thr3ads.net - Secure testing commits - [Secure-testing-commits] r3011

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Dec-12 10:20 UTC
[Secure-testing-commits] r3011 - data/CVE

Author: jmm-guest
Date: 2005-12-12 10:19:22 +0000 (Mon, 12 Dec 2005)
New Revision: 3011

Modified:
   data/CVE/list
Log:
two historic asn1c issues
three historic phpmyadmin issues
one thttpd not-affected
two probably historic vserver issues; Micah, can you
 check these?


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-12 09:54:26 UTC (rev 3010)
+++ data/CVE/list	2005-12-12 10:19:22 UTC (rev 3011)
@@ -424,94 +424,92 @@
 	- openmotif <unfixed> (bug #342092; medium)
 CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before
1.2.3 ...)
 	NOT-FOR-US: DotClear
-begin claimed by jmm
 CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs
displayed in ...)
-	TODO: check
+	NOT-FOR-US: Eudora
 CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator
privileges ...)
-	TODO: check
+	NOT-FOR-US: FreezeX
 CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of
service ...)
-	TODO: check
+	NOT-FOR-US: Free Web Chat
 CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Free Web Chat
 CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7
has ...)
-	TODO: check
+	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
 CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7
has ...)
-	TODO: check
+	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
 CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft cabarc 
 CVE-2004-2642 (Yeemp 0.9.9 and earlier does properly encrypt inbound files,
which ...)
-	TODO: check
+	NOT-FOR-US: Yeemp 
 CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun
Fire ...)
-	TODO: check
+	NOT-FOR-US: Sun appliances
 CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat
before ...)
-	TODO: check
+	NOT-FOR-US: LinuxStat
 CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier
allows ...)
-	TODO: check
+	NOT-FOR-US: Journalness
 CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: osCommerce
 CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router
Runtime Code ...)
-	TODO: check
+	NOT-FOR-US: Zyxel hardware
 CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of
scripts via ...)
-	TODO: check
+	NOT-FOR-US: TinyWeb
 CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System
...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM
AIX ...)
-	TODO: check
+	NOT-FOR-US: AIX 
 CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous
...)
-	TODO: check
+	NOT-FOR-US: Sesamie
 CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify
...)
-	TODO: check
+	- phpmyadmin 1:2.5.7-pl1-1
 CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up
to ...)
-	TODO: check
+	- phpmyadmin 1:2.5.7-pl1-1
 CVE-2004-2630 (The MIME transformation system ...)
-	TODO: check
+	- phpmyadmin 2:2.6.0-pl2-1
 CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation
for ...)
-	TODO: check
+	NOT-FOR-US: Click to Meet express
 CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta
0.4, ...)
-	TODO: check
+	- thttpd <not-affected> (Windows-specific vulnerabilities)
 CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode,
which ...)
-	TODO: check
+	NOT-FOR-US: J2ME
 CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55
cellular ...)
-	TODO: check
+	NOT-FOR-US: Siemens cell phone 
 CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email
allows ...)
-	TODO: check
+	NOT-FOR-US: Outblaze Email 
 CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in
&quot;TextSearch&quot; in WackoWiki ...)
-	TODO: check
+	NOT-FOR-US: WackoWiki
 CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when
...)
-	TODO: check
+	NOT-FOR-US: Rippy the Aggregator
 CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not
...)
-	TODO: check
+	NOT-FOR-US: Altiris Deployment Solution
 CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01,
when ...)
-	TODO: check
+	NOT-FOR-US: Nortel Contivity VPN client
 CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not
properly ...)
-	TODO: check
+	NOT-FOR-US: ripMIME 
 CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass
e-mail ...)
-	TODO: check
+	NOT-FOR-US: ripMIME 
 CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server
(PWS) ...)
-	TODO: check
+	NOT-FOR-US: Pegasi Web Server
 CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS)
0.2.2 ...)
-	TODO: check
+	NOT-FOR-US: Pegasi Web Server
 CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows
remote ...)
-	TODO: check
+	NOT-FOR-US: ActivePost Standard
 CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions
...)
-	TODO: check
+	NOT-FOR-US: Cutenews
 CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a
denial ...)
-	TODO: check
+	NOT-FOR-US: MyWeb
 CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable
branch ...)
-	TODO: check
+	TODO: Micah, can you have a look at this?
 CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is
provided, ...)
-	TODO: check
+	NOT-FOR-US: BNC
 CVE-2004-2611 (The Change Permissions function in the Sophster suite before
0.9.6 28 ...)
-	TODO: check
+	NOT-FOR-US: Sophster suite
 CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to
gain ...)
-	TODO: check
+	NOT-FOR-US: mntd
 CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter
5.5 ...)
-	TODO: check
+	NOT-FOR-US: Symantec PowerQuest DeployCenter
 CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the
&quot;news ...)
-	TODO: check
+	NOT-FOR-US: SmartWebby Smart Guest Book
 CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel
...)
-	TODO: check
-end claimed by jmm
+	TODO: Micah, can you have a look at this?
 CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x
up to ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
 	- kernel-source-2.4.27 2.4.27-8
Secure testing commits - Dec 2005 - r3011 - data/CVE

[Secure-testing-commits] r3011 - data/CVE
