Author: jmm-guest Date: 2005-12-11 21:54:04 +0000 (Sun, 11 Dec 2005) New Revision: 3007 Modified: data/CVE/list Log: new sudo issue new mailman issue, still rather unclear NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-11 21:15:34 UTC (rev 3006) +++ data/CVE/list 2005-12-11 21:54:04 UTC (rev 3007) @@ -1,51 +1,50 @@ -begin claimed by jmm CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows ...) - TODO: check + NOT-FOR-US: PHP-addressbook CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 ...) - TODO: check + NOT-FOR-US: Captcha CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME ...) - TODO: check + NOT-FOR-US: ACME PerlCal CVE-2005-4161 (Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts ...) - TODO: check + NOT-FOR-US: MilliScripts CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 ...) - TODO: check + NOT-FOR-US: Torrential CVE-2005-4159 (SQL injection vulnerability in Memberlist.php in Simple Machines Forum ...) - TODO: check + NOT-FOR-US: Simple Machines Forum CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...) - TODO: check + - sudo <unfixed> (bug filed; medium) CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...) - TODO: check + NOT-FOR-US: Kerio Firewall CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), ...) - TODO: check + NOT-FOR-US: Mambo CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to ...) - TODO: check + NOT-FOR-US: ATutor CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...) - TODO: check + NOT-FOR-US: PEAR installer + TODO: Please double-check, this could be included somewhere else CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ...) - TODO: check + TODO: Pull this from the Mandriva update for further evaluation CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Soti Pocket Controller-Professional CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop ...) - TODO: check + NOT-FOR-US: PGP Desktop Home CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in ...) - TODO: check + NOT-FOR-US: CA Clever Path CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Lyris ListManager CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, ...) - TODO: check + NOT-FOR-US: Lyris ListManager CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote ...) - TODO: check + NOT-FOR-US: Lyris ListManager CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Lyris ListManager CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the ...) - TODO: check + NOT-FOR-US: Lyris ListManager CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add ...) - TODO: check + NOT-FOR-US: Lyris ListManager CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a ...) - TODO: check + NOT-FOR-US: Lyris ListManager CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 ...) - TODO: check -end claimed by jmm + NOT-FOR-US: Lyris ListManager CVE-2005-XXXX [Multiple issues in Horde] - horde3 <unfixed> (bug filed; medium) CVE-2005-XXXX [XSS in Kronolith] @@ -208,7 +207,6 @@ NOT-FOR-US: AIX CVE-2005-4067 REJECTED - - mediawiki <not-affected> (Only affects the 1.5 branch) CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...) NOT-FOR-US: Total Commander CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...) @@ -1556,10 +1554,8 @@ NOT-FOR-US: HP-UX CVE-2005-3563 REJECTED - NOT-FOR-US: ATutor CVE-2005-3562 REJECTED - NOT-FOR-US: ATutor CVE-2005-3561 ( ...) NOT-FOR-US: ATutor CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...) @@ -2282,7 +2278,6 @@ NOT-FOR-US: saphp Lesson CVE-2005-3362 REJECTED - NOT-FOR-US: myBloggie CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...) NOT-FOR-US: FlatNuke CVE-2005-3360