[Secure-testing-commits] r1402 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Jul 15 12:38:34 UTC 2005
Author: jmm-guest
Date: 2005-07-15 12:38:28 +0000 (Fri, 15 Jul 2005)
New Revision: 1402
Modified:
data/CAN/list
Log:
backup-manager CANified, claim more
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-15 12:14:58 UTC (rev 1401)
+++ data/CAN/list 2005-07-15 12:38:28 UTC (rev 1402)
@@ -101,41 +101,40 @@
NOTE: not-for-us (MediaWiki)
CAN-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
- base-config (unfixed; bug #305142; low)
-begin claimed by jmm
CAN-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...)
- TODO: check
+ NOTE: not-for-us (MMS Ripper)
CAN-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...)
- TODO: check
+ - backup-manager 0.5.8-2 (low)
CAN-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
- TODO: check
+ - backup-manager 0.5.8-2 (low)
CAN-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...)
- TODO: check
+ NOTE: not-for-us (Internet Down)
CAN-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...)
- TODO: check
+ NOTE: not-for-us (ScanShare)
CAN-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (PrivaShare)
CAN-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
- TODO: check
+ NOTE: not-for-us (CartWIZ)
CAN-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...)
- TODO: check
+ NOTE: not-for-us (CartWIZ)
CAN-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (kaiseki.cgi)
CAN-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...)
- TODO: check
+ NOTE: not-for-us (SiteMinder)
CAN-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (phpWishlist)
CAN-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
- TODO: check
+ NOTE: not-for-us (Xerox Hardware issue)
CAN-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...)
- TODO: check
+ NOTE: not-for-us (Xerox hardware)
CAN-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...)
- TODO: check
+ NOTE: not-for-us (Xerox hardware)
CAN-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
- TODO: check
+ NOTE: not-for-us (PPA web photo gallery)
CAN-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...)
- TODO: check
+ NOTE: not-for-us (SPiD)
CAN-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...)
- TODO: check
+ NOTE: not-for-us (Id Board)
CAN-2005-2196
NOTE: reserved
CAN-2005-2195
@@ -143,16 +142,16 @@
CAN-2005-2194
NOTE: reserved
CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
- TODO: check
+ NOTE: not-for-us (PunBB)
CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
- TODO: check
+ NOTE: not-for-us (SimplePHPBlog)
CAN-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...)
- TODO: check
+ NOTE: not-for-us (Comersus)
CAN-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
- TODO: check
+ NOTE: not-for-us (Comersus)
CAN-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...)
- TODO: check
-end claimed by jmm
+ NOTE: not-for-us (Lantronix SecureLinx)
+begin claimed by jmm
CAN-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
TODO: check
CAN-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
@@ -197,6 +196,7 @@
TODO: check
CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
TODO: check
+end claimed by jmm
CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
TODO: check
CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
@@ -1066,8 +1066,6 @@
NOTE: not-for-us (Duware)
CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...)
NOTE: not-for-us (Duware)
-CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager]
- - backup-manager 0.5.8-2 (low)
CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
NOTE: not-for-us (ATutor)
CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
More information about the Secure-testing-commits
mailing list