[Secure-testing-commits] r1043 - sarge-checks/CAN
SALVETTI Djoumé
djoume-guest@costa.debian.org
Wed, 11 May 2005 20:20:47 +0000
Author: djoume-guest
Date: 2005-05-11 20:20:43 +0000 (Wed, 11 May 2005)
New Revision: 1043
Modified:
sarge-checks/CAN/list
Log:
* processed my block
* claimed a few more
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-11 16:19:54 UTC (rev 1042)
+++ sarge-checks/CAN/list 2005-05-11 20:20:43 UTC (rev 1043)
@@ -1,103 +1,104 @@
-begin claimed by djoume
CAN-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
- TODO: check
+ NOTE: not-for-us
CAN-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
- TODO: check
+ NOTE: not in testing
+ NOTE: non-free
+ NOTE: I don't feel to fill a bug for this (a DoS that could only appen on 64bits
+ NOTE: plateforms with more than 4GB of memory)
CAN-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...)
- TODO: check
+ NOTE: cf CAN-2005-1515
CAN-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...)
- TODO: check
+ NOTE: cf CAN-2005-1515
CAN-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4 allows ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...)
- TODO: check
+ - dansguardian 2.5.2-0-0.1
CAN-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and ealier ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...)
- TODO: check
+ - phpbb2 2.0.10-1
CAN-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...)
- TODO: check
+ - phpbb2 2.0.10-1
CAN-2004-2053 (PHP remote code injection vulnerability in index.php in EasyIns ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php in ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...)
- TODO: check
+ - icecast2 2.0.1.debian-1
CAN-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...)
- TODO: check
+ - pound 1.7-1
CAN-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...)
- TODO: check
+ NOTE: not-for-us
CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...)
- TODO: check
-end claimed by djoume
+ NOTE: not-for-us
CAN-2004-2022 (Stack-based buffer overflow in ActivePerl for Win32 5.6.1 and 5.8.0 ...)
NOTE: not-for-us (various perls on Windows)
CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...)
@@ -345,6 +346,7 @@
NOTE: not-for-us (IGI 2 Covert Strike server)
CAN-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...)
- monit 1:4.2.1
+begin claimed by djoume
CAN-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...)
TODO: check
CAN-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...)
@@ -463,6 +465,7 @@
TODO: check
CAN-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...)
TODO: check
+end claimed by djoume
CAN-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...)
TODO: check
CAN-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...)