thr3ads.net - Secure testing commits - [Secure-testing-commits] r3183

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Dec-30 01:17 UTC
[Secure-testing-commits] r3183 - data/CVE

Author: jmm-guest
Date: 2005-12-30 01:16:51 +0000 (Fri, 30 Dec 2005)
New Revision: 3183

Modified:
   data/CVE/list
Log:
new ethereal issue
new bzflag issue
electricsheep CVEfied
lots of NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-29 21:31:30 UTC (rev 3182)
+++ data/CVE/list	2005-12-30 01:16:51 UTC (rev 3183)
@@ -20,90 +20,88 @@
 	RESERVED
 CVE-2006-0044
 	RESERVED
-begin claimed by jmm
 CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal
0.9.1 to ...)
-	TODO: check
+	- ethereal <unfixed> (bug filed; low)
 CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause
a ...)
-	TODO: check
+	- bzflag <unfixed> (bug filed; low)
 CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware
ESX ...)
-	TODO: check
+	NOT-FOR-US: VMWare
 CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or
integrity ...)
-	TODO: check
+	- electricsheep 2.6.3+cvs20051206-1 
 CVE-2005-4581 (Buffer overflow in Electric Sheep 2.6.3 client allows local
users to ...)
-	TODO: check
+	- electricsheep 2.6.3+cvs20051206-1 
 CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4
allows ...)
-	TODO: check
+	NOT-FOR-US: Day Communique 
 CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi
Business ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Business Logic
 CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic
- ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Business Logic
 CVE-2005-4577 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi
...)
-	TODO: check
+	NOT-FOR-US: Hitachi Business Logic
 CVE-2005-4576 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Fatwire Update Engine
 CVE-2005-4575 (PaperThin CommonSpot Content Server 4.5 and earlier allow remote
...)
-	TODO: check
+	NOT-FOR-US: CommonSpot Content Server
 CVE-2005-4574 (Cross-site scripting (XSS) vulnerability in loader.cfm in
PaperThin ...)
-	TODO: check
+	NOT-FOR-US: CommonSpot Content Server
 CVE-2005-4573 (PHP remote file include vulnerability in
plog-admin-functions.php in ...)
-	TODO: check
+	NOT-FOR-US: Plogger
 CVE-2005-4572 (Multiple SQL injection vulnerabilities in myEZshop Shopping Cart
allow ...)
-	TODO: check
+	NOT-FOR-US: myEZshop Shopping Cart
 CVE-2005-4571 (Cross-site scripting (XSS) vulnerability in myEZshop Shopping
Cart ...)
-	TODO: check
+	NOT-FOR-US: myEZshop Shopping Cart
 CVE-2005-4570 (The Internet Key Exchange version 1 (IKEv1) implementations in
...)
-	TODO: check
+	NOT-FOR-US: FortiOS
 CVE-2005-4569 (Stack-based buffer overflow in index.fts in FTGate Technology
...)
-	TODO: check
+	NOT-FOR-US: FTGate
 CVE-2005-4568 (Multiple format string vulnerabilities in FTGate Technology
(formerly ...)
-	TODO: check
+	NOT-FOR-US: FTGate
 CVE-2005-4567 (Multiple cross-site scripting (XSS) vulnerabilities in FTGate
...)
-	TODO: check
+	NOT-FOR-US: FTGate
 CVE-2005-4566 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1)
...)
-	TODO: check
+	NOT-FOR-US: NetVanta
 CVE-2005-4565 (Format string vulnerability in the Internet Key Exchange version
1 ...)
-	TODO: check
+	NOT-FOR-US: NetVanta
 CVE-2005-4564 (The Internet Key Exchange version 1 (IKEv1) implementation in
ADTRAN ...)
-	TODO: check
+	NOT-FOR-US: NetVanta
 CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart
Enterprise ...)
-	TODO: check
+	NOT-FOR-US: Enterprise Heart Enterprise Connector
 CVE-2005-4562
 	RESERVED
 CVE-2005-4561
 	RESERVED
 CVE-2005-4560 (Microsoft Windows allows remote attackers to execute arbitrary
code ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak
Mail ...)
-	TODO: check
+	NOT-FOR-US: IceWarp Web Mail
 CVE-2005-4558 (IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and
...)
-	TODO: check
+	NOT-FOR-US: IceWarp Web Mail
 CVE-2005-4557 (dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak
Mail ...)
-	TODO: check
+	NOT-FOR-US: IceWarp Web Mail
 CVE-2005-4556 (PHP remote file include vulnerability in IceWarp Web Mail 5.5.1,
as ...)
-	TODO: check
+	NOT-FOR-US: IceWarp Web Mail
 CVE-2005-4555 (Cross-site scripting (XSS) vulnerability in add.php in DEV web
...)
-	TODO: check
+	NOT-FOR-US: DEV web management system
 CVE-2005-4554 (Multiple SQL injection vulnerabilities in DEV web management
system ...)
-	TODO: check
+	NOT-FOR-US: DEV web management system
 CVE-2005-4553 (Buffer overflow in Golden FTP Server 1.92 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Golden FTP Server
 CVE-2005-4552 (The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC
NetLink 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris PC NetLink
 CVE-2005-4551 (Cross-site scripting (XSS) vulnerability in sign.php in codegrrl
...)
-	TODO: check
+	NOT-FOR-US: codegrrl SimpBook
 CVE-2005-4550 (The PORTAL schema in Oracle Application Server (OracleAS)
Discussion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-4549 (Cross-site scripting (XSS) vulnerability in Oracle Application
Server ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2005-4548 (SQL injection vulnerability in the &quot;user area&quot;
in RWS Statistics ...)
-	TODO: check
+	NOT-FOR-US: RWS Statistics Counter
 CVE-2005-4547 (Cross-site scripting (XSS) vulnerability in home/search.php in
eggblog ...)
-	TODO: check
+	NOT-FOR-US: eggblog
 CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the
full ...)
-	TODO: check
+	NOT-FOR-US: eggblog
 CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in
NetDirect ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: NetDirect ShopEngine 
 CVE-2005-4544
 	RESERVED
 CVE-2005-4543
@@ -124,6 +122,7 @@
 	RESERVED
 CVE-2005-4535
 	RESERVED
+begin claimed by jmm
 CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and
...)
 	TODO: check
 CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system
...)
@@ -193,6 +192,7 @@
 	TODO: check
 CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote
attackers to ...)
 	TODO: check
+end claimed by jmm
 CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000
...)
 	TODO: check
 CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and
earlier ...)
@@ -1256,8 +1256,6 @@
 	- curl 7.15.1-1 (bug #342339; bug #342696; medium) 
 	[sarge] - curl 7.13.2-2sarge4 (medium)
 	[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
-CVE-2005-XXXX [Buffer overflows in electricsheep]
-	- electricsheep 2.6.3+cvs20051206-1 
 CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before
1.2.3.03, ...)
 	NOT-FOR-US: SAPID CMS
 CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
Secure testing commits - Dec 2005 - r3183 - data/CVE

[Secure-testing-commits] r3183 - data/CVE
