Author: joeyh Date: 2005-07-15 18:48:16 +0000 (Fri, 15 Jul 2005) New Revision: 1405 Modified: data/CAN/list Log: processed most of my lock and de-claimed the end Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-15 18:23:55 UTC (rev 1404) +++ data/CAN/list 2005-07-15 18:48:16 UTC (rev 1405) @@ -196,101 +196,104 @@ NOTE: not-for-us (AliveSites) CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...) NOTE: not-for-us (Express-Web) -begin claimed by joeyh CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) - TODO: check + NOTE: not-for-us (IdealBB) CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) - TODO: check + NOTE: not-for-us (IdealBB) CAN-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...) - TODO: check + NOTE: not-for-us (IdealBB) CAN-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...) - TODO: check + NOTE: not-for-us (NatterChat) CAN-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...) - TODO: check + NOTE: not-for-us (Veritas) CAN-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...) - TODO: check + NOTE: not-for-us (Cold Fusion) CAN-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...) - TODO: check + NOTE: not-for-us (Ansel) CAN-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows remote ...) - TODO: check + NOTE: not-for-us (DUclassified) CAN-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...) - TODO: check + NOTE: not-for-us (DUforum) CAN-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...) - TODO: check + NOTE: not-for-us (DUforum) CAN-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...) - TODO: check + NOTE: not-for-us (DUclassified) CAN-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...) - TODO: check + NOTE: not-for-us (DUclassmate) CAN-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...) - TODO: check + NOTE: not-for-us (kdocker) CAN-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...) - TODO: check + NOTE: not-for-us (Zanfi) CAN-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...) - TODO: check + NOTE: not-for-us (Zanfi) CAN-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...) - TODO: check + NOTE: not-for-us (MailEnable) CAN-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...) - TODO: check + NOTE: not-for-us (CJOverkill) CAN-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...) - TODO: check + NOTE: not-for-us (Turbo Traffic Trader) CAN-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...) - TODO: check + NOTE: not-for-us (Turbo Traffic Trader) CAN-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...) - TODO: check + NOTE: absolutely no useful information, garbage report + NOTE: compare with #306164 CAN-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...) - TODO: check + NOTE: not-for-us (DMXReady) CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...) - TODO: check + NOTE: not-for-us (DMXReady) CAN-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...) - TODO: check + NOTE: fixed in 1.3.6 + NOTE: ITP#217571 CAN-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...) - TODO: check + NOTE: fixed in 1.3.6 + NOTE: ITP#217571 CAN-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...) - TODO: check + NOTE: fixed in 1.3.6 + NOTE: ITP#217571 CAN-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...) - TODO: check + NOTE: not-for-us (Digicraft Yak!) CAN-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (WeHelpBUS) CAN-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...) - TODO: check + NOTE: not-for-us (Macromedia JRun) CAN-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allows ...) - TODO: check + NOTE: not-for-us (WowBB Forum) CAN-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...) - TODO: check + NOTE: not-for-us (WowBB Forum) CAN-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...) - TODO: check + NOTE: not-for-us (DevoyBB) CAN-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...) - TODO: check + NOTE: not-for-us (DevoyBB) CAN-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...) - TODO: check + NOTE: not-for-us (ReviewPost) CAN-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...) - TODO: check + NOTE: not-for-us (EarlyImpact) CAN-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...) - TODO: check + NOTE: not-for-us (EarlyImpact) CAN-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...) - TODO: check + NOTE: not-for-us (EarlyImpact) CAN-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...) - TODO: check + - cherokee 0.4.8 CAN-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...) - TODO: check + NOTE: not-for-us (Caravan) CAN-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (Application Access Server (A-A-S)) CAN-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (BaSoMail) CAN-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...) - TODO: check + - latex2rtf 1.9.16 CAN-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...) - TODO: check + NOTE: not-for-us (Canon ImageRUNNER) CAN-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...) - TODO: check + NOTE: not-for-us (Lords of the Realm) CAN-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...) - TODO: check + NOTE: not-for-us (VP-ASP) CAN-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...) - TODO: check + NOTE: not-for-us (OpenBSD) CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) TODO: check CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...) @@ -307,7 +310,6 @@ TODO: check CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...) TODO: check -end claimed by joeyh CAN-2005-XXXX [base-config log should not be world readable] - base-config 2.68 (low) CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...)