Author: jmm-guest Date: 2005-11-30 10:14:23 +0000 (Wed, 30 Nov 2005) New Revision: 2895 Modified: data/CVE/list Log: new php issue centericq/ktools CVEfied unalz CVEfied ipv6 mem leak dos CVEfied three new kernel dos issues new unimportant phpbb2 "issue" new phpmyadmin issue already fixed 83 not-for-us Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-11-30 08:53:28 UTC (rev 2894) +++ data/CVE/list 2005-11-30 10:14:23 UTC (rev 2895) @@ -1,192 +1,204 @@ -begin claimed by jmm CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu ...) - TODO: check + NOT-FOR-US: Zaimu CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP ...) - TODO: check + - php5 <unfixed> (bug filed; medium) + TODO: check php4 CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing ...) - TODO: check + NOT-FOR-US: FAQRing Knowledge Base CVE-2005-3881 (SQL injection vulnerability in search.php in AltantisFAQ Knowledge ...) - TODO: check + NOT-FOR-US: AtlantisFAQ Knowledge Base CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and ...) - TODO: check + NOT-FOR-US: Omnistar KBase CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository ...) - TODO: check + NOT-FOR-US: Softbiz Resource Repository Script CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...) - TODO: check + NOT-FOR-US: PHP Doc System CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management ...) - TODO: check + NOT-FOR-US: Simple Document Management System CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ...) - TODO: check + NOT-FOR-US: AD Center ADC2000 NG Pro CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 ...) - TODO: check + NOT-FOR-US: Enterprise Connector CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and ...) - TODO: check + NOT-FOR-US: Netzbrett CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 ...) - TODO: check + NOT-FOR-US: ShockBoard CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier ...) - TODO: check + NOT-FOR-US: Ugroup CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) ...) - TODO: check + NOT-FOR-US: JBB CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...) - TODO: check + NOT-FOR-US: edmoBBS CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API ...) - TODO: check + NOT-FOR-US: Google API CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier ...) - TODO: check + NOT-FOR-US: K-Search CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...) - TODO: check + NOT-FOR-US: RevenuePilot Search Engine CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine ...) - TODO: check + NOT-FOR-US: SearchFeed Search Engine CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and ...) - TODO: check + NOT-FOR-US: AllWeb search CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...) - TODO: check + NOT-FOR-US: SourceWell CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...) - TODO: check + - centericq <unfixed> (bug #340959; medium) + TODO: Check orpheus and motor CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to ...) - TODO: check + - unalz <unfixed> (bug #340842; medium) CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz ...) - TODO: check + NOT-FOR-US: phpGreetz CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May ...) - TODO: check + NOT-FOR-US: Oliver May Athena PHP Website Administration CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 ...) - TODO: check + NOT-FOR-US: Q-News CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux ...) - TODO: check + - linux-2.6 2.6.12-6 CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...) - TODO: check + - krusader <unfixed> (bug #336169; low) CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...) - TODO: check + NOT-FOR-US: 1-2-3 music store CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...) - TODO: check + NOT-FOR-US: EasyPageCMS CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier ...) - TODO: check + NOT-FOR-US: sNews CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ...) - TODO: check + NOT-FOR-US: Online Work Order Suite CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...) - TODO: check + NOT-FOR-US: Online Attendance System CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...) - TODO: check + NOT-FOR-US: Online Knowledge Base System CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ...) - TODO: check + NOT-FOR-US: Fantastic News CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 ...) - TODO: check + NOT-FOR-US: EZ Invoice Inc CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article ...) - TODO: check + NOT-FOR-US: phpWordpress, this is not the same as Wordpress CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows ...) - TODO: check + NOT-FOR-US: Nicecode iDesk CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a ...) - TODO: check + NOT-FOR-US: pdjk-support suite CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...) - TODO: check + NOT-FOR-US: kPlaylist CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...) - TODO: check + NOT-FOR-US: Omnistar Live CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk ...) - TODO: check + NOT-FOR-US: SupportPRO Supportdesk CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft ...) - TODO: check + NOT-FOR-US: IsolSoft Support Center CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in ...) - TODO: check + NOT-FOR-US: sCssBoard CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...) - TODO: check + NOT-FOR-US: DeskLance CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in ...) - TODO: check + NOT-FOR-US: DeskLance CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 ...) - TODO: check + NOT-FOR-US: Tunez CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier ...) - TODO: check + NOT-FOR-US: Tunez CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, ...) - TODO: check + NOT-FOR-US: SpeedProject products CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, ...) - TODO: check + NOT-FOR-US: SpeedProject products CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote ...) - TODO: check + NOT-FOR-US: ActiveCampaign SupportTrio CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows ...) - TODO: check + NOT-FOR-US: ActiveCampaign SupportTrio CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign ...) - TODO: check + NOT-FOR-US: ActiveCampaign SupportTrio CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ...) - TODO: check + NOT-FOR-US: AgileBill CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...) - TODO: check + NOT-FOR-US: Ezyhelpdesk CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...) - TODO: check + NOT-FOR-US: Comdev Vote Caster CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote ...) - TODO: check + NOT-FOR-US: vTiger CRM CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: vTiger CRM CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...) - TODO: check + NOT-FOR-US: vTiger CRM CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...) - TODO: check + NOT-FOR-US: vTiger CRM CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger ...) - TODO: check + NOT-FOR-US: vTiger CRM CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...) - TODO: check + NOT-FOR-US: vTiger CRM CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 ...) - TODO: check + NOT-FOR-US: vTiger CRM CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory ...) - TODO: check + NOT-FOR-US: Softbiz Web Host Directory CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 ...) - TODO: check + NOT-FOR-US: freeForum CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and ...) - TODO: check + NOT-FOR-US: Orca Forum CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro ...) - TODO: check + NOT-FOR-US: SmartPPC Pro CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and ...) - TODO: check + NOT-FOR-US: MailEnable CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...) - TODO: check + NOT-FOR-US: freeFTPd CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...) - TODO: check + NOT-FOR-US: AMAX Magic Winmail Server CVE-2005-3806 (The IPv6 flowlabel handling code (ip6_flowlabel.c) in Linux kernels ...) - TODO: check + - linux-2.6 2.6.14-1 (medium) + - kernel-source-2.4.27 <unfixed> (medium) + NOTE: Added to the kernel patch tracker CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...) - TODO: check + - linux-2.6 <unfixed> (medium) + - kernel-source-2.4.27 <unfixed> (medium) + NOTE: Added to the kernel patch tracker CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...) - TODO: check + NOT-FOR-US: Cisco hardware CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...) - TODO: check + NOT-FOR-US: Cisco hardware CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...) - TODO: check + NOT-FOR-US: Belkin hardware CVE-2005-3801 (PasswordSafe 1.x and 2.x allows local users to test possible ...) - TODO: check + NOT-FOR-US: PasswordSafe + TODO: the problem might affect mypasswordsafe CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak ...) - TODO: check + NOT-FOR-US: Macromedia Contribute Publishing Server CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information ...) - TODO: check + - phpbb2 <unfixed> (unimportant) + NOTE: Not a real security problem, error messages might disclose the installation + NOTE: which is known for the Debian package anyway CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template ...) - TODO: check + NOT-FOR-US: AlstraSoft Template Seller CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in ...) - TODO: check + NOT-FOR-US: AlstraSoft Template Seller CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...) - TODO: check + NOT-FOR-US: AlstraSoft Affiliate Network CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...) - TODO: check + NOT-FOR-US: AlstraSoft Affiliate Network CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: AlstraSoft Affiliate Network CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...) - TODO: check + NOT-FOR-US: AlstraSoft Affiliate Network CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 ...) - TODO: check + NOT-FOR-US: phpAdsNew and phpPgAds CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: phpwcms CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...) - TODO: check + NOT-FOR-US: phpwcms CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...) - TODO: check + NOT-FOR-US: Cisco appliance CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - TODO: check + - phpmyadmin 4:2.6.4-pl4-1 CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ...) - TODO: check + NOT-FOR-US: Novell ZENworks CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...) - TODO: check + NOT-FOR-US: Ebuild IndeX CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...) - TODO: check + - linux-2.6 <unfixed> (medium) + - kernel-source-2.4.27 <unfixed> (medium) + NOTE: Added to the kernel patch tracker CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...) - TODO: check + - linux-2.6 <unfixed> (medium) + - kernel-source-2.4.27 <unfixed> (medium) + NOTE: Added to the kernel patch tracker CVE-2005-3782 RESERVED CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...) @@ -259,12 +271,8 @@ TODO: check CVE-2004-2573 (PHP remote file include vulnerability in tables_update.inc.php in ...) TODO: check -end claimed by jmm CVE-2005-XXXX [Multiple issues in webcalendar] - webcalendar <unfixed> (bug filed; medium) -CVE-2005-XXXX [Buffer overflow in ktools library used in centericq] - - centericq <unfixed> (bug #340959; medium) - TODO: Check orpheus and motor CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...) [sarge] - kernel-source-2.6.8 2.6.8-16sarge2 CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel before ...) @@ -275,8 +283,6 @@ CVE-2003-XXXX [Insecure tempfile in x-face-el] - x-face-el 1.3.6.23-1 NOTE: DSA-340 -CVE-2005-XXXX [Buffer overflow in unalz] - - unalz <unfixed> (bug #340842; medium) CVE-2005-XXXX [potential dos against gaim-encryption] - gaim-encryption <unfixed> (bug #337127) CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)