Author: jmm-guest
Date: 2005-11-24 11:19:59 +0000 (Thu, 24 Nov 2005)
New Revision: 2852
Modified:
data/CVE/list
Log:
new jetty issue (contrib)
new struts issue
new ipsec-tools issue
inkscape CVEfied
old isoqlog issue
old dokuwiki issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-24 10:47:37 UTC (rev 2851)
+++ data/CVE/list 2005-11-24 11:19:59 UTC (rev 2852)
@@ -1,131 +1,129 @@
-begin claimed by jmm
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers
to ...)
- TODO: check
+ NOT-FOR-US: IPUpdate
CVE-2005-3779 (Unknown vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23
...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0
PR2 Rev ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in
MyBulletinBoard ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2005-3775 (PHP file inclusion vulnerability in pollvote.php in PollVote
allows ...)
- TODO: check
+ NOT-FOR-US: PollVote
CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial
of ...)
- TODO: check
+ NOT-FOR-US: Cisco hardware
CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown
impact ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4
allow ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post
(PHPp) ...)
- TODO: check
+ NOT-FOR-US: PHP-Post
CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager
1.1.3 ...)
- TODO: check
+ NOT-FOR-US: PHP Download Manager
CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1)
...)
- TODO: check
+ NOT-FOR-US: Symantec appliances
CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly
restrict the ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user
pages ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on
uploaded ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS
0.96.3 and ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full
installation ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3762 (SQL injection vulnerability in the navigation module ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3
and ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2005-3760 (Double-free vulnerability in the BBOORB module in IBM WebSphere
...)
- TODO: check
+ NOT-FOR-US: WebSphere
CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search
...)
- TODO: check
+ NOT-FOR-US: Google search appliance
CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and
possibly ...)
- TODO: check
+ TODO: check, whether this is related to libsaxon-java
CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search
Appliance, ...)
- TODO: check
+ NOT-FOR-US: Google search appliance
CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search
Appliance, and ...)
- TODO: check
+ NOT-FOR-US: Google search appliance
CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search
...)
- TODO: check
+ NOT-FOR-US: Google search appliance
CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in
the diagela command ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone
Nuke ET ...)
- TODO: check
+ NOT-FOR-US: Tru-Zone Nuke ET
CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote
...)
- TODO: check
+ - jetty <unfixed> (bug filed; medium)
CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows
remote ...)
- TODO: check
+ NOT-FOR-US: APBoard
CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7,
and ...)
- TODO: check
+ - libstruts1.2-java
CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and
...)
- TODO: check
+ NOT-FOR-US: phpComasy
CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows
remote ...)
- TODO: check
+ NOT-FOR-US: SimplePoll
CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in
Advanced Poll ...)
- TODO: check
+ NOT-FOR-US: Advanced Poll
CVE-2005-3741 (Almond Classifieds does not properly verify the password, which
allows ...)
- TODO: check
+ NOT-FOR-US: Almond Classifieds
CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206
and ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion
6.00.206 and ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...)
- TODO: check
+ NOT-FOR-US: Mambo
CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41
...)
- TODO: check
+ - inkscape <unfixed> (bug #330894; medium)
CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick
Cart ...)
- TODO: check
+ NOT-FOR-US: e-Quick Cart
CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow
remote ...)
- TODO: check
+ NOT-FOR-US: e-Quick Cart
CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add
content" page in ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in
Juniper ...)
- TODO: check
+ NOT-FOR-US: Juniper products using IKE
CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
- TODO: check
+ - ipsec-tools <unfixed> (bug filed; low)
CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain
...)
- TODO: check
+ NOT-FOR-US: AMAX Magic Winmail
CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow
remote ...)
- TODO: check
+ - isoqlog 2.2-0.1
CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties
and ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants
1.1.1 ...)
- TODO: check
+ NOT-FOR-US: ReciPants
CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow
remote ...)
- TODO: check
+ NOT-FOR-US: ReciPants
CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld
...)
- TODO: check
+ NOT-FOR-US: LiveWorld
CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server
6.1 Beta ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar
Server ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: Serena TeamTrack
CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business
...)
- TODO: check
+ NOT-FOR-US: Leigh Business Enterprises
CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software
Sciences ...)
- TODO: check
+ NOT-FOR-US: ISS Web+Center
CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that
permits ...)
- TODO: check
+ - dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access
...)
- TODO: check
+ - dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical
access ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini
lacks ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar
Server ...)
- TODO: check
+ NOT-FOR-US: Sambar
CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to
obtain ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: Sambar
CVE-2005-XXXX [Kernel DoS through integer overflow in
invalidate_inode_pages2()]
- linux-2.6 <unfixed>
NOTE: Pinged Horms/dannf
@@ -239,7 +237,6 @@
CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in
Openswan ...)
- openswan 1:2.4.4-1 (bug #339082; medium)
NOTE: Initial 2.4.3 didn''t fix all the issues from the NISCC report
- TODO: Keep an eye on ipsec-tools''s upstream, it''s
potentially affected as well
CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key
Exchange ...)
NOT-FOR-US: HP-UX''s IKE implementation
CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key
Exchange ...)
@@ -1570,10 +1567,6 @@
NOTE:
http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
CVE-2005-XXXX [Insecure temp file usage in thttpd''s syslogtocern]
- thttpd 2.23beta1-4 (low)
-CVE-2005-XXXX [buffer overflow in inkscape]
- NOTE: exploit may need a shellcode that is valid xml, so may not
- NOTE: be exploitable for more than a DOS
- - inkscape <unfixed> (bug #330894; low)
CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
{DSA-880-1}
- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)