Author: jmm-guest
Date: 2005-07-30 13:56:12 +0000 (Sat, 30 Jul 2005)
New Revision: 1501
Modified:
data/CAN/list
Log:
processed my chunk
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-30 13:19:48 UTC (rev 1500)
+++ data/CAN/list 2005-07-30 13:56:12 UTC (rev 1501)
@@ -288,79 +288,80 @@
CAN-2004-2264 (** DISPUTED ** Format string bug in the open_altfile function
in ...)
NOTE: less is not suid, explotability unlikely
CAN-2004-2263 (SQL injection vulnerability in the valid function in
fr_left.php in ...)
- TODO: check
+ NOTE: not-for-us (PlaySMS)
CAN-2004-2262 (ImageManager in e107 before 0.617 does not properly check the
types of ...)
- TODO: check
+ NOTE: not-for-us (e107)
CAN-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote
...)
- TODO: check
+ NOTE: not-for-us (e107)
CAN-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the
...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to
cause ...)
- TODO: check
+ - vsftpd 2.0.1-1 (low)
CAN-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen
...)
- TODO: check
+ NOTE: not-for-us (Hummingbird Exceed)
CAN-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image
Manager to ...)
- TODO: check
+ NOTE: not-for-us (phpMyFAQ)
CAN-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha
allows ...)
- TODO: check
+ NOTE: not-for-us (phpMyFAQ)
CAN-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows
remote ...)
- TODO: check
+ NOTE: not-for-us (phpMyFAQ)
CAN-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before
1.0h, ...)
- TODO: check
+ NOTE: not-for-us (SurgeLDAP)
CAN-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g
and ...)
- TODO: check
+ NOTE: not-for-us (SurgeLDAP)
CAN-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends
responses to ...)
- TODO: check
+ NOTE: not-for-us (Astaro suite)
CAN-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides
...)
- TODO: check
+ NOTE: not-for-us (Astaro suite)
CAN-2004-2250 (Unknown vulnerability in the "access code" in
RemoteEditor before ...)
- TODO: check
+ NOTE: not-for-us (RemoteEditor)
CAN-2004-2249 (Unknown vulnerability in the "access code" in
SecureEditor before ...)
- TODO: check
+ NOTE: not-for-us (SecureEditor)
CAN-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown
impact ...)
- TODO: check
+ NOTE: not-for-us (RemoteEditor)
CAN-2004-2247 (Unknown vulnerability in the "admin of paypal email
addresses" in ...)
- TODO: check
+ NOTE: not-for-us (AudienceConnect)
CAN-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before
0.04b ...)
- TODO: check
+ NOTE: not-for-us (Goollery)
CAN-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03
allows ...)
- TODO: check
+ NOTE: not-for-us (Goollery)
CAN-2004-2244 (The XML parser in Oracle 9i Application Server Release 2
9.0.3.0 and ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-2243 (Phorum allows remote attackers to hijack sessions of other
users by ...)
- TODO: check
+ NOTE: not-for-us (Phorum)
CAN-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in
Phorum, ...)
- TODO: check
+ NOTE: not-for-us (Phorum)
CAN-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and
earlier ...)
- TODO: check
+ NOTE: not-for-us (Phorum)
CAN-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and
earlier ...)
- TODO: check
+ NOTE: not-for-us (Phorum)
CAN-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier
might allow ...)
TODO: check
CAN-2004-2238 (** DISPUTED ** ...)
TODO: check
CAN-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact
and ...)
- TODO: check
+ - moodle 1.4-1
CAN-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact
and ...)
- TODO: check
+ - moodle 1.3.3-1
CAN-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact
and ...)
- TODO: check
+ - moodle 1.2.1-1
CAN-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to
log in ...)
- TODO: check
+ - moodle 1.2.1-1
CAN-2004-2233 (Unknown "front page vulnerability with Moodle
servers" for Moodle ...)
- TODO: check
+ - moodle 1.3.2-1
CAN-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module
in ...)
- TODO: check
+ - moodle 1.4.2-1
CAN-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier
allows local ...)
- TODO: check
+ NOTE: not-for-us (InstallAnywhere)
CAN-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through
3.6 ...)
- TODO: check
+ NOTE: not-for-us (OpenBSD)
CAN-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile
Server ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...)
- TODO: check
+ NOTE: not-for-us (Firefox on MacOS)
CAN-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file
...)
- TODO: check
+ - mozilla-firefox 1.0-1
+begin claimed by jmm
CAN-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when
...)
TODO: check
CAN-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete
...)
@@ -389,6 +390,7 @@
TODO: check
CAN-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote
attackers to ...)
TODO: check
+end claimed by jmm
CAN-2005-XXXX [Multiple security problems in ethereal]
- ethereal 0.10.12-1 (medium)
CAN-2005-XXXX [strobe reads file from unsafe directory]
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
