[Secure-testing-commits] r461 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Mon, 21 Feb 2005 22:21:00 +0100
Author: joeyh
Date: 2005-02-21 22:20:57 +0100 (Mon, 21 Feb 2005)
New Revision: 461
Modified:
sarge-checks/CAN/list
Log:
update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-02-21 20:31:59 UTC (rev 460)
+++ sarge-checks/CAN/list 2005-02-21 21:20:57 UTC (rev 461)
@@ -1,85 +1,86 @@
-begin claimed by joeyh
CAN-2005-0488
NOTE: reserved
CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
+ NOTE: only a DOS; page with example is down, so cannot check.
TODO: check
CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
- TODO: check
+ NOTE: not-for-us (mailcarrier)
CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Hawking Technologies HAR11A modem/router)
CAN-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...)
- TODO: check
+ NOTE: not-for-us (WvTftp)
CAN-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...)
- TODO: check
+ NOTE: does not affect older 2.16.7 in sid.
CAN-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...)
- TODO: check
+ NOTE: does not affect older 2.16.7 in sid.
CAN-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...)
- TODO: check
+ - bugzilla 2.16.7
CAN-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...)
- TODO: check
+ - moniwiki 1.0.9
CAN-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Open WorkFlow Engine)
CAN-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...)
- TODO: check
+ NOTE: not-for-us (Open WorkFlow Engine)
CAN-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...)
- TODO: check
+ NOTE: not-for-us (Dwc_articles)
CAN-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...)
- TODO: check
+ - rssh 2.2.2
CAN-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...)
- TODO: check
+ NOTE: not-for-us (ability server)
CAN-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...)
- TODO: check
+ NOTE: not-for-us (ability server)
CAN-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...)
- TODO: check
+ NOTE: not-for-us (pGina)
CAN-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...)
- TODO: check
+ NOTE: not-for-us (Carbon Copy)
CAN-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...)
- TODO: check
+ NOTE: not-for-us (UBB.threads)
CAN-2004-1621 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and ...)
- TODO: check
+ NOTE: not-for-us (Lotus Notes)
CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...)
- TODO: check
+ NOTE: not-for-us (Serendipity)
CAN-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...)
- TODO: check
+ NOTE: not-for-us (Privateer's Bounty: Age of Sail II)
CAN-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Tonecast)
CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...)
- TODO: check
+ - lynx (unfixed; bug filed)
CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
- TODO: check
+ - links (unfixed; bug filed)
CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6
+ NOTE: mozilla-browser 1.7.5-1 also ok
CAN-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: example page did not bother firefox 1.0+dfsg.1-6
+ NOTE: mozilla-browser 1.7.5-1 also ok
CAN-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...)
- TODO: check
+ NOTE: not-for-us (SalesLogix)
CAN-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...)
- TODO: check
+ NOTE: not-for-us (SalesLogix)
CAN-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...)
- TODO: check
+ NOTE: not-for-us (SalesLogix)
CAN-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...)
- TODO: check
+ NOTE: not-for-us (SalesLogix)
CAN-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (SalesLogix)
CAN-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (SalesLogix)
CAN-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...)
- TODO: check
+ NOTE: not-for-us (SalesLogix)
CAN-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...)
- TODO: check
+ NOTE: not-for-us (SalesLogix)
CAN-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...)
- TODO: check
+ NOTE: not-for-us (not our cpanel)
CAN-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...)
- TODO: check
+ NOTE: not-for-us (not our cpanel)
CAN-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...)
- TODO: check
+ - proftpd (unfixed; bug filed)
CAN-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...)
- TODO: check
-end claimed by joeyh
+ NOTE: not-for-us (coolphp)
begin claimed by djoume
CAN-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...)
TODO: check