[Secure-testing-commits] r805 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Wed, 13 Apr 2005 22:16:22 +0000
Author: jmm-guest
Date: 2005-04-13 22:16:19 +0000 (Wed, 13 Apr 2005)
New Revision: 805
Modified:
sarge-checks/CAN/list
Log:
Sorry joeyh, I saw your commit only after having already checked
these. I'll use "claimed by foo" style msgs in the future as well.
Hopefully not too much work has been duplicated.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-13 21:55:58 UTC (rev 804)
+++ sarge-checks/CAN/list 2005-04-13 22:16:19 UTC (rev 805)
@@ -1,68 +1,67 @@
-begin claimed by joeyh
CAN-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...)
NOTE: not-for-us (GetDataBack for NTFS (Windows))
CAN-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
-
+ NOTE: not-for-us (Rebrand P2P Share Spy)
CAN-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...)
- TODO: check
+ NOTE: not-for-us (Ocean12 Membership Manager)
CAN-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...)
- TODO: check
+ NOTE: not-for-us (Ocean12 Membership Manager)
CAN-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...)
- TODO: check
+ NOTE: not-for-us (FTP Now)
CAN-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...)
- TODO: check
+ NOTE: not-for-us (Miranda IM)
CAN-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...)
- TODO: check
+ NOTE: not-for-us (Deluxe FTP)
CAN-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...)
- TODO: check
+ NOTE: not-for-us (Maxthon)
CAN-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...)
- TODO: check
+ NOTE: not-for-us (Maxthon)
CAN-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...)
- TODO: check
+ NOTE: not-for-us (DC++)
CAN-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...)
- TODO: check
+ NOTE: not-for-us (DameWare NT Utilities)
CAN-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...)
- TODO: check
+ NOTE: not-for-us (AN HTTPD)
CAN-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...)
- TODO: check
+ NOTE: not-for-us (AN HTTPD)
CAN-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...)
- TODO: check
+ NOTE: not-for-us (aeDating)
CAN-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...)
- TODO: check
+ NOTE: not-for-us (aeDating)
CAN-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...)
- TODO: check
+ NOTE: not-for-us (aeDating)
CAN-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...)
- TODO: check
+ NOTE: not-for-us (AtDGDatingPlatinum)
CAN-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...)
- TODO: check
+ NOTE: not-for-us (AtDGDatingPlatinum)
CAN-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...)
- TODO: check
+ NOTE: not-for-us (Sun Java)
CAN-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...)
- TODO: check
+ NOTE: not-for-us (zOOm Media Gallery)
CAN-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...)
- TODO: check
+ NOTE: not-for-us (XAMPP Apache distribution specific issue)
CAN-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...)
- TODO: check
+ NOTE: not-for-us (XAMPP Apache distribution specific issue)
CAN-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...)
- TODO: check
+ NOTE: not-for-us (WebCT)
CAN-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...)
- TODO: check
+ NOTE: not-for-us (RadBids Gold)
CAN-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...)
- TODO: check
+ NOTE: not-for-us (RadBids Gold)
CAN-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...)
- TODO: check
+ NOTE: not-for-us (RadBids Gold)
CAN-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...)
- TODO: check
+ NOTE: not-for-us (PunBB)
CAN-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...)
- TODO: check
+ NOTE: not-for-us (JPortal)
CAN-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...)
- TODO: check
+ NOTE: not-for-us (Invision Power Board)
CAN-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...)
- TODO: check
+ NOTE: not-for-us (sCssBoard)
CAN-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...)
- TODO: check
+ NOTE: not-for-us (sCssBoard)
CAN-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...)
- TODO: check
+ NOTE: not-for-us (Access_user)
CAN-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...)
TODO: check
CAN-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...)
@@ -76,24 +75,23 @@
CAN-2005-1061
NOTE: reserved
CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...)
- TODO: check
+ NOTE: not-for-us (Novell Netware)
CAN-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...)
- TODO: check
+ NOTE: not-for-us (Linksys)
CAN-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...)
- TODO: check
+ NOTE: not-for-us (IOS)
CAN-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...)
- TODO: check
+ NOTE: not-for-us (IOS)
CAN-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...)
- TODO: check
+ NOTE: not-for-us (HP OpenView)
CAN-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...)
- TODO: check
-end claimed by joeyh
+ NOTE: not-for-us (TowerBlog)
CAN-2005-1054 (PHP remote code injection vulnerability in news.php in ModernBill ...)
- TODO: check
+ NOTE: not-for-us (ModernBill)
CAN-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...)
- TODO: check
+ NOTE: not-for-us (ModernBill)
CAN-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...)
TODO: check
CAN-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...)
@@ -103,14 +101,13 @@
CAN-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...)
NOTE: not-for-us (PostNuke)
CAN-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...)
- TODO: check
+ NOTE: not-for-us (PunBB)
CAN-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...)
- kdelibs (unfixed; bug #304465)
CAN-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...)
- TODO: check
+ NOTE: not-for-us (OpenText)
CAN-2005-1044
NOTE: rejected
- TODO: check
CAN-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...)
- php4 (unfixed)
CAN-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
@@ -124,45 +121,45 @@
CAN-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
TODO: check
CAN-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...)
- TODO: check
+ NOTE: not-for-us (FreeBSD)
CAN-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...)
TODO: check
CAN-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (SurgeFTP)
CAN-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOTE: not-for-us (CubeCart)
CAN-2005-1032 (SQL injection vulnerability in cart.php in LiteCommerce allows remote ...)
- TODO: check
+ NOTE: not-for-us (LiteCommerce)
CAN-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
- TODO: check
+ NOTE: not-for-us (exoops)
CAN-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...)
- TODO: check
+ NOTE: not-for-us (Active Auction House)
CAN-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...)
- TODO: check
+ NOTE: not-for-us (Active Auction House)
CAN-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOTE: not-for-us (PHP-Nuke)
CAN-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...)
- TODO: check
+ NOTE: not-for-us (PHP-Nuke)
CAN-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...)
- TODO: check
+ NOTE: not-for-us (SnailSource phpBB mod)
CAN-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...)
- TODO: check
+ NOTE: not-for-us (IBM)
CAN-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (PHP-Nuke)
CAN-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...)
- TODO: check
+ NOTE: not-for-us (PHP-Nuke)
CAN-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...)
- TODO: check
+ NOTE: not-for-us (ColdFusion)
CAN-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...)
- TODO: check
+ NOTE: not-for-us (IOS)
CAN-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...)
- TODO: check
+ NOTE: not-for-us (IOS)
CAN-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...)
- TODO: check
+ NOTE: not-for-us (Aeon)
CAN-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...)
- TODO: check
+ NOTE: not-for-us (CA ArcServe Backup)
CAN-2005-XXXX [eGroupware: Inproper handling of canceled emails may disclose personal information]
- egroupware (unfixed; bug #304496)
CAN-2005-XXXX [Some security issues in mod_security]
@@ -179,7 +176,6 @@
NOTE: non-security bugfixes, so it's not obvious from the diff either.
CAN-2005-XXXX [Wordpress XSS and HTML injection vulnerabilities
- wordpress (unfixed; bug #304468)
-CAN-2005-XXXX [KDE kdelibs PCX image properties handling]
CAN-2005-XXXX [Multiple security issues in postfix-gld leading to possible remote root access]
- postfix-gld (unfixed; bug #304390)
CAN-2005-XXXX [Several races in file permission handling in coreutils]