Author: jmm-guest Date: 2005-11-18 09:55:42 +0000 (Fri, 18 Nov 2005) New Revision: 2781 Modified: data/CVE/list Log: moodle CVEfied new clamav issue already fixed in 0.87.1 several not-affected new mailman issue lots of not-for-us claim more Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-11-18 09:31:00 UTC (rev 2780) +++ data/CVE/list 2005-11-18 09:55:42 UTC (rev 2781) @@ -62,13 +62,12 @@ RESERVED CVE-2005-3700 RESERVED -begin claimed by jmm CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...) - TODO: check + NOT-FOR-US: Kaspersky AV CVE-2005-3663 (Untrusted Windows search path vulnerability in Kaspersky Anti-Virus ...) - TODO: check + NOT-FOR-US: Kaspersky AV CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...) - TODO: check + TODO: Check, whether this applies to netpbm-free CVE-2005-3661 RESERVED CVE-2005-3660 @@ -92,41 +91,41 @@ CVE-2005-3651 RESERVED CVE-2005-3650 (CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...) - TODO: check + NOT-FOR-US: Sony Root Kit Uninstaller CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...) - TODO: check + - moodle <unfixed> (bug #338592; medium) CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in ...) - TODO: check + - moodle <unfixed> (bug #338592; medium) CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from ...) - TODO: check + NOT-FOR-US: Folder Guard CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in ...) - TODO: check + NOT-FOR-US: phpAdsNews CVE-2005-3645 (phpAdsNew 2.0.6 and possibly earlier versions allows remote attackers ...) - TODO: check + NOT-FOR-US: phpAdsNews CVE-2005-3644 (upnp_getdevicelist in UPnP for Windows 2000 Server SP3 and earlier, ...) - TODO: check + NOT-FOR-US: Windows CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...) - TODO: check + NOT-FOR-US: DB2 CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...) - TODO: check + NOT-FOR-US: Informix CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of ...) - TODO: check + NOT-FOR-US: FTGate CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...) - TODO: check + NOT-FOR-US: Help Center Live CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow ...) - TODO: check + NOT-FOR-US: Ekinboard CVE-2005-3637 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...) - TODO: check + NOT-FOR-US: Antville CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...) - TODO: check + NOT-FOR-US: SAP Web Application Server CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web ...) - TODO: check + NOT-FOR-US: SAP Web Application Server CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) ...) - TODO: check + NOT-FOR-US: SAP Web Application Server CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...) - TODO: check + NOT-FOR-US: SAP Web Application Server CVE-2005-3632 RESERVED CVE-2005-3631 @@ -148,7 +147,7 @@ CVE-2005-3623 RESERVED CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...) - TODO: check + - phpmyadmin <unfixed> (unimportant) CVE-2005-3620 RESERVED CVE-2005-3619 @@ -198,50 +197,50 @@ CVE-2005-3597 RESERVED CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote ...) - TODO: check + NOT-FOR-US: ASPKnowledgebase CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank ...) - TODO: check + NOT-FOR-US: Windows XP CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores ...) - TODO: check + NOT-FOR-US: e107 CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: CuteNews CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier ...) TODO: check CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote ...) - TODO: check + NOT-FOR-US: FileZilla CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 ...) - TODO: check + NOT-FOR-US: Advanced Guestbook CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...) - TODO: check + - clamav 0.87.1-1 (medium) CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Mambo CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 0.4.4 allows ...) - TODO: check + NOT-FOR-US: PhpWebThings CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...) - TODO: check + NOT-FOR-US: PhpWebThings CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit ...) - TODO: check + NOT-FOR-US: Sun Java CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group ...) - TODO: check + - imagemagick <not-affected> (Gentoo-specific packaging flaw) CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to ...) - TODO: check + - gdal <not-affected> (Gentoo-specific packaging flaw) CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to ...) - TODO: check + - qdbm <not-affected> (Gentoo-specific packaging flaw) CVE-2005-3579 (ts.cgi in Walla TeleSite 3.0 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Walla TeleSite CVE-2005-3578 (SQL injection vulnerability in ts.exe in Walla TeleSite 3.0 and ...) - TODO: check + NOT-FOR-US: Walla TeleSite CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe in Walla TeleSite ...) - TODO: check + NOT-FOR-US: Walla TeleSite CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Walla TeleSite CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier ...) - TODO: check + NOT-FOR-US: Cyphor CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...) - TODO: check + NOT-FOR-US: iCMS CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...) - TODO: check -end claimed by jmm + - mailman <unfixed> (bug #327732; medium) +begin claimed by jmm CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...) TODO: check CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...) @@ -338,6 +337,7 @@ RESERVED CVE-2005-3525 RESERVED +end claimed by jmm CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...) TODO: check CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...) @@ -708,8 +708,6 @@ - courier 0.47-12 (bug #211920; medium) CVE-2005-XXXX [double free() in libungif] - libungif4 4.1.4-1 (bug #338542; medium) -CVE-2005-XXXX [moodle SQL injection] - - moodle <unfixed> (bug #338592; medium) CVE-2005-XXXX [Buffer overflows in Sylpheed''s address book import] - sylpheed <unfixed> (bug #338434; medium) - sylpheed-claws <unfixed> (bug #338436; medium)