Author: jmm-guest Date: 2005-12-01 10:11:15 +0000 (Thu, 01 Dec 2005) New Revision: 2912 Modified: data/CVE/list Log: webmin CVEfied lots of web crap NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-01 10:00:08 UTC (rev 2911) +++ data/CVE/list 2005-12-01 10:11:15 UTC (rev 2912) @@ -68,74 +68,74 @@ NOT-FOR-US: Microsoft CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...) NOT-FOR-US: ilyav Survey System -begin claimed by jmm CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...) - TODO: check + NOT-FOR-US: ilyav Survey System CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...) - TODO: check + NOT-FOR-US: Orca Knowledgebase CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier ...) - TODO: check + NOT-FOR-US: Orca Blog CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c ...) - TODO: check + NOT-FOR-US: Orca Ringmaker CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...) - TODO: check + NOT-FOR-US: WSN Knowledge Base CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler ...) - TODO: check + NOT-FOR-US: Softbiz FAQ CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script ...) - TODO: check + NOT-FOR-US: Softbiz B2B CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows ...) - TODO: check + NOT-FOR-US: SocketKB CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows ...) - TODO: check + NOT-FOR-US: SocketKB CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other ...) - TODO: check + NOT-FOR-US: pcAnywhere CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script''s Event Calendar ...) - TODO: check + NOT-FOR-US: 88Script''s Event Calendar CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and ...) - TODO: check + NOT-FOR-US: O-Kiraku Nikki CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows ...) - TODO: check + NOT-FOR-US: ASP-Rider CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows ...) - TODO: check + NOT-FOR-US: N-13 News CVE-2005-3929 (Directory traversal vulnerability in the create function in ...) - TODO: check + NOT-FOR-US: Xaraya + NOTE: xarMLSXML2PHPBackend.php, ''nuff said CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.3.0 allows local users to execute ...) - TODO: check + NOT-FOR-US: QNX CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and ...) - TODO: check + NOT-FOR-US: GuppY CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...) - TODO: check + NOT-FOR-US: GuppY CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC ...) - TODO: check + NOT-FOR-US: Central Manchester CLC Helpdesk Issue Manager CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop ...) - TODO: check + NOT-FOR-US: Randshop CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: NetObjects Fusion CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus ...) - TODO: check + NOT-FOR-US: Panda Antivirus CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for ...) - TODO: check + NOT-FOR-US: IOS CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers ...) - TODO: check + NOT-FOR-US: Babe Logger CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote ...) - TODO: check + NOT-FOR-US: PBLang CVE-2005-3918 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: OvBB CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 ...) - TODO: check + NOT-FOR-US: CommidityRentals CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...) - TODO: check + NOT-FOR-US: WSN Forum CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in ...) - TODO: check + NOT-FOR-US: Clavister Web Client CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow ...) - TODO: check + NOT-FOR-US: AFFcommerce CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...) - TODO: check + NOT-FOR-US: Virtual Hosting Control System CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...) - TODO: check + - webmin <unfixed> (bug #341394; medium) CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...) - TODO: check -end claimed by jmm + NOT-FOR-US: BosDates +begin claimed by jmm CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...) TODO: check CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...) @@ -189,8 +189,7 @@ TODO: check CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...) TODO: check -CVE-2005-XXXX [webmin format string vulnerability] - - webmin <unfixed> (bug #341394; medium) +end claimed by jmm CVE-2005-XXXX [drupal: Unspecified XSS] - drupal 4.5.6-1 (unknown) CVE-2005-XXXX [drupal: Protect against IE interpretation flaw]