[Secure-testing-commits] r470 - sarge-checks/CAN
Micah Anderson
micah@costa.debian.org
Wed, 23 Feb 2005 07:55:07 +0100
Author: micah
Date: 2005-02-23 07:55:04 +0100 (Wed, 23 Feb 2005)
New Revision: 470
Modified:
sarge-checks/CAN/list
Log:
Finished checking my claimed CANs
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-02-23 06:03:46 UTC (rev 469)
+++ sarge-checks/CAN/list 2005-02-23 06:55:04 UTC (rev 470)
@@ -80,86 +80,84 @@
CAN-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...)
TODO: check
end claimed by djoume
-begin claimed by micah
CAN-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...)
- TODO: check
+ NOTE: not-for-us (PerlDesk)
CAN-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...)
- TODO: check
+ NOTE: not-for-us (Gadu-Gadu)
CAN-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Serv-U FTP)
CAN-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail Server)
CAN-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail Server)
CAN-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail Server)
CAN-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail Server)
CAN-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail Server)
CAN-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail Server)
CAN-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...)
- TODO: check
+ NOTE: not-for-us (Subjects)
CAN-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (Halo Combat Evolved)
CAN-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...)
- TODO: check
+ NOTE: not-for-us (Trillian)
CAN-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...)
- TODO: check
+ NOTE: not-for-us (PsNews)
CAN-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...)
- TODO: check
+ NOTE: not-for-us (Call of Duty)
CAN-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...)
- TODO: check
+ NOTE: not-for-us (Engenio/LSI Logic storage controllers)
CAN-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOTE: not-for-us (YaBB)
CAN-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
- TODO: check
+ NOTE: not-for-us (MailWorks)
CAN-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and earlier ...)
- TODO: check
+ NOTE: not-for-us (CuteNews)
CAN-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...)
- TODO: check
+ NOTE: not-for-us (CuteNews)
CAN-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...)
- TODO: check
+ NOTE: not-for-us (Kerio Personal Firewall)
CAN-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...)
- TODO: check
+ NOTE: not-for-us (DasBlog)
CAN-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...)
- TODO: check
+ NOTE: not-for-us (Comersus Shopping Cart)
CAN-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...)
- TODO: check
+ NOTE: not-for-us (phpWebsite)
CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...)
- TODO: check
+ NOTE: not-for-us (phpWebsite)
CAN-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...)
- TODO: check
+ - ssh (unfixed; bug #296547)
CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
- TODO: check
+ NOTE: not-for-us (phpScheduleIt)
CAN-2004-1651 (Multiple Cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOTE: not-for-us (phpScheduleIt)
CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...)
- TODO: check
+ NOTE: not-for-us (D-Link DCS-900)
CAN-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...)
- TODO: check
+ NOTE: not-for-us (Msinfo32.exe)
CAN-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...)
- TODO: check
+ NOTE: not-for-us (Password Protect)
CAN-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...)
- TODO: check
+ NOTE: not-for-us (Password Protect)
CAN-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Xedus)
CAN-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Xedus)
CAN-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...)
- TODO: check
-end claimed by micah
+ NOTE: not-for-us (Xedus)
CAN-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (WS_FTP)
CAN-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...)
- TODO: check
+ NOTE: not-for-us (WS_FTP)
CAN-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (Titan)
CAN-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...)
- TODO: check
+ NOTE: not-for-us (XOOPS)
CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...)
- TODO: check
+ NOTE: not-for-us (Thomson cable modem)
CAN-2005-0488
NOTE: reserved
CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
@@ -6840,13 +6838,13 @@
{DSA-215}
- cyrus-imapd 1.5.19-9.10
CAN-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...)
- NOTE: not for us (SAP)
+ NOTE: not-for-us (SAP)
CAN-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...)
- NOTE: not for us (SAP)
+ NOTE: not-for-us (SAP)
CAN-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...)
- NOTE: not for us (SAP)
+ NOTE: not-for-us (SAP)
CAN-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...)
- NOTE: not for us (SAP)
+ NOTE: not-for-us (SAP)
CAN-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...)
{DSA-437}
- cgiemail 1.6-20