Author: jmm-guest Date: 2005-12-24 15:06:39 +0000 (Sat, 24 Dec 2005) New Revision: 3154 Modified: data/CVE/list Log: unimportant phpbb and phpmyadmin issues new phpbb issue lots of crappy web apps fortunately not in Debian Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-24 14:43:37 UTC (rev 3153) +++ data/CVE/list 2005-12-24 15:06:39 UTC (rev 3154) @@ -121,7 +121,6 @@ NOT-FOR-US: WowBB CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...) NOT-FOR-US: LogicBill -begin claimed by jmm CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers ...) NOT-FOR-US: CS-Cart CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus ...) @@ -170,122 +169,121 @@ NOT-FOR-US: Mercury CMS CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to ...) NOT-FOR-US: Red Queen -begin claimed by jmm CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x ...) - TODO: check + NOT-FOR-US: Media2 CMS CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier ...) - TODO: check + NOT-FOR-US: Marwel CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and ...) - TODO: check + NOT-FOR-US: MailEnable Professional CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier ...) - TODO: check + NOT-FOR-US: Lutece CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in ...) - TODO: check + NOT-FOR-US: Liferay Portal Professional CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in ...) - TODO: check + NOT-FOR-US: Libertas Enterprise CMS CVE-2005-4398 (Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier ...) - TODO: check + NOT-FOR-US: lemoon CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote ...) - TODO: check + NOT-FOR-US: iCMS CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS ...) - TODO: check + NOT-FOR-US: iCMS CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier ...) - TODO: check + NOT-FOR-US: FarCry CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier ...) - TODO: check + NOT-FOR-US: EPiX CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS ...) - TODO: check + NOT-FOR-US: e-publish CMS CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS ...) - TODO: check + NOT-FOR-US: e-publish CMS CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote ...) - TODO: check + NOT-FOR-US: damoon CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and ...) - TODO: check + NOT-FOR-US: ContentServ CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: CONTENS CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 ...) - TODO: check + NOT-FOR-US: CONTENS CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...) - TODO: check + NOT-FOR-US: contenite CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and ...) - TODO: check + NOT-FOR-US: Colony CMS CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 ...) - TODO: check + NOT-FOR-US: Cofax CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: CitySoft Community Enterprise CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft ...) - TODO: check + NOT-FOR-US: CitySoft Community Enterprise CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x ...) - TODO: check + NOT-FOR-US: CitySoft Community Enterprise CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...) - TODO: check + NOT-FOR-US: Caravel CMS CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...) - TODO: check + NOT-FOR-US: Bitweaver CVE-2005-4379 (Cross-site scripting (XSS) vulnerability in my_groups.php in Bitweaver ...) - TODO: check + NOT-FOR-US: Bitweaver CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and ...) - TODO: check + NOT-FOR-US: Baseline CMS CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS ...) - TODO: check + NOT-FOR-US: Baseline CMS CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows ...) - TODO: check + NOT-FOR-US: Amaxus CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier ...) - TODO: check + NOT-FOR-US: Amaxus CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 ...) - TODO: check + NOT-FOR-US: Allinta CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Adaptive Website Framework CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive ...) - TODO: check + NOT-FOR-US: Adaptive Website Framework CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...) - TODO: check + NOT-FOR-US: Acidcat CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and ...) - TODO: check + NOT-FOR-US: Acidcat CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows ...) - TODO: check + NOT-FOR-US: Acuity CMS CVE-2005-4368 (roundcube webmail allows remote attackers to obtain the full path of ...) - TODO: check + NOT-FOR-US: roundcube webmail CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in ...) - TODO: check + NOT-FOR-US: DRZES HMS CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote ...) - TODO: check + NOT-FOR-US: DRZES HMS CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...) - TODO: check + NOT-FOR-US: FLIP CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana ...) - TODO: check + NOT-FOR-US: Hot Banana Web Content Management Suite CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in ...) - TODO: check + NOT-FOR-US: Komodo CMS CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows ...) - TODO: check + NOT-FOR-US: Komodo CMS CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...) - TODO: check + NOT-FOR-US: Magnolia Content Management Suite CVE-2005-4360 (Microsoft IIS 5.1 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: IIS CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...) - TODO: check + NOT-FOR-US: ODFaq CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...) - TODO: check + - phpbb2 <unfixed> (unimportant) CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...) - TODO: check + - phpbb2 <unfixed> (bug filed) CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...) - TODO: check + NOT-FOR-US: UStore CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...) - TODO: check + NOT-FOR-US: UStore CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...) - TODO: check + NOT-FOR-US: Webglimpse CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when ...) - TODO: check + NOT-FOR-US: toendaCMS CVE-2005-4352 RESERVED CVE-2005-4351 RESERVED CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 ...) - TODO: check + NOT-FOR-US: WBEM Services CVE-2005-4349 (** DISPUTED ** ...) - TODO: check + - phpmyadmin <unfixed> (unimportant) + NOTE: Only for authenticated used, will possibly be rejected CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...) - TODO: check -end claimed by jmm + NOT-FOR-US: IOS CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...) - fetchmail <unfixed> (bug #343836; low) CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown capabilities]