Author: joeyh Date: 2005-12-05 09:14:20 +0000 (Mon, 05 Dec 2005) New Revision: 2938 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-05 09:03:36 UTC (rev 2937) +++ data/CVE/list 2005-12-05 09:14:20 UTC (rev 2938) @@ -1,9 +1,186 @@ -CVE-2004-2607 [kernel: Information disclosure in sdla_xfer()] +CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, ...) + TODO: check +CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...) + TODO: check +CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...) + TODO: check +CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in ...) + TODO: check +CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package ...) + TODO: check +CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, ...) + TODO: check +CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and ...) + TODO: check +CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater ...) + TODO: check +CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater ...) + TODO: check +CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress ...) + TODO: check +CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows ...) + TODO: check +CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in ...) + TODO: check +CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX ...) + TODO: check +CVE-2005-3994 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence 2.0.1 ...) + TODO: check +CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...) + TODO: check +CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...) + TODO: check +CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat ...) + TODO: check +CVE-2005-3990 (Directory traversal vulnerability in FastJar 0.93 allows remote ...) + TODO: check +CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...) + TODO: check +CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...) + TODO: check +CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote ...) + TODO: check +CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and ...) + TODO: check +CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro ...) + TODO: check +CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote ...) + TODO: check +CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...) + TODO: check +CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...) + TODO: check +CVE-2005-3981 (** DISPUTED ** ...) + TODO: check +CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall ...) + TODO: check +CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 ...) + TODO: check +CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...) + TODO: check +CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC ...) + TODO: check +CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...) + TODO: check +CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...) + TODO: check +CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...) + TODO: check +CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 ...) + TODO: check +CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...) + TODO: check +CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...) + TODO: check +CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...) + TODO: check +CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 ...) + TODO: check +CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier ...) + TODO: check +CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action ...) + TODO: check +CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search ...) + TODO: check +CVE-2005-3965 + REJECTED + TODO: check +CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, ...) + TODO: check +CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 ...) + TODO: check +CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...) + TODO: check +CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...) + TODO: check +CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows ...) + TODO: check +CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...) + TODO: check +CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...) + TODO: check +CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote ...) + TODO: check +CVE-2004-2642 (Yeemp 0.9.9 and earlier does properly encrypt inbound files, which ...) + TODO: check +CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire ...) + TODO: check +CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before ...) + TODO: check +CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows ...) + TODO: check +CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote ...) + TODO: check +CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...) + TODO: check +CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...) + TODO: check +CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System ...) + TODO: check +CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX ...) + TODO: check +CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous ...) + TODO: check +CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify ...) + TODO: check +CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to ...) + TODO: check +CVE-2004-2630 (The MIME transformation system ...) + TODO: check +CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for ...) + TODO: check +CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, ...) + TODO: check +CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...) + TODO: check +CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular ...) + TODO: check +CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows ...) + TODO: check +CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki ...) + TODO: check +CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when ...) + TODO: check +CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not ...) + TODO: check +CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when ...) + TODO: check +CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly ...) + TODO: check +CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail ...) + TODO: check +CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) ...) + TODO: check +CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 ...) + TODO: check +CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote ...) + TODO: check +CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions ...) + TODO: check +CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...) + TODO: check +CVE-2004-2613 (Unspecified vulnerability in the Linux-VServer stable branch for the ...) + TODO: check +CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, ...) + TODO: check +CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28 ...) + TODO: check +CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain ...) + TODO: check +CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 ...) + TODO: check +CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news ...) + TODO: check +CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel ...) + TODO: check +CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6) - kernel-source-2.4.27 2.4.27-8 CVE-2005-XXXX [SQL injection in trac''s ticket query module] - trac 0.9.1-1 (medium) -CVE-2005-3962 [integer overflow in perl''s format string code] +CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...) - perl <unfixed> (bug #341542; medium) CVE-2006-0034 RESERVED @@ -5945,7 +6122,7 @@ NOT-FOR-US: Cold Fusion CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...) NOT-FOR-US: Ansel -CVE-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows remote ...) +CVE-2004-2202 (Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 ...) NOT-FOR-US: DUclassified CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...) NOT-FOR-US: DUforum @@ -8218,7 +8395,7 @@ NOT-FOR-US: Postnuke mod CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...) NOT-FOR-US: Skull-Splitter Guestbook -CVE-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...) +CVE-2005-1619 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: PHPMyChat CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...) NOT-FOR-US: Yahoo Messenger