Author: jmm-guest Date: 2005-12-09 09:36:08 +0000 (Fri, 09 Dec 2005) New Revision: 2989 Modified: data/CVE/list Log: phpmyadmin CVEfied new imp4 issue another mediawiki not-affected lots of NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-09 09:16:45 UTC (rev 2988) +++ data/CVE/list 2005-12-09 09:36:08 UTC (rev 2989) @@ -1,62 +1,59 @@ -begin claimed by jmm CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...) - TODO: check + NOT-FOR-US: DoceboLMS CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...) - TODO: check + NOT-FOR-US: DoceboLMS CVE-2005-4093 (Unspecified vulnerability in Check Point VPN-1 SecureClient NG with ...) - TODO: check + NOT-FOR-US: Check Point CVE-2005-4092 (Heap-based buffer overflow in Apple QuickTime Player 7.0.3 and iTunes ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...) - TODO: check + NOT-FOR-US: 1-Script 1-Search CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...) - TODO: check + NOT-FOR-US: phpForumPro CVE-2005-4087 (PHP remote file inclusion vulnerability in acceptDecline.php in Sugar ...) - TODO: check + NOT-FOR-US: SugarCRM CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...) - TODO: check + NOT-FOR-US: SugarCRM CVE-2005-4085 RESERVED CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...) - TODO: check + NOT-FOR-US: phpBB eXtreme Styles module CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...) - TODO: check + NOT-FOR-US: phpBB eXtreme Styles module CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by ...) - TODO: check + NOT-FOR-US: QNX CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...) - TODO: check + NOT-FOR-US: Alisveristr E-commerce CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...) - TODO: check + - imp4 <unfixed> (bug filed; medium) CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...) - TODO: check + - phpmyadmin <not-affected> (Affects only 2.7.0) CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...) - TODO: check + NOT-FOR-US: Ideal BB.NET CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...) - TODO: check + NOT-FOR-US: Appfluent Technology Database IDS 2.0 CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...) - TODO: check + NOT-FOR-US: CF_Nuke CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...) - TODO: check + NOT-FOR-US: CF_Nuke CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in Magic List Pro 2.5 ...) - TODO: check + NOT-FOR-US: Magic List Pro CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in Magic Forum Personal 2.5 ...) - TODO: check + NOT-FOR-US: Magic Personal Forum CVE-2005-4071 (Multiple SQL injection vulnerabilities in Magic Forum Personal 2.5 and ...) - TODO: check + NOT-FOR-US: Magic Personal Forum CVE-2005-4070 REJECTED - TODO: check CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0 assigns insecure permissions to the ...) - TODO: check + NOT-FOR-US: Sony root kit CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 ...) - TODO: check + NOT-FOR-US: AIX CVE-2005-4067 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...) - TODO: check -end claimed by jmm + - mediawiki <not-affected> (Only affects the 1.5 branch) CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...) NOT-FOR-US: Total Commander CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...) @@ -176,8 +173,6 @@ NOT-FOR-US: PHP Lite Calender Express CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...) NOT-FOR-US: Jax Calendar -CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin] - - phpmyadmin <not-affected> (Apparently affects only 2.7.0) CVE-2005-4077 (Multiple off-by-one errors in libcurl 7.11.2 through 7.15.0 and ...) - curl 7.15.1-1 (bug #342339; medium) [woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)