[Secure-testing-commits] r2108 - data/CAN

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2005-09-22 21:23:45 +0000 (Thu, 22 Sep 2005)
New Revision: 2108

Modified:
   data/CAN/list
Log:
processed first block
webmin/usermin CANified
lots of nfus
claim a new block


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-22 21:16:33 UTC (rev 2107)
+++ data/CAN/list	2005-09-22 21:23:45 UTC (rev 2108)
@@ -1,38 +1,38 @@
-begin claimed by jmm
 CAN-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
-	TODO: check
+	NOTE: not-for-us (Mall23 eCommerce)
 CAN-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...)
-	TODO: check
+	- webmin 1.220-1 (high)
+	- usermin 1.150-1 (high)
+	NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821
 CAN-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before ...)
-	TODO: check
+	NOTE: not-for-us (Opera)
 CAN-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...)
-	TODO: check
+	NOTE: not-for-us (TAC Vista)
 CAN-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...)
-	TODO: check
+	NOTE: not-for-us (Mall23 eCommerce)
 CAN-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...)
-	TODO: check
+	NOTE: not-for-us (Hosting Controller)
 CAN-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...)
-	TODO: check
+	NOTE: not-for-us (Handy Address Book Server)
 CAN-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...)
-	TODO: check
+	NOTE: not-for-us (File Transfer Anywhere)
 CAN-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
-	TODO: check
+	NOTE: not-for-us (Compuware DriverStudio)
 CAN-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
-	TODO: check
+	NOTE: not-for-us (Compuware DriverStudio)
 CAN-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (vxWeb - WinCE software)
 CAN-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...)
-	TODO: check
+	NOTE: not-for-us (vxTfpSrv - WinCE software)
 CAN-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...)
-	TODO: check
+	NOTE: not-for-us (vxTfpSrv - WinCE software)
 CAN-2005-3030 (Directory traversal vulnerability in the archive decompression library ...)
-	TODO: check
+	NOTE: not-for-us (Ahnlab Anti virus)
 CAN-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...)
-	TODO: check
+	NOTE: not-for-us (Ahnlab Anti virus)
 CAN-2005-3028
 	NOTE: rejected
-	TODO: check
-end claimed by jmm
+begin claimed by jmm
 CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...)
 	TODO: check
 CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...)
@@ -63,6 +63,7 @@
 	TODO: check
 CAN-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...)
 	TODO: check
+end claimed by jmm
 CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
 	TODO: check
 CAN-2005-3011 (texindex in texinfo 4.7 and earlier allows local users to overwrite ...)
@@ -105,10 +106,6 @@
 	TODO: check
 CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
 	TODO: check
-CAN-2005-XXXX [miniserv.pl root shell command injection]
-	- webmin 1.220-1 (high)
-	- usermin 1.150-1 (high)
-	NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821
 CAN-2005-2992 [Another arc tempfile issue]
 	NOTE: reserved
 	- arc 5.21m-1 (low)