Author: jmm-guest Date: 2005-11-03 23:25:05 +0000 (Thu, 03 Nov 2005) New Revision: 2655
Modified: data/CVE/list Log: gnump3d and phpbb2 CVEfied new openvpn issue silly new thunderbird issue about 75 NFUs I've reset the phpbb2 urgencies to unknown after they've been splitted, they need to be evaluated individually. Modified: data/CVE/list =================================================================== --- data/CVE/list 2005-11-03 22:32:59 UTC (rev 2654) +++ data/CVE/list 2005-11-03 23:25:05 UTC (rev 2655) @@ -1,179 +1,181 @@ -begin claimed by jmm CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...) - TODO: check + NOT-FOR-US: Cisco hardware CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...) - TODO: check + NOT-FOR-US: IOS CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...) - TODO: check + NOT-FOR-US: Ringtail CaseBook CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail ...) - TODO: check + NOT-FOR-US: Ringtail CaseBook CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe Tutorial Manager ...) - TODO: check + NOT-FOR-US: PHPCafe Tutorial Manager CVE-2005-3477 (Multiple interpretation error in the image upload handling code in ...) - TODO: check + NOT-FOR-US: Invision Gallery CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and ...) - TODO: check + NOT-FOR-US: OpenVMS CVE-2005-3475 (Hasbani Web Server allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Hasbani Web Server CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...) - TODO: check + NOT-FOR-US: XCP DRM CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) - TODO: check + NOT-FOR-US: Simple PHP Blog CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express ...) - TODO: check + NOT-FOR-US: Sun Java System Communications Express CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch ...) - TODO: check + NOT-FOR-US: MailWatch for MailScanner CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in ...) - TODO: check + NOT-FOR-US: MailWatch for MailScanner CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows ...) - TODO: check + NOT-FOR-US: News2Net CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...) - TODO: check + NOT-FOR-US: F-Secure CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Serv-U FTP Server CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0 ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows ...) - TODO: check + NOT-FOR-US: Nuked-Klan CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to ...) - TODO: check + NOT-FOR-US: Archilles Newsworld CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) ...) - TODO: check + NOT-FOR-US: Archilles Newsworld CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-complicit attackers ...) - TODO: check + NOT-FOR-US: Mirabilis ICQ CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password ...) - TODO: check + NOT-FOR-US: MiniGal2 CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express ...) - TODO: check + NOT-FOR-US: MailSite Express CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express ...) - TODO: check + NOT-FOR-US: MailSite Express CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save ...) - TODO: check + NOT-FOR-US: MailSite Express CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...) - TODO: check + NOT-FOR-US: MailSite Express CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...) - TODO: check + NOT-FOR-US: IPS Sensors CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...) - TODO: check + NOT-FOR-US: Cisco hardware CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...) - TODO: check + - gnump3d 2.9.6-1 CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 ...) - TODO: check + - gnump3d 2.9.5-1 (low) CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow ...) - TODO: check + NOT-FOR-US: Subdreamer CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast ...) - TODO: check + NOT-FOR-US: ASP Fast Forum CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...) - TODO: check + NOT-FOR-US: Hyper Estraier CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...) - TODO: check + - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) + NOTE: http://www.hardened-php.net/advisory_172005.75.html + NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 + NOTE: Remote code execution may be possible, especially in conjunction + NOTE: with PHP bugs. CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...) - TODO: check + - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...) - TODO: check + - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...) - TODO: check + - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...) - TODO: check + - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...) - TODO: check + - phpbb2 <unfixed> (bug #336582; bug #336587; unknown) CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...) - TODO: check + NOT-FOR-US: eyeOS CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...) - TODO: check + NOT-FOR-US: eyeOS CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...) - TODO: check + NOT-FOR-US: Elite Forum CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums ...) - TODO: check + NOT-FOR-US: Snitz Forums CVE-2005-3410 RESERVED CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote ...) - TODO: check + - openvpn <unfixed> (bug filed; low) CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows ...) - TODO: check + NOT-FOR-US: gCards CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote ...) - TODO: check + NOT-FOR-US: phpESP CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier ...) - TODO: check + NOT-FOR-US: phpESP CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: ATutor CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through ...) - TODO: check + NOT-FOR-US: ATutor CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...) - TODO: check + NOT-FOR-US: ATutor CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...) - TODO: check + - mozilla-thunderbird <unfixed> (low) CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote ...) - TODO: check + NOT-FOR-US: TheHacker CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote ...) - TODO: check + NOT-FOR-US: CAT-QuickHeal CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...) - TODO: check + NOT-FOR-US: Solaris Management Console CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...) - TODO: check + NOT-FOR-US: Comersus BackOffice CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, ...) - TODO: check -end claimed by jmm + NOT-FOR-US: AIX CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...) NOT-FOR-US: Invision Gallery CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...) @@ -298,12 +300,6 @@ NOT-FOR-US: Integrity Protection Driver CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...) NOT-FOR-US: nylon -CVE-2005-XXXX [phpBB issues fixed in 2.0.18] - - phpbb2 <unfixed> (bug #336582; bug #336587; high) - NOTE: http://www.hardened-php.net/advisory_172005.75.html - NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 - NOTE: Remote code execution may be possible, especially in conjunction - NOTE: with PHP bugs. CVE-2005-XXXX [ntop format string vulnerability] - ntop <unfixed> (bug #335996; low) NOTE: Possibly not exploitable @@ -941,8 +937,6 @@ - gnump3d 2.9.6-1 (medium) CVE-2005-3122 REJECTED - {DSA-877-1} - - gnump3d 2.9.6-1 (low) CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...) {DSA-867-1} - module-assistant 0.9.10 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
