[Secure-testing-commits] r1258 - data/CAN

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-06-23 00:08:26 +0000 (Thu, 23 Jun 2005)
New Revision: 1258

Modified:
   data/CAN/list
Log:
new nanoblogger issue
canified heimdal-telnet
lots of not-for-us
claim new


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-06-22 23:48:58 UTC (rev 1257)
+++ data/CAN/list	2005-06-23 00:08:26 UTC (rev 1258)
@@ -1,53 +1,52 @@
-begin claimed by jmm
 CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
-	TODO: check
+	NOTE: not-for-us (ATutor)
 CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (XAMPP)
 CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...)
-	TODO: check
+	NOTE: not-for-us (ajax-spell)
 CAN-2005-2041 (Buffer overflow in addschup in ViRobot 2.0 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (ViRobot)
 CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...)
-	TODO: check
+	TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base
+	- heimdal (unfixed; bug #315065; medium)
 CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...)
-	TODO: check
+        - nanoblogger (unfixed; bug pending)
 CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...)
-	TODO: check
+	NOTE: not-for-us (Fortibus CMS)
 CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...)
-	TODO: check
+	NOTE: not-for-us (Fortibus CMS)
 CAN-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Cool Cafe Chat)
 CAN-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...)
-	TODO: check
+	NOTE: not-for-us (Cool Cafe Chat)
 CAN-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...)
-	TODO: check
+	NOTE: not-for-us (iGallery)
 CAN-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...)
-	TODO: check
+	NOTE: not-for-us (iGallery)
 CAN-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...)
-	TODO: check
+	NOTE: not-for-us (Solaris)
 CAN-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...)
-	TODO: check
+	NOTE: not-for-us (socialMPN)
 CAN-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...)
-	TODO: check
+	NOTE: not-for-us (Ultimate PHP Board)
 CAN-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...)
-	TODO: check
+	NOTE: not-for-us (external script that allow interaction between amarok and a browser)
 CAN-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...)
-	TODO: check
+	NOTE: not-for-us (MercuryBoard)
 CAN-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...)
-	TODO: check
+	NOTE: not-for-us (Enterasys hardware issue)
 CAN-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...)
-	TODO: check
+	NOTE: not-for-us (Enterasys hardware issue)
 CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...)
 	TODO: check
 CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using S/MIME ...)
 	TODO: check
 CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
-	TODO: check
+	NOTE: not-for-us (iPlanet)
 CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (cPanel)
 CAN-2005-2020
 	NOTE: reserved
 CAN-2005-2019
@@ -60,6 +59,7 @@
 	NOTE: reserved
 CAN-2005-2015
 	NOTE: reserved
+begin claimed by jmm
 CAN-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...)
 	TODO: check
 CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
@@ -106,6 +106,7 @@
 	TODO: check
 CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
 	TODO: check
+end claimed by jmm
 CAN-2005-1991
 	NOTE: reserved
 CAN-2005-1990
@@ -432,9 +433,6 @@
 	- sudo (unfixed; bug #315115; medium)
 CAN-2005-XXXX [Arbitrary command execution in Ruby's XMLRPC code]
 	- ruby1.8 (unfixed; bug #315064; medium)
-CAN-2005-XXXX [buffer overflow in heimdal's getterminaltype() function]
-	TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base
-	- heimdal (unfixed; bug #315065; medium)
 CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls]
 	- tor 0.0.9.10-1 (medium)
 CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)