Author: joeyh
Date: 2005-08-25 21:14:17 +0000 (Thu, 25 Aug 2005)
New Revision: 1648
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-08-25 13:45:07 UTC (rev 1647)
+++ data/CAN/list 2005-08-25 21:14:17 UTC (rev 1648)
@@ -1,3 +1,19 @@
+CAN-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier
allow ...)
+ TODO: check
+CAN-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract
...)
+ TODO: check
+CAN-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke
...)
+ TODO: check
+CAN-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke
...)
+ TODO: check
+CAN-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in
SaveWebPortal ...)
+ TODO: check
+CAN-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4
allows ...)
+ TODO: check
+CAN-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows
remote ...)
+ TODO: check
+CAN-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary
PHP ...)
+ TODO: check
CAN-2005-XXXX [Insecure temp files in firehol]
- firehol 1.231-4 (low)
CAN-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers
to ...)
@@ -2,3 +18,3 @@
NOTE: not-for-us (Virtual Edge Netquery)
-CAN-2005-2683 (SQL injection vulnerability in include.php in PHPKit 1.6.1 allow
...)
+CAN-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow
remote ...)
NOTE: not-for-us (PHPKit)
@@ -466,8 +482,7 @@
NOTE: reserved
{DSA-778-1}
- mantis 0.19.2-4 (low)
-CAN-2005-2556
- NOTE: reserved
+CAN-2005-2556 (SQL injection vulnerability in Mantis before 0.19.2 allows
remote ...)
{DSA-778-1}
- mantis 0.19.2-4 (medium)
CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy
access to ...)
@@ -709,14 +724,14 @@
- pstotext 1.9-2 (medium)
CAN-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve
Backup ...)
NOTE: not-for-us (ARCserve Backup)
-CAN-2005-2534
- NOTE: reserved
-CAN-2005-2533
- NOTE: reserved
-CAN-2005-2532
- NOTE: reserved
-CAN-2005-2531
- NOTE: reserved
+CAN-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is
not ...)
+ TODO: check
+CAN-2005-2533 (OpenVPN before 2.0.1, when running in "dev
tap" Ethernet bridging ...)
+ TODO: check
+CAN-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error
queue ...)
+ TODO: check
+CAN-2005-2531 (OpenVPN before 2.0.1, when running with "verb
0" and without TLS ...)
+ TODO: check
CAN-2005-2530
NOTE: reserved
CAN-2005-2529
@@ -2375,6 +2390,7 @@
CAN-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows
remote ...)
NOTE: not-for-us (Geeklog)
CAN-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS
failures ...)
+ {DSA-784-1}
- courier 0.47-6 (low)
CAN-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4
does ...)
NOTE: not-for-us (Microsoft)
@@ -3837,10 +3853,10 @@
NOTE: reserved
CAN-2005-1844
NOTE: reserved
-CAN-2005-1843
- NOTE: reserved
-CAN-2005-1842
- NOTE: reserved
+CAN-2005-1843 (Unknown vulnerability in VCNative for Adobe Version Cue 1.0 and
1.0.1, ...)
+ TODO: check
+CAN-2005-1842 (Unknown vulnerability in VCNative for Adobe Version Cue 1.0 and
1.0.1, ...)
+ TODO: check
CAN-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris,
...)
NOTE: not-for-us (acroread)
CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used
memory ...)