thr3ads.net - Secure testing commits - [Secure-testing-commits] r2940

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Dec-05 10:05 UTC
[Secure-testing-commits] r2940 - data/CVE

Author: jmm-guest
Date: 2005-12-05 10:04:44 +0000 (Mon, 05 Dec 2005)
New Revision: 2940

Modified:
   data/CVE/list
Log:
two new webcalendar issues
new openmotif issues
trac CVEfied
drupal CVEfied
lots of NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-05 09:29:15 UTC (rev 2939)
+++ data/CVE/list	2005-12-05 10:04:44 UTC (rev 2940)
@@ -1,96 +1,96 @@
 begin claimed by jmm
 CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before
1.2.3.03, ...)
-	TODO: check
+	NOT-FOR-US: SAPID CMS
 CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: SAPID CMS
 CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion
6.00.109 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in ...)
-	TODO: check
+	NOT-FOR-US: MyTemplateSite
 CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping
Package ...)
-	TODO: check
+	NOT-FOR-US: Absolute Shopping Package Solutions (ASPS) Shopping Cart
 CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all
installations, ...)
-	TODO: check
+	NOT-FOR-US: WebEOC
 CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro
Edition and ...)
-	TODO: check
+	NOT-FOR-US: phpYellowTM Pro Edition
 CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in
SiteBeater ...)
-	TODO: check
+	NOT-FOR-US: SiteBeater News System
 CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in
SiteBeater ...)
-	TODO: check
+	NOT-FOR-US: SiteBeater MP3 Catalog
 CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in
Solupress ...)
-	TODO: check
+	NOT-FOR-US: Solupress News 
 CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations,
allows ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in
...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX
...)
-	TODO: check
+	NOT-FOR-US: Sobexsrv
+	NOTE: Checked obexserver source package, not vulnerable
 CVE-2005-3994 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence
2.0.1 ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Confluence
 CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional
1.6 ...)
-	TODO: check
+	NOT-FOR-US: MailEnable
 CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access
trojan ...)
-	TODO: check
+	NOT-FOR-US: WinEggDropShell
 CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat
...)
-	TODO: check
+	NOT-FOR-US: phpMyChat
 CVE-2005-3990 (Directory traversal vulnerability in FastJar 0.93 allows remote
...)
-	TODO: check
+	TODO: check, whether fastjar from the gcc source packages is affected
 CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack
...)
-	TODO: check
+	NOT-FOR-US: Avaya hardware
 CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple
Technologies ...)
-	TODO: check
+	NOT-FOR-US: Pineapple Technologies Lore
 CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Tradesoft CMS
 CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery
1 and ...)
-	TODO: check
+	NOT-FOR-US: Instant Photo Gallery
 CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in
Astaro ...)
-	TODO: check
+	NOT-FOR-US: Astaro Security Linux
 CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote
...)
-	TODO: check
+	- webcalendar <unfixed> (bug filed)
 CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight
Manager ...)
-	TODO: check
+	NOT-FOR-US: HP Systems Insight Manager
 CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar
1.0.1 ...)
-	TODO: check
+	- webcalendar <unfixed> (bug filed)
 CVE-2005-3981 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2005-3980 (SQL injection vulnerability in the ticket query module in
Edgewall ...)
-	TODO: check
+	- trac 0.9.1-1 (medium)
 CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and
1.4 ...)
-	TODO: check
+	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium
...)
-	TODO: check
+	NOT-FOR-US: NetClassifieds Premium Edition 
 CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality
PPC ...)
-	TODO: check
+	NOT-FOR-US: QualityEBiz Quality PPC
 CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple
DUware ...)
-	TODO: check
+	NOT-FOR-US: Multipke DuWare products
 CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through
4.5.5 and ...)
-	TODO: check
+	- drupal 4.5.6-1 (medium)
 CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running
on ...)
-	TODO: check
+	- drupal 4.5.6-1 (low)
+	[sarge] - drupal <not-affected> (Only vulnerable if running PHP 5)
 CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal
4.5.0 ...)
-	TODO: check
+	- drupal 4.5.6-1 (unknown)
 CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in
...)
-	TODO: check
+	NOT-FOR-US: Extreme Search Corporate Edition 
 CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in
Citrix ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...)
-	TODO: check
+	NOT-FOR-US: MXChange
 CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492
...)
-	TODO: check
+	NOT-FOR-US: MXChange
 CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: PHPX
 CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the
dosearchsite.action ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Confluence
 CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java
Search ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: Java Search Engine
 CVE-2005-3965
 	REJECTED
-	TODO: check
 CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif
2.2.3, ...)
-	TODO: check
+	- openmotif <unfixed> (bug filed; medium)
 CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before
1.2.3 ...)
-	TODO: check
+	NOT-FOR-US: DotClear
 CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs
displayed in ...)
 	TODO: check
 CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator
privileges ...)
@@ -180,8 +180,6 @@
 CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x
up to ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
 	- kernel-source-2.4.27 2.4.27-8
-CVE-2005-XXXX [SQL injection in trac''s ticket query module]
-	- trac 0.9.1-1 (medium)
 CVE-2005-3962 (Integer overflow in the format string functionality
(Perl_sv_vcatpvfn) ...)
 	- perl <unfixed> (bug #341542; medium)
 CVE-2006-0034
@@ -374,12 +372,6 @@
 	NOT-FOR-US: Cisco Security Agent 
 CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape
before ...)
 	- inkscape 0.42-1 (bug #321501; low)
-CVE-2005-XXXX [drupal: Unspecified XSS]
-	- drupal 4.5.6-1 (unknown)
-CVE-2005-XXXX [drupal: Protect against IE interpretation flaw]
-	- drupal 4.5.6-1 (medium)
-CVE-2005-XXXX [drupal: Hidden user profile information disclosure]
-	- drupal 4.5.6-1 (low)
 CVE-2005-XXXX [gallery2 zipcart information disclosure]
 	- gallery2 2.0.2-1 (medium)
 CVE-2005-XXXX [gallery2 add-from-web XSS]
Secure testing commits - Dec 2005 - r2940 - data/CVE

[Secure-testing-commits] r2940 - data/CVE
