thr3ads.net - Secure testing commits - [Secure-testing-commits] r2978

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Dec-07 21:51 UTC
[Secure-testing-commits] r2978 - data/CVE

Author: jmm-guest
Date: 2005-12-07 21:50:32 +0000 (Wed, 07 Dec 2005)
New Revision: 2978

Modified:
   data/CVE/list
Log:
trac CVEfied
ffmpeg/xine-lin CVEfied
mediawiki not-affected
lots of NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-07 21:36:35 UTC (rev 2977)
+++ data/CVE/list	2005-12-07 21:50:32 UTC (rev 2978)
@@ -1,79 +1,79 @@
-begin claimed by jmm
 CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernams
and ...)
-	TODO: check
+	NOT-FOR-US: Total Commander
 CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall
Trac ...)
-	TODO: check
+	- trac 0.9.2-1 (medium)
 CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote
...)
-	TODO: check
+	NOT-FOR-US: A-FAQ
 CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in
NetAuctionHelp ...)
-	TODO: check
+	NOT-FOR-US: NetAuctionHelp
 CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in ...)
-	TODO: check
+	NOT-FOR-US: XcClassified
 CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in ...)
-	TODO: check
+	NOT-FOR-US: XcPhotoAlbum
 CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in
rwAuction ...)
-	TODO: check
+	NOT-FOR-US: rwAuction
 CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c
and ...)
-	TODO: check
+	NOT-FOR-US: LocazoList
 CVE-2005-4058 (SQL injection vulnerability in saralblog v.1 and earlier allows
remote ...)
-	TODO: check
+	NOT-FOR-US: saralblog
 CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in
PluggedOut ...)
-	TODO: check
+	NOT-FOR-US: PluggedOut Nexus
 CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus
0.1 ...)
-	TODO: check
+	NOT-FOR-US: PluggedOut Nexus
 CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and
...)
-	TODO: check
+	NOT-FOR-US: Cars Portal
 CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog
1.9.5 and ...)
-	TODO: check
+	NOT-FOR-US: PluggedOut Bot
 CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: coWiki
 CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other
web ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a
...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices
with ...)
-	TODO: check
+	NOT-FOR-US: MultiVOIP hardware 
 CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Blog System
 CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer
function ...)
-	TODO: check
+	- ffmpeg <unfixed> (bug #342207; medium)
+	- xine-lib <unfixed> (bug #342208; medium)
 CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks
...)
-	TODO: check
+	NOT-FOR-US: IISWorks ASPKnowledgeBase
 CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun
Java ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Application Server
 CVE-2005-4045 (Unknown vulnerability in System Communications Services 6
Delegated ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Messaging Server
 CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon
...)
-	TODO: check
+	NOT-FOR-US: Amazon Search Directory
 CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0
and ...)
-	TODO: check
+	NOT-FOR-US: Hobosworld HobSR
 CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and
...)
-	TODO: check
+	NOT-FOR-US: Warm Links 
 CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI
Guy ...)
-	TODO: check
+	NOT-FOR-US: MR CGI Guy Hot Links SQL
 CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier
allows ...)
-	TODO: check
+	NOT-FOR-US: FileLister
 CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future
Portal ...)
-	TODO: check
+	NOT-FOR-US: Web4Future Portal Solutions News Portal 
 CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future
Portal ...)
-	TODO: check
+	NOT-FOR-US: Web4Future Portal Solutions News Portal 
 CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future
Affiliate ...)
-	TODO: check
+	NOT-FOR-US: Web4Future Affiliate Manager
 CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in
Web4Future ...)
-	TODO: check
+ 	NOT-FOR-US: Web4Future Keyboard Frequency Counter
 CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce
...)
-	TODO: check
+ 	NOT-FOR-US: Web4Future eCommerce Enterprise Edition
 CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating
...)
-	TODO: check
+ 	NOT-FOR-US: Web4Future eDating Professional
 CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the
evl_data ...)
-	TODO: check
+	NOT-FOR-US: Nodezilla
 CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy
Search ...)
-	TODO: check
+	NOT-FOR-US: Easy Search System
 CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.0 through 1.5.3
allows ...)
-	TODO: check
+	- mediawiki <not-affected> (Only affects the 1.5 branch)
 CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1
allows ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: Quicksilver Forums
+begin claimed by jmm
 CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid
usernames ...)
 	TODO: check
 CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember
allow ...)
@@ -118,6 +118,7 @@
 	TODO: check
 CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar
1.34 ...)
 	TODO: check
+end claimed by jmm
 CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin]
 	- phpmyadmin <not-affected> (Apparently affects only 2.7.0)
 	NOTE: http://www.hardened-php.net/advisory_252005.110.html
@@ -127,12 +128,6 @@
 	[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
 CVE-2005-XXXX [Buffer overflows in electricsheep]
 	- electricsheep 2.6.3+cvs20051206-1 
-CVE-2005-XXXX [libavcodec: heap overflow in PIX_FMT_PAL8]
-	- ffmpeg <unfixed> (bug #342207; medium)
-	- xine-lib <unfixed> (bug #342208; medium)
-	NOTE: CVE ID requested
-CVE-2005-XXXX [trac: SQL injection in search module]
-	- trac 0.9.2-1 (medium)
 CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before
1.2.3.03, ...)
 	NOT-FOR-US: SAPID CMS
 CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
Secure testing commits - Dec 2005 - r2978 - data/CVE

[Secure-testing-commits] r2978 - data/CVE
