[Secure-testing-commits] r413 - sarge-checks/CAN
SALVETTI Djoumé
djoume-guest@costa.debian.org
Tue, 15 Feb 2005 23:11:01 +0100
Author: djoume-guest
Date: 2005-02-15 23:10:59 +0100 (Tue, 15 Feb 2005)
New Revision: 413
Modified:
sarge-checks/CAN/list
Log:
* processed my block.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-02-15 20:14:19 UTC (rev 412)
+++ sarge-checks/CAN/list 2005-02-15 22:10:59 UTC (rev 413)
@@ -116,154 +116,153 @@
- egroupware 1.0.00.004
CAN-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...)
- gallery 1.4.4-pl2
-begin claimed by djoume
CAN-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...)
- TODO: check
+ NOTE: not-for-us (WinZip)
CAN-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...)
- TODO: check
+ - moin 1.2.3-1
CAN-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...)
- TODO: check
+ - moin 1.2.3-1
CAN-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...)
- TODO: check
+ NOTE: not-for-us (Novell)
CAN-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...)
- TODO: check
+ - cvstrac 1.1.4-1
CAN-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...)
- TODO: check
+ - xine-lib 1-rc5-1.1
CAN-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...)
- TODO: check
+ NOTE: according to GOTO Masanori this is not a security problem
+ NOTE: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272210
CAN-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...)
- TODO: check
+ NOTE: not-for-us (Gentoo specific)
CAN-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...)
- TODO: check
+ NOTE: mozilla 2:1.6-1
CAN-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...)
- TODO: check
+ - mozilla 2:1.7.1-1
CAN-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...)
- TODO: check
+ - mozilla 2:1.7-1
CAN-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Jetbox One)
CAN-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...)
- TODO: check
+ NOTE: not-for-us (Jetbox One)
CAN-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...)
- TODO: check
+ NOTE: not-for-us (ScreenOS)
CAN-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...)
- TODO: check
+ - nessus-core 2.0.12-1
CAN-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...)
- TODO: check
+ - roundup 0.7.3-1
CAN-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...)
- TODO: check
+ - imp3 3.2.5-1
CAN-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...)
- TODO: check
+ NOTE: not-for-us (db2www not in Debian)
CAN-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...)
- TODO: check
+ NOTE: not-for-us (Board Power)
CAN-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...)
- TODO: check
+ - putty 0.56-1
CAN-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (BlackJumboDog)
CAN-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...)
- TODO: check
+ - subversion 1.0.6-1
CAN-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...)
- TODO: check
+ - pavuk 0.9pl28-3.1
CAN-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (FormMail.php != nms-formmail)
CAN-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows remote ...)
- TODO: check
+ NOTE: not-for-us (Arcade.php)
CAN-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...)
- TODO: check
+ NOTE: not-for-us (ArGoSoft)
CAN-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...)
- TODO: check
+ NOTE: not-for-us (ArGoSoft)
CAN-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog ...)
- TODO: check
+ NOTE: not-for-us (KorWeblog)
CAN-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...)
- TODO: check
+ NOTE: not-for-us (KorWeblog)
CAN-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...)
- TODO: check
+ - moodle 1.4.3-1
CAN-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...)
- TODO: check
+ - moodle 1.4.3-1
CAN-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1) calendar.php ...)
- TODO: check
+ NOTE: not-for-us (PHP-Calendar)
CAN-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...)
- TODO: check
+ NOTE: not-for-us (WHM AutoPilot)
CAN-2004-1421 (Multiple PHP remote code injection vulnerabilities (1) step_one.php, ...)
- TODO: check
+ NOTE: not-for-us (WHM AutoPilot)
CAN-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...)
- TODO: check
+ NOTE: not-for-us (WHM AutoPilot)
CAN-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and ...)
- TODO: check
+ NOTE: not-for-us (ZeroBoard)
CAN-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...)
- TODO: check
+ NOTE: not-for-us (WPKontakt)
CAN-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...)
- TODO: check
+ NOTE: not-for-us (PsychoStats)
CAN-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...)
- TODO: check
+ NOTE: not-for-us (RealOne IE plugin)
CAN-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...)
- TODO: check
+ NOTE: not-for-us (2Bgal)
CAN-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Gadu-Gadu)
CAN-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...)
- TODO: check
+ NOTE: not-for-us (Kayako)
CAN-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
- TODO: check
+ NOTE: not-for-us (Kayako)
CAN-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Gadu-Gadu)
CAN-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...)
- TODO: check
+ NOTE: not-for-us (Gadu-Gadu)
CAN-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...)
- TODO: check
+ NOTE: not-for-us (Image Gallery Web Application)
CAN-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...)
- TODO: check
+ NOTE: not-for-us (Image Gallery Web Application)
CAN-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...)
- TODO: check
+ NOTE: not-for-us (Image Gallery Web Application)
CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...)
- TODO: check
+ NOTE: not-for-us (Ikonboard)
CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...)
- TODO: check
+ NOTE: not-for-us (MediaWiki)
CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...)
- TODO: check
+ NOTE: not-for-us (Attachment Mod for phpBB)
CAN-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...)
- TODO: check
+ NOTE: not-for-us (GNUBoard)
CAN-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (iWebNegar)
CAN-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...)
- TODO: check
+ NOTE: not-for-us (Asp-rider)
CAN-2004-1400 (The control panel in ASP Calendar does not require authentication to ...)
- TODO: check
+ NOTE: not-for-us (ASP Calendar)
CAN-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...)
- TODO: check
+ NOTE: not-for-us (Attachment Mod for phpBB)
CAN-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac OS X ...)
- TODO: check
+ NOTE: not-for-us (MacOSX)
CAN-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...)
- TODO: check
+ NOTE: not sure if sid version is vulnerable, I have mailed maintainer.
CAN-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Winamp)
CAN-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...)
- TODO: check
+ NOTE: not-for-us (Lithtech engine)
CAN-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...)
- TODO: check
+ - monit 1:4.2.1-1
CAN-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...)
- TODO: check
-end claimed by djoume
+ - monit 1:4.2.1-1
CAN-2005-0365 (The dcopidlng script in KDE 3.3.2 creates temporary files with ...)
- kdelibs 4:3.3.2-2
CAN-2005-0363