Author: joeyh
Date: 2005-07-07 09:14:15 +0000 (Thu, 07 Jul 2005)
New Revision: 1348
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-07-07 09:01:55 UTC (rev 1347)
+++ data/CAN/list 2005-07-07 09:14:15 UTC (rev 1348)
@@ -1,3 +1,49 @@
+CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick
& Dirty ...)
+ TODO: check
+CAN-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote
...)
+ TODO: check
+CAN-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague
News ...)
+ TODO: check
+CAN-2005-2166 (SQL injection vulnerability in index.php in Plague News System
0.6 and ...)
+ TODO: check
+CAN-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute
...)
+ TODO: check
+CAN-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows
remote ...)
+ TODO: check
+CAN-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in
AutoIndex PHP ...)
+ TODO: check
+CAN-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...)
+ TODO: check
+CAN-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows
remote ...)
+ TODO: check
+CAN-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie,
which ...)
+ TODO: check
+CAN-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote
...)
+ TODO: check
+CAN-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0
allows ...)
+ TODO: check
+CAN-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for
nabopoll ...)
+ TODO: check
+CAN-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows
remote ...)
+ TODO: check
+CAN-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5
and ...)
+ TODO: check
+CAN-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2)
...)
+ TODO: check
+CAN-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket
1.3.1 beta ...)
+ TODO: check
+CAN-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows
remote ...)
+ TODO: check
+CAN-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS
failures ...)
+ TODO: check
+CAN-2005-2150
+ NOTE: reserved
+CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers
to set ...)
+ TODO: check
+CAN-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input
validation to ...)
+ TODO: check
+CAN-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload
arbitrary ...)
+ TODO: check
CAN-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for
Windows ...)
TODO: check
CAN-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the
source of ...)
@@ -18,7 +64,7 @@
TODO: check
CAN-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote
attackers ...)
TODO: check
-CAN-2005-2136 (DSX Raritan Console Servers DSX16, DSX32, DSX4, DSX8, and
DSXA-48 set ...)
+CAN-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4,
DSX8, ...)
TODO: check
CAN-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz
...)
TODO: check
@@ -114,8 +160,7 @@
NOTE: reserved
CAN-2005-2097
NOTE: reserved
-CAN-2005-2096
- NOTE: reserved
+CAN-2005-2096 (Buffer overflow in zlib 1.2 and later versions allows remote
attackers ...)
{DSA-740-1}
CAN-2005-2095
NOTE: reserved
@@ -1252,8 +1297,8 @@
NOTE: reserved
CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and
overwrite ...)
TODO: check
-CAN-2005-1916
- NOTE: reserved
+CAN-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to
overwrite ...)
+ TODO: check
CAN-2005-1915
NOTE: reserved
CAN-2005-1914