[Secure-testing-commits] r1535 - data/CAN

Joey Hess joeyh at costa.debian.org
Mon Aug 8 09:14:19 UTC 2005


Author: joeyh
Date: 2005-08-08 09:14:15 +0000 (Mon, 08 Aug 2005)
New Revision: 1535

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-07 20:24:13 UTC (rev 1534)
+++ data/CAN/list	2005-08-08 09:14:15 UTC (rev 1535)
@@ -1,3 +1,145 @@
+CAN-2005-2489 (Web Content Management News System allows remote attackers to create ...)
+	TODO: check
+CAN-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...)
+	TODO: check
+CAN-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...)
+	TODO: check
+CAN-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...)
+	TODO: check
+CAN-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...)
+	TODO: check
+CAN-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...)
+	TODO: check
+CAN-2005-2483 (Direct dynamic code evaluation vulnerability in Karrigell before 2.1.8 ...)
+	TODO: check
+CAN-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...)
+	TODO: check
+CAN-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CAN-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...)
+	TODO: check
+CAN-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...)
+	TODO: check
+CAN-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...)
+	TODO: check
+CAN-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...)
+	TODO: check
+CAN-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...)
+	TODO: check
+CAN-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...)
+	TODO: check
+CAN-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...)
+	TODO: check
+CAN-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...)
+	TODO: check
+CAN-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...)
+	TODO: check
+CAN-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when ...)
+	TODO: check
+CAN-2005-2470
+	NOTE: reserved
+CAN-2005-2469
+	NOTE: reserved
+CAN-2005-2459
+	NOTE: reserved
+CAN-2005-2458
+	NOTE: reserved
+CAN-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...)
+	TODO: check
+CAN-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)
+	TODO: check
+CAN-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...)
+	TODO: check
+CAN-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...)
+	TODO: check
+CAN-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...)
+	TODO: check
+CAN-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...)
+	TODO: check
+CAN-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...)
+	TODO: check
+CAN-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...)
+	TODO: check
+CAN-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...)
+	TODO: check
+CAN-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...)
+	TODO: check
+CAN-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...)
+	TODO: check
+CAN-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...)
+	TODO: check
+CAN-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...)
+	TODO: check
+CAN-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...)
+	TODO: check
+CAN-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...)
+	TODO: check
+CAN-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...)
+	TODO: check
+CAN-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...)
+	TODO: check
+CAN-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...)
+	TODO: check
+CAN-2002-2108 (Unknown vulnerability in the "VAIO Manual" software in certain Sony ...)
+	TODO: check
+CAN-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...)
+	TODO: check
+CAN-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...)
+	TODO: check
+CAN-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...)
+	TODO: check
+CAN-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...)
+	TODO: check
+CAN-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...)
+	TODO: check
+CAN-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...)
+	TODO: check
+CAN-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...)
+	TODO: check
+CAN-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...)
+	TODO: check
+CAN-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...)
+	TODO: check
+CAN-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...)
+	TODO: check
+CAN-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...)
+	TODO: check
+CAN-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...)
+	TODO: check
+CAN-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...)
+	TODO: check
+CAN-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...)
+	TODO: check
+CAN-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...)
+	TODO: check
+CAN-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...)
+	TODO: check
+CAN-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...)
+	TODO: check
+CAN-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...)
+	TODO: check
+CAN-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...)
+	TODO: check
+CAN-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...)
+	TODO: check
+CAN-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...)
+	TODO: check
+CAN-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...)
+	TODO: check
+CAN-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...)
+	TODO: check
+CAN-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...)
+	TODO: check
+CAN-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...)
+	TODO: check
+CAN-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ...)
+	TODO: check
+CAN-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...)
+	TODO: check
+CAN-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in ...)
+	TODO: check
+CAN-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall ...)
+	TODO: check
 CAN-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
 	- wine (unfixed; bug #321470; low)
 CAN-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension]
@@ -2785,8 +2927,7 @@
 	NOTE: reserved
 CAN-2005-1855
 	NOTE: reserved
-CAN-2005-1854
-	NOTE: reserved
+CAN-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...)
 	{DSA-772-1}
 CAN-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...)
 	{DSA-770-1}
@@ -2986,8 +3127,8 @@
 	- squirrelmail 2:1.4.4-6 (bug #314374; medium)
 CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
-CAN-2005-1767
-	NOTE: reserved
+CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows local ...)
+	TODO: check
 CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
 	NOTE: not-for-us (RealPlayer)
 CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
@@ -3008,8 +3149,7 @@
 	- kernel-source-2.6.8 2.6.8-17
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	- kernel-source-2.4.27 2.4.27-11
-CAN-2005-1761 [Kernel changelog for 2.6.12.1: ia64 ptrace + sigrestore_context]
-	NOTE: reserved
+CAN-2005-1761 (Unknown vulnerability in the Linux kernel allows local users to cause ...)
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.11 2.6.11-6 (normal)
 	- kernel-source-2.6.8 2.6.8-17
@@ -4574,8 +4714,7 @@
 	- gs-gpl (unfixed; bug #291373; low)
 CAN-2005-XXXX [Possible SQL injection in freeradius]
 	- freeradius 1.0.2-4
-CAN-2005-2353 [Insecure temp file handling in Thunderbird]
-	NOTE: reserved
+CAN-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...)
 	- mozilla-thunderbird (unfixed; bug #306893; low)
 CAN-2005-XXXX [Directory traversal in unzoo]
 	- unzoo 4.4-4
@@ -5032,8 +5171,8 @@
 	- maxdb-7.5.00 7.5.00.24-3
 CAN-2005-1273
 	NOTE: reserved
-CAN-2005-1272
-	NOTE: reserved
+CAN-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...)
+	TODO: check
 CAN-2005-1271
 	NOTE: rejected
 CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...)
@@ -5045,8 +5184,7 @@
 CAN-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
 	{DSA-734-1}
 	- gaim 1:1.3.1-1 (low)
-CAN-2005-1268 [Off-by-one overflow in mod_ssl's CRL verification call back]
-	NOTE: reserved
+CAN-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...)
 	NOTE: This is from latest Trustix advisory, exploitation would require to trick
 	NOTE: someone into using a maliciously crafted certificate revocation list
 	- libapache-mod-ssl (unfixed; low)




More information about the Secure-testing-commits mailing list