Author: jmm-guest Date: 2005-12-19 12:23:34 +0000 (Mon, 19 Dec 2005) New Revision: 3097 Modified: data/CVE/list Log: new trac issue lots of NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-19 11:58:39 UTC (rev 3096) +++ data/CVE/list 2005-12-19 12:23:34 UTC (rev 3097) @@ -2,127 +2,126 @@ RESERVED CVE-2005-4347 RESERVED -begin claimed by jmm CVE-2005-4346 (SQL injection vulnerability in index.php in phpBB Blog 2.2.2 and ...) - TODO: check + NOT-FOR-US: phpBB Blog + TODO: Double-check please, this doesn''t seem to be included in stock phpbb CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...) - TODO: check + NOT-FOR-US: ColdFusion MX CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...) - TODO: check + NOT-FOR-US: ColdFusion MX CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...) - TODO: check + NOT-FOR-US: ColdFusion MX CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, ...) - TODO: check + NOT-FOR-US: ColdFusion MX CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite ...) - TODO: check + NOT-FOR-US: Academic Suite CVE-2005-4340 REJECTED - TODO: check CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and ...) - TODO: check + NOT-FOR-US: Academic Suite CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in ...) - TODO: check + NOT-FOR-US: Academic Suite CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in ...) - TODO: check + NOT-FOR-US: Academic Suite CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ...) - TODO: check + NOT-FOR-US: ProjectForum CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: ProjectForum CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers ...) - TODO: check + NOT-FOR-US: ZixForum CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board ...) - TODO: check + NOT-FOR-US: Binary Board System CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...) - TODO: check + NOT-FOR-US: Secure Smart Manager CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant ...) - TODO: check + NOT-FOR-US: iHTML Merchant CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall ...) - TODO: check + NOT-FOR-US: iHTML Merchant CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB ...) - TODO: check + NOT-FOR-US: paFileDB CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...) - TODO: check + NOT-FOR-US: WebGlimpse CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt ...) - TODO: check + NOT-FOR-US: Michael Arndt WebCal CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute ...) - TODO: check + NOT-FOR-US: APC hardware issue CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have ...) - TODO: check + NOT-FOR-US: Driverse CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through ...) - TODO: check + NOT-FOR-US: Hitachi Groupmax Mail SMTP CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal ...) - TODO: check + NOT-FOR-US: Hitachi Cosminexus Collaboration Portal CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...) - TODO: check + NOT-FOR-US: Hitachi Cosminexus Collaboration Portal CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani ...) - TODO: check + NOT-FOR-US: Apani Networks EpiForce CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the ...) - TODO: check + NOT-FOR-US: Limbo CMS CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 ...) - TODO: check + NOT-FOR-US: Limbo CMS CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and ...) - TODO: check + NOT-FOR-US: Limbo CMS CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not ...) - TODO: check + NOT-FOR-US: Limbo CMS CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...) - TODO: check + NOT-FOR-US: Plexum PLEXCART CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal ...) - TODO: check + NOT-FOR-US: PPCal Shopping Cart CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond ...) - TODO: check + NOT-FOR-US: AlmondSoft Almond Personals CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond ...) - TODO: check + NOT-FOR-US: AlmondSoft Almond Personals CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, ...) - TODO: check + NOT-FOR-US: DCForum CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based ...) - TODO: check + NOT-FOR-US: SSH Tectia Server CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows ...) - TODO: check + NOT-FOR-US: ezUpload Pro CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: ezUpload Pro CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...) - TODO: check + NOT-FOR-US: ScareCrow CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...) - TODO: check + NOT-FOR-US: SiteNet BBS CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...) - TODO: check + - trac <unfixed> (bug filed) CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: ezDatabase CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and ...) - TODO: check + NOT-FOR-US: ezDatabase CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...) - TODO: check + NOT-FOR-US: ezDatabase CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and ...) - TODO: check + NOT-FOR-US: pgpXplorer CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in ...) - TODO: check + NOT-FOR-US: libremail CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...) - TODO: check + NOT-FOR-US: Atlant Pro CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum ...) - TODO: check + NOT-FOR-US: AtlantForum CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier ...) - TODO: check + NOT-FOR-US: bbBoard CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: AppServ Open Project CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...) - TODO: check + NOT-FOR-US: Absolute Image Gallery XE CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...) - TODO: check + NOT-FOR-US: Alkacon OpenCms CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...) - TODO: check + NOT-FOR-US: ClickCartPro CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and ...) - TODO: check + NOT-FOR-US: CommerceSQL CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS ...) - TODO: check + NOT-FOR-US: ECTOOLS Onlineshop CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...) - TODO: check + NOT-FOR-US: ECW-Cart CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...) - TODO: check + NOT-FOR-US: eDatCat CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb ...) - TODO: check -end claimed by jmm + NOT-FOR-US: MarmaraWeb E-commerce +begin claimed by jmm CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...) TODO: check CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote ...) @@ -171,6 +170,7 @@ TODO: check CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through ...) TODO: check +end claimed by jmm CVE-2005-XXXX [SQL Injection in server_privileges.php] - phpmyadmin <unfixed> (bug #343858; high) CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]