[Secure-testing-commits] r1619 - data/CAN
Joey Hess
joeyh at costa.debian.org
Sun Aug 21 21:14:22 UTC 2005
Author: joeyh
Date: 2005-08-21 21:14:16 +0000 (Sun, 21 Aug 2005)
New Revision: 1619
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-21 15:31:49 UTC (rev 1618)
+++ data/CAN/list 2005-08-21 21:14:16 UTC (rev 1619)
@@ -1,3 +1,117 @@
+CAN-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...)
+ TODO: check
+CAN-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...)
+ TODO: check
+CAN-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...)
+ TODO: check
+CAN-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
+ TODO: check
+CAN-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...)
+ TODO: check
+CAN-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
+ TODO: check
+CAN-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...)
+ TODO: check
+CAN-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...)
+ TODO: check
+CAN-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...)
+ TODO: check
+CAN-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
+ TODO: check
+CAN-2005-2630
+ NOTE: reserved
+CAN-2005-2629
+ NOTE: reserved
+CAN-2005-2628
+ NOTE: reserved
+CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
+ TODO: check
+CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...)
+ TODO: check
+CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...)
+ TODO: check
+CAN-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...)
+ TODO: check
+CAN-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite arbitrary ...)
+ TODO: check
+CAN-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...)
+ TODO: check
+CAN-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...)
+ TODO: check
+CAN-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...)
+ TODO: check
+CAN-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...)
+ TODO: check
+CAN-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...)
+ TODO: check
+CAN-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...)
+ TODO: check
+CAN-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...)
+ TODO: check
+CAN-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...)
+ TODO: check
+CAN-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...)
+ TODO: check
+CAN-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...)
+ TODO: check
+CAN-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...)
+ TODO: check
+CAN-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...)
+ TODO: check
+CAN-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...)
+ TODO: check
+CAN-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...)
+ TODO: check
+CAN-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...)
+ TODO: check
+CAN-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...)
+ TODO: check
+CAN-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...)
+ TODO: check
+CAN-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...)
+ TODO: check
+CAN-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...)
+ TODO: check
+CAN-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...)
+ TODO: check
+CAN-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...)
+ TODO: check
+CAN-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...)
+ TODO: check
+CAN-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...)
+ TODO: check
+CAN-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...)
+ TODO: check
+CAN-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...)
+ TODO: check
+CAN-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...)
+ TODO: check
+CAN-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...)
+ TODO: check
+CAN-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...)
+ TODO: check
+CAN-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...)
+ TODO: check
+CAN-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...)
+ TODO: check
+CAN-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...)
+ TODO: check
+CAN-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...)
+ TODO: check
+CAN-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...)
+ TODO: check
+CAN-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...)
+ TODO: check
+CAN-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...)
+ TODO: check
+CAN-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...)
+ TODO: check
CAN-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...)
NOTE: not-for-us (CPAINT ajax toolkit)
CAN-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...)
@@ -561,7 +675,7 @@
- linux-2.6 2.6.12-1 (medium)
CAN-2005-2499
NOTE: reserved
-CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (XML-RPC ...)
+CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...)
- drupal (unfixed; bug #323347; high)
- phpgroupware (unfixed; bug #323349; high)
- egroupware (unfixed; bug #323350; high)
@@ -823,7 +937,7 @@
- tiff 3.7.0-1
CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...)
NOTE: not-for-us (IOS)
-CAN-2005-2450 (Multipl integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
+CAN-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
{DSA-776-1}
- clamav 0.86.2-1 (medium)
CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
@@ -4968,7 +5082,7 @@
NOTE: not-for-us
CAN-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...)
NOTE: not-for-us
-CAN-2004-1887 (ImgSvr 0.4 allows remote attackers to view directories or download ...)
+CAN-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...)
NOTE: not-for-us
CAN-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
NOTE: not-for-us
@@ -7683,7 +7797,7 @@
NOTE: not-for-us (Golden FTP Server)
CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
NOTE: not-for-us (Trillian)
-CAN-2005-0632 (PHP remote code injection vulnerability in auth.php in PHPNews 1.2.4 ...)
+CAN-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...)
NOTE: not-for-us (PHPNews)
CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...)
NOTE: not-for-us (PBLang)
@@ -8223,7 +8337,7 @@
NOTE: See bug #296547 for details
CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
NOTE: not-for-us (phpScheduleIt)
-CAN-2004-1651 (Multiple Cross-site scripting (XSS) vulnerabilities in the ...)
+CAN-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOTE: not-for-us (phpScheduleIt)
CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...)
NOTE: not-for-us (D-Link DCS-900)
@@ -8855,12 +8969,12 @@
NOTE: reserved
CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
NOTE: not-for-us (Microsoft)
-CAN-2005-0359
- NOTE: reserved
-CAN-2005-0358
- NOTE: reserved
-CAN-2005-0357
- NOTE: reserved
+CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
+ TODO: check
+CAN-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...)
+ TODO: check
+CAN-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...)
+ TODO: check
CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...)
NOTE: linux is not vulnerable, see #310804
- kfreebsd5-source 5.3-15 (medium)
@@ -10378,7 +10492,7 @@
NOTE: not-for-us (Verisign Payflow Link)
CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...)
NOTE: not-for-us (Orbz)
-CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero" Intrepid Protocol ...)
+CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...)
NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter)
CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
NOTE: not-for-us (pnTresMailer)
@@ -12040,7 +12154,7 @@
NOTE: not-for-us (Microsoft)
CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...)
NOTE: not-for-us (IRIX)
-CAN-2004-0482 (Multiple "incorrect bounds checking" errors in certain functions for ...)
+CAN-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...)
NOTE: not-for-us (OpenBSD)
CAN-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...)
NOTE: not-for-us (the KCMS on Solaris)
More information about the Secure-testing-commits
mailing list