[Secure-testing-commits] r981 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Wed, 04 May 2005 09:14:23 +0000
Author: joeyh
Date: 2005-05-04 09:14:19 +0000 (Wed, 04 May 2005)
New Revision: 981
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-04 08:43:56 UTC (rev 980)
+++ sarge-checks/CAN/list 2005-05-04 09:14:19 UTC (rev 981)
@@ -1,3 +1,115 @@
+CAN-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed ...)
+ TODO: check
+CAN-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...)
+ TODO: check
+CAN-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...)
+ TODO: check
+CAN-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...)
+ TODO: check
+CAN-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...)
+ TODO: check
+CAN-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel 2.6.1 ...)
+ TODO: check
+CAN-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...)
+ TODO: check
+CAN-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...)
+ TODO: check
+CAN-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...)
+ TODO: check
+CAN-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
+ TODO: check
+CAN-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...)
+ TODO: check
+CAN-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...)
+ TODO: check
+CAN-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...)
+ TODO: check
+CAN-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...)
+ TODO: check
+CAN-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket allows ...)
+ TODO: check
+CAN-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...)
+ TODO: check
+CAN-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...)
+ TODO: check
+CAN-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...)
+ TODO: check
+CAN-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...)
+ TODO: check
+CAN-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...)
+ TODO: check
+CAN-2005-1432
+ NOTE: reserved
+CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
+ TODO: check
+CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...)
+ TODO: check
+CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...)
+ TODO: check
+CAN-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...)
+ TODO: check
+CAN-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...)
+ TODO: check
+CAN-2005-1426 (Uapplication Ublog Reload stores the database under the web document ...)
+ TODO: check
+CAN-2005-1425 (Uapplication Uguestbook stores the database under the web document ...)
+ TODO: check
+CAN-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...)
+ TODO: check
+CAN-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...)
+ TODO: check
+CAN-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
+ TODO: check
+CAN-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...)
+ TODO: check
+CAN-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
+ TODO: check
+CAN-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...)
+ TODO: check
+CAN-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...)
+ TODO: check
+CAN-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...)
+ TODO: check
+CAN-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...)
+ TODO: check
+CAN-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...)
+ TODO: check
+CAN-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...)
+ TODO: check
+CAN-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...)
+ TODO: check
+CAN-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...)
+ TODO: check
+CAN-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...)
+ TODO: check
+CAN-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...)
+ TODO: check
+CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...)
+ TODO: check
+CAN-2005-1408
+ NOTE: reserved
+CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
+ TODO: check
+CAN-2005-1406
+ NOTE: reserved
+CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...)
+ TODO: check
+CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...)
+ TODO: check
+CAN-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...)
+ TODO: check
+CAN-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...)
+ TODO: check
+CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...)
+ TODO: check
+CAN-2005-1400
+ NOTE: reserved
+CAN-2005-1399
+ NOTE: reserved
+CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...)
+ TODO: check
+CAN-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...)
+ TODO: check
CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...)
NOTE: not-for-us (PHPCart)
CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...)
@@ -15,9 +127,11 @@
NOTE: have to modify it for his purposes anyway, so there's no security problem
CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
- pound (unfixed; bug #306649)
-CAN-2005-1390 (Squid before 2.5.STABLE7, when using persistent connections, allows ...)
+CAN-2005-1390
+ NOTE: rejected
- squid 2.5.8-1
-CAN-2005-1389 (HTTP response splitting vulnerability in Squid before 2.5.STABLE7, ...)
+CAN-2005-1389
+ NOTE: rejected
- squid 2.5.8-1
CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...)
NOTE: not-for-us (SURVIVOR)
@@ -4017,8 +4131,7 @@
{DSA-679-1}
CAN-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...)
{DSA-687-1}
-CAN-2005-0157
- NOTE: reserved
+CAN-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...)
{DSA-720-1}
CAN-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...)
- perl 5.8.4-6
@@ -4140,8 +4253,8 @@
- libpam-radius-auth 1.3.16-3
CAN-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...)
{DSA-690-1}
-CAN-2005-0106
- NOTE: reserved
+CAN-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
+ TODO: check
CAN-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...)
{DSA-684-1}
CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)