Author: jmm-guest Date: 2005-07-30 13:56:12 +0000 (Sat, 30 Jul 2005) New Revision: 1501 Modified: data/CAN/list Log: processed my chunk Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-30 13:19:48 UTC (rev 1500) +++ data/CAN/list 2005-07-30 13:56:12 UTC (rev 1501) @@ -288,79 +288,80 @@ CAN-2004-2264 (** DISPUTED ** Format string bug in the open_altfile function in ...) NOTE: less is not suid, explotability unlikely CAN-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...) - TODO: check + NOTE: not-for-us (PlaySMS) CAN-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...) - TODO: check + NOTE: not-for-us (e107) CAN-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...) - TODO: check + NOTE: not-for-us (e107) CAN-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...) - TODO: check + - vsftpd 2.0.1-1 (low) CAN-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...) - TODO: check + NOTE: not-for-us (Hummingbird Exceed) CAN-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...) - TODO: check + NOTE: not-for-us (phpMyFAQ) CAN-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...) - TODO: check + NOTE: not-for-us (phpMyFAQ) CAN-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...) - TODO: check + NOTE: not-for-us (phpMyFAQ) CAN-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...) - TODO: check + NOTE: not-for-us (SurgeLDAP) CAN-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...) - TODO: check + NOTE: not-for-us (SurgeLDAP) CAN-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...) - TODO: check + NOTE: not-for-us (Astaro suite) CAN-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...) - TODO: check + NOTE: not-for-us (Astaro suite) CAN-2004-2250 (Unknown vulnerability in the "access code" in RemoteEditor before ...) - TODO: check + NOTE: not-for-us (RemoteEditor) CAN-2004-2249 (Unknown vulnerability in the "access code" in SecureEditor before ...) - TODO: check + NOTE: not-for-us (SecureEditor) CAN-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...) - TODO: check + NOTE: not-for-us (RemoteEditor) CAN-2004-2247 (Unknown vulnerability in the "admin of paypal email addresses" in ...) - TODO: check + NOTE: not-for-us (AudienceConnect) CAN-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...) - TODO: check + NOTE: not-for-us (Goollery) CAN-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...) - TODO: check + NOTE: not-for-us (Goollery) CAN-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...) - TODO: check + NOTE: not-for-us (Phorum) CAN-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...) - TODO: check + NOTE: not-for-us (Phorum) CAN-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...) - TODO: check + NOTE: not-for-us (Phorum) CAN-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...) - TODO: check + NOTE: not-for-us (Phorum) CAN-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...) TODO: check CAN-2004-2238 (** DISPUTED ** ...) TODO: check CAN-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...) - TODO: check + - moodle 1.4-1 CAN-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...) - TODO: check + - moodle 1.3.3-1 CAN-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and ...) - TODO: check + - moodle 1.2.1-1 CAN-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...) - TODO: check + - moodle 1.2.1-1 CAN-2004-2233 (Unknown "front page vulnerability with Moodle servers" for Moodle ...) - TODO: check + - moodle 1.3.2-1 CAN-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...) - TODO: check + - moodle 1.4.2-1 CAN-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...) - TODO: check + NOTE: not-for-us (InstallAnywhere) CAN-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...) - TODO: check + NOTE: not-for-us (OpenBSD) CAN-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...) - TODO: check + NOTE: not-for-us (Firefox on MacOS) CAN-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...) - TODO: check + - mozilla-firefox 1.0-1 +begin claimed by jmm CAN-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...) TODO: check CAN-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...) @@ -389,6 +390,7 @@ TODO: check CAN-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...) TODO: check +end claimed by jmm CAN-2005-XXXX [Multiple security problems in ethereal] - ethereal 0.10.12-1 (medium) CAN-2005-XXXX [strobe reads file from unsafe directory]