Author: jmm-guest
Date: 2005-12-07 21:50:32 +0000 (Wed, 07 Dec 2005)
New Revision: 2978
Modified:
data/CVE/list
Log:
trac CVEfied
ffmpeg/xine-lin CVEfied
mediawiki not-affected
lots of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-07 21:36:35 UTC (rev 2977)
+++ data/CVE/list 2005-12-07 21:50:32 UTC (rev 2978)
@@ -1,79 +1,79 @@
-begin claimed by jmm
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernams
and ...)
- TODO: check
+ NOT-FOR-US: Total Commander
CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall
Trac ...)
- TODO: check
+ - trac 0.9.2-1 (medium)
CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow
remote ...)
- TODO: check
+ NOT-FOR-US: A-FAQ
CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in
NetAuctionHelp ...)
- TODO: check
+ NOT-FOR-US: NetAuctionHelp
CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in ...)
- TODO: check
+ NOT-FOR-US: XcClassified
CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in ...)
- TODO: check
+ NOT-FOR-US: XcPhotoAlbum
CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in
rwAuction ...)
- TODO: check
+ NOT-FOR-US: rwAuction
CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c
and ...)
- TODO: check
+ NOT-FOR-US: LocazoList
CVE-2005-4058 (SQL injection vulnerability in saralblog v.1 and earlier allows
remote ...)
- TODO: check
+ NOT-FOR-US: saralblog
CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in
PluggedOut ...)
- TODO: check
+ NOT-FOR-US: PluggedOut Nexus
CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus
0.1 ...)
- TODO: check
+ NOT-FOR-US: PluggedOut Nexus
CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and
...)
- TODO: check
+ NOT-FOR-US: Cars Portal
CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog
1.9.5 and ...)
- TODO: check
+ NOT-FOR-US: PluggedOut Bot
CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows
remote ...)
- TODO: check
+ NOT-FOR-US: coWiki
CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other
web ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for
a ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP
devices with ...)
- TODO: check
+ NOT-FOR-US: MultiVOIP hardware
CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Blog System
CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer
function ...)
- TODO: check
+ - ffmpeg <unfixed> (bug #342207; medium)
+ - xine-lib <unfixed> (bug #342208; medium)
CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks
...)
- TODO: check
+ NOT-FOR-US: IISWorks ASPKnowledgeBase
CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun
Java ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Application Server
CVE-2005-4045 (Unknown vulnerability in System Communications Services 6
Delegated ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Messaging Server
CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in
Amazon ...)
- TODO: check
+ NOT-FOR-US: Amazon Search Directory
CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0
and ...)
- TODO: check
+ NOT-FOR-US: Hobosworld HobSR
CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0
and ...)
- TODO: check
+ NOT-FOR-US: Warm Links
CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR
CGI Guy ...)
- TODO: check
+ NOT-FOR-US: MR CGI Guy Hot Links SQL
CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: FileLister
CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future
Portal ...)
- TODO: check
+ NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future
Portal ...)
- TODO: check
+ NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future
Affiliate ...)
- TODO: check
+ NOT-FOR-US: Web4Future Affiliate Manager
CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in
Web4Future ...)
- TODO: check
+ NOT-FOR-US: Web4Future Keyboard Frequency Counter
CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce
...)
- TODO: check
+ NOT-FOR-US: Web4Future eCommerce Enterprise Edition
CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating
...)
- TODO: check
+ NOT-FOR-US: Web4Future eDating Professional
CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the
evl_data ...)
- TODO: check
+ NOT-FOR-US: Nodezilla
CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy
Search ...)
- TODO: check
+ NOT-FOR-US: Easy Search System
CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.0 through 1.5.3
allows ...)
- TODO: check
+ - mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1
allows ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: Quicksilver Forums
+begin claimed by jmm
CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid
usernames ...)
TODO: check
CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember
allow ...)
@@ -118,6 +118,7 @@
TODO: check
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar
1.34 ...)
TODO: check
+end claimed by jmm
CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin]
- phpmyadmin <not-affected> (Apparently affects only 2.7.0)
NOTE: http://www.hardened-php.net/advisory_252005.110.html
@@ -127,12 +128,6 @@
[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
CVE-2005-XXXX [Buffer overflows in electricsheep]
- electricsheep 2.6.3+cvs20051206-1
-CVE-2005-XXXX [libavcodec: heap overflow in PIX_FMT_PAL8]
- - ffmpeg <unfixed> (bug #342207; medium)
- - xine-lib <unfixed> (bug #342208; medium)
- NOTE: CVE ID requested
-CVE-2005-XXXX [trac: SQL injection in search module]
- - trac 0.9.2-1 (medium)
CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before
1.2.3.03, ...)
NOT-FOR-US: SAPID CMS
CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
