[Secure-testing-commits] r393 - sarge-checks/CAN
SALVETTI Djoumé
djoume-guest@costa.debian.org
Fri, 11 Feb 2005 15:39:04 +0100
Author: djoume-guest
Date: 2005-02-11 15:39:02 +0100 (Fri, 11 Feb 2005)
New Revision: 393
Modified:
sarge-checks/CAN/list
Log:
* processed my block
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-02-11 09:00:18 UTC (rev 392)
+++ sarge-checks/CAN/list 2005-02-11 14:39:02 UTC (rev 393)
@@ -1,183 +1,179 @@
-begin claimed by djoume
CAN-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...)
- TODO: check
+ NOTE: not-for-us (RealArcade)
CAN-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (RealArcade)
CAN-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...)
- TODO: check
+ NOTE: not-for-us (SafeNet)
CAN-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...)
- TODO: check
+ NOTE: not-for-us (php-fusion)
CAN-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...)
- TODO: check
+ NOTE: not-for-us (602LAN SUITE)
CAN-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (PerlDesk)
CAN-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...)
- TODO: check
+ NOTE: not-for-us (Apple)
CAN-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...)
- TODO: check
+ NOTE: not-for-us (Apple)
CAN-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...)
- TODO: check
+ NOTE: not-for-us (Apple)
CAN-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Foxmail)
CAN-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Savant Web Server)
CAN-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...)
- TODO: check
+ - postfix 2.1.4-5
CAN-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...)
- TODO: check
+ NOTE: not-for-us (eMotion MediaPartner)
CAN-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...)
- TODO: check
+ NOTE: not-for-us (eMotion MediaPartner)
CAN-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Linksys)
CAN-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...)
- TODO: check
+ NOTE: not-for-us (LanChat)
CAN-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...)
- TODO: check
+ NOTE: not-for-us (DeskNow Mail server)
CAN-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...)
- TODO: check
+ NOTE: not-for-us (Winrar)
CAN-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...)
- TODO: check
+ NOTE: not-for-us (Painkiller)
CAN-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...)
- TODO: check
+ NOTE: not-for-us (ZipGenius)
CAN-2005-0328 (Zyxel P310, P314, P324 and Netgaear RT311, RT314 running the latest ...)
- TODO: check
+ NOTE: not-for-us (Netgear)
CAN-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...)
- TODO: check
+ NOTE: not-for-us (PafileDB)
CAN-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...)
- TODO: check
+ NOTE: not-for-us (PafileDB)
CAN-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...)
- TODO: check
+ NOTE: not-for-us (Xpand Rally)
CAN-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...)
- TODO: check
+ NOTE: not-for-us (Infinite Mobile Delivery Webmail)
CAN-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...)
- TODO: check
+ NOTE: not-for-us (Infinite Mobile Delivery Webmail)
CAN-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail server)
CAN-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail server)
CAN-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail server)
CAN-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...)
- TODO: check
+ NOTE: not-for-us (Webadmin)
CAN-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...)
- TODO: check
+ NOTE: not-for-us (Webadmin)
CAN-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...)
- TODO: check
+ NOTE: not-for-us (Webadmin)
CAN-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...)
- TODO: check
+ NOTE: not-for-us (WebWasher)
CAN-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...)
- TODO: check
+ NOTE: not-for-us (Magic Winmail)
CAN-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...)
- TODO: check
+ NOTE: not-for-us (Magic Winmail)
CAN-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...)
- TODO: check
+ NOTE: not-for-us (Magic Winmail)
CAN-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...)
- TODO: check
+ NOTE: not-for-us (WarFTPD under NT)
CAN-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...)
- TODO: check
+ NOTE: not-for-us (Ingate)
CAN-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOTE: not-for-us (Exponent)
CAN-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
- TODO: check
+ NOTE: not-for-us (Exponent)
CAN-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...)
- TODO: check
+ NOTE: not-for-us (W32Dasm)
CAN-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOTE: not-for-us (MercuryBoard)
CAN-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...)
- TODO: check
+ NOTE: not-for-us (MercuryBoard)
CAN-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...)
- TODO: check
+ NOTE: not-for-us (Siteman)
CAN-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...)
- TODO: check
+ NOTE: not-for-us (DivX Player)
CAN-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- TODO: check
+ NOTE: not-for-us (BackOffice Lite)
CAN-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...)
- TODO: check
+ NOTE: not-for-us (BackOffice Lite)
CAN-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...)
- TODO: check
+ NOTE: not-for-us (BackOffice Lite)
CAN-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...)
- TODO: check
+ - jsboard 2.0.10-1
CAN-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...)
- TODO: check
+ - gforge 3.1-26
CAN-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-0296 (The error module in Novell GroupWise WebAccess allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Novell)
CAN-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...)
- TODO: check
+ NOTE: not-for-us (nProtect)
CAN-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Minis)
CAN-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...)
- TODO: check
+ NOTE: not-for-us (Minis)
CAN-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...)
- TODO: check
+ NOTE: not-for-us (phpGiftReg)
CAN-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...)
- TODO: check
+ NOTE: not-for-us (NetGear)
CAN-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...)
- TODO: check
+ NOTE: not-for-us (NetGear)
CAN-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...)
- TODO: check
+ NOTE: not-for-us (Apple)
CAN-2005-0288 (The change password functionality in Bottomline Webseries Payment ...)
- TODO: check
+ NOTE: not-for-us (BottomLine WebSeries)
CAN-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (BottomLine WebSeries)
CAN-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (eMotion MediaPartner)
CAN-2005-0285 (Webseries Payment Application does not properly restrict privileged ...)
- TODO: check
-CAN-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...)
- TODO: check
+ NOTE: not-for-us (BottomLine WebSeries)
CAN-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...)
- TODO: check
+ NOTE: not-for-us (QwikiWiki)
CAN-2005-0282 (SQL injection vulnerability in member.php in MyBB allows remote ...)
- TODO: check
+ NOTE: not-for-us (MyBB)
CAN-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
- TODO: check
+ NOTE: not-for-us (Soldner Secret)
CAN-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...)
- TODO: check
+ NOTE: not-for-us (Soldner Secret)
CAN-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...)
- TODO: check
+ NOTE: not-for-us (Soldner Secret)
CAN-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...)
- TODO: check
+ NOTE: not-for-us (3COM 3CDaemon)
CAN-2005-0277 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...)
- TODO: check
+ NOTE: not-for-us (3COM 3CDaemon)
CAN-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...)
- TODO: check
+ NOTE: not-for-us (3COM 3CDaemon)
CAN-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...)
- TODO: check
+ NOTE: not-for-us (3COM 3CDaemon)
CAN-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...)
- TODO: check
+ NOTE: not-for-us (PhotoPost)
CAN-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...)
- TODO: check
+ NOTE: not-for-us (PhotoPost)
CAN-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...)
- TODO: check
+ NOTE: not-for-us (ReviewPost)
CAN-2005-0271 (Multiple SQL injection vulnerbilities in ReviewPost PHP Pro before ...)
- TODO: check
+ NOTE: not-for-us (ReviewPost)
CAN-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...)
- TODO: check
+ NOTE: not-for-us (ReviewPost)
CAN-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only verifies ...)
- TODO: check
+ NOTE: not-for-us (GNUBoard)
CAN-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...)
- TODO: check
+ NOTE: not-for-us (SugerCRM)
CAN-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...)
- TODO: check
+ NOTE: not-for-us (OWL intranet)
CAN-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...)
- TODO: check
+ NOTE: not-for-us (OWL intranet)
CAN-2005-0263 (Buffer overflow in netpmon on AIX 5.2, and possibly earlier versions, ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.2, 5.3, and possibly earlier ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...)
- TODO: check
-end claimed by djoume
+ NOTE: not-for-us (ARCserve Backup)
CAN-2005-0259
NOTE: reserved
CAN-2005-0258
@@ -295,7 +291,7 @@
CAN-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...)
NOTE: not-for-us (AIX)
CAN-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...)
- TODO: check
+ NOTE: not-for-us (S/MIME plugin not in Debian)
CAN-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...)
NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
- epiphany-browser (unfixed; bug #294270)
@@ -316,6 +312,7 @@
CAN-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...)
- mozilla-firefox 1.0+dfsg.1-6
CAN-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...)
+ NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
TODO: check
CAN-2005-0229
NOTE: reserved