[Secure-testing-commits] r1215 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Thu, 09 Jun 2005 09:41:26 +0000
Author: jmm-guest
Date: 2005-06-09 09:41:24 +0000 (Thu, 09 Jun 2005)
New Revision: 1215
Modified:
sarge-checks/CAN/list
Log:
drupal CANified, the rest only not-for-us
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-06-09 09:27:16 UTC (rev 1214)
+++ sarge-checks/CAN/list 2005-06-09 09:41:24 UTC (rev 1215)
@@ -36,104 +36,103 @@
NOTE: reserved
CAN-2005-1912
NOTE: reserved
-begin claimed by jmm
CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
- leafnode 1.11.3.rel-1
CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
- TODO: check
+ NOTE: not-for-us (WWWeb Concepts Events System)
CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...)
- TODO: check
+ NOTE: not-for-us (602LAN SUITE)
CAN-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...)
- TODO: check
+ NOTE: not-for-us (Perception LiteWeb)
CAN-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...)
- TODO: check
+ NOTE: not-for-us (livingmailing)
CAN-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...)
- TODO: check
+ NOTE: not-for-us (Kaspersky)
CAN-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...)
- TODO: check
+ NOTE: not-for-us (JiRo's Upload Systems)
CAN-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...)
- TODO: check
+ NOTE: not-for-us (SPA-PRO Mail)
CAN-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...)
- TODO: check
+ NOTE: not-for-us (SPA-PRO Mail)
CAN-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...)
- TODO: check
+ NOTE: not-for-us (Sawmill)
CAN-2005-1900 (Multiple unknown vulnerabilities in Sawmill before 7.1.6 allow remote ...)
- TODO: check
+ NOTE: not-for-us (Sawmill)
CAN-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...)
- TODO: check
+ NOTE: not-for-us (RakNet)
CAN-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...)
- TODO: check
+ NOTE: not-for-us (phpThumb)
CAN-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...)
- TODO: check
+ NOTE: not-for-us (FlexCast)
CAN-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...)
- TODO: check
+ NOTE: not-for-us (FlatNuke)
CAN-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...)
- TODO: check
+ NOTE: not-for-us (AOL Instant Messenger)
CAN-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...)
- TODO: check
+ NOTE: not-for-us (Mortiforo)
CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...)
- TODO: check
+ NOTE: not-for-us (Sun ONE)
CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...)
- TODO: check
+ NOTE: not-for-us (MediaWiki not yet in Debian)
+ TODO: track ITP: #217571
CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...)
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...)
- TODO: check
+ NOTE: not-for-us (YaPiG)
CAN-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (YaPiG)
CAN-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...)
- TODO: check
+ NOTE: not-for-us (YaPiG)
CAN-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...)
- TODO: check
+ NOTE: not-for-us (YaPiG)
CAN-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...)
- TODO: check
+ NOTE: not-for-us (YaPiG)
CAN-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...)
- TODO: check
+ NOTE: not-for-us (YaPiG)
CAN-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...)
- TODO: check
+ NOTE: not-for-us (everybuddy)
CAN-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...)
- TODO: check
+ NOTE: not-for-us (LutelWall)
CAN-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...)
- TODO: check
+ NOTE: not-for-us (GIPTables)
CAN-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...)
- TODO: check
+ NOTE: not-for-us (Lpanel)
CAN-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...)
- TODO: check
+ NOTE: not-for-us (CuteNews)
CAN-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...)
- TODO: check
+ NOTE: not-for-us (Exhibit Engine)
CAN-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Dzip)
CAN-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...)
- TODO: check
+ NOTE: not-for-us (Crob)
CAN-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...)
- TODO: check
+ NOTE: not-for-us (WebSphere)
CAN-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...)
- TODO: check
+ - drupal 4.5.3-1
CAN-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...)
- TODO: check
+ NOTE: not-for-us (Popper)
CAN-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...)
- TODO: check
+ NOTE: not-for-us (MWChat)
CAN-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (I-Man)
CAN-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...)
- TODO: check
+ NOTE: not-for-us (Symantec)
CAN-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...)
- TODO: check
+ NOTE: not-for-us (Calendarix)
CAN-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...)
- TODO: check
+ NOTE: not-for-us (Calendarix)
CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...)
- TODO: check
-end claimed by jmm
+ NOTE: not-for-us (Calendarix)
CAN-2003-1218
NOTE: reserved
CAN-2003-1217
@@ -247,8 +246,6 @@
NOTE: not-for-us (FutureSoft TFTP Server)
CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...)
NOTE: not-for-us (FutureSoft TFTP Server)
-CAN-2005-XXXX [Privilege escalation in Drupal]
- - drupal 4.5.3-1
CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
NOTE: not-for-us (MyBB)
CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...)