thr3ads.net - Secure testing commits - [Secure-testing-commits] r2976

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Dec-07 21:14 UTC
[Secure-testing-commits] r2976 - data/CVE

Author: joeyh
Date: 2005-12-07 21:14:19 +0000 (Wed, 07 Dec 2005)
New Revision: 2976

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-07 17:16:22 UTC (rev 2975)
+++ data/CVE/list	2005-12-07 21:14:19 UTC (rev 2976)
@@ -1,3 +1,121 @@
+CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernams
and ...)
+	TODO: check
+CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall
Trac ...)
+	TODO: check
+CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote
...)
+	TODO: check
+CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in
NetAuctionHelp ...)
+	TODO: check
+CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in ...)
+	TODO: check
+CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in ...)
+	TODO: check
+CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in
rwAuction ...)
+	TODO: check
+CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c
and ...)
+	TODO: check
+CVE-2005-4058 (SQL injection vulnerability in saralblog v.1 and earlier allows
remote ...)
+	TODO: check
+CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in
PluggedOut ...)
+	TODO: check
+CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus
0.1 ...)
+	TODO: check
+CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and
...)
+	TODO: check
+CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog
1.9.5 and ...)
+	TODO: check
+CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows
remote ...)
+	TODO: check
+CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other
web ...)
+	TODO: check
+CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a
...)
+	TODO: check
+CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices
with ...)
+	TODO: check
+CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow
remote ...)
+	TODO: check
+CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer
function ...)
+	TODO: check
+CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks
...)
+	TODO: check
+CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun
Java ...)
+	TODO: check
+CVE-2005-4045 (Unknown vulnerability in System Communications Services 6
Delegated ...)
+	TODO: check
+CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon
...)
+	TODO: check
+CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0
and ...)
+	TODO: check
+CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and
...)
+	TODO: check
+CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI
Guy ...)
+	TODO: check
+CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier
allows ...)
+	TODO: check
+CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future
Portal ...)
+	TODO: check
+CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future
Portal ...)
+	TODO: check
+CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future
Affiliate ...)
+	TODO: check
+CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in
Web4Future ...)
+	TODO: check
+CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce
...)
+	TODO: check
+CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating
...)
+	TODO: check
+CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the
evl_data ...)
+	TODO: check
+CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy
Search ...)
+	TODO: check
+CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.0 through 1.5.3
allows ...)
+	TODO: check
+CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1
allows ...)
+	TODO: check
+CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid
usernames ...)
+	TODO: check
+CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember
allow ...)
+	TODO: check
+CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote
attackers ...)
+	TODO: check
+CVE-2005-4026 (search.php in Geeklog 1.4.0 Beta 1 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect
...)
+	TODO: check
+CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind
2004 ...)
+	TODO: check
+CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0
before ...)
+	TODO: check
+CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the &quot;Add
Image From Web&quot; ...)
+	TODO: check
+CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install
log ...)
+	TODO: check
+CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint
1.0.26 and ...)
+	TODO: check
+CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate
...)
+	TODO: check
+CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate
Commerce ...)
+	TODO: check
+CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers
to ...)
+	TODO: check
+CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows
remote ...)
+	TODO: check
+CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit
the ...)
+	TODO: check
+CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web
root with ...)
+	TODO: check
+CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web
...)
+	TODO: check
+CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers
ltwCalendar ...)
+	TODO: check
+CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier
allows ...)
+	TODO: check
+CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar
Express ...)
+	TODO: check
+CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar
1.34 ...)
+	TODO: check
 CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin]
 	- phpmyadmin <not-affected> (Apparently affects only 2.7.0)
 	NOTE: http://www.hardened-php.net/advisory_252005.110.html
@@ -177,7 +295,7 @@
 	TODO: check
 CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a
denial ...)
 	TODO: check
-CVE-2004-2613 (Unspecified vulnerability in the Linux-VServer stable branch for
the ...)
+CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable
branch ...)
 	TODO: check
 CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is
provided, ...)
 	TODO: check
@@ -385,6 +503,7 @@
 CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0
and ...)
 	NOT-FOR-US: Cisco Security Agent 
 CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape
before ...)
+	{DSA-916-1}
 	- inkscape 0.42-1 (bug #321501; low)
 CVE-2005-XXXX [gallery2 zipcart information disclosure]
 	- gallery2 2.0.2-1 (medium)
@@ -397,7 +516,7 @@
 	- php4 <unfixed> (bug #341726; medium)
 CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing
...)
 	NOT-FOR-US: FAQRing Knowledge Base
-CVE-2005-3881 (SQL injection vulnerability in search.php in AltantisFAQ
Knowledge ...)
+CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ
Knowledge ...)
 	NOT-FOR-US: AtlantisFAQ Knowledge Base
 CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and
...)
 	NOT-FOR-US: Omnistar KBase
@@ -434,6 +553,7 @@
 CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and
...)
 	NOT-FOR-US: SourceWell
 CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3
and ...)
+	{DTSA-23-1}
 	- centericq 4.21.0-6 (bug #340959; medium)
 	TODO: Check orpheus and motor
 CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to
...)
@@ -756,6 +876,7 @@
 CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...)
 	NOT-FOR-US: Mambo
 CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41
...)
+	{DSA-916-1 DTSA-24-1}
 	- inkscape 0.43-1 (bug #330894; medium)
 CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick
Cart ...)
 	NOT-FOR-US: e-Quick Cart
@@ -1202,11 +1323,11 @@
 	- gdal <not-affected> (Gentoo-specific packaging flaw)
 CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to
...)
 	- qdbm <not-affected> (Gentoo-specific packaging flaw)
-CVE-2005-3579 (ts.cgi in Walla TeleSite 3.0 and earlier allows remote attackers
to ...)
+CVE-2005-3579 (ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows
remote ...)
 	NOT-FOR-US: Walla TeleSite
-CVE-2005-3578 (SQL injection vulnerability in ts.exe in Walla TeleSite 3.0 and
...)
+CVE-2005-3578 (SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla
TeleSite ...)
 	NOT-FOR-US: Walla TeleSite
-CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe in Walla
TeleSite ...)
+CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi)
in ...)
 	NOT-FOR-US: Walla TeleSite
 CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers
to ...)
 	NOT-FOR-US: Walla TeleSite
@@ -2496,8 +2617,7 @@
 	REJECTED
 CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1
(International), ...)
 	NOT-FOR-US: ALZip
-CVE-2005-3193 [xpdf jpx stream reader heap overflow]
-	RESERVED
+CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream
function ...)
 	- xpdf 3.01-3 (bug #342281; medium)
 	- gpdf <unfixed> (bug #342286; medium)
 	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
@@ -2516,8 +2636,7 @@
 	- tetex-bin 3.0-11 (bug #342292; medium)
 	- koffice <unfixed> (bug #342294; medium)
 	- libextractor 0.5.8-1 (medium)
-CVE-2005-3191 [xpdf dctstream heap overflow]
-	RESERVED
+CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
 	- xpdf 3.01-3 (bug #342281; medium)
 	- gpdf <unfixed> (bug #342286; medium)
 	- pdftohtml <unfixed> (bug #342289; medium)
@@ -2640,7 +2759,7 @@
 	{DSA-855-1}
 	- weex 2.6.1-6sarge1 (bug #332424; medium)
 CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly
...)
-	{DSA-895-1}
+	{DSA-895-1 DTSA-22-1}
 	- uim 1:0.4.7-2 (bug #331620; medium)
 CVE-2005-3148 (StoreBackup before 1.19 in SUSE Linux does not properly set the
uid ...)
 	- storebackup 1.19-1 (bug #332434)
@@ -3260,8 +3379,8 @@
 	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
 CVE-2005-2932
 	RESERVED
-CVE-2005-2931
-	RESERVED
+CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server
8.20 ...)
+	TODO: check
 CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote
...)
 	- lynx <not-affected> (Debian''s default config is not
vulnerable)
 CVE-2005-2928
@@ -3274,8 +3393,8 @@
 	NOT-FOR-US: IRIX
 CVE-2005-2924
 	RESERVED
-CVE-2005-2923
-	RESERVED
+CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration
Suite ...)
+	TODO: check
 CVE-2005-2922
 	RESERVED
 CVE-2005-2921
@@ -3452,6 +3571,7 @@
 CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and
SP3, ...)
 	NOT-FOR-US: Novell Netware
 CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to
read ...)
+	{DTSA-25-1}
 	- smb4k 0.6.4-1 (bug #337471; medium)
 	NOTE: fix in 0.6.3-1 was incomplete according to maintainer
 CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of
service ...)
@@ -3906,7 +4026,7 @@
 CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows
local ...)
 	{DSA-839-1}
 	- apachetop 0.12.5-3 (unknown)
-CVE-2005-2659 (Buffer overflow in LZX decompression in CHM Lib (chmlib) 0.35
with ...)
+CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib)
0.35, as ...)
 	{DSA-886-1}
 	- chmlib 0.37-2 (medium)
 CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat)
2.2.4 ...)
@@ -10636,7 +10756,7 @@
 	NOT-FOR-US: SurgeFTP
 CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive
information ...)
 	NOT-FOR-US: CubeCart
-CVE-2005-1032 (SQL injection vulnerability in cart.php in LiteCommerce allows
remote ...)
+CVE-2005-1032 (** DISPUTED ** NOTE: the vendor has disputed this issue.  SQL
...)
 	NOT-FOR-US: LiteCommerce
 CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops
(exoops), ...)
 	NOT-FOR-US: exoops
Secure testing commits - Dec 2005 - r2976 - data/CVE

[Secure-testing-commits] r2976 - data/CVE
