[Secure-testing-commits] r457 - sarge-checks/CAN

Joey Hess joeyh@costa.debian.org
Mon, 21 Feb 2005 09:14:19 +0100 

Author: joeyh
Date: 2005-02-21 09:14:16 +0100 (Mon, 21 Feb 2005)
New Revision: 457

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-02-20 12:44:03 UTC (rev 456)
+++ sarge-checks/CAN/list	2005-02-21 08:14:16 UTC (rev 457)
@@ -1,3 +1,195 @@
+CAN-2005-0488
+	NOTE: reserved
+CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
+	TODO: check
+CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
+	TODO: check
+CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...)
+	TODO: check
+CAN-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...)
+	TODO: check
+CAN-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...)
+	TODO: check
+CAN-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...)
+	TODO: check
+CAN-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...)
+	TODO: check
+CAN-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...)
+	TODO: check
+CAN-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...)
+	TODO: check
+CAN-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...)
+	TODO: check
+CAN-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...)
+	TODO: check
+CAN-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...)
+	TODO: check
+CAN-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...)
+	TODO: check
+CAN-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...)
+	TODO: check
+CAN-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...)
+	TODO: check
+CAN-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...)
+	TODO: check
+CAN-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...)
+	TODO: check
+CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...)
+	TODO: check
+CAN-2004-1621 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and ...)
+	TODO: check
+CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...)
+	TODO: check
+CAN-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...)
+	TODO: check
+CAN-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...)
+	TODO: check
+CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...)
+	TODO: check
+CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
+	TODO: check
+CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
+	TODO: check
+CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...)
+	TODO: check
+CAN-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...)
+	TODO: check
+CAN-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...)
+	TODO: check
+CAN-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...)
+	TODO: check
+CAN-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...)
+	TODO: check
+CAN-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...)
+	TODO: check
+CAN-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...)
+	TODO: check
+CAN-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...)
+	TODO: check
+CAN-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...)
+	TODO: check
+CAN-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...)
+	TODO: check
+CAN-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...)
+	TODO: check
+CAN-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...)
+	TODO: check
+CAN-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...)
+	TODO: check
+CAN-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...)
+	TODO: check
+CAN-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...)
+	TODO: check
+CAN-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...)
+	TODO: check
+CAN-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...)
+	TODO: check
+CAN-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...)
+	TODO: check
+CAN-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...)
+	TODO: check
+CAN-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...)
+	TODO: check
+CAN-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...)
+	TODO: check
+CAN-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CAN-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal 1.0.3 ...)
+	TODO: check
+CAN-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...)
+	TODO: check
+CAN-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...)
+	TODO: check
+CAN-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...)
+	TODO: check
+CAN-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...)
+	TODO: check
+CAN-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...)
+	TODO: check
+CAN-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...)
+	TODO: check
+CAN-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...)
+	TODO: check
+CAN-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...)
+	TODO: check
+CAN-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...)
+	TODO: check
+CAN-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1 allows ...)
+	TODO: check
+CAN-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
+	TODO: check
+CAN-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...)
+	TODO: check
+CAN-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...)
+	TODO: check
+CAN-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...)
+	TODO: check
+CAN-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...)
+	TODO: check
+CAN-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...)
+	TODO: check
+CAN-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...)
+	TODO: check
+CAN-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...)
+	TODO: check
+CAN-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...)
+	TODO: check
+CAN-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...)
+	TODO: check
+CAN-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...)
+	TODO: check
+CAN-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...)
+	TODO: check
+CAN-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...)
+	TODO: check
+CAN-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...)
+	TODO: check
+CAN-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...)
+	TODO: check
+CAN-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...)
+	TODO: check
+CAN-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...)
+	TODO: check
+CAN-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...)
+	TODO: check
+CAN-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...)
+	TODO: check
+CAN-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...)
+	TODO: check
+CAN-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...)
+	TODO: check
+CAN-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...)
+	TODO: check
+CAN-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...)
+	TODO: check
+CAN-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through 0.6 ...)
+	TODO: check
+CAN-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...)
+	TODO: check
+CAN-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...)
+	TODO: check
+CAN-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...)
+	TODO: check
+CAN-2004-1554 (PHP remote code injection vulnerability in livre_include.php in @lex ...)
+	TODO: check
+CAN-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...)
+	TODO: check
+CAN-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...)
+	TODO: check
+CAN-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email, (2) ...)
+	TODO: check
+CAN-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...)
+	TODO: check
+CAN-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...)
+	TODO: check
+CAN-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...)
+	TODO: check
+CAN-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
+	TODO: check
+CAN-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...)
+	TODO: check
+CAN-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...)
+	TODO: check
 CAN-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...)
 	NOTE: not-for-us (Kyako ESupport)
 CAN-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...)
@@ -1864,7 +2056,7 @@
 	NOTE: not-for-us (Verisign Payflow Link)
 CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...)
 	NOTE: not-for-us (Orbz)
-CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, ...)
+CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero" Intrepid Protocol ...)
 	NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter)
 CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
 	NOTE: not-for-us (pnTresMailer)
@@ -2453,9 +2645,9 @@
 	- freeradius 1.0.1
 CAN-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
 	- freeradius 1.0.1
-CAN-2004-0959 (PHP before 5.0.2 allows local users to upload files to arbitrary ...)
+CAN-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...)
 	- php4 4.3.9
-CAN-2004-0958 (PHP before 5.0.2 allows remote attackers to read sensitive memory ...)
+CAN-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...)
 	- php4 4.3.9
 CAN-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...)
 	- mysql-dfsg 3.23.58
@@ -2738,7 +2930,7 @@
 CAN-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
 	NOTE: not-for-us (microsoft)
 CAN-2004-0838
-	NOTE: reserved
+	TODO: check
 CAN-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...)
 	{DSA-562-2}
 CAN-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)