Author: jmm-guest Date: 2005-11-30 15:59:07 +0000 (Wed, 30 Nov 2005) New Revision: 2903 Modified: data/CVE/list Log: six phpgroupware issues already fixed astats issue already fixed by removal from the archive Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-11-30 14:41:53 UTC (rev 2902) +++ data/CVE/list 2005-11-30 15:59:07 UTC (rev 2903) @@ -216,19 +216,19 @@ CVE-2005-3782 RESERVED CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...) - TODO: check + NOT-FOR-US: Linksys hardware CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a ...) - TODO: check + - astats <removed> (bug #287604) CVE-2004-2604 (Cross-site scripting (XSS) vulnerability in index.php in PHProxy ...) - TODO: check + NOT-FOR-US: PHProxy CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in ...) - TODO: check + NOT-FOR-US: UberTec Help Center Live CVE-2004-2602 (PHP remote file include vulnerability in UberTec Help Center Live ...) - TODO: check + NOT-FOR-US: UberTec Help Center Live CVE-2004-2601 (PHP file include vulnerability in UberTec Help Center Live (HCL) ...) - TODO: check + NOT-FOR-US: UberTec Help Center Live CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) ...) - TODO: check + NOT-FOR-US: Intel hardware CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as used in ...) - quake2 <unfixed> (bug #280573; low) NOTE: There is a big note in the quake2 package stating that it is not secure. @@ -248,43 +248,43 @@ CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, allows ...) - quake2 <unfixed> (bug #280573; low) CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does ...) - TODO: check + NOT-FOR-US: ButtUglySoftware CleanCache CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) ...) - TODO: check + NOT-FOR-US: meindlSOFT Cute PHP Library CVE-2004-2589 (Gaim before 0.82 allows remote servers to cause a denial of service ...) - TODO: check + - gaim 0.82-1 (medium) CVE-2004-2588 (Intentional information leak in phpinfo.php in XMB (aka extreme ...) - TODO: check + NOT-FOR-US: XMB CVE-2004-2587 (login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...) - TODO: check + NOT-FOR-US: SmarterTools SmarterMail CVE-2004-2586 (Directory traversal vulnerability in frmGetAttachment.aspx in ...) - TODO: check + NOT-FOR-US: SmarterTools SmarterMail CVE-2004-2585 (Cross-site scripting (XSS) vulnerability in frmCompose.aspx in ...) - TODO: check + NOT-FOR-US: SmarterTools SmarterMail CVE-2004-2584 (frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 ...) - TODO: check + NOT-FOR-US: SmarterTools SmarterMail CVE-2004-2583 (SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...) - TODO: check + NOT-FOR-US: SmarterTools SmarterMail CVE-2004-2582 (Novell iChain 2.3 includes the build number in the VIA line of the ...) - TODO: check + NOT-FOR-US: iChain CVE-2004-2581 (Novell iChain 2.3 allows attackers to cause a denial of service via a ...) - TODO: check + NOT-FOR-US: iChain CVE-2004-2580 (Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows ...) - TODO: check + NOT-FOR-US: iChain CVE-2004-2579 (ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access ...) - TODO: check + NOT-FOR-US: iChain CVE-2004-2578 (phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) ...) - TODO: check + - phpgroupware 0.9.16.002-1 CVE-2004-2577 (The acl_check function in phpGroupWare 0.9.16RC2 always returns True, ...) - TODO: check + - phpgroupware 0.9.14-0.RC3.1 CVE-2004-2576 (class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create ...) - TODO: check + - phpgroupware 0.9.16.000.1.cvs.20040620-1 CVE-2004-2575 (phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain ...) - TODO: check + - phpgroupware 0.9.14.007 CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare ...) - TODO: check + - phpgroupware 0.9.14.007 CVE-2004-2573 (PHP remote file include vulnerability in tables_update.inc.php in ...) - TODO: check + - phpgroupware 0.9.14.007 CVE-2005-XXXX [Multiple issues in webcalendar] - webcalendar <unfixed> (bug filed; medium) CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...)