[Secure-testing-commits] r2105 - data/CAN
Joey Hess
joeyh at costa.debian.org
Thu Sep 22 21:14:22 UTC 2005
Author: joeyh
Date: 2005-09-22 21:14:18 +0000 (Thu, 22 Sep 2005)
New Revision: 2105
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-22 21:12:38 UTC (rev 2104)
+++ data/CAN/list 2005-09-22 21:14:18 UTC (rev 2105)
@@ -1,3 +1,108 @@
+CAN-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
+ TODO: check
+CAN-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...)
+ TODO: check
+CAN-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before ...)
+ TODO: check
+CAN-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...)
+ TODO: check
+CAN-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...)
+ TODO: check
+CAN-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...)
+ TODO: check
+CAN-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...)
+ TODO: check
+CAN-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...)
+ TODO: check
+CAN-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
+ TODO: check
+CAN-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
+ TODO: check
+CAN-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...)
+ TODO: check
+CAN-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...)
+ TODO: check
+CAN-2005-3030 (Directory traversal vulnerability in the archive decompression library ...)
+ TODO: check
+CAN-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...)
+ TODO: check
+CAN-2005-3028
+ NOTE: rejected
+ TODO: check
+CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...)
+ TODO: check
+CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...)
+ TODO: check
+CAN-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...)
+ TODO: check
+CAN-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...)
+ TODO: check
+CAN-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...)
+ TODO: check
+CAN-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...)
+ TODO: check
+CAN-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...)
+ TODO: check
+CAN-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...)
+ TODO: check
+CAN-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...)
+ TODO: check
+CAN-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...)
+ TODO: check
+CAN-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...)
+ TODO: check
+CAN-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...)
+ TODO: check
+CAN-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...)
+ TODO: check
+CAN-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...)
+ TODO: check
+CAN-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...)
+ TODO: check
+CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
+ TODO: check
+CAN-2005-3011 (texindex in texinfo 4.7 and earlier allows local users to overwrite ...)
+ TODO: check
+CAN-2005-3010 (Direct static code injection vulnerability in the flood protection ...)
+ TODO: check
+CAN-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...)
+ TODO: check
+CAN-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...)
+ TODO: check
+CAN-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
+ TODO: check
+CAN-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...)
+ TODO: check
+CAN-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...)
+ TODO: check
+CAN-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...)
+ TODO: check
+CAN-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...)
+ TODO: check
+CAN-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...)
+ TODO: check
+CAN-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows ...)
+ TODO: check
+CAN-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...)
+ TODO: check
+CAN-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...)
+ TODO: check
+CAN-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...)
+ TODO: check
+CAN-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...)
+ TODO: check
+CAN-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...)
+ TODO: check
+CAN-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...)
+ TODO: check
+CAN-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...)
+ TODO: check
+CAN-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...)
+ TODO: check
+CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
+ TODO: check
CAN-2005-XXXX [miniserv.pl root shell command injection]
- webmin 1.220-1 (high)
- usermin 1.150-1 (high)
@@ -3,4 +108,5 @@
NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821
CAN-2005-2992 [Another arc tempfile issue]
+ NOTE: reserved
- arc 5.21m-1 (low)
CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the shell]
@@ -59,8 +165,8 @@
NOTE: reserved
CAN-2005-2969
NOTE: reserved
-CAN-2005-2968
- NOTE: reserved
+CAN-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
+ TODO: check
CAN-2005-2967
NOTE: reserved
CAN-2005-2966
@@ -250,11 +356,9 @@
TODO: be disabled completely, like Microsoft did some time ago?
CAN-2005-XXXX [texinfo: /tmp race condition when processing large input files]
- texinfo (unfixed; bug #328365; low)
-CAN-2005-2920 [clamav: libclamav/upx.c: fix possible buffer overflow.]
- NOTE: reserved
+CAN-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...)
- clamav 0.87-1 (bug #328660; medium)
-CAN-2005-2919 [clamav: libclamav/fsg.c: fix possible infinite loop.]
- NOTE: reserved
+CAN-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...)
- clamav 0.87-1 (bug #328660; medium)
CAN-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...)
- gtkdiskfree (bug #328566; low)
@@ -501,8 +605,8 @@
NOTE: not-for-us (Symantec AntiVirus)
CAN-2005-2765 (The user interface in the Windows Firewall does not properly display ...)
NOTE: not-for-us (Microsoft Windows)
-CAN-2005-2764
- NOTE: reserved
+CAN-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...)
+ TODO: check
CAN-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
NOTE: not-for-us (OpenTTD)
CAN-2005-2762
@@ -742,11 +846,9 @@
NOTE: not-for-us (elm-me+ is no longer in unstable or testing)
CAN-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...)
NOTE: not-for-us (Whisper)
-CAN-2005-2663 [local file overwrite in masqmail, via a symlink attack]
- NOTE: reserved
+CAN-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...)
- masqmail (unfixed; low; bug #329307)
-CAN-2005-2662 [shell command injection in masqmail via email addresses]
- NOTE: reserved
+CAN-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...)
- masqmail (unfixed; high; bug #329307)
CAN-2005-2661
NOTE: reserved
@@ -10689,10 +10791,10 @@
- mozilla 2:1.7.5
CAN-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...)
NOTE: not-for-us (PeID)
-CAN-2005-0139
- NOTE: reserved
-CAN-2005-0138
- NOTE: reserved
+CAN-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...)
+ TODO: check
+CAN-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...)
+ TODO: check
CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
NOTE: Does not affect 2.6 based kernels in Debian
- kernel-source-2.4.27 2.4.27-10
More information about the Secure-testing-commits
mailing list