[Secure-testing-commits] r938 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Sat, 30 Apr 2005 21:14:21 +0000
Author: joeyh
Date: 2005-04-30 21:14:17 +0000 (Sat, 30 Apr 2005)
New Revision: 938
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-28 21:14:18 UTC (rev 937)
+++ sarge-checks/CAN/list 2005-04-30 21:14:17 UTC (rev 938)
@@ -1,3 +1,195 @@
+CAN-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...)
+ TODO: check
+CAN-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...)
+ TODO: check
+CAN-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...)
+ TODO: check
+CAN-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...)
+ TODO: check
+CAN-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS 1.1 ...)
+ TODO: check
+CAN-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...)
+ TODO: check
+CAN-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...)
+ TODO: check
+CAN-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...)
+ TODO: check
+CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script allows ...)
+ TODO: check
+CAN-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...)
+ TODO: check
+CAN-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...)
+ TODO: check
+CAN-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...)
+ TODO: check
+CAN-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...)
+ TODO: check
+CAN-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...)
+ TODO: check
+CAN-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...)
+ TODO: check
+CAN-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...)
+ TODO: check
+CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...)
+ TODO: check
+CAN-2005-1347 (Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote ...)
+ TODO: check
+CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...)
+ TODO: check
+CAN-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...)
+ TODO: check
+CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
+ TODO: check
+CAN-2005-1343
+ NOTE: reserved
+CAN-2005-1342
+ NOTE: reserved
+CAN-2005-1341
+ NOTE: reserved
+CAN-2005-1340
+ NOTE: reserved
+CAN-2005-1339
+ NOTE: reserved
+CAN-2005-1338
+ NOTE: reserved
+CAN-2005-1337
+ NOTE: reserved
+CAN-2005-1336
+ NOTE: reserved
+CAN-2005-1335
+ NOTE: reserved
+CAN-2005-1334
+ NOTE: reserved
+CAN-2005-1333
+ NOTE: reserved
+CAN-2005-1332
+ NOTE: reserved
+CAN-2005-1331
+ NOTE: reserved
+CAN-2005-1330
+ NOTE: reserved
+CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...)
+ TODO: check
+CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...)
+ TODO: check
+CAN-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...)
+ TODO: check
+CAN-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...)
+ TODO: check
+CAN-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...)
+ TODO: check
+CAN-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
+ TODO: check
+CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
+ TODO: check
+CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...)
+ TODO: check
+CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...)
+ TODO: check
+CAN-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...)
+ TODO: check
+CAN-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...)
+ TODO: check
+CAN-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...)
+ TODO: check
+CAN-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...)
+ TODO: check
+CAN-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...)
+ TODO: check
+CAN-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...)
+ TODO: check
+CAN-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...)
+ TODO: check
+CAN-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...)
+ TODO: check
+CAN-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2 ...)
+ TODO: check
+CAN-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...)
+ TODO: check
+CAN-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...)
+ TODO: check
+CAN-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...)
+ TODO: check
+CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
+ TODO: check
+CAN-2005-1307
+ NOTE: reserved
+CAN-2005-1306
+ NOTE: reserved
+CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...)
+ TODO: check
+CAN-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...)
+ TODO: check
+CAN-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...)
+ TODO: check
+CAN-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...)
+ TODO: check
+CAN-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...)
+ TODO: check
+CAN-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...)
+ TODO: check
+CAN-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...)
+ TODO: check
+CAN-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...)
+ TODO: check
+CAN-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...)
+ TODO: check
+CAN-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...)
+ TODO: check
+CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
+ TODO: check
+CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...)
+ TODO: check
+CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...)
+ TODO: check
+CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...)
+ TODO: check
+CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...)
+ TODO: check
+CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...)
+ TODO: check
+CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...)
+ TODO: check
+CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...)
+ TODO: check
+CAN-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...)
+ TODO: check
+CAN-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from starting ...)
+ TODO: check
+CAN-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...)
+ TODO: check
+CAN-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...)
+ TODO: check
+CAN-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...)
+ TODO: check
+CAN-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...)
+ TODO: check
+CAN-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...)
+ TODO: check
+CAN-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...)
+ TODO: check
+CAN-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CAN-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...)
+ TODO: check
+CAN-2005-1277
+ NOTE: reserved
+CAN-2005-1276
+ NOTE: reserved
+CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
+ TODO: check
+CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...)
+ TODO: check
+CAN-2005-1273
+ NOTE: reserved
+CAN-2005-1272
+ NOTE: reserved
+CAN-2005-1271
+ NOTE: reserved
+CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...)
+ TODO: check
+CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...)
+ TODO: check
CAN-2005-XXXX [Four DoS vulnerabilities in tcpdump]
- tcpdump 3.8.3-4
CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
@@ -408,9 +600,9 @@
NOTE: not-for-us (CalenderScript)
CAN-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...)
NOTE: not-for-us (CalenderScript)
-CAN-2005-1146 (Cross-site scripting (XSS) vulnerability in the login command in ...)
+CAN-2005-1146 (** DISPUTED ** ...)
NOTE: not-for-us (CalenderScript)
-CAN-2005-1145 (Cross-site scripting (XSS) vulnerability in calendar.pl in ...)
+CAN-2005-1145 (** DISPUTED ** ...)
NOTE: not-for-us (CalenderScript)
CAN-2005-1144 (popup.php in EasyPHPCalendar allows remote attackers to obtain ...)
NOTE: not-for-us (EasyPHPCalender)
@@ -591,10 +783,10 @@
NOTE: writiable by normal users in Debian, only by root.
CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
- rsnapshot 1.2.1-1
-CAN-2005-1063
- NOTE: reserved
-CAN-2005-1062
- NOTE: reserved
+CAN-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
+ TODO: check
+CAN-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
+ TODO: check
CAN-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...)
TODO: check
CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...)
@@ -1721,8 +1913,8 @@
NOTE: see bug #298621, was stalled in NEW, now accepted
CAN-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...)
NOTE: not-for-us (OutStart Participate Enterprise)
-CAN-2005-0684
- NOTE: reserved
+CAN-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...)
+ TODO: check
CAN-2005-0683
NOTE: rejected
CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
@@ -2439,7 +2631,7 @@
NOTE: not-for-us (Microsoft)
CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...)
NOTE: not-for-us (UBB.threads)
-CAN-2004-1621 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and ...)
+CAN-2004-1621 (** DISPUTED ** ...)
NOTE: not-for-us (Lotus Notes)
CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...)
NOTE: not-for-us (Serendipity)
@@ -3332,7 +3524,7 @@
NOTE: not-for-us (Oracle)
CAN-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...)
NOTE: not-for-us (Oracle)
-CAN-2005-0296 (The error module in Novell GroupWise WebAccess allows remote attackers ...)
+CAN-2005-0296 (** DISPUTED ** ...)
NOTE: not-for-us (Novell)
CAN-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...)
NOTE: not-for-us (nProtect)
@@ -4121,11 +4313,9 @@
CAN-2004-1344
NOTE: reserved
CAN-2004-1343 [DoS vulnerability in repouid CVS addon patch]
- NOTE: reserved
{DSA-715-1}
- 1.12.9-11
CAN-2004-1342 [Password bypassing in the repouid CVS addon patch]
- NOTE: reserved
{DSA-715-1}
- 1.12.9-11
CAN-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...)
@@ -4809,10 +4999,10 @@
NOTE: not-for-us (Microsoft)
CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
- ncpfs 2.2.5-2
-CAN-2004-1078
- NOTE: reserved
-CAN-2004-1077
- NOTE: reserved
+CAN-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...)
+ TODO: check
+CAN-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...)
+ TODO: check
CAN-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...)
{DSA-609-1}
- atari800 1.3.2-1
@@ -6908,7 +7098,7 @@
{DSA-443}
CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
NOTE: not-for-us (Safari)
-CAN-2004-0091 (Cross-site scripting (XSS) vulnerability in register.php for unknown ...)
+CAN-2004-0091 (** DISPUTED ** ...)
NOTE: not-for-us (vBulletin)
CAN-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...)
NOTE: not-for-us (MacOS)