Author: jmm-guest
Date: 2005-12-07 22:08:01 +0000 (Wed, 07 Dec 2005)
New Revision: 2979
Modified:
data/CVE/list
Log:
gallery2 CVEfied
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-07 21:50:32 UTC (rev 2978)
+++ data/CVE/list 2005-12-07 22:08:01 UTC (rev 2979)
@@ -73,52 +73,50 @@
- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1
allows ...)
NOT-FOR-US: Quicksilver Forums
-begin claimed by jmm
CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid
usernames ...)
- TODO: check
+ NOT-FOR-US: WebEOC
CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember
allow ...)
- TODO: check
+ NOT-FOR-US: aMember
CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: SimpleBBS
CVE-2005-4026 (search.php in Geeklog 1.4.0 Beta 1 and earlier allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Geeklog
CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect
...)
- TODO: check
+ NOT-FOR-US: Help Desk Reloaded Free Help Desk
CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind
2004 ...)
- TODO: check
+ NOT-FOR-US: Interspire FastFind
CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0
before ...)
- TODO: check
+ - gallery2 2.0.2-1 (medium)
CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the "Add
Image From Web" ...)
- TODO: check
+ - gallery2 2.0.2-1 (medium)
CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install
log ...)
- TODO: check
+ - gallery2 2.0.2-1 (low)
CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint
1.0.26 and ...)
- TODO: check
+ NOT-FOR-US: Widget Imprint
CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate
...)
- TODO: check
+ NOT-FOR-US: Relative Real Estate Systems
CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate
Commerce ...)
- TODO: check
+ NOT-FOR-US: Landshop Real Estate Commerce System
CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Widget Property
CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Widget Property
CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit
the ...)
- TODO: check
+ NOT-FOR-US: PHP Web Statistik
CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: PHP Web Statistik
CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web
root with ...)
- TODO: check
+ NOT-FOR-US: PHP Web Statistik
CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web
...)
- TODO: check
+ NOT-FOR-US: PHP Web Statistik
CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers
ltwCalendar ...)
- TODO: check
+ NOT-FOR-US: Codewalkers ltwCalendar
CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: Kbase Express
CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar
Express ...)
- TODO: check
+ NOT-FOR-US: PHP Lite Calender Express
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar
1.34 ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: Jax Calendar
CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin]
- phpmyadmin <not-affected> (Apparently affects only 2.7.0)
NOTE: http://www.hardened-php.net/advisory_252005.110.html
@@ -502,10 +500,6 @@
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape
before ...)
{DSA-916-1}
- inkscape 0.42-1 (bug #321501; low)
-CVE-2005-XXXX [gallery2 zipcart information disclosure]
- - gallery2 2.0.2-1 (medium)
-CVE-2005-XXXX [gallery2 add-from-web XSS]
- - gallery2 2.0.2-1 (medium)
CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in
Zainu ...)
NOT-FOR-US: Zaimu
CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP
...)