From 6e65e65e23ec39e6ac3c264364f4eddb68a46717 Mon Sep 17 00:00:00 2001 From: William Desportes Date: Sat, 11 Jan 2020 20:50:29 +0100 Subject: Update old phpMyAdmin CVE entries years: - 2003 (ignored, no CVEs found) - 2004 (4; 1 has patch links) - 2005 (9; 3 had patch links) - 2006 (9; 9 had patch links) - 2007 (8; 8 had patch links) - 2008 (10; 10 had patch links) - 2018 (5; 5 had patch links) - 2019 (5; 5 had patch links) - 2020 (1; 1 has patch links) Fixed links for: http://www.phpmyadmin.net/home_page/security/(.*).php --- data/CVE/2005.list | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'data/CVE/2005.list') diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 1033c03948..a17035d769 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1251,8 +1251,10 @@ CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenB - linux-2.6 2.6.18-3 CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 an ...) NOT-FOR-US: WBEM Services -CVE-2005-4349 - - phpmyadmin (unimportant) +CVE-2005-4349 [SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7....] + - phpmyadmin 4:3.2.0-1 (unimportant) + NOTE: A big commit that included a lot of fixes/versions + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/644366eaf1bd10dd087bfc8c46ed98a337c04ab4#diff-4cb9ef0ba2c5556cd595ceb5dd85fd33R2070 NOTE: Only for authenticated used, will possibly be rejected CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidr ...) {DSA-939-1} @@ -1827,6 +1829,8 @@ CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing NOTE: Internet Explorer bug, most definitely fixed since long, didn't check though CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote a ...) - phpmyadmin (Affects only 2.7.0) + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-9/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5f3b086ed22b8ca49472d27a014df3908b0388ac CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1. ...) NOT-FOR-US: Ideal BB.NET CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...) @@ -2444,6 +2448,10 @@ CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-880-1} - phpmyadmin 4:2.6.4-pl4-1 (bug #360726) + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-7/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0191fc3c33feb809cf668f018ad53dc35061fe4c + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/2e5c10aa2fc10fb1004aac7db78ebdaac21b9220 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/053d90b6019959c3a503d6b12b9cd23dc31df2be CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZE ...) NOT-FOR-US: Novell ZENworks CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix ...) @@ -2688,6 +2696,8 @@ CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple un CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1207-1} - phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium) + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-8/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/05c719aba3b99820daa3187e055c6ef4540b53cc CVE-2005-XXXX [unsafe file permissions in vpnc] - vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant) NOTE: Only an example file @@ -3175,6 +3185,7 @@ CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier a CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows rem ...) {DSA-1207-1} - phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium) + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-6/ CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl ...) {DSA-896-1} - linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high) @@ -3673,8 +3684,9 @@ CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for phpM {DSA-880-1} - phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high) CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...) - [sarge] - phpmyadmin (Not affected according to maintainer; #333433) - phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high) + [sarge] - phpmyadmin (Not affected according to maintainer; #333433) + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-4/ CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote att ...) NOT-FOR-US: OpenWBEM CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote at ...) @@ -9243,6 +9255,7 @@ CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local u NOT-FOR-US: SCO CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin be ...) - phpmyadmin 3:2.6.2-rc1-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-3/ CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location f ...) NOT-FOR-US: AIX CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite a ...) @@ -10200,6 +10213,7 @@ CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause NOT-FOR-US: Soldier of Fortune II CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...) - phpmyadmin 3:2.6.1-pl2-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-1/ CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remot ...) NOT-FOR-US: Golden FTP Server CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote att ...) @@ -10246,6 +10260,7 @@ CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running NOT-FOR-US: MS Office CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of th ...) - phpmyadmin 3:2.6.1-pl2-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-2/ CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows re ...) - phpmyadmin 3:2.6.1-pl2-1 CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 a ...) -- cgit v1.2.3