thr3ads.net - Secure testing commits - [Secure-testing-commits] r3094

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Dec-19 09:14 UTC
[Secure-testing-commits] r3094 - data/CVE

Author: joeyh
Date: 2005-12-19 09:14:20 +0000 (Mon, 19 Dec 2005)
New Revision: 3094

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-19 00:11:32 UTC (rev 3093)
+++ data/CVE/list	2005-12-19 09:14:20 UTC (rev 3094)
@@ -1,3 +1,174 @@
+CVE-2005-4348
+	RESERVED
+CVE-2005-4347
+	RESERVED
+CVE-2005-4346 (SQL injection vulnerability in index.php in phpBB Blog 2.2.2 and
...)
+	TODO: check
+CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the
password ...)
+	TODO: check
+CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor
when the ...)
+	TODO: check
+CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with
JRun, and ...)
+	TODO: check
+CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX
6.0, ...)
+	TODO: check
+CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic
Suite ...)
+	TODO: check
+CVE-2005-4340
+	REJECTED
+	TODO: check
+CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning
and ...)
+	TODO: check
+CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal
System in ...)
+	TODO: check
+CVE-2005-4337 (The login page in Blackboard Learning and Community Portal
System in ...)
+	TODO: check
+CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0
and ...)
+	TODO: check
+CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause
a ...)
+	TODO: check
+CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote
attackers ...)
+	TODO: check
+CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary
Board ...)
+	TODO: check
+CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager
...)
+	TODO: check
+CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant
...)
+	TODO: check
+CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant
Mall ...)
+	TODO: check
+CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena
paFileDB ...)
+	TODO: check
+CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in
...)
+	TODO: check
+CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael
Arndt ...)
+	TODO: check
+CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute
...)
+	TODO: check
+CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b
have ...)
+	TODO: check
+CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00
through ...)
+	TODO: check
+CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration
Portal ...)
+	TODO: check
+CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi
...)
+	TODO: check
+CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in
Apani ...)
+	TODO: check
+CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain
the ...)
+	TODO: check
+CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS
1.0.4.2 ...)
+	TODO: check
+CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2
and ...)
+	TODO: check
+CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does
not ...)
+	TODO: check
+CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote
attackers ...)
+	TODO: check
+CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum
PLEXCART ...)
+	TODO: check
+CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal
...)
+	TODO: check
+CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond
...)
+	TODO: check
+CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond
...)
+	TODO: check
+CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and
earlier, ...)
+	TODO: check
+CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based
...)
+	TODO: check
+CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier
allows ...)
+	TODO: check
+CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and
earlier ...)
+	TODO: check
+CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet
BBS 2.0 ...)
+	TODO: check
+CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9,
0.9.1, ...)
+	TODO: check
+CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2
and ...)
+	TODO: check
+CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase
2.1.2 and ...)
+	TODO: check
+CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12
and ...)
+	TODO: check
+CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in
...)
+	TODO: check
+CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant
Pro 4.02 ...)
+	TODO: check
+CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in
AtlantForum ...)
+	TODO: check
+CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and
earlier ...)
+	TODO: check
+CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image
Gallery XE ...)
+	TODO: check
+CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms
before ...)
+	TODO: check
+CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in
ClickCartPro ...)
+	TODO: check
+CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and
...)
+	TODO: check
+CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS
...)
+	TODO: check
+CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in
ECW-Cart 2.03 ...)
+	TODO: check
+CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in
eDatCat 0.3 ...)
+	TODO: check
+CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in
MarmaraWeb ...)
+	TODO: check
+CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce
allows ...)
+	TODO: check
+CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows
remote ...)
+	TODO: check
+CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick
...)
+	TODO: check
+CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search
Engine ...)
+	TODO: check
+CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3
and ...)
+	TODO: check
+CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0
and ...)
+	TODO: check
+CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart
2.0 and ...)
+	TODO: check
+CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on
Gentoo ...)
+	TODO: check
+CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before
3.3.4-r1 on ...)
+	TODO: check
+CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on
Gentoo ...)
+	TODO: check
+CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in
toendaCMS ...)
+	TODO: check
+CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers
to ...)
+	TODO: check
+CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence
6.5x ...)
+	TODO: check
+CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2)
...)
+	TODO: check
+CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow
remote ...)
+	TODO: check
+CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows
local ...)
+	TODO: check
+CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134
allows ...)
+	TODO: check
+CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet
Explorer ...)
+	TODO: check
+CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when
creating a ...)
+	TODO: check
+CVE-2005-4267
+	RESERVED
+CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0,
when ...)
+	TODO: check
+CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy
before ...)
+	TODO: check
+CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5
through ...)
+	TODO: check
 CVE-2005-XXXX [SQL Injection in server_privileges.php]
 	- phpmyadmin <unfixed> (bug #343858; high)
 CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
@@ -121,7 +292,7 @@
 	NOT-FOR-US: Flatnuke
 CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script
...)
 	NOT-FOR-US: BTGrup Admin WebController Script
-CVE-2005-4206 (frameset.jsp in Blackboard Learning and Community Port Systems
...)
+CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic
Suite ...)
 	NOT-FOR-US: Blackboard Learning and Community Port Systems
 CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in
LocazoList ...)
 	NOT-FOR-US: LocazoList
@@ -221,7 +392,7 @@
 	NOT-FOR-US: MilliScripts
 CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential
1.2 ...)
 	NOT-FOR-US: Torrential
-CVE-2005-4159 (SQL injection vulnerability in Memberlist.php in Simple Machines
Forum ...)
+CVE-2005-4159 (** DISPUTED ** ...)
 	NOT-FOR-US: Simple Machines Forum
 CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not
clear ...)
 	- sudo <unfixed> (bug #342948; medium)
@@ -370,7 +541,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2
allows ...)
 	NOT-FOR-US: phpForumPro
-CVE-2005-4087 (PHP remote file inclusion vulnerability in acceptDecline.php in
Sugar ...)
+CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in
Sugar ...)
 	NOT-FOR-US: SugarCRM
 CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar
Suite ...)
 	NOT-FOR-US: SugarCRM
@@ -536,7 +707,7 @@
 	NOT-FOR-US: PHP Lite Calender Express
 CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar
1.34 ...)
 	NOT-FOR-US: Jax Calendar
-CVE-2005-4077 (Multiple off-by-one errors in libcurl 7.11.2 through 7.15.0 and
...)
+CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2
...)
 	{DSA-919-1}
 	- curl 7.15.1-1 (bug #342339; medium) 
 	[sarge] - curl 7.13.2-2sarge4 (medium)
@@ -1588,8 +1759,8 @@
 	RESERVED
 CVE-2005-3653
 	RESERVED
-CVE-2005-3652
-	RESERVED
+CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client
9.0 ...)
+	TODO: check
 CVE-2005-3651 (Stack-based buffer overflow in the
dissect_ospf_v3_address_prefix ...)
 	{DSA-920-1}
 	- ethereal <unfixed> (bug #342911; medium)
@@ -2916,8 +3087,8 @@
 CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can
incorrectly ...)
 	{DSA-889-1}
 	- enigmail 2:0.93-1 (bug #335731; medium)
-CVE-2005-3253
-	RESERVED
+CVE-2005-3253 (Avaya Wireless Access Points (AP) AP-3 through AP-6 2.5 to
2.5.4, and ...)
+	TODO: check
 CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO)
preprocessor for ...)
 	- snort 2.3.3-2 (bug #328134; low)
 	- snort <not-affected> (Vulnerable code was introduced later, see bug
#334606)
@@ -5584,7 +5755,7 @@
 	NOT-FOR-US: nbsmtp
 CVE-2005-2408
 	RESERVED
-CVE-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform
&quot;link ...)
+CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-complicit
...)
 	NOT-FOR-US: Opera
 CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site
scripting ...)
 	NOT-FOR-US: Opera
@@ -11933,7 +12104,7 @@
 	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
 	- linux-2.6 <not-affected> (Fixed before upload in archive)
 	TODO: Check, when this was fixed upstream
-CVE-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64
...)
+CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify
addresses on ...)
 	{DSA-922-1 DSA-921-1}
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 	- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
@@ -18333,7 +18504,7 @@
 CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2
before ...)
 	NOT-FOR-US: IBM DB2
 CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before
0.92 ...)
-        - mplayer <itp> (bug #113238)
+	- mplayer <itp> (bug #113238)
 CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to
execute ...)
 	NOT-FOR-US: CDE
 CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows
attackers to ...)
@@ -32188,5 +32359,5 @@
 	TODO: check
 CVE-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool
...)
 	TODO: check
-CVE-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as
described ...)
+CVE-1999-0001 (ip_input.c in BSD-derived TCP/IP implementations allows remote
...)
 	TODO: check
Secure testing commits - Dec 2005 - r3094 - data/CVE

[Secure-testing-commits] r3094 - data/CVE
