[Secure-testing-commits] r1255 - data/CAN
Joey Hess
joeyh@costa.debian.org
Wed, 22 Jun 2005 21:14:23 +0000
Author: joeyh
Date: 2005-06-22 21:14:20 +0000 (Wed, 22 Jun 2005)
New Revision: 1255
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-06-21 21:13:31 UTC (rev 1254)
+++ data/CAN/list 2005-06-22 21:14:20 UTC (rev 1255)
@@ -1,3 +1,427 @@
+CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
+ TODO: check
+CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
+ TODO: check
+CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...)
+ TODO: check
+CAN-2005-2041 (Buffer overflow in addschup in ViRobot 2.0 allows remote attackers to ...)
+ TODO: check
+CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...)
+ TODO: check
+CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...)
+ TODO: check
+CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...)
+ TODO: check
+CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...)
+ TODO: check
+CAN-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...)
+ TODO: check
+CAN-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...)
+ TODO: check
+CAN-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...)
+ TODO: check
+CAN-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...)
+ TODO: check
+CAN-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...)
+ TODO: check
+CAN-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...)
+ TODO: check
+CAN-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...)
+ TODO: check
+CAN-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...)
+ TODO: check
+CAN-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...)
+ TODO: check
+CAN-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...)
+ TODO: check
+CAN-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...)
+ TODO: check
+CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...)
+ TODO: check
+CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...)
+ TODO: check
+CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using S/MIME ...)
+ TODO: check
+CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
+ TODO: check
+CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...)
+ TODO: check
+CAN-2005-2020
+ NOTE: reserved
+CAN-2005-2019
+ NOTE: reserved
+CAN-2005-2018
+ NOTE: reserved
+CAN-2005-2017
+ NOTE: reserved
+CAN-2005-2016
+ NOTE: reserved
+CAN-2005-2015
+ NOTE: reserved
+CAN-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...)
+ TODO: check
+CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CAN-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...)
+ TODO: check
+CAN-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...)
+ TODO: check
+CAN-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...)
+ TODO: check
+CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...)
+ TODO: check
+CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...)
+ TODO: check
+CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...)
+ TODO: check
+CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...)
+ TODO: check
+CAN-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...)
+ TODO: check
+CAN-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...)
+ TODO: check
+CAN-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...)
+ TODO: check
+CAN-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...)
+ TODO: check
+CAN-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...)
+ TODO: check
+CAN-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...)
+ TODO: check
+CAN-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...)
+ TODO: check
+CAN-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...)
+ TODO: check
+CAN-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...)
+ TODO: check
+CAN-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix Site ...)
+ TODO: check
+CAN-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...)
+ TODO: check
+CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...)
+ TODO: check
+CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
+ TODO: check
+CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
+ TODO: check
+CAN-2005-1991
+ NOTE: reserved
+CAN-2005-1990
+ NOTE: reserved
+CAN-2005-1989
+ NOTE: reserved
+CAN-2005-1988
+ NOTE: reserved
+CAN-2005-1987
+ NOTE: reserved
+CAN-2005-1986
+ NOTE: reserved
+CAN-2005-1985
+ NOTE: reserved
+CAN-2005-1984
+ NOTE: reserved
+CAN-2005-1983
+ NOTE: reserved
+CAN-2005-1982
+ NOTE: reserved
+CAN-2005-1981
+ NOTE: reserved
+CAN-2005-1980
+ NOTE: reserved
+CAN-2005-1979
+ NOTE: reserved
+CAN-2005-1978
+ NOTE: reserved
+CAN-2005-1977
+ NOTE: reserved
+CAN-2005-1976
+ NOTE: reserved
+CAN-2002-1782 (The default configuration of University of Washington IMAP daemon ...)
+ TODO: check
+CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
+ TODO: check
+CAN-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...)
+ TODO: check
+CAN-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal ...)
+ TODO: check
+CAN-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...)
+ TODO: check
+CAN-2002-1777 (** DISPUTED ** ...)
+ TODO: check
+CAN-2002-1776 (** DISPUTED ** ...)
+ TODO: check
+CAN-2002-1775 (** DISPUTED ** ...)
+ TODO: check
+CAN-2002-1774 (** DISPUTED ** ...)
+ TODO: check
+CAN-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...)
+ TODO: check
+CAN-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain ...)
+ TODO: check
+CAN-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...)
+ TODO: check
+CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...)
+ TODO: check
+CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...)
+ TODO: check
+CAN-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...)
+ TODO: check
+CAN-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...)
+ TODO: check
+CAN-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...)
+ TODO: check
+CAN-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...)
+ TODO: check
+CAN-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" ...)
+ TODO: check
+CAN-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...)
+ TODO: check
+CAN-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...)
+ TODO: check
+CAN-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...)
+ TODO: check
+CAN-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...)
+ TODO: check
+CAN-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...)
+ TODO: check
+CAN-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...)
+ TODO: check
+CAN-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CAN-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...)
+ TODO: check
+CAN-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...)
+ TODO: check
+CAN-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...)
+ TODO: check
+CAN-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...)
+ TODO: check
+CAN-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...)
+ TODO: check
+CAN-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...)
+ TODO: check
+CAN-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...)
+ TODO: check
+CAN-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...)
+ TODO: check
+CAN-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...)
+ TODO: check
+CAN-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...)
+ TODO: check
+CAN-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...)
+ TODO: check
+CAN-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...)
+ TODO: check
+CAN-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...)
+ TODO: check
+CAN-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...)
+ TODO: check
+CAN-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...)
+ TODO: check
+CAN-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
+ TODO: check
+CAN-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...)
+ TODO: check
+CAN-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...)
+ TODO: check
+CAN-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...)
+ TODO: check
+CAN-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...)
+ TODO: check
+CAN-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...)
+ TODO: check
+CAN-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...)
+ TODO: check
+CAN-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...)
+ TODO: check
+CAN-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...)
+ TODO: check
+CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...)
+ TODO: check
+CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...)
+ TODO: check
+CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...)
+ TODO: check
+CAN-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...)
+ TODO: check
+CAN-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...)
+ TODO: check
+CAN-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...)
+ TODO: check
+CAN-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...)
+ TODO: check
+CAN-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...)
+ TODO: check
+CAN-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...)
+ TODO: check
+CAN-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...)
+ TODO: check
+CAN-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...)
+ TODO: check
+CAN-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...)
+ TODO: check
+CAN-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...)
+ TODO: check
+CAN-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...)
+ TODO: check
+CAN-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...)
+ TODO: check
+CAN-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...)
+ TODO: check
+CAN-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...)
+ TODO: check
+CAN-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
+ TODO: check
+CAN-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...)
+ TODO: check
+CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...)
+ TODO: check
+CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...)
+ TODO: check
+CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...)
+ TODO: check
+CAN-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...)
+ TODO: check
+CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...)
+ TODO: check
+CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...)
+ TODO: check
+CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...)
+ TODO: check
+CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...)
+ TODO: check
+CAN-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...)
+ TODO: check
+CAN-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...)
+ TODO: check
+CAN-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...)
+ TODO: check
+CAN-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...)
+ TODO: check
+CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...)
+ TODO: check
+CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...)
+ TODO: check
+CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...)
+ TODO: check
+CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...)
+ TODO: check
+CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...)
+ TODO: check
+CAN-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...)
+ TODO: check
+CAN-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...)
+ TODO: check
+CAN-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...)
+ TODO: check
+CAN-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...)
+ TODO: check
+CAN-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...)
+ TODO: check
+CAN-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...)
+ TODO: check
+CAN-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...)
+ TODO: check
+CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...)
+ TODO: check
+CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...)
+ TODO: check
+CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...)
+ TODO: check
+CAN-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...)
+ TODO: check
+CAN-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...)
+ TODO: check
+CAN-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...)
+ TODO: check
+CAN-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...)
+ TODO: check
+CAN-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...)
+ TODO: check
+CAN-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...)
+ TODO: check
+CAN-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...)
+ TODO: check
+CAN-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...)
+ TODO: check
+CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...)
+ TODO: check
+CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...)
+ TODO: check
+CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...)
+ TODO: check
+CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...)
+ TODO: check
+CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...)
+ TODO: check
+CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...)
+ TODO: check
+CAN-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...)
+ TODO: check
+CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...)
+ TODO: check
+CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...)
+ TODO: check
+CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...)
+ TODO: check
+CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...)
+ TODO: check
+CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...)
+ TODO: check
+CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...)
+ TODO: check
+CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...)
+ TODO: check
+CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...)
+ TODO: check
+CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...)
+ TODO: check
+CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
+ TODO: check
+CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...)
+ TODO: check
+CAN-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
+ TODO: check
+CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...)
+ TODO: check
+CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...)
+ TODO: check
+CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
+ TODO: check
+CAN-2001-1492 ( ...)
+ TODO: check
+CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
+ TODO: check
+CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CAN-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...)
+ TODO: check
+CAN-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...)
+ TODO: check
+CAN-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...)
+ TODO: check
+CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
+ TODO: check
+CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
+ TODO: check
+CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...)
+ TODO: check
+CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...)
+ TODO: check
+CAN-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...)
+ TODO: check
+CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...)
+ TODO: check
+CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...)
+ TODO: check
+CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
+ TODO: check
CAN-2005-XXXX [File upload vulnerability in trac]
- trac 0.8.4-1
CAN-2005-XXXX [Race condition in sudo's pathname validation]
@@ -436,8 +860,7 @@
NOTE: not-for-us (HPUX)
CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
NOTE: not-for-us (Avast)
-CAN-2005-1769 [Multiple Cross Site Scripting vulnerabilities in Squirrelmail]
- NOTE: reserved
+CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
- squirrelmail (unfixed; bug #314374; low)
CAN-2005-1768
NOTE: reserved
@@ -622,8 +1045,8 @@
NOTE: reserved
CAN-2005-1730
NOTE: reserved
-CAN-2005-1729
- NOTE: reserved
+CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
+ TODO: check
CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
NOTE: not-for-us (Apple)
CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
@@ -747,8 +1170,8 @@
NOTE: not-for-us (Yahoo Messenger)
CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
NOTE: not-for-us (Extreme BlackDiamond hardware)
-CAN-2005-1669
- NOTE: reserved
+CAN-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...)
+ TODO: check
CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
NOTE: not-for-us (YusASP Web Asset Manager)
CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
@@ -1979,8 +2402,8 @@
CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...)
- mozilla-firefox 1.0.4-1
TODO: check mozilla too
-CAN-2005-1475
- NOTE: reserved
+CAN-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...)
+ TODO: check
CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...)
NOTE: not-for-us (Apple)
CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...)
@@ -2230,13 +2653,13 @@
NOTE: not-for-us (Mandrake specific packaging flaw)
CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...)
NOTE: not-for-us (phpbb mod)
-CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline 1.5.3 ...)
+CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline (aka ...)
NOTE: not-for-us (Claroline)
CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...)
NOTE: not-for-us (Claroline)
-CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...)
+CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos) 1.5.3 ...)
NOTE: not-for-us (Claroline)
-CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...)
+CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline (aka ...)
NOTE: not-for-us (Claroline)
CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...)
NOTE: not-for-us (Koobi CMS)
@@ -2299,7 +2722,7 @@
- libconvert-uulib-perl 1.0.5.1
CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...)
NOTE: not-for-us (MailEnable)
-CAN-2005-1347 (Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote ...)
+CAN-2005-1347 (** UNVERIFIABLE ** ...)
NOTE: not-for-us (acrobat)
CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...)
NOTE: not-for-us (Symantec)
@@ -2385,8 +2808,7 @@
NOTE: upstream says attack won't work, see bug 307575
CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...)
NOTE: not-for-us (Adobe Version Cue)
-CAN-2005-1306 [Information leak through XML external entities in Adobe Reader 7]
- NOTE: reserved
+CAN-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
NOTE: not-for-us (Adobe Reader 7)
CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...)
NOTE: not-for-us (hyper.cgi)
@@ -2470,8 +2892,7 @@
- gaim 1:1.3.1-1 (low)
CAN-2005-1268
NOTE: reserved
-CAN-2005-1267 [tcpdump: DoS through endless loop in BGP decoder]
- NOTE: reserved
+CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
- tcpdump 3.9.0.cvs.20050614-1 (low)
CAN-2005-1266
NOTE: reserved