[Secure-testing-commits] r1091 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Wed, 18 May 2005 09:14:36 +0000
Author: joeyh
Date: 2005-05-18 09:14:33 +0000 (Wed, 18 May 2005)
New Revision: 1091
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-17 21:41:29 UTC (rev 1090)
+++ sarge-checks/CAN/list 2005-05-18 09:14:33 UTC (rev 1091)
@@ -1,3 +1,133 @@
+CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...)
+ TODO: check
+CAN-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...)
+ TODO: check
+CAN-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...)
+ TODO: check
+CAN-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...)
+ TODO: check
+CAN-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...)
+ TODO: check
+CAN-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...)
+ TODO: check
+CAN-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...)
+ TODO: check
+CAN-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...)
+ TODO: check
+CAN-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...)
+ TODO: check
+CAN-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...)
+ TODO: check
+CAN-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...)
+ TODO: check
+CAN-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...)
+ TODO: check
+CAN-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...)
+ TODO: check
+CAN-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...)
+ TODO: check
+CAN-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...)
+ TODO: check
+CAN-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...)
+ TODO: check
+CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
+ TODO: check
+CAN-2005-1636 (mysql_install_db in MySQL 4.x before 4.0.12 and 5.x up to 5.0.4 ...)
+ TODO: check
+CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...)
+ TODO: check
+CAN-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...)
+ TODO: check
+CAN-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...)
+ TODO: check
+CAN-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...)
+ TODO: check
+CAN-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...)
+ TODO: check
+CAN-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
+ TODO: check
+CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...)
+ TODO: check
+CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...)
+ TODO: check
+CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
+ TODO: check
+CAN-2005-1625
+ NOTE: reserved
+CAN-2005-1624
+ NOTE: reserved
+CAN-2005-1623
+ NOTE: reserved
+CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...)
+ TODO: check
+CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...)
+ TODO: check
+CAN-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...)
+ TODO: check
+CAN-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...)
+ TODO: check
+CAN-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...)
+ TODO: check
+CAN-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...)
+ TODO: check
+CAN-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...)
+ TODO: check
+CAN-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...)
+ TODO: check
+CAN-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...)
+ TODO: check
+CAN-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...)
+ TODO: check
+CAN-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...)
+ TODO: check
+CAN-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...)
+ TODO: check
+CAN-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...)
+ TODO: check
+CAN-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...)
+ TODO: check
+CAN-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...)
+ TODO: check
+CAN-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...)
+ TODO: check
+CAN-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...)
+ TODO: check
+CAN-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...)
+ TODO: check
+CAN-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...)
+ TODO: check
+CAN-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...)
+ TODO: check
+CAN-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...)
+ TODO: check
+CAN-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...)
+ TODO: check
+CAN-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature ...)
+ TODO: check
+CAN-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...)
+ TODO: check
+CAN-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...)
+ TODO: check
+CAN-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...)
+ TODO: check
+CAN-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...)
+ TODO: check
+CAN-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...)
+ TODO: check
+CAN-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...)
+ TODO: check
+CAN-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...)
+ TODO: check
+CAN-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before ...)
+ TODO: check
+CAN-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...)
+ TODO: check
+CAN-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...)
+ TODO: check
+CAN-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...)
+ TODO: check
CAN-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...)
TODO: check
CAN-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...)
@@ -7,7 +137,6 @@
CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
- libxpm4 (unfixed; bug #308783)
CAN-2005-1589 [Local privilege escalation in the Linux kernel's pktcdvd ioctl]
- NOTE: reserved
- kernel-source-2.6.8 (unfixed; bug #309429)
- kernel-source-2.6.11 2.6.11-5
CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...)
@@ -1263,12 +1392,12 @@
CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...)
NOTE: does not affect 2.6.8, 2.4.27 per horms
- kernel-source-2.6.11 (unfixed; fix in svn; bug #307553)
-CAN-2005-1367
- NOTE: reserved
-CAN-2005-1366
- NOTE: reserved
-CAN-2005-1365
- NOTE: reserved
+CAN-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...)
+ TODO: check
+CAN-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...)
+ TODO: check
+CAN-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...)
+ TODO: check
CAN-2005-XXXX [Insecure mailbox generation in passwd's useradd
- shadow (unfixed; bug #307259)
CAN-2005-XXXX [Insecure tempfile generation in shadow's vipw]
@@ -1393,8 +1522,8 @@
CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
NOTE: upstream says attack won't work
- sqwebmail (unfixed; bug #307575)
-CAN-2005-1307
- NOTE: reserved
+CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...)
+ TODO: check
CAN-2005-1306
NOTE: reserved
CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...)
@@ -1486,7 +1615,6 @@
CAN-2005-1265
NOTE: reserved
CAN-2005-1264 [Local privilege escalation in the Linux kernel's raw ioctl]
- NOTE: reserved
- kernel-source-2.6.8 (unfixed; bug #309429)
- kernel-source-2.6.11 2.6.11-5
CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
@@ -1523,8 +1651,8 @@
NOTE: reserved
CAN-2005-1249
NOTE: reserved
-CAN-2005-1248
- NOTE: reserved
+CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...)
+ TODO: check
CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...)
NOTE: not-for-us (Novell Nsure Audit)
CAN-2005-1246 (Format string vulnerability in the snmppd_log function in ...)
@@ -1645,8 +1773,8 @@
- xine-lib 1.0.1-1
CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...)
- nasm (unfixed; bug #309049)
-CAN-2005-1193
- NOTE: reserved
+CAN-2005-1193 (The make_clickable function in bbcode.php for phpBB before 2.0.15 ...)
+ TODO: check
CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)
NOTE: not-for-us (HP-UX)
CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...)