[Secure-testing-commits] r1188 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Thu, 02 Jun 2005 09:50:44 +0000
Author: jmm-guest
Date: 2005-06-02 09:50:40 +0000 (Thu, 02 Jun 2005)
New Revision: 1188
Modified:
sarge-checks/CAN/list
Log:
processed block, claim new
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-06-02 09:18:21 UTC (rev 1187)
+++ sarge-checks/CAN/list 2005-06-02 09:50:40 UTC (rev 1188)
@@ -1,88 +1,88 @@
-begin claimed by jmm
CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
- TODO: check
+ NOTE: not-for-us (MyBB)
CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...)
- TODO: check
+ NOTE: Not in Sarge
+ - wordpress 1.5.1.2-1
CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Sony hardware issue)
CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Stronghold game)
CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...)
- TODO: check
+ NOTE: not-for-us (PHPMailer)
CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...)
- TODO: check
+ NOTE: not-for-us (PeerCast)
CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...)
- TODO: check
+ NOTE: not-for-us (Online Solutions for Educators)
CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...)
- TODO: check
+ NOTE: not-for-us (Net Portal Dynamic System)
CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
- TODO: check
+ NOTE: not-for-us (Net Portal Dynamic System)
CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Nortel hardware)
CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Nokia hardware)
CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...)
- TODO: check
+ NOTE: not-for-us (Jaws glossary gadget)
CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...)
- TODO: check
+ NOTE: not-for-us (FreeStyle Wiki)
CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...)
- TODO: check
+ NOTE: not-for-us (ServersCheck)
CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
- TODO: check
+ NOTE: Cryptographic attack on AES, cannot be fixed
CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
TODO: check
CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
- TODO: check
+ NOTE: not-for-us (ClamAV on Mac OS X)
CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...)
- TODO: check
+ NOTE: not-for-us (India Software Solution shopping cart)
CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...)
- TODO: check
+ NOTE: not-for-us (Hosting Controller)
CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...)
- TODO: check
+ NOTE: not-for-us (phpStat)
CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...)
- TODO: check
+ NOTE: not-for-us (FunkyASP)
CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...)
- TODO: check
+ NOTE: not-for-us (ZonGG)
CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Hosting Controller)
CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...)
- TODO: check
+ NOTE: not-for-us (BookReview)
CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...)
- TODO: check
+ NOTE: not-for-us (BookReview)
CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...)
- TODO: check
+ NOTE: not-for-us (MailEnable)
CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...)
- TODO: check
+ NOTE: not-for-us (Active News Manager)
CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...)
- TODO: check
+ NOTE: not-for-us (MaxWebPortal)
CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...)
- TODO: check
+ NOTE: not-for-us (C'Nedra)
CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (Terminator game)
CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...)
- TODO: check
+ - davfs2 (unfixed; bug #310757)
CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...)
- TODO: check
+ NOTE: not-for-us (Listserv)
CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...)
- TODO: check
+ NOTE: not-for-us (Terminator game)
CAN-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...)
- TODO: check
+ NOTE: not-for-us (HPUX)
CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
- TODO: check
+ NOTE: not-for-us (Avast)
CAN-2005-1769
NOTE: reserved
CAN-2005-1768
@@ -112,38 +112,38 @@
CAN-2005-1756
NOTE: reserved
CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
- TODO: check
+ - shtool (unfixed; bug #311206)
CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
TODO: check
CAN-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...)
TODO: check
CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...)
TODO: check
CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...)
- TODO: check
+ NOTE: not-for-us (PJ CGI Nero)
CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...)
- TODO: check
+ NOTE: not-for-us (Informix Dynamic Server)
CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...)
- TODO: check
+ - phpbb2 2.0.6d-2
CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (SurfNOW)
CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...)
- TODO: check
+ NOTE: not-for-us (WebWeaver)
CAN-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Web Blog)
CAN-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...)
- TODO: check
+ NOTE: not-for-us (BlackICE)
CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and ...)
- TODO: check
+ NOTE: not-for-us (BlackICE)
CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...)
- TODO: check
+ - gallery 1.4.4-pl1-1
CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...)
- TODO: check
+ NOTE: not-for-us (Nextplace)
CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...)
- TODO: check
-end claimed by jmm
+ NOTE: not-for-us (Intra Forum)
+begin claimed by jmm
CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...)
TODO: check
CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...)
@@ -208,17 +208,13 @@
TODO: check
CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...)
TODO: check
-CAN-2005-XXXX [SQL injection in Wordpress's template handling]
- NOTE: Not in Sarge
- - wordpress 1.5.1.2-1
+end claimed by jmm
CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
- moodle 1.4.4.dfsg.1-3
CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles]
- mutt (unfixed; bug #311296)
CAN-2005-XXXX [Buffer overflow in elog header_buffer]
- elog 2.5.9+r1674-1
-CAN-2005-XXXX [Insecure tempfile generation in shtool]
- - shtool (unfixed; bug #311206)
CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
NOTE: According to advisory posted to Bugtraq fixed in 3.1-30, however it's
NOTE: not mentioned in the changelog, so it's either a hidden fix or unfixed