Author: joeyh
Date: 2005-07-30 04:59:32 +0000 (Sat, 30 Jul 2005)
New Revision: 1498
Modified:
data/CAN/list
Log:
done with block
also, found old uudeview hole that was miscategorised
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-07-30 04:21:58 UTC (rev 1497)
+++ data/CAN/list 2005-07-30 04:59:32 UTC (rev 1498)
@@ -172,7 +172,7 @@
CAN-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows
remote ...)
NOTE: not-for-us (Realnode Emilda)
CAN-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary
files ...)
- - sms-pl (unfixed; bug filed; low)
+ - sms-pl (unfixed; bug #320540; low)
NOTE: vulnerable contrib file only in source package
CAN-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote
...)
NOTE: not-for-us (Winamp)
@@ -222,73 +222,71 @@
NOTE: not-for-us (PHPCounter)
CAN-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to
cause a ...)
NOTE: not-for-us (SoftiaCom wMailServer)
-begin claimed by joeyh
CAN-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization,
which ...)
- TODO: check
+ NOTE: not-for-us (WebEOC)
CAN-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations
such as ...)
- TODO: check
+ NOTE: not-for-us (WebEOC)
CAN-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2
allow ...)
- TODO: check
+ NOTE: not-for-us (WebEOC)
CAN-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an
uploaded ...)
- TODO: check
+ NOTE: not-for-us (WebEOC)
CAN-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC
6.0.2 ...)
- TODO: check
+ NOTE: not-for-us (WebEOC)
CAN-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords,
which ...)
- TODO: check
+ NOTE: not-for-us (WebEOC)
CAN-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause
a ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running
firmware ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in
MailEnable ...)
- TODO: check
+ NOTE: not-for-us (MailEnable)
CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0
allows ...)
{DSA-762-1}
- affix 2.1.2-2 (medium)
CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise
WebAccess ...)
- TODO: check
+ NOTE: not-for-us (Novell Groupwise WebAccess)
CAN-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail
before ...)
- TODO: check
+ NOTE: not-for-us (OpenWebmail)
CAN-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows
remote ...)
- TODO: check
+ - dansguardian 2.6.1-13 (medium)
CAN-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass
URL ...)
- TODO: check
+ - dansguardian 2.7.7-2
CAN-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before
6.5.4 ...)
- TODO: check
+ NOTE: not-for-us (IBM Lotus Notes)
CAN-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x
before ...)
- TODO: check
+ NOTE: not-for-us (IBM Lotus Notes)
CAN-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board
1.3 ...)
- TODO: check
+ NOTE: not-for-us (Invision Power Board)
CAN-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI
in ...)
- TODO: check
+ NOTE: not-for-us (vHost)
CAN-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life
...)
- TODO: check
+ NOTE: not-for-us (aGSM Half-Life)
CAN-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security
5.50 and ...)
- TODO: check
+ NOTE: not-for-us (F-Secure Anti-Virus)
CAN-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute
...)
- TODO: check
+ NOTE: not-for-us (I-Mall Commerce)
CAN-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact
and ...)
- TODO: check
+ NOTE: not-for-us (w3m Jigsaw)
CAN-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of
service ...)
- TODO: check
+ NOTE: not-for-us (efFingerD)
CAN-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in
efFingerD ...)
- TODO: check
+ NOTE: not-for-us (efFingerD)
CAN-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us (MiniShare)
CAN-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and
4.1 ...)
- TODO: check
+ NOTE: not-for-us (IBM Parallel Environment)
CAN-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection
...)
- TODO: check
+ - pads 1.1.1 (high)
CAN-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the
database ...)
- TODO: check
+ NOTE: not-for-us (PimenGest2)
CAN-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and
earlier ...)
- TODO: check
+ NOTE: not-for-us (Ansel)
CAN-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows
remote ...)
- TODO: check
+ NOTE: not-for-us (Ansel)
CAN-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely
during ...)
- TODO: check
+ - uudeview (unfixed; bug filed; medium)
CAN-2004-2264 (** DISPUTED ** Format string bug in the open_altfile function in
...)
- TODO: check
-end claimed by joeyh
+ NOTE: less is not suid, explotability unlikely
CAN-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php
in ...)
TODO: check
CAN-2004-2262 (ImageManager in e107 before 0.617 does not properly check the
types of ...)
@@ -11384,7 +11382,7 @@
CAN-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic
...)
NOTE: not-for-us (AXIS 2100)
CAN-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2
through ...)
- NOTE: not-for-us (WinZip)
+ - uudeview 0.5.20 (medium)
CAN-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are
all ...)
NOTE: not-for-us (extremail)
CAN-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0
allows ...)