[Secure-testing-commits] r1146 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Wed, 25 May 2005 09:14:25 +0000
Author: joeyh
Date: 2005-05-25 09:14:21 +0000 (Wed, 25 May 2005)
New Revision: 1146
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-25 08:54:39 UTC (rev 1145)
+++ sarge-checks/CAN/list 2005-05-25 09:14:21 UTC (rev 1146)
@@ -1,3 +1,273 @@
+CAN-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...)
+ TODO: check
+CAN-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...)
+ TODO: check
+CAN-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...)
+ TODO: check
+CAN-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
+ TODO: check
+CAN-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...)
+ TODO: check
+CAN-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...)
+ TODO: check
+CAN-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...)
+ TODO: check
+CAN-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...)
+ TODO: check
+CAN-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...)
+ TODO: check
+CAN-2005-1741 (Gearbox Software Halo Combat Evolved 1.6 allows remote attackers to ...)
+ TODO: check
+CAN-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...)
+ TODO: check
+CAN-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...)
+ TODO: check
+CAN-2005-1738 (Multiple format string vulnerabilities in the (1) logPrintBadfile ...)
+ TODO: check
+CAN-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized ...)
+ TODO: check
+CAN-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights," ...)
+ TODO: check
+CAN-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...)
+ TODO: check
+CAN-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...)
+ TODO: check
+CAN-2005-1733 (Cookie Cart stores the password file under the web document root with ...)
+ TODO: check
+CAN-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...)
+ TODO: check
+CAN-2005-1731
+ NOTE: reserved
+CAN-2005-1730
+ NOTE: reserved
+CAN-2005-1729
+ NOTE: reserved
+CAN-2005-1728
+ NOTE: reserved
+CAN-2005-1727
+ NOTE: reserved
+CAN-2005-1726
+ NOTE: reserved
+CAN-2005-1725
+ NOTE: reserved
+CAN-2005-1724
+ NOTE: reserved
+CAN-2005-1723
+ NOTE: reserved
+CAN-2005-1722
+ NOTE: reserved
+CAN-2005-1721
+ NOTE: reserved
+CAN-2005-1720
+ NOTE: reserved
+CAN-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...)
+ TODO: check
+CAN-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...)
+ TODO: check
+CAN-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...)
+ TODO: check
+CAN-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...)
+ TODO: check
+CAN-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...)
+ TODO: check
+CAN-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...)
+ TODO: check
+CAN-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...)
+ TODO: check
+CAN-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...)
+ TODO: check
+CAN-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...)
+ TODO: check
+CAN-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...)
+ TODO: check
+CAN-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...)
+ TODO: check
+CAN-2005-1708 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows ...)
+ TODO: check
+CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...)
+ TODO: check
+CAN-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...)
+ TODO: check
+CAN-2005-1705 (gdb before 6.3 searches the current working directory to load the ...)
+ TODO: check
+CAN-2005-1704 (Integer overflow in the BFD library for gdb before 6.3 allows ...)
+ TODO: check
+CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...)
+ TODO: check
+CAN-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
+ TODO: check
+CAN-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...)
+ TODO: check
+CAN-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...)
+ TODO: check
+CAN-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...)
+ TODO: check
+CAN-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...)
+ TODO: check
+CAN-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...)
+ TODO: check
+CAN-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...)
+ TODO: check
+CAN-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...)
+ TODO: check
+CAN-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...)
+ TODO: check
+CAN-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
+ TODO: check
+CAN-2005-1692 (Format string vulnerability in gxine 0.41 through 0.44 allows remote ...)
+ TODO: check
+CAN-2005-1691
+ NOTE: reserved
+CAN-2005-1690
+ NOTE: reserved
+CAN-2005-1689
+ NOTE: reserved
+CAN-2005-1688 (Wordpress 1.5 and earlier allow remote attackers to obtain sensitive ...)
+ TODO: check
+CAN-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...)
+ TODO: check
+CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
+ TODO: check
+CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
+ TODO: check
+CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...)
+ TODO: check
+CAN-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...)
+ TODO: check
+CAN-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...)
+ TODO: check
+CAN-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM 1.21, ...)
+ TODO: check
+CAN-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
+ TODO: check
+CAN-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
+ TODO: check
+CAN-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
+ TODO: check
+CAN-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...)
+ TODO: check
+CAN-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...)
+ TODO: check
+CAN-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
+ TODO: check
+CAN-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...)
+ TODO: check
+CAN-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...)
+ TODO: check
+CAN-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...)
+ TODO: check
+CAN-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...)
+ TODO: check
+CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
+ TODO: check
+CAN-2005-1669
+ NOTE: reserved
+CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
+ TODO: check
+CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...)
+ TODO: check
+CAN-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...)
+ TODO: check
+CAN-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...)
+ TODO: check
+CAN-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...)
+ TODO: check
+CAN-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...)
+ TODO: check
+CAN-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...)
+ TODO: check
+CAN-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...)
+ TODO: check
+CAN-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...)
+ TODO: check
+CAN-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...)
+ TODO: check
+CAN-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...)
+ TODO: check
+CAN-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...)
+ TODO: check
+CAN-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...)
+ TODO: check
+CAN-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...)
+ TODO: check
+CAN-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...)
+ TODO: check
+CAN-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...)
+ TODO: check
+CAN-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
+ TODO: check
+CAN-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...)
+ TODO: check
+CAN-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...)
+ TODO: check
+CAN-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...)
+ TODO: check
+CAN-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...)
+ TODO: check
+CAN-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...)
+ TODO: check
+CAN-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...)
+ TODO: check
+CAN-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...)
+ TODO: check
+CAN-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...)
+ TODO: check
+CAN-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...)
+ TODO: check
+CAN-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...)
+ TODO: check
+CAN-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...)
+ TODO: check
+CAN-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...)
+ TODO: check
+CAN-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...)
+ TODO: check
+CAN-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...)
+ TODO: check
+CAN-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...)
+ TODO: check
+CAN-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...)
+ TODO: check
+CAN-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...)
+ TODO: check
+CAN-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...)
+ TODO: check
+CAN-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...)
+ TODO: check
+CAN-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...)
+ TODO: check
+CAN-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...)
+ TODO: check
+CAN-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...)
+ TODO: check
+CAN-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
+ TODO: check
+CAN-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...)
+ TODO: check
+CAN-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...)
+ TODO: check
+CAN-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...)
+ TODO: check
+CAN-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...)
+ TODO: check
+CAN-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...)
+ TODO: check
+CAN-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
+ TODO: check
+CAN-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...)
+ TODO: check
+CAN-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...)
+ TODO: check
+CAN-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
+ TODO: check
+CAN-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...)
+ TODO: check
CAN-2005-XXXX [imagemagick xwd endless loop DoS]
- imagemagick (unfixed; bug #310690)
CAN-2005-XXXX [Insecure tempfile handling in net-snmp's fixproc]
@@ -46,7 +316,7 @@
NOTE: not-for-us (SafeHTML)
CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
NOTE: not-for-us (NPDS)
-CAN-2005-1636 (mysql_install_db in MySQL 4.x before 4.0.12 and 5.x up to 5.0.4 ...)
+CAN-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...)
TODO: mysql-dfsg-4.1 should be already be fixed as well, double check
- mysql-dfsg 4.0.12-2
CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
@@ -386,7 +656,7 @@
NOTE: not-for-us (ArticleLive)
CAN-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...)
NOTE: not-for-us (ArticleLive)
-CAN-2005-1481 (Multiple SQL injection vulnerabilities in ASP Inline Corporate ...)
+CAN-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...)
NOTE: not-for-us (ASP Inline Corporate Calendar)
CAN-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...)
NOTE: not-for-us (RaidenFTPD)
@@ -894,7 +1164,7 @@
NOTE: not-for-us
CAN-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...)
NOTE: not-for-us
-CAN-2004-1822 (Multiple cross-site scripting (XSS) vulnurabilities in Phorum 3.1 ...)
+CAN-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...)
NOTE: not-for-us
CAN-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...)
NOTE: not-for-us
@@ -1195,10 +1465,10 @@
- ethereal 0.10.10-2sarge2
CAN-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...)
- ethereal 0.10.10-2sarge2
-CAN-2005-1455
- NOTE: reserved
-CAN-2005-1454
- NOTE: reserved
+CAN-2005-1455 (Buffer overflow in the sql_escape_func function in FreeRADIUS 1.0.2 ...)
+ TODO: check
+CAN-2005-1454 (SQL injection vulnerability in the radius_xlat function in FreeRADIUS ...)
+ TODO: check
CAN-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...)
- leafnode 1.11.2.rel-1
CAN-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...)
@@ -1640,8 +1910,8 @@
CAN-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...)
NOTE: see http://gaim.sourceforge.net/security/
- gaim 1:1.2.1-1.1
-CAN-2005-1260
- NOTE: reserved
+CAN-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
+ TODO: check
CAN-2005-1259
NOTE: reserved
CAN-2005-1258
@@ -3014,8 +3284,8 @@
CAN-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...)
NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
- gzip 1.3.5-10
-CAN-2005-0757
- NOTE: reserved
+CAN-2005-0757 (The xattr file system code on Linux 2.4.x on 64-bit systems does not ...)
+ TODO: check
CAN-2005-0756
NOTE: reserved
CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
@@ -4555,8 +4825,7 @@
NOTE: reserved
CAN-2005-0393
NOTE: reserved
-CAN-2005-0392
- NOTE: reserved
+CAN-2005-0392 (ppxp does not drop root privileges before opening log files, which ...)
{DSA-725-1}
CAN-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...)
{DSA-712-1}
@@ -5011,7 +5280,7 @@
NOTE: not-for-us (PhotoPost)
CAN-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...)
NOTE: not-for-us (ReviewPost)
-CAN-2005-0271 (Multiple SQL injection vulnerbilities in ReviewPost PHP Pro before ...)
+CAN-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...)
NOTE: not-for-us (ReviewPost)
CAN-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...)
NOTE: not-for-us (ReviewPost)
@@ -5446,8 +5715,8 @@
- kernel-source-2.6.8 2.6.8-14
CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
- kernel-source-2.6.8 2.6.8-14
-CAN-2005-0134
- NOTE: reserved
+CAN-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
+ TODO: check
CAN-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
- mozilla-firefox 1.0
- mozilla 2:1.7.5
@@ -5669,8 +5938,8 @@
NOTE: reserved
CAN-2005-0041
NOTE: reserved
-CAN-2005-0040
- NOTE: reserved
+CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...)
+ TODO: check
CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...)
TODO: check
CAN-2005-0038
@@ -8211,7 +8480,7 @@
NOTE: not-for-us (MSIE bugs)
CAN-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...)
NOTE: not-for-us (mailmgr; not in Debian)
-CAN-2004-0282 (Crob FTP daemon 2.5.2 allows remote attackers to cause a denial of ...)
+CAN-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...)
NOTE: not-for-us (Crob FTP; not in Debian)
CAN-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...)
NOTE: not-for-us (Caucho Technology Resin; not in Debian)