Author: joeyh
Date: 2005-12-11 21:14:19 +0000 (Sun, 11 Dec 2005)
New Revision: 3005
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-11 21:07:05 UTC (rev 3004)
+++ data/CVE/list 2005-12-11 21:14:19 UTC (rev 3005)
@@ -1,3 +1,49 @@
+CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2
allows ...)
+ TODO: check
+CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP
0.9 ...)
+ TODO: check
+CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME
...)
+ TODO: check
+CVE-2005-4161 (Multiple cross-site scripting (XSS) vulnerabilities in
MilliScripts ...)
+ TODO: check
+CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential
1.2 ...)
+ TODO: check
+CVE-2005-4159 (SQL injection vulnerability in Memberlist.php in Simple Machines
Forum ...)
+ TODO: check
+CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not
clear ...)
+ TODO: check
+CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before
6.1.3 ...)
+ TODO: check
+CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5
(1.0.9), ...)
+ TODO: check
+CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to
...)
+ TODO: check
+CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier
allows ...)
+ TODO: check
+CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers
to ...)
+ TODO: check
+CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop
...)
+ TODO: check
+CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login
page in ...)
+ TODO: check
+CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to
obtain ...)
+ TODO: check
+CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8,
...)
+ TODO: check
+CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows
remote ...)
+ TODO: check
+CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain
...)
+ TODO: check
+CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b
configures the ...)
+ TODO: check
+CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to
add ...)
+ TODO: check
+CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through
8.9a ...)
+ TODO: check
+CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager
5.0 ...)
+ TODO: check
CVE-2005-XXXX [Multiple issues in Horde]
- horde3 <unfixed> (bug filed; medium)
CVE-2005-XXXX [XSS in Kronolith]
@@ -22,7 +68,7 @@
NOT-FOR-US: DRZES HMS
CVE-2005-4135 (Direct static code injection vulnerability in
includes/newtopic.php in ...)
NOT-FOR-US: SimpleBBS
-CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon up to
0.9 ...)
+CVE-2005-4134 (** DISPUTED ** ...)
- mozilla-firefox <unfixed> (unimportant)
NOTE: Not exploitable beyond a sluggish browser startup, see
NOTE: http://www.mozilla.org/security/history-title.html
@@ -146,11 +192,11 @@
NOT-FOR-US: CF_Nuke
CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6
and ...)
NOT-FOR-US: CF_Nuke
-CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in Magic List
Pro 2.5 ...)
+CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in CFMagic Magic
List ...)
NOT-FOR-US: Magic List Pro
-CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in Magic Forum Personal
2.5 ...)
+CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum
...)
NOT-FOR-US: Magic Personal Forum
-CVE-2005-4071 (Multiple SQL injection vulnerabilities in Magic Forum Personal
2.5 and ...)
+CVE-2005-4071 (Multiple SQL injection vulnerabilities in CFMagic Magic Forum
Personal ...)
NOT-FOR-US: Magic Personal Forum
CVE-2005-4070
REJECTED
@@ -158,7 +204,8 @@
NOT-FOR-US: Sony root kit
CVE-2005-4068 (Unspecified "absolute path vulnerability" in
umountall in IBM AIX 5.1 ...)
NOT-FOR-US: AIX
-CVE-2005-4067 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3
allows ...)
+CVE-2005-4067
+ REJECTED
- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames
and ...)
NOT-FOR-US: Total Commander
@@ -203,7 +250,7 @@
NOT-FOR-US: IISWorks ASPKnowledgeBase
CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun
Java ...)
NOT-FOR-US: Sun Java System Application Server
-CVE-2005-4045 (Unknown vulnerability in System Communications Services 6
Delegated ...)
+CVE-2005-4045 (Unspecified vulnerability in System Communications Services 6
...)
NOT-FOR-US: Sun Java System Messaging Server
CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon
...)
NOT-FOR-US: Amazon Search Directory
@@ -231,7 +278,7 @@
NOT-FOR-US: Nodezilla
CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy
Search ...)
NOT-FOR-US: Easy Search System
-CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.0 through 1.5.3
allows ...)
+CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3
allows ...)
- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1
allows ...)
NOT-FOR-US: Quicksilver Forums
@@ -802,7 +849,7 @@
NOT-FOR-US: freeFTPd
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX
Magic ...)
NOT-FOR-US: AMAX Magic Winmail Server
-CVE-2005-3806 (The IPv6 flowlabel handling code (ip6_flowlabel.c) in Linux
kernels ...)
+CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux
kernels ...)
- linux-2.6 2.6.14-1 (medium)
- kernel-source-2.4.27 <unfixed> (medium)
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in
Linux ...)
@@ -1332,8 +1379,7 @@
RESERVED
CVE-2005-3652
RESERVED
-CVE-2005-3651 [Buffer overflow in ethereal''s OSPF dissector]
- RESERVED
+CVE-2005-3651 (Stack-based buffer overflow in the
dissect_ospf_v3_address_prefix ...)
- ethereal <unfixed> (bug filed; medium)
CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to
uninstall the ...)
NOT-FOR-US: Sony Root Kit Uninstaller
@@ -1506,9 +1552,11 @@
NOT-FOR-US: HP-UX
CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users
to ...)
NOT-FOR-US: HP-UX
-CVE-2005-3563 (ATutor 1.5.1 stores temporary chat logs as world readable under
the ...)
+CVE-2005-3563
+ REJECTED
NOT-FOR-US: ATutor
-CVE-2005-3562 (Direct code injection vulnerability in ATutor 1.5.1 allows
remote ...)
+CVE-2005-3562
+ REJECTED
NOT-FOR-US: ATutor
CVE-2005-3561 ( ...)
NOT-FOR-US: ATutor
@@ -1567,12 +1615,10 @@
RESERVED
CVE-2005-3534
RESERVED
-CVE-2005-3533 [osh cwd buffer overflow]
- RESERVED
+CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to
execute ...)
{DSA-918-1}
- osh 1.7-15
-CVE-2005-3532 [courier-authdaemon grants access to deactivated user accounts]
- RESERVED
+CVE-2005-3532 (authpam.c in courier-authdaemon for Courier Mail Server 0.37.3
through ...)
{DSA-917-1}
- courier 0.47-12 (bug #211920; medium)
CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root,
allows ...)
@@ -2232,7 +2278,8 @@
NOT-FOR-US: DboardGear
CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp
Lesson1.1 ...)
NOT-FOR-US: saphp Lesson
-CVE-2005-3362 (myBloggie 2.1.3 beta and earlier allows remote attackers to
bypass a ...)
+CVE-2005-3362
+ REJECTED
NOT-FOR-US: myBloggie
CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in
...)
NOT-FOR-US: FlatNuke
@@ -2899,7 +2946,7 @@
NOT-FOR-US: MailEnable Enterprise
CVE-2005-3154 (Format string vulnerability in the logging funtionality in
BitDefender ...)
NOT-FOR-US: Bitdefender Antivirus
-CVE-2005-3153 (login.php in MyBloggie 2.1.3 beta allows remote attackers to
bypass a ...)
+CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote
attackers ...)
NOT-FOR-US: MyBloggie
CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart
3.0.3 ...)
NOT-FOR-US: CubeCart
@@ -3478,7 +3525,7 @@
- libgda2 1.2.2-1 (medium)
CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows
1.00.00.68 ...)
NOT-FOR-US: AVIRA Desktop
-CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive
data ...)
+CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores temporary
chat ...)
NOT-FOR-US: ATutor
CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions,
uses an ...)
NOT-FOR-US: ATutor
@@ -11299,7 +11346,7 @@
NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- dcl 1:0.9.4.4-1
-CVE-2005-0887 (Code injection vulnerability in Double Choco Latte before
0.9.4.3 ...)
+CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before
0.9.4.3 ...)
- dcl 1:0.9.4.4-1
CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board
2.0.2 ...)
NOT-FOR-US: Invision Power Board
@@ -11393,7 +11440,7 @@
NOT-FOR-US: CoolForum
CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to
obtain ...)
NOT-FOR-US: CoolForum
-CVE-2005-0854 (betaparticle blog (bp blog) allows remote attackers to bypass
...)
+CVE-2005-0854 (betaparticle blog (bp blog), posisbly before version 4, allows
remote ...)
NOT-FOR-US: betaparticle blog
CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web
root, ...)
NOT-FOR-US: betaparticle blog