Author: joeyh
Date: 2005-11-24 09:14:19 +0000 (Thu, 24 Nov 2005)
New Revision: 2849
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-23 23:41:32 UTC (rev 2848)
+++ data/CVE/list 2005-11-24 09:14:19 UTC (rev 2849)
@@ -1,3 +1,129 @@
+CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows
attackers to ...)
+ TODO: check
+CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers
to ...)
+ TODO: check
+CVE-2005-3779 (Unknown vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23
...)
+ TODO: check
+CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0
PR2 Rev ...)
+ TODO: check
+CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers
to ...)
+ TODO: check
+CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in
MyBulletinBoard ...)
+ TODO: check
+CVE-2005-3775 (PHP file inclusion vulnerability in pollvote.php in PollVote
allows ...)
+ TODO: check
+CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial
of ...)
+ TODO: check
+CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown
impact ...)
+ TODO: check
+CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4
allow ...)
+ TODO: check
+CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
+ TODO: check
+CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post
(PHPp) ...)
+ TODO: check
+CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager
1.1.3 ...)
+ TODO: check
+CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1)
...)
+ TODO: check
+CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly
restrict the ...)
+ TODO: check
+CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user
pages ...)
+ TODO: check
+CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on
uploaded ...)
+ TODO: check
+CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS
0.96.3 and ...)
+ TODO: check
+CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full
installation ...)
+ TODO: check
+CVE-2005-3762 (SQL injection vulnerability in the navigation module ...)
+ TODO: check
+CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3
and ...)
+ TODO: check
+CVE-2005-3760 (Double-free vulnerability in the BBOORB module in IBM WebSphere
...)
+ TODO: check
+CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search
...)
+ TODO: check
+CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and
possibly ...)
+ TODO: check
+CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search
Appliance, ...)
+ TODO: check
+CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search
Appliance, and ...)
+ TODO: check
+CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search
...)
+ TODO: check
+CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote
attackers to ...)
+ TODO: check
+CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in
the diagela command ...)
+ TODO: check
+CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone
Nuke ET ...)
+ TODO: check
+CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote
...)
+ TODO: check
+CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows
remote ...)
+ TODO: check
+CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7,
and ...)
+ TODO: check
+CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and
...)
+ TODO: check
+CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows
remote ...)
+ TODO: check
+CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in
Advanced Poll ...)
+ TODO: check
+CVE-2005-3741 (Almond Classifieds does not properly verify the password, which
allows ...)
+ TODO: check
+CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206
and ...)
+ TODO: check
+CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion
6.00.206 and ...)
+ TODO: check
+CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...)
+ TODO: check
+CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41
...)
+ TODO: check
+CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick
Cart ...)
+ TODO: check
+CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow
remote ...)
+ TODO: check
+CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add
content" page in ...)
+ TODO: check
+CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in
Juniper ...)
+ TODO: check
+CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
+ TODO: check
+CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain
...)
+ TODO: check
+CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow
remote ...)
+ TODO: check
+CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties
and ...)
+ TODO: check
+CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants
1.1.1 ...)
+ TODO: check
+CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow
remote ...)
+ TODO: check
+CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld
...)
+ TODO: check
+CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server
6.1 Beta ...)
+ TODO: check
+CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar
Server ...)
+ TODO: check
+CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business
...)
+ TODO: check
+CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software
Sciences ...)
+ TODO: check
+CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that
permits ...)
+ TODO: check
+CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access
...)
+ TODO: check
+CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical
access ...)
+ TODO: check
+CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini
lacks ...)
+ TODO: check
+CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar
Server ...)
+ TODO: check
+CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to
obtain ...)
+ TODO: check
CVE-2005-XXXX [Kernel DoS through integer overflow in
invalidate_inode_pages2()]
- linux-2.6 <unfixed>
NOTE: Pinged Horms/dannf
@@ -4,10 +130,10 @@
CVE-2005-XXXX [Two potential netfilter DoS issues]
- linux-2.6 <unfixed>
NOTE: Pinged Horms/dannf
-CVE-2005-3759 [XSS in horde3]
+CVE-2005-3759 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
before ...)
{DSA-909-1}
- horde3 3.0.7-1 (bug #340323; medium)
-CVE-2004-2569 [Insecure temp file in ipmenu]
+CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local
users ...)
{DSA-907-1}
- ipmenu 0.0.3-5
CVE-2005-XXXX [Multiple security issues in OTRS]
@@ -294,8 +420,7 @@
NOT-FOR-US: SAP Web Application Server
CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web
...)
NOT-FOR-US: SAP Web Application Server
-CVE-2005-3632 [buffer overflows in netpbm''s pnmtopng]
- RESERVED
+CVE-2005-3632 (Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier
allow ...)
{DSA-904-1}
- netpbm-free 10.0-11
TODO: Check, whether this is the same as CVE-2005-3662
@@ -494,8 +619,7 @@
RESERVED
CVE-2005-3532
RESERVED
-CVE-2005-3531 [fuse: fusermount special chars interpretation errors]
- RESERVED
+CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root,
allows ...)
- fuse <unfixed> (bug filed; medium)
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows
remote ...)
NOT-FOR-US: Antville
@@ -1506,7 +1630,7 @@
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
- pavuk 0.9.33-1 (bug #264684; high)
NOTE: second hole mentioned in bug report
-CVE-2005-3751 [HTTP Request smuggling in pound]
+CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4
allows ...)
- pound 1.9.4-1 (low)
NOTE: see
http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6
before ...)
@@ -1943,7 +2067,7 @@
- amanda <unfixed> (bug #226139; low)
CVE-2004-XXXX [Buffer overflow in wdm''s login]
- wdm <unfixed> (bug #276218; low)
-CVE-2005-3752 [Unsafe string landling in ldapdiff]
+CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown
impact ...)
- ldapdiff <not-affected> (The version in Debian doesn''t
contain the vulnerable code, see #306878)
CVE-2005-XXXX [apt-cache doesn''t differentiate sources which share
several properties]
- apt <unfixed> (bug #329814; low)
@@ -2161,7 +2285,7 @@
CVE-2005-XXXX [ Chroot escape in vserver kernel patch]
- kernel-patch-vserver 2.1 (bug #329087; bug #329090; medium)
[sarge] - kernel-patch-vserver 1.9.5.4
-CVE-2005-3753 [Local kernel DoS through incorrect boundary checks in cipher
processors]
+CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow
...)
- linux-2.6 2.6.12-7 (low)
CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce
allows ...)
NOT-FOR-US: Mall23 eCommerce
@@ -4375,8 +4499,8 @@
RESERVED
CVE-2005-2340
RESERVED
-CVE-2005-2339
- RESERVED
+CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version
of ...)
+ TODO: check
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
2.0.12 JP ...)
- xoops <itp> (bug #207640)
CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development
up to ...)
@@ -7942,7 +8066,7 @@
- qmail-src 1.03-38
CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail,
when ...)
- qmail-src 1.03-38
-CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4
allows ...)
+CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws
Framework and ...)
NOT-FOR-US: JAWS
CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4
allows ...)
NOT-FOR-US: LinPHA
@@ -8285,7 +8409,7 @@
- monit 1:4.2.1-1
CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91
...)
NOT-FOR-US: no_package
-CVE-2004-1895 (YaST Online Update (YOU) in SuSE 9.0 allows local users to
overwrite ...)
+CVE-2004-1895 (YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users
to ...)
NOT-FOR-US: no_package
CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option,
allows ...)
NOT-FOR-US: no_package