Author: joeyh Date: 2005-12-09 09:14:20 +0000 (Fri, 09 Dec 2005) New Revision: 2987 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-09 01:01:24 UTC (rev 2986) +++ data/CVE/list 2005-12-09 09:14:20 UTC (rev 2987) @@ -1,4 +1,61 @@ -CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernams and ...) +CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...) + TODO: check +CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...) + TODO: check +CVE-2005-4093 (Unspecified vulnerability in Check Point VPN-1 SecureClient NG with ...) + TODO: check +CVE-2005-4092 (Heap-based buffer overflow in Apple QuickTime Player 7.0.3 and iTunes ...) + TODO: check +CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...) + TODO: check +CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is ...) + TODO: check +CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ...) + TODO: check +CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...) + TODO: check +CVE-2005-4087 (PHP remote file inclusion vulnerability in acceptDecline.php in Sugar ...) + TODO: check +CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...) + TODO: check +CVE-2005-4085 + RESERVED +CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...) + TODO: check +CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...) + TODO: check +CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by ...) + TODO: check +CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...) + TODO: check +CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...) + TODO: check +CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...) + TODO: check +CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...) + TODO: check +CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...) + TODO: check +CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...) + TODO: check +CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...) + TODO: check +CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in Magic List Pro 2.5 ...) + TODO: check +CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in Magic Forum Personal 2.5 ...) + TODO: check +CVE-2005-4071 (Multiple SQL injection vulnerabilities in Magic Forum Personal 2.5 and ...) + TODO: check +CVE-2005-4070 + REJECTED + TODO: check +CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0 assigns insecure permissions to the ...) + TODO: check +CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 ...) + TODO: check +CVE-2005-4067 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...) + TODO: check +CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...) NOT-FOR-US: Total Commander CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...) - trac 0.9.2-1 (medium) @@ -119,7 +176,7 @@ NOT-FOR-US: Jax Calendar CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin] - phpmyadmin <not-affected> (Apparently affects only 2.7.0) -CVE-2005-4077 [Off-By-One heap overflow in curl] +CVE-2005-4077 (Multiple off-by-one errors in libcurl 7.11.2 through 7.15.0 and ...) - curl 7.15.1-1 (bug #342339; medium) [woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable) CVE-2005-XXXX [Buffer overflows in electricsheep] @@ -1038,8 +1095,7 @@ NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple ...) NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected -CVE-2005-3665 [Yet another phpmyadmin XSS] - RESERVED +CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium) CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...) NOT-FOR-US: Tivoli @@ -1152,8 +1208,8 @@ NOT-FOR-US: Kaspersky AV CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...) - netpbm-free <unfixed> (medium) -CVE-2005-3661 - RESERVED +CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware ...) + TODO: check CVE-2005-3660 RESERVED CVE-2005-3659 @@ -2437,7 +2493,7 @@ - linux-2.6 2.6.13-1 (low) [sarge] - kernel-source-2.6.8 2.6.8-16sarge1 (low) [sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (low) -CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6 ...) +CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source ...) - linux-2.6 2.6.12-1 - kernel-source-2.4.27 <not-affected> [sarge] - kernel-source-2.6.8 2.6.8-16sarge1 @@ -2617,8 +2673,7 @@ - tetex-bin 3.0-11 (bug #342292; medium) - koffice <not-affected> (Vulnerable xpdf code not contained) - libextractor 0.5.8-1 (medium) -CVE-2005-3192 [xpdf stream predictor heap overflow] - RESERVED +CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...) - xpdf 3.01-3 (bug #342281; bug #342337; medium) - gpdf <unfixed> (bug #342286; medium) - pdftohtml <unfixed> (bug #342289; medium)