[Secure-testing-commits] r2979 - data/CVE

Moritz Muehlenhoff Wed, 07 Dec 2005 14:08:31 -0800

Author: jmm-guest
Date: 2005-12-07 22:08:01 +0000 (Wed, 07 Dec 2005)
New Revision: 2979


Modified:
   data/CVE/list
Log:
gallery2 CVEfied
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2005-12-07 21:50:32 UTC (rev 2978)
+++ data/CVE/list       2005-12-07 22:08:01 UTC (rev 2979)
@@ -73,52 +73,50 @@
        - mediawiki <not-affected> (Only affects the 1.5 branch)
 CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 
allows ...)
        NOT-FOR-US: Quicksilver Forums
-begin claimed by jmm
 CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid 
usernames ...)
-       TODO: check
+       NOT-FOR-US: WebEOC
 CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember 
allow ...)
-       TODO: check
+       NOT-FOR-US: aMember
 CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote 
attackers ...)
-       TODO: check
+       NOT-FOR-US: SimpleBBS
 CVE-2005-4026 (search.php in Geeklog 1.4.0 Beta 1 and earlier allows remote 
attackers ...)
-       TODO: check
+       NOT-FOR-US: Geeklog
 CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect 
...)
-       TODO: check
+       NOT-FOR-US: Help Desk Reloaded Free Help Desk
 CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 
2004 ...)
-       TODO: check
+       NOT-FOR-US: Interspire FastFind 
 CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 
before ...)
-       TODO: check
+       - gallery2 2.0.2-1 (medium)
 CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the &quot;Add Image 
From Web&quot; ...)
-       TODO: check
+       - gallery2 2.0.2-1 (medium)
 CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install 
log ...)
-       TODO: check
+       - gallery2 2.0.2-1 (low)
 CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 
1.0.26 and ...)
-       TODO: check
+       NOT-FOR-US: Widget Imprint
 CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real 
Estate ...)
-       TODO: check
+       NOT-FOR-US: Relative Real Estate Systems
 CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate 
Commerce ...)
-       TODO: check
+       NOT-FOR-US: Landshop Real Estate Commerce System
 CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers 
to ...)
-       TODO: check
+       NOT-FOR-US: Widget Property
 CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: Widget Property
 CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit 
the ...)
-       TODO: check
+       NOT-FOR-US: PHP Web Statistik
 CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to 
cause a ...)
-       TODO: check
+       NOT-FOR-US: PHP Web Statistik
 CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web 
root with ...)
-       TODO: check
+       NOT-FOR-US: PHP Web Statistik
 CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web 
...)
-       TODO: check
+       NOT-FOR-US: PHP Web Statistik
 CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers 
ltwCalendar ...)
-       TODO: check
+       NOT-FOR-US: Codewalkers ltwCalendar
 CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier 
allows ...)
-       TODO: check
+       NOT-FOR-US: Kbase Express
 CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar 
Express ...)
-       TODO: check
+       NOT-FOR-US: PHP Lite Calender Express
 CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 
1.34 ...)
-       TODO: check
-end claimed by jmm
+       NOT-FOR-US: Jax Calendar
 CVE-2005-XXXX [Insufficient variable overwrite protection in phpmyadmin]
        - phpmyadmin <not-affected> (Apparently affects only 2.7.0)
        NOTE: http://www.hardened-php.net/advisory_252005.110.html
@@ -502,10 +500,6 @@
 CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape 
before ...)
        {DSA-916-1}
        - inkscape 0.42-1 (bug #321501; low)
-CVE-2005-XXXX [gallery2 zipcart information disclosure]
-       - gallery2 2.0.2-1 (medium)
-CVE-2005-XXXX [gallery2 add-from-web XSS]
-       - gallery2 2.0.2-1 (medium)
 CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in 
Zainu ...)
        NOT-FOR-US: Zaimu
 CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in 
PHP ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r2979 - data/CVE

Reply via email to