Author: joeyh Date: 2005-07-30 04:20:57 +0000 (Sat, 30 Jul 2005) New Revision: 1496 Modified: data/CAN/list Log: processed block, pulled in a few previously tracked items Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-30 03:59:53 UTC (rev 1495) +++ data/CAN/list 2005-07-30 04:20:57 UTC (rev 1496) @@ -165,64 +165,63 @@ NOTE: reserved CAN-2005-2315 NOTE: reserved -begin claimed by joeyh CAN-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (PHPsFTPd) CAN-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...) - TODO: check + NOTE: not-for-us (Check Point SecuRemote NG with Application Intelligence) CAN-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (Realnode Emilda) CAN-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...) - TODO: check + - sms-pl (unfixed; bug filed; low) + NOTE: vulnerable contrib file only in source package CAN-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote ...) - TODO: check + NOTE: not-for-us (Winamp) CAN-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...) - TODO: check + NOTE: not-for-us (MSIE) CAN-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...) - TODO: check + NOTE: not-for-us (Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0) CAN-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (DG Remote Control Server) CAN-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-2303 (Unknown vulnerability in the Microsoft Windows kernel allows remote ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...) - TODO: check + - pdns (unfixed; bug #318798; medium) CAN-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...) - TODO: check + - pdns (unfixed; bug #318798; medium) CAN-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...) - TODO: check + NOTE: not-for-us (Skype) CAN-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...) - TODO: check + NOTE: not-for-us (Simple Message Board) CAN-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...) - TODO: check + NOTE: BitDefender can be used by AMaViS but is not shipped in Debian CAN-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...) - TODO: check + NOTE: not-for-us (Sybase EAServer) CAN-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...) - TODO: check + NOTE: not-for-us (YabbSE) CAN-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...) - TODO: check + - netpanzer (unfixed; bug #318329; medium) CAN-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (WPS) CAN-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...) - TODO: check + NOTE: not-for-us (PHPCounter) CAN-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...) - TODO: check + NOTE: not-for-us (PHPCounter) CAN-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...) - TODO: check -end claimed by joeyh + NOTE: not-for-us (SoftiaCom wMailServer) CAN-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...) TODO: check CAN-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...) @@ -422,9 +421,6 @@ NOTE: This doesn''t look like a real security issue as cron.daily should only be NOTE: writable by root, but lets include it as the maintainer considers it an issue - faif 1.19.2-14 (low) -CAN-2005-XXXX [pdns: Two DoS vulnerabilities in the LDAP backend] - - pdns (unfixed; bug #318798; medium) - NOTE: CVE id requested from mitre CAN-2005-2275 NOTE: reserved CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...) @@ -833,9 +829,6 @@ TODO: check CAN-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...) TODO: check -CAN-2005-XXXX [netpanzer: DoS through endless loop trigged through a crafted packet] - - netpanzer (unfixed; bug #318329; medium) - NOTE: CVE id requested from mitre CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...) NOTE: not-for-us (USANet) CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)