[Secure-testing-commits] r1873 - data/CAN

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Sep 9 10:51:16 UTC 2005 

Author: jmm-guest
Date: 2005-09-09 10:51:13 +0000 (Fri, 09 Sep 2005)
New Revision: 1873

Modified:
   data/CAN/list
Log:
smb4k CANified
new issues in phpmyadmin and nikto
lots of nfus


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-09 09:29:45 UTC (rev 1872)
+++ data/CAN/list	2005-09-09 10:51:13 UTC (rev 1873)
@@ -1,65 +1,63 @@
-begin claimed by jmm
 CAN-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...)
-	TODO: check
+	NOTE: not-for-us (Solaris)
 CAN-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	TODO: check
 CAN-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...)
-	TODO: check
+	NOTE: not-for-us (ZipTorrent)
 CAN-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (BlueWhaleCRM)
 CAN-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...)
-	TODO: check
+	NOTE: not-for-us (Mercora IMRadio)
 CAN-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...)
-	TODO: check
+	NOTE: not-for-us (aMember Pro)
 CAN-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...)
-	TODO: check
+	NOTE: not-for-us (URBAN)
 CAN-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...)
-	TODO: check
+	NOTE: not-for-us (OpenWebmail)
 CAN-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...)
-	TODO: check
+	NOTE: not-for-us (ADSL hardware)
 CAN-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...)
-	TODO: check
+	NOTE: not-for-us (N-Stealth)
 CAN-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...)
-	TODO: check
+	- nikto (unfixed; bug filed; medium)
 CAN-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...)
-	TODO: check
+	NOTE: not-for-us (Savant Web Server)
 CAN-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...)
-	TODO: check
+	NOTE: not-for-us (Rediff BOL))
 CAN-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...)
-	TODO: check
+	NOTE: not-for-us (Free SMTP Server)
 CAN-2005-2856 (Stack-based buffer overflow in UNACEV2.DLL for ALZip 5.51 through 6.11 ...)
-	TODO: check
+	NOTE: not-for-us (ALZip)
 CAN-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...)
-	TODO: check
+	NOTE: not-for-us (Unclassified Newsboard)
 CAN-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...)
-	TODO: check
+	NOTE: not-for-us ()
 CAN-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...)
-	TODO: check
+	NOTE: not-for-us (GuppY)
 CAN-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...)
-	TODO: check
+	NOTE: not-for-us (Novell Netware)
 CAN-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...)
-	TODO: check
+	- smb4k 0.6.3-1 (medium)
 CAN-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOTE: not-for-us (SlimFTPD)
 CAN-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...)
-	TODO: check
+	NOTE: not-for-us (Barracuda antispam solution)
 CAN-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...)
-	TODO: check
+	NOTE: not-for-us (Barracuda antispam solution)
 CAN-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...)
-	TODO: check
+	NOTE: not-for-us (Barracuda antispam solution)
 CAN-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...)
-	TODO: check
+	NOTE: not-for-us (CMS Made Simple)
 CAN-2005-2845 (Ariba Spend Management System sends the username and password to the ...)
-	TODO: check
+	NOTE: not-for-us (Ariba Spend Management System)
 CAN-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...)
-	TODO: check
+	NOTE: not-for-us (Indiatimes Messenger)
 CAN-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...)
-	TODO: check
+	NOTE: not-for-us (Hesk)
 CAN-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...)
-	TODO: check
+	NOTE: not-for-us (DameWare Mini)
 CAN-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (IOS)
 CAN-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...)
 	NOTE: not-for-us (MAXdev)
 CAN-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
@@ -365,8 +363,6 @@
 CAN-2005-XXXX [osh buffer overflow in handlers.c]
 	NOTE: This is not the same as -13
 	- osh 1.7-14 (bug #323424; medium)
-CAN-2005-XXXX [Insecure symlink handling in smb4k]
-	- smb4k 0.6.3-1 (medium)
 CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
 	{DSA-793-1}
 	- courier 0.47-8 (medium; bug #325631)

More information about the Secure-testing-commits mailing list