check
+CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10
on AIX ...)
+	TODO: check
+CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10
...)
+	TODO: check
+CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server 5.2.0 and 6.0.0
binds ...)
+	TODO: check
+CVE-2005-3566 (Buffer overflow in the ha command of VERITAS Cluster Server for
UNIX ...)
+	TODO: check
+CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00,
B.11.11, and ...)
+	TODO: check
+CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users
to ...)
+	TODO: check
+CVE-2005-3563 (ATutor 1.5.1 stores temporary chat logs as world readable under
the ...)
+	TODO: check
+CVE-2005-3562 (Direct code injection vulnerability in ATutor 1.5.1 allows
remote ...)
+	TODO: check
+CVE-2005-3561 (SQL injection vulnerability in password_reminder.php in ATutor
before ...)
+	TODO: check
+CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security
Suite ...)
+	TODO: check
+CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9
...)
+	TODO: check
+CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows
...)
+	TODO: check
+CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in
PHPlist ...)
+	TODO: check
+CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist
2.10.1 ...)
+	TODO: check
+CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and
earlier ...)
+	TODO: check
+CVE-2005-3554 (Multiple direct code injection vulnerabilities in the help
function in ...)
+	TODO: check
+CVE-2005-3553 (Multiple SQL injection vulnerabilities include.php in PHPKIT
1.6.1 R2 ...)
+	TODO: check
+CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT
1.6.1 R2 ...)
+	TODO: check
+CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in
the web ...)
+	TODO: check
+CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS
before ...)
+	TODO: check
+CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision
Power ...)
+	TODO: check
+CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision
Power ...)
+	TODO: check
+CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board
2.1 ...)
+	TODO: check
+CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux
before ...)
+	TODO: check
+CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in
...)
+	TODO: check
+CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3
...)
+	TODO: check
+CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha
through ...)
+	TODO: check
+CVE-2005-3542 (SQL injection vulnerability in showGallery.php in Tonio Gallery
2.4 ...)
+	TODO: check
+CVE-2005-3541
+	RESERVED
+CVE-2005-3540
+	RESERVED
+CVE-2005-3539
+	RESERVED
+CVE-2005-3538
+	RESERVED
+CVE-2005-3537
+	RESERVED
+CVE-2005-3536
+	RESERVED
+CVE-2005-3535
+	RESERVED
+CVE-2005-3534
+	RESERVED
+CVE-2005-3533
+	RESERVED
+CVE-2005-3532
+	RESERVED
+CVE-2005-3531
+	RESERVED
+CVE-2005-3530
+	RESERVED
+CVE-2005-3529
+	RESERVED
+CVE-2005-3528
+	RESERVED
+CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6
allows ...)
+	TODO: check
+CVE-2005-3526
+	RESERVED
+CVE-2005-3525
+	RESERVED
+CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in
ManageEngine ...)
+	TODO: check
+CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617
through ...)
+	TODO: check
+CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource
2.14.0 ...)
+	TODO: check
+CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0
allow ...)
+	TODO: check
+CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and
1.2.8 ...)
+	TODO: check
+CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the
...)
+	TODO: check
+CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in
Chipmunk ...)
+	TODO: check
+CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in
Chipmunk ...)
+	TODO: check
+CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk
Forum ...)
+	TODO: check
+CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain
the ...)
+	TODO: check
+CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB
alpha ...)
+	TODO: check
+CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac
Web OS ...)
+	TODO: check
+CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a
...)
+	TODO: check
+CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote
...)
+	TODO: check
+CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery
(Galerie) ...)
+	TODO: check
+CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows
remote ...)
+	TODO: check
+CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar
Server ...)
+	TODO: check
+CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat
script in ...)
+	TODO: check
+CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is
...)
+	TODO: check
+CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly
other ...)
+	TODO: check
+CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers
to ...)
+	TODO: check
+CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass
protection ...)
+	TODO: check
+CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x
before ...)
+	TODO: check
+CVE-2005-3497 (SQL injection vulnerability in process_signup.php in PHP
Handicapper ...)
+	TODO: check
+CVE-2005-3496 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
Handicapper ...)
+	TODO: check
+CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass ...)
+	TODO: check
+CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and
earlier ...)
+	TODO: check
+CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a
...)
+	TODO: check
+CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in
...)
+	TODO: check
+CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus
Video ...)
+	TODO: check
+CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when
using ...)
+	TODO: check
+CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier
allow ...)
+	TODO: check
+CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf)
and ...)
+	TODO: check
+CVE-2005-3485 (Buffer overflow in Glider Collect''n kill 1.0.0.0 allows
remote ...)
+	TODO: check
+CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier
...)
+	TODO: check
+CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier
allows ...)
+	TODO: check
+CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2)
Software ...)
+	TODO: check
+CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the
Internet ...)
+	TODO: check
+CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via
a ...)
+	TODO: check
+CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote
...)
+	TODO: check
+CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and
...)
+	TODO: check
+CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1
allows ...)
+	TODO: check
+CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another
Bulletin ...)
+	TODO: check
+CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user
PIN''s ...)
+	TODO: check
+CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service
...)
+	TODO: check
+CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service
...)
+	TODO: check
+CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers
to ...)
+	TODO: check
+CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows
...)
+	TODO: check
+CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web
server ...)
+	TODO: check
+CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp,
(2) ...)
+	TODO: check
+CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer
2.92 ...)
+	TODO: check
+CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages
in the ...)
+	TODO: check
+CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP)
LCS-883R-AC-B, ...)
+	TODO: check
+CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0
and ...)
+	TODO: check
+CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to
cause a ...)
+	TODO: check
+CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to
execute ...)
+	TODO: check
+CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers
to ...)
+	TODO: check
+CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6
allows ...)
+	TODO: check
+CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain
...)
+	TODO: check
+CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to
execute ...)
+	TODO: check
+CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows
remote ...)
+	TODO: check
+CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to
execute ...)
+	TODO: check
+CVE-2003-1253 (Bookmark4U 1.8.3 allows remote attackers to execute arbitrary
PHP code ...)
+	TODO: check
+CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute
...)
+	TODO: check
+CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3)
mass_operations.inc.php ...)
+	TODO: check
+CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80
...)
+	TODO: check
+CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which
...)
+	TODO: check
+CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute
arbitrary ...)
+	TODO: check
+CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote
...)
+	TODO: check
+CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection
Driver ...)
+	TODO: check
+CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain ...)
+	TODO: check
+CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0,
2.0.1 and ...)
+	TODO: check
+CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows
remote ...)
+	TODO: check
+CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web
server path ...)
+	TODO: check
+CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php,
(2) ...)
+	TODO: check
+CVE-2003-1240 (CuteNews 0.88 allows remote attackers to execute arbitrary PHP
code by ...)
+	TODO: check
+CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto
0.86 ...)
+	TODO: check
+CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta
and ...)
+	TODO: check
+CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and
...)
+	TODO: check
+CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in
...)
+	TODO: check
+CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive
server ...)
+	TODO: check
+CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2
through ...)
+	TODO: check
+CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in
...)
+	TODO: check
+CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001
allows ...)
+	TODO: check
+CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote
...)
+	TODO: check
+CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4
checks ...)
+	TODO: check
+CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in
Solaris ...)
+	TODO: check
+CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files,
even when ...)
+	TODO: check
+CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier
allows ...)
+	TODO: check
+CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote
...)
+	TODO: check
+CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection
Environment ...)
+	TODO: check
+CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote
attackers to ...)
+	TODO: check
+CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to
cause a ...)
+	TODO: check
+CVE-2002-2196 (Samba 2.2.5 and earlier does not properly terminate the ...)
+	TODO: check
+CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and
...)
+	TODO: check
+CVE-2002-2194 (Solaris 8 allows local users to cause a denial of service
(kernel ...)
+	TODO: check
+CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo
Mail 2.7 ...)
+	TODO: check
+CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe
2.0.1 ...)
+	TODO: check
+CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the
...)
+	TODO: check
+CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in
plaintext ...)
+	TODO: check
+CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts
Software ...)
+	TODO: check
+CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of
service ...)
+	TODO: check
+CVE-2002-2187 (Unknown &quot;file disclosure&quot; vulnerability in
Macromedia JRun 3.0, 3.1, ...)
+	TODO: check
+CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view
the ...)
+	TODO: check
+CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users
to ...)
+	TODO: check
+CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain
the IP ...)
+	TODO: check
+CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote
attackers to ...)
+	TODO: check
+CVE-2002-2182 (Buffer overflow in Seunghyun Seo''s MSN666 MSN Sniffer
1.0 and 1.0.1 ...)
+	TODO: check
+CVE-2002-2181 (SonicWall Content Filtering allows local users to access
prohibited ...)
+	TODO: check
+CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not
...)
+	TODO: check
+CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP
environment ...)
+	TODO: check
+CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module
for ...)
+	TODO: check
+CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP
...)
+	TODO: check
+CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote
...)
+	TODO: check
+CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to
find ...)
+	TODO: check
+CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the
number ...)
+	TODO: check
+CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73
allowing ...)
+	TODO: check
+CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out
newly ...)
+	TODO: check
+CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14
allows ...)
+	TODO: check
+CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through
1.74 ...)
+	TODO: check
+CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM)
4.5 and ...)
+	TODO: check
+CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before
0.3.1 ...)
+	TODO: check
+CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for
...)
+	TODO: check
+CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0
...)
+	TODO: check
+CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the
REFERER ...)
+	TODO: check
+CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0
allows ...)
+	TODO: check
+CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than
once by ...)
+	TODO: check
+CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion
(XOR) ...)
+	TODO: check
+CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote
...)
+	TODO: check
+CVE-2002-2160 (MidiCart (1) PHP, (2) PHP Plus, and (3) PHP Maxi does not
restrict ...)
+	TODO: check
+CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with
the ...)
+	TODO: check
+CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the
full ...)
+	TODO: check
+CVE-2002-2157 (calendar.php in Jelsoft Enterprises vBulletin 2.2.0 and earlier
allows ...)
+	TODO: check
+CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to
execute ...)
+	TODO: check
+CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite
...)
+	TODO: check
+CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4
allows ...)
+	TODO: check
+CVE-2002-2153 (Format string vulnerability in the administrative pages of the
PL/SQL ...)
+	TODO: check
+CVE-2002-2152 (The Czech edition of Software602''s Web Server before
2002.0.02.0916 ...)
+	TODO: check
+CVE-2002-2151 (Cross-site scripting (XSS) vulnerability in Verity Search97
allows ...)
+	TODO: check
+CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly
than ...)
+	TODO: check
+CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500
Service ...)
+	TODO: check
+CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline
...)
+	TODO: check
+CVE-2002-2147 (Savant Web Server 3.1 and earlier allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote
...)
+	TODO: check
+CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6
allows ...)
+	TODO: check
+CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its
administrative ...)
+	TODO: check
+CVE-2002-2142 (An undocumented extension for the Servlet mappings in the
Servlet 2.3 ...)
+	TODO: check
+CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running
Servlets ...)
+	TODO: check
+CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to
6.0.3, ...)
+	TODO: check
+CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not
...)
+	TODO: check
+CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09,
when ...)
+	TODO: check
+CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T,
and ...)
+	TODO: check
+CVE-2002-2136 (The Web-Based Enterprise Management (WBEM) packages (1)
SUNWwbdoc, (2) ...)
+	TODO: check
+CVE-2002-2135 (OnlineJFS and JournalFS.VXFS-BASE-KRN (JFS 3.1) in HP-UX 10.20
through ...)
+	TODO: check
+CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute
arbitrary PHP ...)
+	TODO: check
+CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak
encryption ...)
+	TODO: check
+CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not
remove ...)
+	TODO: check
+CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2
allows ...)
+	TODO: check
+CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to
...)
+	TODO: check
+CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for
w-Agora ...)
+	TODO: check
+CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute
arbitrary ...)
+	TODO: check
+CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access
to ...)
+	TODO: check
+CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays
driver ...)
+	TODO: check
+CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired
certificate ...)
+	TODO: check
+CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6
allows ...)
+	TODO: check
+CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4
allows ...)
 	- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
 CVE-2005-XXXX [openswan isakmp dos]
 	- openswan 1:2.4.3-1 (bug #339082; medium)
 	TODO: Keep an eye on ipsec-tools''s upstream, it''s
potentially affected as well
 CVE-2005-XXXX [Two unspecified issues in non-free rar]
 	- rar <unfixed> (bug #339077; unknown)
-CVE-2005-3524 [Remotely exploitable buffer overflow in linux-ftpd-ssl]
+CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
 	{DSA-896-1}
 	- linux-ftpd-ssl <unfixed> (bug #339074; high)
 CVE-2005-XXXX [kernel: NFS leases mem leak]
@@ -31,15 +715,15 @@
 	- asterisk <unfixed> (bug #338116; medium)
 CVE-2005-XXXX [webcalendar''s password visible to local users through
debconf]
 	- webcalendar <unfixed> (bug #337624)
-CVE-2005-3523 [Format string vulnerability in gpsdrive]
+CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows
remote ...)
 	{DSA-891-1}
 	- gpsdrive 2.09-2sarge1 (bug #337495; medium)
 CVE-2005-XXXX [Insecure temp files in note]
 	- note 1.3.1-3 (bug #337492; low)
-CVE-2005-3500 [clamav: DoS in CAB parsing]
+CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus
(ClamAV) ...)
 	{DSA-887-1 DTSA-21-1}
 	- clamav 0.87.1-1 (medium)
-CVE-2005-3501 [clamav: DoS in mspack parsing]
+CVE-2005-3501 (The cabd_find function in cabd.c of the the libmspack library
(mspack) ...)
 	{DSA-887-1 DTSA-21-1}
 	- clamav 0.87.1-1 (medium)
 CVE-2005-XXXX [Multiple security issues in Scorched 3D]
@@ -330,21 +1014,18 @@
 CVE-2005-3351 [spamassassin/perl dos]
 	RESERVED
 	- spamassassin <unfixed> (bug #339526; medium)
-CVE-2005-3350 [libungif buffer overflows]
-	RESERVED
+CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory
and ...)
 	{DSA-890-1}
 	- libungif4 4.1.3-4 (bug #337972; high)
 CVE-2005-3349
 	RESERVED
-CVE-2005-3348 [phpsysinfo http response splitting]
-	RESERVED
-	{DSA-898-1 DSA-897-1}
+CVE-2005-3348 (HTTP response splitting vulnerability in phpgroupware 0.9.16 and
...)
+	{DSA-899-1 DSA-898-1 DSA-897-1}
 	- phpsysinfo 2.3-7 (bug #339079)
 	- egroupware 1.0.0.009.dfsg-3-3
 	- phpgroupware 0.9.16.008-2
-CVE-2005-3347 [phpsysinfo file inclusion issue]
-	RESERVED
-	{DSA-898-1 DSA-897-1}
+CVE-2005-3347 (PHP file inclusion vulnerability in phpgroupware 0.9.16 and
earlier ...)
+	{DSA-899-1 DSA-898-1 DSA-897-1}
 	- phpsysinfo 2.3-7 (bug #339079)
 	- egroupware 1.0.0.009.dfsg-3-3
 	- phpgroupware 0.9.16.008-2
@@ -353,8 +1034,7 @@
 	- osh 1.7-15 (bug #338312; medium)
 CVE-2005-3345
 	RESERVED
-CVE-2005-3344 [Insecure default configuration in Debian''s horde3]
-	RESERVED
+CVE-2005-3344 (The default installation of Horde 3.0.4 contains an
administrative ...)
 	{DSA-884-1}
 	- horde3 3.0.5-2 (bug #332290; bug #332289; medium)
 CVE-2005-3343 [Insecure temp files in tkdiff]
@@ -464,8 +1144,7 @@
 	NOT-FOR-US: Nuked Klan
 CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow
remote ...)
 	NOT-FOR-US: PHP-Nuke
-CVE-2005-3303 [Heap overflow in ClamAV''s FSG module]
-	RESERVED
+CVE-2005-3303 (The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through
0.87 ...)
 	{DSA-887-1 DTSA-21-1}
 	- clamav 0.87.1-1 (high)
 CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data
ONTAP ...)
@@ -844,14 +1523,13 @@
 	RESERVED
 CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0
...)
 	NOT-FOR-US: iGateway
-CVE-2005-3189
-	RESERVED
+CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP
Server ...)
+	TODO: check
 CVE-2005-3188
 	RESERVED
 CVE-2005-3187
 	RESERVED
-CVE-2005-3186 [Integer overflow in GTK''s XPM code]
-	RESERVED
+CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering
library in ...)
 	- gtk+2.0 2.6.10-2 (bug #339431; medium)
 	- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
 CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the
Service ...)
@@ -869,7 +1547,7 @@
 CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in
http-ntlm.c ...)
 	- wget 1.10.2-1 (medium)
 	- curl 7.15.0-1 (bug #333734; medium)
-CVE-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote
attackers to ...)
+CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1
allows ...)
 	{DSA-887-1 DTSA-21-1}
 	- clamav 0.87.1-1 (bug #333566; medium)
 CVE-2005-3181 (The audit system in Linux kernel before 2.6.13.4, when ...)
@@ -1009,8 +1687,7 @@
 	RESERVED
 CVE-2005-3125
 	RESERVED
-CVE-2005-3124 [Insecure temp file in thttpd]
-	RESERVED
+CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to
write ...)
 	{DSA-883-1}
 	- thttpd 2.23beta1-4
 CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows
...)
@@ -1032,8 +1709,8 @@
 	- mason 1.0.0-3
 CVE-2005-3117
 	REJECTED
-CVE-2005-3116
-	RESERVED
+CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the
Volume ...)
+	TODO: check
 CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files
insecurely, ...)
 	NOT-FOR-US: mpeg-tools
 CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...)
@@ -1232,7 +1909,7 @@
 	- eric 3.7.2-1 (bug #330608; medium)
 CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in
PerlDiver ...)
 	NOT-FOR-US: PerlDiver
-CVE-2005-3066 (** DISPUTED **  NOTE: this issue has been disputed by the
vendor. ...)
+CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in
PerlDiver ...)
 	NOT-FOR-US: PerlDiver
 CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers
cause a ...)
 	NOT-FOR-US: MultiTheftAuto
@@ -1459,15 +2136,12 @@
 	- pam <unfixed> (bug #336344; medium)
 	[sarge] - pam <not-affected> (Does not contain SELinux support)
 	[woody] - pam <not-affected> (Does not contain SELinux support)
-CVE-2005-2976 [integer overflow in "pixels" calculation of
gdk-pixbuf]
-	RESERVED
+CVE-2005-2976 (Integer overflow in gdk-pixbuf 0.22.0 allows attackers to cause
a ...)
 	- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
-CVE-2005-2975 [dos in xpm processing of gdk-pixbuf]
-	RESERVED
+CVE-2005-2975 (The GTK+ gdk-pixbuf XPM image rendering library allows attackers
to ...)
 	- gdk-pixbuf 0.22.0-11 (bug #339431; low)
 	- gtk+2.0 2.6.10-2 (bug #339431; low)
-CVE-2005-2974 [libungif null pointer deref dos]
-	RESERVED
+CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial
of ...)
 	{DSA-890-1}
 	- libungif4 4.1.3-4 (bug #337972; medium)
 CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before
2.6.14-rc5, ...)
@@ -1520,7 +2194,7 @@
 	- cfengine <unfixed> (bug #332433; low)
 	- cfengine2 <unfixed> (bug #332432; low)
 	NOTE: maintainer does not think it''s a hole, script is unused/broken
-CVE-2005-2959 (sudo 1.6.8 and earlier does not clear the (1) SHELLOPTS and (2)
PS4 ...)
+CVE-2005-2959 (Incomplete blacklist vulnerability in sudo 1.6.8 and earlier
allows ...)
 	{DSA-870-1}
 	- sudo 1.6.8p9-3 (medium)
 CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access
...)
@@ -1560,16 +2234,17 @@
 	REJECTED
 CVE-2005-2941
 	RESERVED
-CVE-2005-2940
-	RESERVED
-CVE-2005-2939
-	RESERVED
-CVE-2005-2938
-	RESERVED
-CVE-2005-2937 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as
used in ...)
+CVE-2005-2940 (Untrusted Windows search path vulnerability in Microsoft
Antispyware ...)
+	TODO: check
+CVE-2005-2939 (Untrusted Windows search path vulnerability in VMWare
Workstation ...)
+	TODO: check
+CVE-2005-2938 (Untrusted Windows search path vulnerability in iTunesHelper.exe
in ...)
+	TODO: check
+CVE-2005-2937
+	REJECTED
 	NOT-FOR-US: Kaspersky
-CVE-2005-2936
-	RESERVED
+CVE-2005-2936 (Untrusted Windows search path vulnerability in RealNetworks
RealPlayer ...)
+	TODO: check
 CVE-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the
C ...)
 	NOT-FOR-US: Microsoft AntiSpyware
 CVE-2005-2934
@@ -1581,8 +2256,7 @@
 	RESERVED
 CVE-2005-2931
 	RESERVED
-CVE-2005-2929 [lynx arbitrary code execution through insecure default
configuration wrt CGI]
-	RESERVED
+CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote
...)
 	- lynx <not-affected> (Debian''s default config is not
vulnerable)
 CVE-2005-2928
 	RESERVED
@@ -1968,14 +2642,14 @@
 	NOT-FOR-US: Symantec Antivirus
 CVE-2005-2757
 	RESERVED
-CVE-2005-2756
-	RESERVED
-CVE-2005-2755
-	RESERVED
-CVE-2005-2754
-	RESERVED
-CVE-2005-2753
-	RESERVED
+CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-complicit attackers to
...)
+	TODO: check
+CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-complicit
attackers to ...)
+	TODO: check
+CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows
user-complicit ...)
+	TODO: check
+CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows
user-complicit ...)
+	TODO: check
 CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier
does ...)
 	NOT-FOR-US: Mac OS X
 CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations,
does not ...)
@@ -2225,8 +2899,7 @@
 CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows
local ...)
 	{DSA-839-1}
 	- apachetop 0.12.5-3 (unknown)
-CVE-2005-2659 [Buffer overflow in chmlib''s LZX decompressor]
-	RESERVED
+CVE-2005-2659 (Buffer overflow in LZX decompression in CHM Lib (chmlib) 0.35
with ...)
 	{DSA-886-1}
 	- chmlib 0.37-2 (medium)
 CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat)
2.2.4 ...)
@@ -2319,8 +2992,7 @@
 	RESERVED
 CVE-2005-2629
 	RESERVED
-CVE-2005-2628 [Buffer overflow in non-free Flash plugin]
-	RESERVED
+CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to
...)
 	- flashplugin-nonfree <unfixed> (bug #339290; high)
 CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow
remote ...)
 	{DSA-788-1 DTSA-1-1}
@@ -2566,7 +3238,7 @@
 CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers
to ...)
 	NOT-FOR-US: MidiCart
 CVE-2005-2600 (FUDForum 2.6.15 with &quot;Tree View&quot; enabled, as
used in other products ...)
-	{DSA-798-1}
+	{DSA-899-1 DSA-798-1}
 	- egroupware 1.0.0.009.dfsg-3-2 (bug #323928; medium)
 	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
 CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption
(trivial ...)
@@ -5877,8 +6549,8 @@
 	RESERVED
 CVE-2005-1926
 	RESERVED
-CVE-2005-1925
-	RESERVED
+CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before
1.9.1 ...)
+	TODO: check
 CVE-2005-1924
 	RESERVED
 CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV)
0.83, ...)
@@ -9418,7 +10090,7 @@
 CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB,
when ...)
 	NOT-FOR-US: Topic Calendar phpbb2 plugin
 CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in
phpSysInfo 2.3, ...)
-	{DSA-898-1 DSA-897-1 DSA-724-1}
+	{DSA-899-1 DSA-898-1 DSA-897-1 DSA-724-1}
 	NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete.
 	- phpsysinfo 2.3-7
 	- egroupware 1.0.0.009.dfsg-3-3
Secure testing commits - Nov 2005 - r2779 - data/CVE

[Secure-testing-commits] r2779 - data/CVE
