Author: joeyh Date: 2005-12-14 09:14:19 +0000 (Wed, 14 Dec 2005) New Revision: 3031 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-14 09:08:44 UTC (rev 3030) +++ data/CVE/list 2005-12-14 09:14:19 UTC (rev 3031) @@ -1,3 +1,135 @@ +CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and ...) + TODO: check +CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and ...) + TODO: check +CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...) + TODO: check +CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and ...) + TODO: check +CVE-2005-4227 (Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 ...) + TODO: check +CVE-2005-4226 (Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 ...) + TODO: check +CVE-2005-4225 (Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 ...) + TODO: check +CVE-2005-4224 (Multiple "potential" SQL injection vulnerabilities in e107 0.7 might ...) + TODO: check +CVE-2005-4223 (Multiple "potential" SQL injection vulnerabilities in Utopia News Pro ...) + TODO: check +CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi ...) + TODO: check +CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...) + TODO: check +CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...) + TODO: check +CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains ...) + TODO: check +CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows ...) + TODO: check +CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...) + TODO: check +CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media ...) + TODO: check +CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...) + TODO: check +CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers obtain the installation path via ...) + TODO: check +CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...) + TODO: check +CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN ...) + TODO: check +CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in ...) + TODO: check +CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor ...) + TODO: check +CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to ...) + TODO: check +CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote ...) + TODO: check +CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...) + TODO: check +CVE-2005-4206 (frameset.jsp in Blackboard Learning and Community Port Systems ...) + TODO: check +CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...) + TODO: check +CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows ...) + TODO: check +CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...) + TODO: check +CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j ...) + TODO: check +CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...) + TODO: check +CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...) + TODO: check +CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...) + TODO: check +CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...) + TODO: check +CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...) + TODO: check +CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...) + TODO: check +CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) ...) + TODO: check +CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights ''n Sounds Streaming ...) + TODO: check +CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows ...) + TODO: check +CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Framework ...) + TODO: check +CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...) + TODO: check +CVE-2005-4188 + RESERVED +CVE-2005-4187 + RESERVED +CVE-2005-4186 + RESERVED +CVE-2005-4185 + RESERVED +CVE-2005-4184 + RESERVED +CVE-2005-4183 + RESERVED +CVE-2005-4182 + RESERVED +CVE-2005-4181 + RESERVED +CVE-2005-4180 + RESERVED +CVE-2005-4179 + RESERVED +CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book ...) + TODO: check +CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after ...) + TODO: check +CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the ...) + TODO: check +CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow ...) + TODO: check +CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2005-4171 (The "Upload new image" command in the "Manage Images" eFiction 1.1, ...) + TODO: check +CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...) + TODO: check +CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote ...) + TODO: check +CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 ...) + TODO: check +CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 ...) + TODO: check +CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare ...) + TODO: check +CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...) + TODO: check CVE-2005-XXXX [Another fib_lookup DoS] - linux-2.6 <unfixed> CVE-2005-XXXX [DoS in i82365 driver] @@ -2,3 +134,3 @@ - linux-2.6 <unfixed> -CVE-2005-4178 [Heap overflow in Dropbear sshd] +CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows authenticated ...) - dropbear 0.47-1 (high) @@ -673,8 +805,8 @@ TODO: They''re speaking of API issues, check whether free JREs are affected CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java ...) NOT-FOR-US: Sun Java -CVE-2005-3903 - RESERVED +CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows ...) + TODO: check CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...) NOT-FOR-US: Virtual Hosting Control System CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not ...) @@ -921,9 +1053,9 @@ NOT-FOR-US: PHProxy CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in ...) NOT-FOR-US: UberTec Help Center Live -CVE-2004-2602 (PHP remote file include vulnerability in UberTec Help Center Live ...) +CVE-2004-2602 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...) NOT-FOR-US: UberTec Help Center Live -CVE-2004-2601 (PHP file include vulnerability in UberTec Help Center Live (HCL) ...) +CVE-2004-2601 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...) NOT-FOR-US: UberTec Help Center Live CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) ...) NOT-FOR-US: Intel hardware @@ -981,7 +1113,7 @@ - phpgroupware 0.9.14.007 CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare ...) - phpgroupware 0.9.14.007 -CVE-2004-2573 (PHP remote file include vulnerability in tables_update.inc.php in ...) +CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ...) - phpgroupware 0.9.14.007 CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...) [sarge] - kernel-source-2.6.8 2.6.8-16sarge2 @@ -1006,7 +1138,7 @@ NOT-FOR-US: MyBB CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) NOT-FOR-US: MyBB -CVE-2005-3775 (PHP file inclusion vulnerability in pollvote.php in PollVote allows ...) +CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote ...) NOT-FOR-US: PollVote CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Cisco hardware @@ -1353,7 +1485,7 @@ CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 ...) NOT-FOR-US: Mac OS X CVE-2005-3703 - RESERVED + REJECTED CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote ...) NOT-FOR-US: Safari CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 ...) @@ -2310,8 +2442,8 @@ CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...) - php4 <unfixed> (bug #339577; medium) - php5 <unfixed> (bug #336654; medium) -CVE-2005-3352 - RESERVED +CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module allows ...) + TODO: check CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...) - spamassassin <unfixed> (bug #339526; medium) CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and ...) @@ -2805,7 +2937,7 @@ NOT-FOR-US: Oracle CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...) NOT-FOR-US: Oracle -CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro 1.1.3 when ...) +CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro (UNP) ...) NOT-FOR-US: Utopia News Pro CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...) NOT-FOR-US: Utopia News Pro @@ -3816,16 +3948,16 @@ RESERVED CVE-2005-2832 RESERVED -CVE-2005-2831 - RESERVED -CVE-2005-2830 - RESERVED -CVE-2005-2829 - RESERVED +CVE-2005-2831 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...) + TODO: check +CVE-2005-2830 (Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS ...) + TODO: check +CVE-2005-2829 (Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 ...) + TODO: check CVE-2005-2828 RESERVED -CVE-2005-2827 - RESERVED +CVE-2005-2827 (The thread termination routine in the kernel for Windows NT 4.0 and ...) + TODO: check CVE-2005-2826 RESERVED CVE-2005-2825 @@ -8192,7 +8324,7 @@ NOT-FOR-US: Microsoft CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) NOT-FOR-US: Microsoft -CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...) +CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and ...) - mozilla-firefox <unfixed> (bug #340283; low) - mozilla <unfixed> (bug #340282; low) CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...)