Move phpnuke vulnerabilities to VuXML.

svn path=/head/; revision=112836
2024-12-01 01:17:02 +00:00 · 2004-07-03 06:48:34 +00:00 · 2004-07-03 06:48:34 +00:00 · 5538ca7e08 · 2021-03-31 03:12:20 +00:00
commit 5538ca7e08
parent 25d677010b
3 changed files with 31 additions and 2 deletions
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@ -13,7 +13,6 @@ imp<3.2.4|http://article.gmane.org/gmane.comp.horde.imp/14421/|imp: XSS hole exp
 chora<1.2.2|http://article.gmane.org/gmane.comp.horde.chora/610/|chora: hole in the diff code that allowed malicious input|9e09399d-bd21-11d8-84f9-000bdb1444a4
 squirrelmail<1.4.3a|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0519 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt|SquirrelMail XSS vulnerability|89a0de27-bf66-11d8-a252-02e0185c0b53
 ja-squirrelmail<1.4.3a,1|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0519 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt|SquirrelMail XSS vulnerability|89a0de27-bf66-11d8-a252-02e0185c0b53
-phpnuke<=7.3|http://www.waraxe.us/?modname=sa&id=032 http://secunia.com/advisories/11920|Multiple security flaws in PhpNuke 6.x - 7.3|33ab4a47-bfc1-11d8-b00e-000347a4fa7d
 webmin<1.150|http://www.webmin.com/changes-1.150.html http://www.osvdb.org/6729 http://www.osvdb.org/6730|Multiple vulnerabilities in Webmin|ab61715f-c027-11d8-b00e-000347a4fa7d
 racoon<20040617a|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022617.html http://www.securityfocus.com/archive/1/366023 http://securitytracker.com/alerts/2004/Jun/1010495.html http://orange.kame.net/dev/cvsweb.cgi/kame/kame/kame/racoon/crypto_openssl.c#rev1.86|Racoon may validate invalid certificates|a96c1d37-c033-11d8-b00e-000347a4fa7d
 ircd-hybrid<=7.0_1|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486 http://www.osvdb.org/7242|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@ -13,7 +13,6 @@ imp<3.2.4|http://article.gmane.org/gmane.comp.horde.imp/14421/|imp: XSS hole exp
 chora<1.2.2|http://article.gmane.org/gmane.comp.horde.chora/610/|chora: hole in the diff code that allowed malicious input|9e09399d-bd21-11d8-84f9-000bdb1444a4
 squirrelmail<1.4.3a|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0519 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt|SquirrelMail XSS vulnerability|89a0de27-bf66-11d8-a252-02e0185c0b53
 ja-squirrelmail<1.4.3a,1|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0519 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt|SquirrelMail XSS vulnerability|89a0de27-bf66-11d8-a252-02e0185c0b53
-phpnuke<=7.3|http://www.waraxe.us/?modname=sa&id=032 http://secunia.com/advisories/11920|Multiple security flaws in PhpNuke 6.x - 7.3|33ab4a47-bfc1-11d8-b00e-000347a4fa7d
 webmin<1.150|http://www.webmin.com/changes-1.150.html http://www.osvdb.org/6729 http://www.osvdb.org/6730|Multiple vulnerabilities in Webmin|ab61715f-c027-11d8-b00e-000347a4fa7d
 racoon<20040617a|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022617.html http://www.securityfocus.com/archive/1/366023 http://securitytracker.com/alerts/2004/Jun/1010495.html http://orange.kame.net/dev/cvsweb.cgi/kame/kame/kame/racoon/crypto_openssl.c#rev1.86|Racoon may validate invalid certificates|a96c1d37-c033-11d8-b00e-000347a4fa7d
 ircd-hybrid<=7.0_1|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486 http://www.osvdb.org/7242|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -32,6 +32,37 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="33ab4a47-bfc1-11d8-b00e-000347a4fa7d">
+    <topic>Several vulnerabilities found in PHPNuke</topic>
+    <affects>
+      <package>
+	<name>PHPNuke</name>
+	<range><lt>7.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Janek Vind "waraxe" reports that several issues in the
+	  PHPNuke software may be exploited via carefully crafted
+	  URL requests.  These URLs will permit the injection of
+	  SQL code, cookie theft, and the readability of the
+	  PHPNuke administrator account.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CAN-2003-0279</cvename>
+      <cvename>CAN-2003-0318</cvename>
+      <cvename>CAN-2004-0266</cvename>
+      <cvename>CAN-2004-0269</cvename>
+      <url>http://www.waraxe.us/index.php?modname=sa&amp;id=27</url>
+      <url>http://secunia.com/advisories/11920</url>
+    </references>
+    <dates>
+      <discovery>2004-05-05</discovery>
+      <entry>2004-07-03</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="8ecaaca2-cc07-11d8-858d-000d610a3b12">
    <topic>Linux binary compatibility mode input validation error</topic>
    <affects>