[Secure-testing-commits] r1605 - data/CAN
Joey Hess
joeyh at costa.debian.org
Fri Aug 19 00:27:07 UTC 2005
Author: joeyh
Date: 2005-08-19 00:27:02 +0000 (Fri, 19 Aug 2005)
New Revision: 1605
Modified:
data/CAN/list
Log:
mostly finished my block, had to throw a few of the big ones back in due to
limited bandwidth
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-18 23:34:12 UTC (rev 1604)
+++ data/CAN/list 2005-08-19 00:27:02 UTC (rev 1605)
@@ -1,88 +1,88 @@
-begin claimed by joeyh
CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...)
- TODO: check
+ TODO: check with kernel team (pinged on irc)
+ NOTE: amd64 specific DOS
CAN-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...)
- TODO: check
+ NOTE: not-for-us (ezUpload)
CAN-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...)
- TODO: check
+ NOTE: not-for-us (EQdkp)
CAN-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...)
- TODO: check
+ NOTE: not-for-us (Discuz)
CAN-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...)
- TODO: check
+ NOTE: not-for-us (CPAINT Ajax)
CAN-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...)
- TODO: check
+ - wordpress (unfixed; bug #323040; high)
CAN-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...)
- TODO: check
+ NOTE: not-for-us (VERITAS Backup Exec for Windows Servers)
CAN-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...)
- TODO: check
+ NOTE: not-for-us (VegaDNS)
CAN-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...)
- TODO: check
+ NOTE: not-for-us (VegaDNS)
CAN-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...)
- TODO: check
+ NOTE: not-for-us (SafeHTML)
CAN-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...)
- TODO: check
+ NOTE: not-for-us (PHPSimplicity)
CAN-2005-2606 (Unknown vulnerability in the "frontend authentication" in PHlyMail ...)
- TODO: check
+ NOTE: not-for-us (PHlyMail)
CAN-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...)
- TODO: check
+ NOTE: not-for-us (Lasso Professional Server)
CAN-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (My Image Gallery (Mig))
CAN-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...)
- TODO: check
+ NOTE: not-for-us (My Image Gallery (Mig))
CAN-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...)
- TODO: check
+ - mozilla-firefox (unfixed; bug filed; low)
+ - mozilla-browser (unfixed; bug filed; low)
+ - mozilla-thunderbird (unfixed; bug filed; low)
CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
- TODO: check
+ NOTE: not-fur-us (MidiCart)
CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled allows remote attackers to ...)
TODO: check
CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...)
- TODO: check
+ NOTE: not-for-us (Hummingbird FTP for Connectivity)
CAN-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly ...)
- TODO: check
+ NOTE: not-for-us (Dokeos)
CAN-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...)
- TODO: check
+ NOTE: not-for-us (AOL Client)
CAN-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...)
- TODO: check
+ NOTE: not-for-us (Gallery, as used in Postnuke)
CAN-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...)
- TODO: check
+ NOTE: not-for-us (Dada Mail)
CAN-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Apple Safari)
CAN-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...)
- TODO: check
+ NOTE: not-for-us (MindAlign)
CAN-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...)
- TODO: check
+ NOTE: not-for-us (MindAlign)
CAN-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (MindAlign)
CAN-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...)
- TODO: check
+ NOTE: not-for-us (MindAlign)
CAN-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...)
- TODO: check
+ NOTE: not-for-us (WRT54GS wireless router)
CAN-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...)
- TODO: check
+ NOTE: not-for-us (DVBBS)
CAN-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...)
- TODO: check
+ NOTE: not-for-us (PHPTB Topic Boards)
CAN-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...)
- TODO: check
+ NOTE: not-for-us (Mentor ADSL-FR4II router)
CAN-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Mentor ADSL-FR4II router)
CAN-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...)
- TODO: check
+ NOTE: not-for-us (Mentor ADSL-FR4II router)
CAN-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...)
- TODO: check
+ NOTE: not-for-us (Mentor ADSL-FR4II router)
CAN-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...)
- TODO: check
+ NOTE: not-for-us (Kaspersky)
CAN-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...)
- TODO: check
+ NOTE: not-for-us (Grandstream BudgeTone)
CAN-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
- TODO: check
+ NOTE: not-for-us (MyBB)
CAN-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...)
- TODO: check
+ NOTE: not-for-us (Contivity)
CAN-2005-2578
NOTE: rejected
- TODO: check
-end claimed by joeyh
CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
- TODO: check
+ NOTE: not-for-us (Wyse Winterm)
CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...)
TODO: check
CAN-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...)
@@ -338,8 +338,6 @@
CAN-2005-XXXX [centericq embeds libgadu, which had multiple vulns]
NOTE: Will be split once the maintainer has investigated this
- centericq (unfixed; bug #323185; medium)
-CAN-2005-XXXX [Arbitrary command execution in wordpress through through cookie handling]
- - wordpress (unfixed; bug #323040; medium)
CAN-2005-XXXX [phpldapadmin doesn't fully prevent anonymous access when configured so]
- phpldapadmin 0.9.6c-5 (medium)
CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
More information about the Secure-testing-commits
mailing list