[Secure-testing-commits] r532 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Wed, 09 Mar 2005 09:14:22 +0100
Author: joeyh
Date: 2005-03-09 09:14:18 +0100 (Wed, 09 Mar 2005)
New Revision: 532
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-08 22:23:45 UTC (rev 531)
+++ sarge-checks/CAN/list 2005-03-09 08:14:18 UTC (rev 532)
@@ -1,3 +1,163 @@
+CAN-2005-0703 (Unknown vulnerability in Xerox MicroServer Web Server for various ...)
+ TODO: check
+CAN-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...)
+ TODO: check
+CAN-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...)
+ TODO: check
+CAN-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...)
+ TODO: check
+CAN-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...)
+ TODO: check
+CAN-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and earlier ...)
+ TODO: check
+CAN-2005-0697 (SQL injection vulnerability in the process_picture function ...)
+ TODO: check
+CAN-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...)
+ TODO: check
+CAN-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...)
+ TODO: check
+CAN-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...)
+ TODO: check
+CAN-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...)
+ TODO: check
+CAN-2005-0692 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 5.x allows ...)
+ TODO: check
+CAN-2005-0691 (PHP remote code injection vulnerability in article mode for ...)
+ TODO: check
+CAN-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...)
+ TODO: check
+CAN-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...)
+ TODO: check
+CAN-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...)
+ TODO: check
+CAN-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...)
+ TODO: check
+CAN-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...)
+ TODO: check
+CAN-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...)
+ TODO: check
+CAN-2005-0684
+ NOTE: reserved
+CAN-2005-0683 (phpBB 2.0.13 and earlier allows remote attackers to obtain the full ...)
+ TODO: check
+CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
+ TODO: check
+CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CAN-2005-0680 (PHP remote code injection vulnerability in ...)
+ TODO: check
+CAN-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php for ...)
+ TODO: check
+CAN-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for Form ...)
+ TODO: check
+CAN-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...)
+ TODO: check
+CAN-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...)
+ TODO: check
+CAN-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...)
+ TODO: check
+CAN-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...)
+ TODO: check
+CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
+ TODO: check
+CAN-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
+ TODO: check
+CAN-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
+ TODO: check
+CAN-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...)
+ TODO: check
+CAN-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...)
+ TODO: check
+CAN-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...)
+ TODO: check
+CAN-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...)
+ TODO: check
+CAN-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...)
+ TODO: check
+CAN-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
+ TODO: check
+CAN-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...)
+ TODO: check
+CAN-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
+ TODO: check
+CAN-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...)
+ TODO: check
+CAN-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...)
+ TODO: check
+CAN-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...)
+ TODO: check
+CAN-2005-0659 (phpBB 2.0.13 allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CAN-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
+ TODO: check
+CAN-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...)
+ TODO: check
+CAN-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...)
+ TODO: check
+CAN-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CAN-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...)
+ TODO: check
+CAN-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...)
+ TODO: check
+CAN-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...)
+ TODO: check
+CAN-2005-0651 (SQL injection vulnerability in divers.php (incorrectly referred to as ...)
+ TODO: check
+CAN-2005-0650 (Cross-site scripting (XSS) vulnerability in divers.php (incorrectly ...)
+ TODO: check
+CAN-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...)
+ TODO: check
+CAN-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...)
+ TODO: check
+CAN-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...)
+ TODO: check
+CAN-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...)
+ TODO: check
+CAN-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...)
+ TODO: check
+CAN-2005-0644
+ NOTE: reserved
+CAN-2005-0643
+ NOTE: reserved
+CAN-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...)
+ TODO: check
+CAN-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...)
+ TODO: check
+CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
+ TODO: check
+CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
+ TODO: check
+CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
+ TODO: check
+CAN-2005-0637 (The copy functions in locore.s in OpenBSD 3.5 and 3.6 may allow ...)
+ TODO: check
+CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
+ TODO: check
+CAN-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...)
+ TODO: check
+CAN-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...)
+ TODO: check
+CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
+ TODO: check
+CAN-2005-0632 (PHP remote code injection vulnerability in auth.php in PHPNews 1.2.4 ...)
+ TODO: check
+CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...)
+ TODO: check
+CAN-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...)
+ TODO: check
+CAN-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
+ TODO: check
+CAN-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...)
+ TODO: check
+CAN-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...)
+ TODO: check
+CAN-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...)
+ TODO: check
+CAN-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...)
+ TODO: check
+CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...)
+ TODO: check
CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
- squid 2.5.9-2
CAN-2005-0940
@@ -42,8 +202,7 @@
NOTE: not-for-us (CubeCert)
CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...)
NOTE: not-for-us (CubeCert)
-CAN-2005-0605
- NOTE: reserved
+CAN-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...)
- lesstif1-1 (unfixed; bug #298183)
CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...)
NOTE: not-for-us (GFI Languard Network Security Scanner)
@@ -164,10 +323,10 @@
NOTE: reserved
CAN-2005-0550
NOTE: reserved
-CAN-2005-0549
- NOTE: reserved
-CAN-2005-0548
- NOTE: reserved
+CAN-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
+ TODO: check
+CAN-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
+ TODO: check
CAN-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...)
NOTE: not-for-us (Apple Java plugin)
CAN-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...)
@@ -282,7 +441,7 @@
NOTE: not-for-us (MS Office)
CAN-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...)
- phpmyadmin 3:2.6.1-pl2-1
-CAN-2005-0543 (Cross-site scripting (XSS) vulnerability phpMyAdmin 2.6.1 allows ...)
+CAN-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...)
- phpmyadmin 3:2.6.1-pl2-1
CAN-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...)
NOTE: not-for-us (Cyclades AlterPath Manager)
@@ -1036,8 +1195,7 @@
NOTE: reserved
CAN-2005-0398
NOTE: reserved
-CAN-2005-0397
- NOTE: reserved
+CAN-2005-0397 (Format string vulnerability in ImageMagick before 6.0.2.5 allows ...)
- imagemagick 6:6.0.6.2-2.2
CAN-2005-0396
NOTE: reserved
@@ -1090,7 +1248,7 @@
NOTE: not-for-us (sgallery)
CAN-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...)
NOTE: not-for-us (bitboard)
-CAN-2005-0373 (Buffer overflow in digestmd5.c 1.170 (also referred to as ...)
+CAN-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...)
NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
NOTE: cyrus-sasl2 already has patch applied
@@ -1127,8 +1285,8 @@
NOTE: reserved
CAN-2005-0354
NOTE: reserved
-CAN-2005-0353
- NOTE: reserved
+CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...)
+ TODO: check
CAN-2005-0352
NOTE: reserved
CAN-2005-0351
@@ -1713,11 +1871,12 @@
NOTE: reserved
CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
- gaim 1:1.1.4
-CAN-2005-0207
- NOTE: reserved
+CAN-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...)
+ TODO: check
CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
TODO: check
CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
+ {DSA-692-1}
- kppp 4:3.1.6
CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
NOTE: according to the CAN it is fixed in 2.6.10, but
@@ -1974,8 +2133,8 @@
- maxdb-7.5.00 7.5.00.18
CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
NOTE: not-for-us (MSIE)
-CAN-2005-0109
- NOTE: reserved
+CAN-2005-0109 (Unknown vulnerability in FreeBSD, and possibly other operating ...)
+ TODO: check
CAN-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...)
{DSA-659-1}
- libapache-mod-auth-radius 1.5.7-6
@@ -1999,11 +2158,9 @@
{DSA-685-1 DSA-671-1 DSA-670-1}
- emacs21 21.3+1-9
- xemacs21 21.4.16-2
-CAN-2005-0099
- NOTE: reserved
+CAN-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...)
{DSA-691-1}
-CAN-2005-0098
- NOTE: reserved
+CAN-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...)
{DSA-691-1}
CAN-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
- squid 2.5.7-4
@@ -4252,7 +4409,7 @@
NOTE: not-for-us (MacOS)
CAN-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0484 (Unknown vulnerability in mshtml.dll in Microsoft Internet Explorer ...)
+CAN-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...)
NOTE: not-for-us (Microsoft)
CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...)
NOTE: not-for-us (IRIX)
@@ -6745,7 +6902,7 @@
NOTE: not-for-us (Phorum)
CAN-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...)
{DSA-344}
-CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 allows local users to execute ...)
+CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...)
- firebird2 1.5.1-1
NOTE: firebird (1) in debian is very insecure and vulnerable, but
NOTE: the server is not included, just the libraries. See bug #251458