[Secure-testing-commits] r1637 - data/CAN
Joey Hess
joeyh at costa.debian.org
Wed Aug 24 19:53:11 UTC 2005
Author: joeyh
Date: 2005-08-24 19:53:08 +0000 (Wed, 24 Aug 2005)
New Revision: 1637
Modified:
data/CAN/list
Log:
checked old CANs, found a new hole in cplay, bugnum for mozilla silly long
url hole
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-24 18:44:53 UTC (rev 1636)
+++ data/CAN/list 2005-08-24 19:53:08 UTC (rev 1637)
@@ -1,3 +1,5 @@
+CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
+ - cplay (unfixed; bug #324913; low)
CAN-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
- phpldapadmin 0.9.6c-5 (bug #322423; low)
CAN-2005-2672 [lm-sensors: Insecure tempfile usage in pwmconfig]
@@ -101,65 +103,65 @@
CAN-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...)
NOTE: not-for-us (Easy Chat Server)
CAN-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...)
- TODO: check
+ NOTE: not-for-us (ADA Image Server)
CAN-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...)
- TODO: check
+ NOTE: not-for-us (ADA Image Server)
CAN-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...)
- TODO: check
+ - cplay 1.49-3 (medium)
CAN-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...)
- TODO: check
+ - gnubiff 2.0.0 (medium)
CAN-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...)
- TODO: check
+ - gnubiff 2.0.0 (medium)
CAN-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...)
- TODO: check
+ - gnubiff 2.0.0 (medium)
CAN-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...)
- TODO: check
+ NOTE: not-for-us (Open WebMail)
CAN-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...)
- TODO: check
+ NOTE: not-for-us (3Com OfficeConnect ADSL 11g Router)
CAN-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...)
- TODO: check
+ NOTE: not-for-us (miniBB)
CAN-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...)
- TODO: check
+ NOTE: not-for-us (Sweex Wireless Broadband Router/Accesspoint 802.11g)
CAN-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...)
- TODO: check
+ NOTE: not-for-us (aMSN 0.90 for Microsoft Windows)
CAN-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...)
- TODO: check
+ NOTE: not-for-us (Tutti Nova)
CAN-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...)
- TODO: check
+ NOTE: not-for-us (Hitachi Cosminexus Portal Framework)
CAN-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...)
- TODO: check
+ NOTE: not-for-us (Roger Wilco)
CAN-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...)
- TODO: check
+ NOTE: not-for-us (Roger Wilco)
CAN-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...)
- TODO: check
+ NOTE: not-for-us (Roger Wilco)
CAN-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...)
- TODO: check
+ NOTE: not-for-us (S-Mart Shopping Cart or RediCart)
CAN-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...)
- TODO: check
+ NOTE: not-for-us (*1st Class Mail Server)
CAN-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...)
- TODO: check
+ NOTE: not-for-us (*1st Class Mail Server)
CAN-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...)
- TODO: check
+ NOTE: not-for-us (Jaws)
CAN-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...)
- TODO: check
+ NOTE: not-for-us (Jaws)
CAN-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...)
- TODO: check
+ NOTE: not-for-us (Jaws)
CAN-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...)
- TODO: check
+ NOTE: not-for-us (F-Secure Anti-Virus)
CAN-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...)
- TODO: check
+ NOTE: not-for-us (Kerio)
CAN-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...)
- TODO: check
+ NOTE: not-for-us (proxytunnel)
CAN-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...)
- TODO: check
+ NOTE: not-for-us (HP printers)
CAN-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...)
- TODO: check
+ NOTE: not-for-us (PHP-Fusion)
CAN-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (PHP-Fusion)
CAN-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...)
- TODO: check
+ NOTE: not-for-us (Computer Associates Unicenter Common Services)
CAN-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...)
- TODO: check
+ NOTE: not-for-us (PeopleSoft Human Resources Management System (HRMS))
CAN-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...)
NOTE: not-for-us (CPAINT ajax toolkit)
CAN-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...)
@@ -306,9 +308,8 @@
CAN-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...)
NOTE: not-for-us (My Image Gallery (Mig))
CAN-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...)
- - mozilla-firefox (unfixed; bug filed; low)
- - mozilla-browser (unfixed; bug filed; low)
- - mozilla-thunderbird (unfixed; bug filed; low)
+ - mozilla-firefox (unfixed; bug #324907; low)
+ TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird
CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
NOTE: not-fur-us (MidiCart)
CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled allows remote attackers to ...)
@@ -467,75 +468,74 @@
CAN-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...)
NOTE: not-for-us (PHPX CMS)
CAN-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...)
- TODO: check
+ NOTE: not-for-us (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0)
CAN-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Targem Battle Mages)
CAN-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...)
- TODO: check
+ NOTE: not-for-us (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet)
CAN-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...)
- TODO: check
+ - phpbb2 2.0.6c (low)
CAN-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...)
- TODO: check
+ NOTE: not-for-us (roofpoint Protection Server)
CAN-2004-2356 (Fizmez Web Server 1.0 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Fizmez)
CAN-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...)
- TODO: check
+ NOTE: not-for-us (Crafty Syntax Live Help)
CAN-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...)
- TODO: check
+ NOTE: not-for-us (4nGuestbook)
CAN-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...)
- TODO: check
+ NOTE: not-for-us (BugPort)
CAN-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...)
- TODO: check
+ NOTE: not-for-us (GBook)
CAN-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...)
- TODO: check
+ NOTE: not-for-us (GBook)
CAN-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...)
- TODO: check
+ - phpbb2 2.0.8 (low)
CAN-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...)
- TODO: check
+ NOTE: not-for-us (Tunez)
CAN-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Sybari AntiGen for Domino)
CAN-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Leif M. Wright Web Blog)
CAN-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...)
- TODO: check
+ NOTE: not-for-us (Forum Web Server )
CAN-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...)
- TODO: check
+ NOTE: not-for-us (VocalTec)
CAN-2004-2343 (** DISPUTED ** ...)
- TODO: check
CAN-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (ChatterBox)
CAN-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...)
- TODO: check
+ NOTE: not-for-us (iSearch)
CAN-2004-2340 (** UNVERIFIABLE ** ...)
- TODO: check
+ NOTE: not-for-us (PunkBuster Screenshot Database)
CAN-2004-2339 (** DISPUTED ** ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...)
- TODO: check
+ NOTE: not-for-us (OpenBSD)
CAN-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...)
- TODO: check
+ NOTE: not-for-us (inlook)
CAN-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...)
- TODO: check
+ NOTE: not-for-us (Novel Groupwise)
CAN-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...)
- TODO: check
+ NOTE: not-for-us (Macromedia installers and e-licensing client on Mac OS X)
CAN-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...)
- TODO: check
+ NOTE: not-for-us (EMU Webmail)
CAN-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...)
- TODO: check
+ NOTE: not-for-us (Bodington)
CAN-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...)
- TODO: check
+ NOTE: not-for-us (WWW::Form)
CAN-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...)
- TODO: check
+ NOTE: not-for-us (ColdFusion)
CAN-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (ColdFusion)
CAN-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...)
- TODO: check
+ NOTE: not-for-us (Kerio Personal Firewal)
CAN-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Clearswift MAILsweeper )
CAN-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Vizer)
CAN-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...)
TODO: check
CAN-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...)
@@ -697,7 +697,6 @@
CAN-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...)
NOTE: not-for-us (Mac OS X)
CAN-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...)
- TODO: check
NOTE: not-for-us (Mac OS X)
CAN-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...)
NOTE: not-for-us (Mac OS X)
More information about the Secure-testing-commits
mailing list