Author: jmm-guest Date: 2005-12-14 09:36:36 +0000 (Wed, 14 Dec 2005) New Revision: 3035 Modified: data/CVE/list Log: one potential perl issue, needs to be tested lots of NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-14 09:33:18 UTC (rev 3034) +++ data/CVE/list 2005-12-14 09:36:36 UTC (rev 3035) @@ -1,73 +1,72 @@ -begin claimed by jmm CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and ...) - TODO: check + NOT-FOR-US: Link Up Gold CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and ...) - TODO: check + NOT-FOR-US: Link Up Gold CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...) - TODO: check + NOT-FOR-US: EveryAuction CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and ...) - TODO: check + NOT-FOR-US: PhpWebGallery CVE-2005-4227 (Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 ...) - TODO: check + NOT-FOR-US: DCP-Portal CVE-2005-4226 (Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 ...) - TODO: check + NOT-FOR-US: pgpWebThings CVE-2005-4225 (Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 ...) - TODO: check + NOT-FOR-US: myBloggie CVE-2005-4224 (Multiple "potential" SQL injection vulnerabilities in e107 0.7 might ...) - TODO: check + NOT-FOR-US: e107 CVE-2005-4223 (Multiple "potential" SQL injection vulnerabilities in Utopia News Pro ...) - TODO: check + NOT-FOR-US: Utopia News Pro CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi ...) - TODO: check + NOT-FOR-US: Lars Ellingsen Guestserver CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...) - TODO: check + NOT-FOR-US: Arab Portal System CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...) - TODO: check + NOT-FOR-US: Netgear hardware issue CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains ...) - TODO: check + NOT-FOR-US: Innovative CMS CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows ...) - TODO: check + NOT-FOR-US: PHPWebThings CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...) - TODO: check + TODO: check, whether this affects Debian''s perl CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media ...) - TODO: check + NOT-FOR-US: Macromedia Flash Media Server CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Motorola hardware CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers obtain the installation path via ...) - TODO: check + NOT-FOR-US: phpCOIN CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...) - TODO: check + NOT-FOR-US: phpCOIN CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN ...) - TODO: check + NOT-FOR-US: phpCOIN CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in ...) - TODO: check + NOT-FOR-US: phpCOIN CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor ...) - TODO: check + NOT-FOR-US: Opera CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Alt-N MDaemon CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote ...) - TODO: check + NOT-FOR-US: Flatnuke CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...) - TODO: check + NOT-FOR-US: BTGrup Admin WebController Script CVE-2005-4206 (frameset.jsp in Blackboard Learning and Community Port Systems ...) - TODO: check + NOT-FOR-US: Blackboard Learning and Community Port Systems CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...) - TODO: check + NOT-FOR-US: LocazoList CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows ...) - TODO: check + NOT-FOR-US: LogiSphere CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...) - TODO: check + NOT-FOR-US: LogiSphere CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j ...) - TODO: check + NOT-FOR-US: LogiSphere CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...) - TODO: check + NOT-FOR-US: My Album Online CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...) - TODO: check + NOT-FOR-US: MyBB CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...) - TODO: check + NOT-FOR-US: MyBB CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...) - TODO: check -end claimed by jmm + NOT-FOR-US: Netref +begin claimed by jmm CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...) TODO: check CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...) @@ -132,6 +131,7 @@ TODO: check CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...) TODO: check +end claimed by jmm CVE-2005-XXXX [Another fib_lookup DoS] - linux-2.6 <unfixed> CVE-2005-XXXX [DoS in i82365 driver]