[Secure-testing-commits] r1039 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Wed, 11 May 2005 15:03:50 +0000
Author: joeyh
Date: 2005-05-11 15:03:46 +0000 (Wed, 11 May 2005)
New Revision: 1039
Modified:
sarge-checks/CAN/list
Log:
done with claimed cans
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-11 13:49:57 UTC (rev 1038)
+++ sarge-checks/CAN/list 2005-05-11 15:03:46 UTC (rev 1039)
@@ -98,253 +98,253 @@
CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...)
TODO: check
end claimed by djoume
-begin claimed by joeyh
CAN-2004-2022 (Stack-based buffer overflow in ActivePerl for Win32 5.6.1 and 5.8.0 ...)
- TODO: check
+ NOTE: not-for-us (various perls on Windows)
CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...)
- TODO: check
+ NOTE: not-for-us (osCommerce)
CAN-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...)
+ NOTE: not-for-us (php-nuke)
CAN-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...)
- TODO: check
+ NOTE: not-for-us (php-nuke)
CAN-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke 6.x ...)
- TODO: check
+ NOTE: not-for-us (php-nuke)
CAN-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...)
- TODO: check
+ NOTE: not-for-us (Turbo Traffic Trader C (TTT-C))
CAN-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...)
- TODO: check
+ NOTE: not-for-us (netchat)
CAN-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
- TODO: check
+ NOTE: not-for-us (WebCT)
CAN-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...)
- TODO: check
+ - wget (unfixed; bug #308622)
CAN-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...)
- TODO: check
+ NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok
CAN-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...)
- TODO: check
+ NOTE: not-for-us (NetBSD)
CAN-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (MSIE)
CAN-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop 0.7.1 ...)
- TODO: check
+ NOTE: not-for-us (phpShop)
CAN-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...)
- TODO: check
+ NOTE: not-for-us (NukeJokes)
CAN-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...)
- TODO: check
+ NOTE: not-for-us (NukeJokes)
CAN-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...)
- TODO: check
+ NOTE: not-for-us (NukeJokes)
CAN-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone ...)
- TODO: check
+ NOTE: not-for-us (OfficeScan)
CAN-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...)
- TODO: check
+ NOTE: not-for-us (Eudora)
CAN-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...)
- TODO: check
+ NOTE: not-for-us (SUSE Live CD)
CAN-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...)
- TODO: check
+ NOTE: not-for-us (DeleGate)
CAN-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...)
- TODO: check
+ NOTE: not-for-us (IRIX)
CAN-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly ...)
- TODO: check
+ NOTE: not-for-us (IRIX)
CAN-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...)
- TODO: check
+ NOTE: not-for-us (Php-Nuke)
CAN-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...)
- TODO: check
+ NOTE: not-for-us (php-nuke)
CAN-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...)
- TODO: check
+ NOTE: not-for-us (kolab)
CAN-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
- TODO: check
+ NOTE: not-for-us (Simple Machines Forum)
CAN-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...)
- TODO: check
+ NOTE: not-for-us (FuseTalk)
CAN-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...)
- TODO: check
+ NOTE: not-for-us (FuseTalk)
CAN-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...)
- TODO: check
+ NOTE: not-for-us (omail)
CAN-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Serv-U)
CAN-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...)
- TODO: check
+ NOTE: not-for-us (aweb)
CAN-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...)
- TODO: check
+ NOTE: not-for-us (aweb)
CAN-2004-1989 (PHP remote code injection vulnerability in theme.php in Coppermine ...)
- TODO: check
+ NOTE: not-for-us (Coppermine)
CAN-2004-1988 (PHP remote code injection vulnerability in init.inc.php in Coppermine ...)
- TODO: check
+ NOTE: not-for-us (Coppermine)
CAN-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...)
- TODO: check
+ NOTE: not-for-us (Coppermine)
CAN-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...)
- TODO: check
+ NOTE: not-for-us (Coppermine)
CAN-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...)
- TODO: check
+ NOTE: not-for-us (Coppermine)
CAN-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Coppermine)
CAN-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...)
- TODO: check
+ NOTE: only affects pax for 2.6; kernel-patch-adamantix contains pax
+ NOTE: but only for 2.4.
CAN-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...)
- TODO: check
+ NOTE: not-for-us (YaBB)
CAN-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...)
- TODO: check
+ NOTE: not-for-us (Crystal Reports)
CAN-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...)
- TODO: check
+ NOTE: not-for-us (PROPS)
CAN-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...)
- TODO: check
+ NOTE: not-for-us (PROPS)
CAN-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...)
- TODO: check
+ - moodle 1.3
CAN-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (3com NBX IP VOIP NetSet Configuration Manager)
CAN-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...)
- TODO: check
+ NOTE: not-for-us (SMC Barricade broadband router 7008ABR and 7004VBR)
CAN-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...)
- TODO: check
+ NOTE: not-for-us (paFileDB)
CAN-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...)
- TODO: check
+ NOTE: not-for-us (paFileDB)
CAN-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (DiGi Web Server)
CAN-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...)
- TODO: check
+ NOTE: not-for-us (PHP-Nuke)
CAN-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...)
- TODO: check
+ NOTE: not-for-us (PHP-Nuke)
CAN-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...)
- TODO: check
+ NOTE: not-for-us (Samsung SmartEther SS6215Sswitch)
CAN-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...)
- TODO: check
+ NOTE: not-for-us (OpenBB)
CAN-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...)
- TODO: check
+ NOTE: not-for-us (OpenBB)
CAN-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...)
- TODO: check
+ NOTE: not-for-us (OpenBB)
CAN-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
- TODO: check
+ NOTE: not-for-us (OpenBB)
CAN-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...)
- TODO: check
+ NOTE: not-for-us (OpenBB)
CAN-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...)
- TODO: check
+ NOTE: not-for-us (Network Query Tool (NQT))
CAN-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Network Query Tool (NQT))
CAN-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...)
- TODO: check
+ NOTE: not-for-us (Protector System)
CAN-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Protector System)
CAN-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...)
- TODO: check
+ NOTE: not-for-us (Protector System)
CAN-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...)
- TODO: check
+ NOTE: not-for-us (Protector System)
CAN-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...)
- TODO: check
+ NOTE: not-for-us (Unreal engine)
CAN-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...)
- TODO: check
+ NOTE: not-for-us (phProfession)
CAN-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
- TODO: check
+ NOTE: not-for-us (phProfession)
CAN-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...)
- TODO: check
+ NOTE: not-for-us (phProfession)
CAN-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Advanced Guestbook
CAN-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...)
- TODO: check
+ - xine-ui 0.99.1
CAN-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...)
- TODO: check
+ - phpbb2 2.0.9
CAN-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...)
- TODO: check
+ NOTE: nonsense, all command line passwords can be intercepted at least sometimes
CAN-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...)
- TODO: check
+ NOTE: not-for-us (bitdefender)
CAN-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...)
- TODO: check
+ - cherokee 0.4.21b01-1
CAN-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Kinesphere eXchange POP3 )
CAN-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Eudora)
CAN-2004-1943 (PHP remote code injection vulnerability in album_portal.php in phpBB ...)
- TODO: check
+ NOTE: not-for-us (phpbb as modified by przemo)
CAN-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...)
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Fastream NETFile FTP/Web Server)
CAN-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...)
- TODO: check
+ - kphone 1:4.0.2
CAN-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...)
- TODO: check
+ NOTE: not-for-us (Zaep)
CAN-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...)
- TODO: check
+ NOTE: not-for-us (Phorum)
CAN-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...)
- TODO: check
+ NOTE: not-for-us (Nuked-KlaN)
CAN-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...)
- TODO: check
+ NOTE: not-for-us (ZoneAlarm)
CAN-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...)
- TODO: check
+ NOTE: not-for-us (SCT Campus Pipeline)
CAN-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel 3.50 ...)
- TODO: check
+ NOTE: not-for-us (Gemitel)
CAN-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...)
- TODO: check
+ NOTE: not-for-us (Citadel)
CAN-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...)
- TODO: check
+ NOTE: not-for-us (PhpNuke)
CAN-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...)
- TODO: check
+ NOTE: not-for-us (PhpNuke)
CAN-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...)
- TODO: check
+ NOTE: not-for-us (PhpNuke)
CAN-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...)
- TODO: check
+ NOTE: not-for-us (tikiwiki)
CAN-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...)
- TODO: check
+ NOTE: not-for-us (tikiwiki)
CAN-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (tikiwiki)
CAN-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...)
- TODO: check
+ NOTE: not-for-us (tikiwiki)
CAN-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...)
- TODO: check
+ NOTE: not-for-us (tikiwiki)
CAN-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
- TODO: check
+ NOTE: not-for-us (tikiwiki)
CAN-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...)
- TODO: check
+ NOTE: not-for-us (MSIE)
CAN-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" ...)
- TODO: check
+ NOTE: not-for-us (X-Micro WLAN 11b Broadband Router)
CAN-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...)
- TODO: check
+ NOTE: not-for-us (X-Micro WLAN 11b Broadband Router)
CAN-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Crackalaka)
CAN-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (rsniff)
CAN-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...)
- TODO: check
+ - lcdproc 0.4.5
CAN-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...)
- TODO: check
+ - lcdproc 0.4.5
CAN-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...)
- TODO: check
+ - lcdproc 0.4.5
CAN-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...)
- TODO: check
+ NOTE: not-for-us (phpnuke)
CAN-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
- TODO: check
+ NOTE: not-for-us (phpnuke)
CAN-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...)
- TODO: check
+ NOTE: not-for-us (phpnuke)
CAN-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...)
- TODO: check
+ NOTE: not-for-us (AzDGDatingLite)
CAN-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...)
- TODO: check
+ NOTE: not-for-us (Symantec)
CAN-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...)
- TODO: check
+ - clamav 0.68.1
CAN-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...)
- TODO: check
+ NOTE: not-for-us (Mcafee FreeScan)
CAN-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...)
- TODO: check
+ NOTE: not-for-us (Kerio Personal Firewall)
CAN-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us (Mcafee FreeScan)
CAN-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
- TODO: check
+ NOTE: not-for-us (Panda ActiveScan)
CAN-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Panda ActiveScan)
CAN-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...)
- TODO: check
+ NOTE: not-for-us (blaxxun)
CAN-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...)
- TODO: check
+ NOTE: not-for-us (Citrix MetaFrame Password Manager)
CAN-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...)
- TODO: check
+ NOTE: not-for-us (gentoo portage)
CAN-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...)
- TODO: check
+ NOTE: not-for-us (IGI 2 Covert Strike server)
CAN-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...)
- TODO: check
-end claimed by joeyh
+ - monit 1:4.2.1
CAN-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...)
TODO: check
CAN-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...)
@@ -734,9 +734,9 @@
CAN-2005-XXXX [phpbb2: Security issue in url/bbcode]
- phpbb2 (unfixed; bug #308282)
CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...)
- - mozilla-firefox (unfixed; bug filed)
+ - mozilla-firefox (unfixed; bug #308620)
CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...)
- - mozilla-firefox (unfixed; bug filed)
+ - mozilla-firefox (unfixed; bug #308620)
CAN-2005-1475
NOTE: reserved
CAN-2005-1474