[Secure-testing-commits] r1405 - data/CAN
Joey Hess
joeyh at costa.debian.org
Fri Jul 15 18:48:19 UTC 2005
Author: joeyh
Date: 2005-07-15 18:48:16 +0000 (Fri, 15 Jul 2005)
New Revision: 1405
Modified:
data/CAN/list
Log:
processed most of my lock and de-claimed the end
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-15 18:23:55 UTC (rev 1404)
+++ data/CAN/list 2005-07-15 18:48:16 UTC (rev 1405)
@@ -196,101 +196,104 @@
NOTE: not-for-us (AliveSites)
CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
NOTE: not-for-us (Express-Web)
-begin claimed by joeyh
CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
- TODO: check
+ NOTE: not-for-us (IdealBB)
CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
- TODO: check
+ NOTE: not-for-us (IdealBB)
CAN-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...)
- TODO: check
+ NOTE: not-for-us (IdealBB)
CAN-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (NatterChat)
CAN-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...)
- TODO: check
+ NOTE: not-for-us (Veritas)
CAN-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...)
- TODO: check
+ NOTE: not-for-us (Cold Fusion)
CAN-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...)
- TODO: check
+ NOTE: not-for-us (Ansel)
CAN-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows remote ...)
- TODO: check
+ NOTE: not-for-us (DUclassified)
CAN-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...)
- TODO: check
+ NOTE: not-for-us (DUforum)
CAN-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...)
- TODO: check
+ NOTE: not-for-us (DUforum)
CAN-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...)
- TODO: check
+ NOTE: not-for-us (DUclassified)
CAN-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...)
- TODO: check
+ NOTE: not-for-us (DUclassmate)
CAN-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...)
- TODO: check
+ NOTE: not-for-us (kdocker)
CAN-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...)
- TODO: check
+ NOTE: not-for-us (Zanfi)
CAN-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...)
- TODO: check
+ NOTE: not-for-us (Zanfi)
CAN-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...)
- TODO: check
+ NOTE: not-for-us (MailEnable)
CAN-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...)
- TODO: check
+ NOTE: not-for-us (CJOverkill)
CAN-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...)
- TODO: check
+ NOTE: not-for-us (Turbo Traffic Trader)
CAN-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
- TODO: check
+ NOTE: not-for-us (Turbo Traffic Trader)
CAN-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...)
- TODO: check
+ NOTE: absolutely no useful information, garbage report
+ NOTE: compare with #306164
CAN-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...)
- TODO: check
+ NOTE: not-for-us (DMXReady)
CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...)
- TODO: check
+ NOTE: not-for-us (DMXReady)
CAN-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...)
- TODO: check
+ NOTE: fixed in 1.3.6
+ NOTE: ITP#217571
CAN-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
- TODO: check
+ NOTE: fixed in 1.3.6
+ NOTE: ITP#217571
CAN-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
- TODO: check
+ NOTE: fixed in 1.3.6
+ NOTE: ITP#217571
CAN-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
- TODO: check
+ NOTE: not-for-us (Digicraft Yak!)
CAN-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (WeHelpBUS)
CAN-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Macromedia JRun)
CAN-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allows ...)
- TODO: check
+ NOTE: not-for-us (WowBB Forum)
CAN-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...)
- TODO: check
+ NOTE: not-for-us (WowBB Forum)
CAN-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...)
- TODO: check
+ NOTE: not-for-us (DevoyBB)
CAN-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...)
- TODO: check
+ NOTE: not-for-us (DevoyBB)
CAN-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...)
- TODO: check
+ NOTE: not-for-us (ReviewPost)
CAN-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...)
- TODO: check
+ NOTE: not-for-us (EarlyImpact)
CAN-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...)
- TODO: check
+ NOTE: not-for-us (EarlyImpact)
CAN-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...)
- TODO: check
+ NOTE: not-for-us (EarlyImpact)
CAN-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...)
- TODO: check
+ - cherokee 0.4.8
CAN-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...)
- TODO: check
+ NOTE: not-for-us (Caravan)
CAN-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (Application Access Server (A-A-S))
CAN-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (BaSoMail)
CAN-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...)
- TODO: check
+ - latex2rtf 1.9.16
CAN-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...)
- TODO: check
+ NOTE: not-for-us (Canon ImageRUNNER)
CAN-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...)
- TODO: check
+ NOTE: not-for-us (Lords of the Realm)
CAN-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...)
- TODO: check
+ NOTE: not-for-us (VP-ASP)
CAN-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
- TODO: check
+ NOTE: not-for-us (OpenBSD)
CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
TODO: check
CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
@@ -307,7 +310,6 @@
TODO: check
CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
TODO: check
-end claimed by joeyh
CAN-2005-XXXX [base-config log should not be world readable]
- base-config 2.68 (low)
CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...)
More information about the Secure-testing-commits
mailing list