[Secure-testing-commits] r1619 - data/CAN

Sun, 21 Aug 2005 14:14:49 -0700 

Author: joeyh
Date: 2005-08-21 21:14:16 +0000 (Sun, 21 Aug 2005)
New Revision: 1619

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list       2005-08-21 15:31:49 UTC (rev 1618)
+++ data/CAN/list       2005-08-21 21:14:16 UTC (rev 1619)
@@ -1,3 +1,117 @@
+CAN-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen 
VPN ...)
+       TODO: check
+CAN-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 
1.0 ...)
+       TODO: check
+CAN-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in 
PHPFreeNews ...)
+       TODO: check
+CAN-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and 
earlier ...)
+       TODO: check
+CAN-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in 
phpAdsNew ...)
+       TODO: check
+CAN-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and 
phpPgAds ...)
+       TODO: check
+CAN-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to 
Screen" feature ...)
+       TODO: check
+CAN-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, 
(2) ...)
+       TODO: check
+CAN-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in 
...)
+       TODO: check
+CAN-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 
3.5.0 to ...)
+       TODO: check
+CAN-2005-2630
+       NOTE: reserved
+CAN-2005-2629
+       NOTE: reserved
+CAN-2005-2628
+       NOTE: reserved
+CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow 
remote ...)
+       TODO: check
+CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows 
remote ...)
+       TODO: check
+CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to 
cause a ...)
+       TODO: check
+CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 
2.0.114.1 ...)
+       TODO: check
+CAN-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote 
attackers ...)
+       TODO: check
+CAN-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite 
arbitrary ...)
+       TODO: check
+CAN-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to 
cause a ...)
+       TODO: check
+CAN-2004-2471 (SQL injection vulnerability in the sloth TCL script in 
QuoteEngine ...)
+       TODO: check
+CAN-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown 
impact ...)
+       TODO: check
+CAN-2004-2469 (Unspecified vulnerability in Reservation.class.php for 
phpScheduleIt ...)
+       TODO: check
+CAN-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and 
...)
+       TODO: check
+CAN-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add 
a ...)
+       TODO: check
+CAN-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to 
cause a ...)
+       TODO: check
+CAN-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy 
Chat ...)
+       TODO: check
+CAN-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 
0.4 ...)
+       TODO: check
+CAN-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote 
...)
+       TODO: check
+CAN-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary 
files ...)
+       TODO: check
+CAN-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows 
attackers to ...)
+       TODO: check
+CAN-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows 
remote ...)
+       TODO: check
+CAN-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local 
users ...)
+       TODO: check
+CAN-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled 
or ...)
+       TODO: check
+CAN-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router 
allows ...)
+       TODO: check
+CAN-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and 
earlier ...)
+       TODO: check
+CAN-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) 
allows ...)
+       TODO: check
+CAN-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain 
sensitive ...)
+       TODO: check
+CAN-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) 
and ...)
+       TODO: check
+CAN-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 
01-00, ...)
+       TODO: check
+CAN-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 
0.30a or ...)
+       TODO: check
+CAN-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or 
Roger ...)
+       TODO: check
+CAN-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 
0.30a and ...)
+       TODO: check
+CAN-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under 
the web ...)
+       TODO: check
+CAN-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail 
Server 4.01 ...)
+       TODO: check
+CAN-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 
allows ...)
+       TODO: check
+CAN-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA 
allows ...)
+       TODO: check
+CAN-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 
0.3 ...)
+       TODO: check
+CAN-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and 
via an ...)
+       TODO: check
+CAN-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus 
products, ...)
+       TODO: check
+CAN-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has 
unknown ...)
+       TODO: check
+CAN-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and 
...)
+       TODO: check
+CAN-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 
printers ...)
+       TODO: check
+CAN-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 
allows ...)
+       TODO: check
+CAN-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote 
attackers ...)
+       TODO: check
+CAN-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier 
stores ...)
+       TODO: check
+CAN-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human 
Resources ...)
+       TODO: check
 CAN-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist 
function in ...)
        NOTE: not-for-us (CPAINT ajax toolkit)
 CAN-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote 
attackers ...)
@@ -561,7 +675,7 @@
        - linux-2.6 2.6.12-1 (medium)
 CAN-2005-2499
        NOTE: reserved
-CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier 
(XML-RPC ...)
+CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier 
(PEAR ...)
        - drupal (unfixed; bug #323347; high)
        - phpgroupware (unfixed; bug #323349; high)
        - egroupware (unfixed; bug #323350; high)
@@ -823,7 +937,7 @@
        - tiff 3.7.0-1
 CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 
enabled, ...)
        NOTE: not-for-us (IOS)
-CAN-2005-2450 (Multipl integer overflows in the (1) TNEF, (2) CHM, or (3) FSG 
file ...)
+CAN-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG 
file ...)
        {DSA-776-1}
        - clamav 0.86.2-1 (medium)
 CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to 
create ...)
@@ -4968,7 +5082,7 @@
        NOTE: not-for-us
 CAN-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute 
...)
        NOTE: not-for-us
-CAN-2004-1887 (ImgSvr 0.4 allows remote attackers to view directories or 
download ...)
+CAN-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view 
...)
        NOTE: not-for-us
 CAN-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a 
denial ...)
        NOTE: not-for-us
@@ -7683,7 +7797,7 @@
        NOTE: not-for-us (Golden FTP Server)
 CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote 
attackers to ...)
        NOTE: not-for-us (Trillian)
-CAN-2005-0632 (PHP remote code injection vulnerability in auth.php in PHPNews 
1.2.4 ...)
+CAN-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 
1.2.4 ...)
        NOTE: not-for-us (PHPNews)
 CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to 
delete ...)
        NOTE: not-for-us (PBLang)
@@ -8223,7 +8337,7 @@
        NOTE: See bug #296547 for details
 CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative 
privileges if ...)
        NOTE: not-for-us (phpScheduleIt)
-CAN-2004-1651 (Multiple Cross-site scripting (XSS) vulnerabilities in the ...)
+CAN-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
        NOTE: not-for-us (phpScheduleIt)
 CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an 
IP ...)
        NOTE: not-for-us (D-Link DCS-900)
@@ -8855,12 +8969,12 @@
        NOTE: reserved
 CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is 
marked ...)
        NOTE: not-for-us (Microsoft)
-CAN-2005-0359
-       NOTE: reserved
-CAN-2005-0358
-       NOTE: reserved
-CAN-2005-0357
-       NOTE: reserved
+CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice 
Backup 6.0 ...)
+       TODO: check
+CAN-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge 
...)
+       TODO: check
+CAN-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and 
StorEdge ...)
+       TODO: check
 CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped 
Sequence ...)
        NOTE: linux is not vulnerable, see #310804
        - kfreebsd5-source 5.3-15 (medium) 
@@ -10378,7 +10492,7 @@
        NOTE: not-for-us (Verisign Payflow Link)
 CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote 
attackers to ...)
        NOTE: not-for-us (Orbz)
-CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero" 
Intrepid Protocol ...)
+CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid 
Protocol ...)
        NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, 
(2) Nitro family, and (3) Serious Sam Second Encounter)
 CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
        NOTE: not-for-us (pnTresMailer)
@@ -12040,7 +12154,7 @@
        NOTE: not-for-us (Microsoft)
 CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows 
remote ...)
        NOTE: not-for-us (IRIX)
-CAN-2004-0482 (Multiple "incorrect bounds checking" errors in 
certain functions for ...)
+CAN-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...)
        NOTE: not-for-us (OpenBSD)
 CAN-2004-0481 (The logging feature in kcms_configure in the KCMS package on 
Solaris 8 ...)
        NOTE: not-for-us (the KCMS on Solaris)


_______________________________________________
Secure-testing-commits mailing list
[EMAIL PROTECTED]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to