Author: joeyh
Date: 2005-08-10 09:14:15 +0000 (Wed, 10 Aug 2005)
New Revision: 1549
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-08-09 20:32:06 UTC (rev 1548)
+++ data/CAN/list 2005-08-10 09:14:15 UTC (rev 1549)
@@ -1,3 +1,119 @@
+CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPOpenChat ...)
+ TODO: check
+CAN-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev
...)
+ TODO: check
+CAN-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev
...)
+ TODO: check
+CAN-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to
inject ...)
+ TODO: check
+CAN-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting
setuid or ...)
+ TODO: check
+CAN-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly
earlier ...)
+ TODO: check
+CAN-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke
2.5.5 ...)
+ TODO: check
+CAN-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote
attackers ...)
+ TODO: check
+CAN-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote
attackers ...)
+ TODO: check
+CAN-2005-2536 (pstotext before 1.8g does not properly use the
"-dSAFER" option when ...)
+ TODO: check
+CAN-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve
Backup ...)
+ TODO: check
+CAN-2005-2534
+ NOTE: reserved
+CAN-2005-2533
+ NOTE: reserved
+CAN-2005-2532
+ NOTE: reserved
+CAN-2005-2531
+ NOTE: reserved
+CAN-2005-2530
+ NOTE: reserved
+CAN-2005-2529
+ NOTE: reserved
+CAN-2005-2528
+ NOTE: reserved
+CAN-2005-2527
+ NOTE: reserved
+CAN-2005-2526
+ NOTE: reserved
+CAN-2005-2525
+ NOTE: reserved
+CAN-2005-2524
+ NOTE: reserved
+CAN-2005-2523
+ NOTE: reserved
+CAN-2005-2522
+ NOTE: reserved
+CAN-2005-2521
+ NOTE: reserved
+CAN-2005-2520
+ NOTE: reserved
+CAN-2005-2519
+ NOTE: reserved
+CAN-2005-2518
+ NOTE: reserved
+CAN-2005-2517
+ NOTE: reserved
+CAN-2005-2516
+ NOTE: reserved
+CAN-2005-2515
+ NOTE: reserved
+CAN-2005-2514
+ NOTE: reserved
+CAN-2005-2513
+ NOTE: reserved
+CAN-2005-2512
+ NOTE: reserved
+CAN-2005-2511
+ NOTE: reserved
+CAN-2005-2510
+ NOTE: reserved
+CAN-2005-2509
+ NOTE: reserved
+CAN-2005-2508
+ NOTE: reserved
+CAN-2005-2507
+ NOTE: reserved
+CAN-2005-2506
+ NOTE: reserved
+CAN-2005-2505
+ NOTE: reserved
+CAN-2005-2504
+ NOTE: reserved
+CAN-2005-2503
+ NOTE: reserved
+CAN-2005-2502
+ NOTE: reserved
+CAN-2005-2501
+ NOTE: reserved
+CAN-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in
Linux ...)
+ TODO: check
+CAN-2005-2499
+ NOTE: reserved
+CAN-2005-2498
+ NOTE: reserved
+CAN-2005-2497
+ NOTE: reserved
+CAN-2005-2496
+ NOTE: reserved
+CAN-2005-2495
+ NOTE: reserved
+CAN-2005-2494
+ NOTE: reserved
+CAN-2005-2493
+ NOTE: reserved
+CAN-2005-2492
+ NOTE: reserved
+CAN-2005-2491
+ NOTE: reserved
+CAN-2005-2490
+ NOTE: reserved
+CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file
functions ...)
+ TODO: check
CAN-2005-XXXX [Buffer overflow in Description parsing]
- bidwatcher (unfixed; bug #319489; high)
CAN-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and
stops adduser working]
@@ -336,7 +452,8 @@
NOTE: not-for-us (Light Web File Manager)
CAN-2004-2286 (Integer overflow in the duplication operator in ActivePerl
allows ...)
NOTE: not-for-us (ActivePerl)
-CAN-2004-2285 (ActivePerl 5.8.x and others, and Larry Wall''s Perl
5.6.1 and others, ...)
+CAN-2004-2285
+ NOTE: rejected
NOTE: not-for-us (Perl on Windows)
CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link
function ...)
NOTE: not-for-us (osCommerce)
@@ -431,22 +548,22 @@
TODO: check gaim and others that embed libgadu in source tree
CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows attackers
to ...)
- vim 1:6.3-085+1 (bug #320017; medium)
-CAN-2005-2367
- NOTE: reserved
-CAN-2005-2366
- NOTE: reserved
-CAN-2005-2365
- NOTE: reserved
-CAN-2005-2364
- NOTE: reserved
-CAN-2005-2363
- NOTE: reserved
-CAN-2005-2362
- NOTE: reserved
-CAN-2005-2361
- NOTE: reserved
-CAN-2005-2360
- NOTE: reserved
+CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function
in ...)
+ TODO: check
+CAN-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11
allows ...)
+ TODO: check
+CAN-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0
through ...)
+ TODO: check
+CAN-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or
(3) ...)
+ TODO: check
+CAN-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3
dissector, ...)
+ TODO: check
+CAN-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0
through ...)
+ TODO: check
+CAN-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER
dissector, ...)
+ TODO: check
+CAN-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5
through ...)
+ TODO: check
CAN-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when
used ...)
- kfreebsd-5 5.3-1 (medium)
CAN-2005-2358
@@ -541,7 +658,8 @@
NOTE: not-for-us (DG Remote Control Server)
CAN-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows
remote ...)
NOTE: not-for-us (Microsoft)
-CAN-2005-2303 (Unknown vulnerability in the Microsoft Windows kernel allows
remote ...)
+CAN-2005-2303
+ NOTE: rejected
NOTE: not-for-us (Microsoft)
CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted
range ...)
{DSA-771-1}
@@ -2368,26 +2486,26 @@
- ruby1.9 1.9.0+20050623-1 (medium)
CAN-2005-1991
NOTE: reserved
-CAN-2005-1990
- NOTE: reserved
-CAN-2005-1989
- NOTE: reserved
-CAN-2005-1988
- NOTE: reserved
+CAN-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to
cause a ...)
+ TODO: check
+CAN-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0
allows ...)
+ TODO: check
+CAN-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0
allows ...)
+ TODO: check
CAN-2005-1987
NOTE: reserved
CAN-2005-1986
NOTE: reserved
CAN-2005-1985
NOTE: reserved
-CAN-2005-1984
- NOTE: reserved
-CAN-2005-1983
- NOTE: reserved
-CAN-2005-1982
- NOTE: reserved
-CAN-2005-1981
- NOTE: reserved
+CAN-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for
...)
+ TODO: check
+CAN-2005-1983 (Buffer overflow in the Plug and Play (PnP) service for Microsoft
...)
+ TODO: check
+CAN-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft
Windows ...)
+ TODO: check
+CAN-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and
Windows ...)
+ TODO: check
CAN-2005-1980
NOTE: reserved
CAN-2005-1979
@@ -4086,7 +4204,7 @@
NOTE: not-for-us
CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d,
1.1.4 ...)
NOTE: not-for-us
-CAN-2004-2022 (Stack-based buffer overflow in ActivePerl for Win32 5.6.1 and
5.8.0 ...)
+CAN-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall''s Perl
5.6.1 and others, ...)
NOTE: not-for-us (various perls on Windows)
CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in
osCommerce ...)
NOTE: not-for-us (osCommerce)
@@ -5330,8 +5448,8 @@
NOTE: not-for-us (Shoutbox)
CAN-2005-1219 (Buffer overflow in the Microsoft Color Management Module for
Windows ...)
TODO: check
-CAN-2005-1218
- NOTE: reserved
+CAN-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server,
Windows ...)
+ TODO: check
CAN-2005-1217
NOTE: reserved
CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to
...)
@@ -9250,8 +9368,8 @@
NOTE: not-for-us (Microsoft)
CAN-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft
Windows ...)
NOTE: not-for-us (Microsoft)
-CAN-2005-0058
- NOTE: reserved
+CAN-2005-0058 (Buffer overflow in the Telephony Application Programming
Interface ...)
+ TODO: check
CAN-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and
Server 2003 ...)
NOTE: not-for-us (Microsoft)
CAN-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate
certain ...)