Author: joeyh
Date: 2005-08-05 09:14:13 +0000 (Fri, 05 Aug 2005)
New Revision: 1526
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-08-04 18:58:55 UTC (rev 1525)
+++ data/CAN/list 2005-08-05 09:14:13 UTC (rev 1526)
@@ -1,3 +1,137 @@
+CAN-2005-2457
+ NOTE: reserved
+CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in
...)
+ TODO: check
+CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read
...)
+ TODO: check
+CAN-2005-2454
+ NOTE: reserved
+CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web
Server ...)
+ TODO: check
+CAN-2005-2452 (libtiff 4.0 allows remote attackers to cause a denial of service
...)
+ TODO: check
+CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6
enabled, ...)
+ TODO: check
+CAN-2005-2450 (Multipl integer overflows in the (1) TNEF, (2) CHM, or (3) FSG
file ...)
+ TODO: check
+CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to
create ...)
+ TODO: check
+CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg
before 1.6rc2 allow ...)
+ TODO: check
+CAN-2005-2447
+ NOTE: rejected
+ TODO: check
+CAN-2005-2446
+ NOTE: rejected
+ TODO: check
+CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6
allows ...)
+ TODO: check
+CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores
the ...)
+ TODO: check
+CAN-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document
root ...)
+ TODO: check
+CAN-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics
...)
+ TODO: check
+CAN-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom
allow ...)
+ TODO: check
+CAN-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill
Vantage ...)
+ TODO: check
+CAN-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when
...)
+ TODO: check
+CAN-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and
earlier ...)
+ TODO: check
+CAN-2005-2436 (browse.php in Website Baker Project allows remote attackers to
obtain ...)
+ TODO: check
+CAN-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in
Website ...)
+ TODO: check
+CAN-2005-2434 (Linksys WRT54G router uses the same private key and certificate
for ...)
+ TODO: check
+CAN-2005-2433 (PhpList allows remote attackers to obtain sensitive information
via a ...)
+ TODO: check
+CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers
to ...)
+ TODO: check
+CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge
4.5 ...)
+ TODO: check
+CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge
4.5 ...)
+ TODO: check
+CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not
properly set ...)
+ TODO: check
+CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form fields
in ...)
+ TODO: check
+CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in
CartWIZ ...)
+ TODO: check
+CAN-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause
a ...)
+ TODO: check
+CAN-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote
...)
+ TODO: check
+CAN-2005-2424 (The management interface for Siemens SANTIS 50 running firmware
...)
+ TODO: check
+CAN-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive
information ...)
+ TODO: check
+CAN-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive
Forum ...)
+ TODO: check
+CAN-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other
pages in ...)
+ TODO: check
+CAN-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute
...)
+ TODO: check
+CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass
authentication ...)
+ TODO: check
+CAN-2005-2418 (Realchat 3.5.1b allows remote attackers to gain privileges by
...)
+ TODO: check
+CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CAN-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx
before ...)
+ TODO: check
+CAN-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5
allow ...)
+ TODO: check
+CAN-2005-2414 (Race condition in the xpcom library, as used by web browsers
such as ...)
+ TODO: check
+CAN-2005-2413 (PHP remote file inclusion vulnerability in
apa_phpinclude.inc.php in ...)
+ TODO: check
+CAN-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP
FirstPost ...)
+ TODO: check
+CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1,
and ...)
+ TODO: check
+CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in
Network ...)
+ TODO: check
+CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and
earlier, ...)
+ TODO: check
+CAN-2005-2408
+ NOTE: reserved
+CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform
"link ...)
+ TODO: check
+CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site
scripting ...)
+ TODO: check
+CAN-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font
(ARIALUNI.TTF) is ...)
+ TODO: check
+CAN-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote
attackers to ...)
+ TODO: check
+CAN-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke
6.0 to ...)
+ TODO: check
+CAN-2004-2295 (SQL injection vulnerability in modules.php in PHP-Nuke 6.0 to
7.3 ...)
+ TODO: check
+CAN-2004-2294 (Canonicalize-before-filter error in the send_review function in
the ...)
+ TODO: check
+CAN-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke
6.0 to ...)
+ TODO: check
+CAN-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers
to ...)
+ TODO: check
+CAN-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote
...)
+ TODO: check
+CAN-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute
arbitrary ...)
+ TODO: check
+CAN-2004-2289 (Microsoft Windows XP Explorer allows local users to execute
arbitrary ...)
+ TODO: check
+CAN-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft
...)
+ TODO: check
+CAN-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light
Web ...)
+ TODO: check
+CAN-2004-2286 (Integer overflow in the duplication operator in ActivePerl
allows ...)
+ TODO: check
+CAN-2004-2285 (ActivePerl 5.8.x and others, and Larry Wall''s Perl
5.6.1 and others, ...)
+ TODO: check
+CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link
function ...)
+ TODO: check
CAN-2005-XXXX [DoS against rsync in embedded zlib copy]
NOTE: This is distinct from CAN-2005-2096, please see rsync''s 2.6.6
announcement
NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3
@@ -68,7 +202,7 @@
NOTE: not-for-us (Oracle Reports)
CAN-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files
via an ...)
NOTE: not-for-us (Oracle Reports)
-CAN-2005-2377 (nss_ldap in Mandrake Corporate Server and Mandrake 10.0 (crond
and ...)
+CAN-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake
Corporate ...)
NOTE: appears to be Mandrake specfic
CAN-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote
...)
NOTE: not-for-us (Race Driver)
@@ -107,8 +241,8 @@
NOTE: reserved
CAN-2005-2360
NOTE: reserved
-CAN-2005-2359
- NOTE: reserved
+CAN-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when
used ...)
+ TODO: check
CAN-2005-2358
NOTE: reserved
CAN-2005-2357
@@ -118,8 +252,8 @@
NOTE: see CAN-2005-2356
CAN-2005-2347
NOTE: reserved
-CAN-2005-2346
- NOTE: reserved
+CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote
attackers ...)
+ TODO: check
CAN-2005-2345
NOTE: reserved
CAN-2005-2344
@@ -245,7 +379,7 @@
NOTE: not-for-us (WebEOC)
CAN-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an
uploaded ...)
NOTE: not-for-us (WebEOC)
-CAN-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC
6.0.2 ...)
+CAN-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC
before ...)
NOTE: not-for-us (WebEOC)
CAN-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords,
which ...)
NOTE: not-for-us (WebEOC)
@@ -434,7 +568,7 @@
CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to
...)
{DSA-766-1}
- webcalender (unfixed; bug #315671; medium)
-CAN-2005-2437 [xsupplicant leaks sensitive password information into logfile]
+CAN-2005-2437 (Website Baker Project does not properly verify the file
extensions of ...)
- xsupplicant 1.0.1-5
CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access
definitions]
NOTE: This doesn''t look like a real security issue as cron.daily
should only be
@@ -1243,8 +1377,8 @@
NOTE: not-for-us (NetBSD)
CAN-2005-2133 (The log4sh_readProperties function in log4sh allows local users
to ...)
NOTE: not-for-us (log4sh)
-CAN-2005-2132
- NOTE: reserved
+CAN-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5,
and ...)
+ TODO: check
CAN-2005-2131
NOTE: reserved
CAN-2005-2130
@@ -2625,8 +2759,7 @@
CAN-2005-1854
NOTE: reserved
{DSA-772-1}
-CAN-2005-1853 [Insecure temp usage in gopher]
- NOTE: reserved
+CAN-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create
temporary ...)
{DSA-770-1}
- gopher 3.0.8 (low)
CAN-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE
3.2.3 ...)
@@ -11270,7 +11403,7 @@
- racoon 0.3.1-3
CAN-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly
other ...)
{DSA-508}
-CAN-2004-0401 (Vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before
0.2.7, ...)
+CAN-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x
before ...)
- libtasn1 0.1.2-2
CAN-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
{DSA-502 DSA-501}