Author: joeyh Date: 2005-06-02 21:14:22 +0000 (Thu, 02 Jun 2005) New Revision: 1192 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-06-02 12:35:41 UTC (rev 1191) +++ sarge-checks/CAN/list 2005-06-02 21:14:22 UTC (rev 1192) @@ -1,70 +1,70 @@ CAN-2005-XXXX [Privilege escalation in Drupal] - - drupal 4.5.3-1 + - drupal 4.5.3-1 CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) - NOTE: not-for-us (MyBB) + NOTE: not-for-us (MyBB) CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) NOTE: Not in Sarge - wordpress 1.5.1.2-1 CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) - NOTE: not-for-us (Sony hardware issue) + NOTE: not-for-us (Sony hardware issue) CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...) - NOTE: not-for-us (Stronghold game) + NOTE: not-for-us (Stronghold game) CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...) - NOTE: not-for-us (PHPMailer) + NOTE: not-for-us (PHPMailer) CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...) - NOTE: not-for-us (PeerCast) + NOTE: not-for-us (PeerCast) CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...) - NOTE: not-for-us (Online Solutions for Educators) + NOTE: not-for-us (Online Solutions for Educators) CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...) - NOTE: not-for-us (Net Portal Dynamic System) + NOTE: not-for-us (Net Portal Dynamic System) CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) - NOTE: not-for-us (Net Portal Dynamic System) + NOTE: not-for-us (Net Portal Dynamic System) CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...) - NOTE: not-for-us (Nortel hardware) + NOTE: not-for-us (Nortel hardware) CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...) - NOTE: not-for-us (Nokia hardware) + NOTE: not-for-us (Nokia hardware) CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...) - NOTE: not-for-us (Jaws glossary gadget) + NOTE: not-for-us (Jaws glossary gadget) CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...) - NOTE: not-for-us (FreeStyle Wiki) + NOTE: not-for-us (FreeStyle Wiki) CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) - NOTE: not-for-us (ServersCheck) + NOTE: not-for-us (ServersCheck) CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) - NOTE: Cryptographic attack on AES, cannot be fixed + NOTE: Cryptographic attack on AES, cannot be fixed CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) - - ettercap (unfixed; bug #311615) + - ettercap (unfixed; bug #311615) CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) - NOTE: not-for-us (ClamAV on Mac OS X) + NOTE: not-for-us (ClamAV on Mac OS X) CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) - NOTE: not-for-us (Microsoft) + NOTE: not-for-us (Microsoft) CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...) - NOTE: not-for-us (Microsoft) + NOTE: not-for-us (Microsoft) CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) - NOTE: not-for-us (Microsoft) + NOTE: not-for-us (Microsoft) CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) - NOTE: not-for-us (Microsoft) + NOTE: not-for-us (Microsoft) CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...) - NOTE: not-for-us (Microsoft) + NOTE: not-for-us (Microsoft) CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...) - NOTE: not-for-us (India Software Solution shopping cart) + NOTE: not-for-us (India Software Solution shopping cart) CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...) - NOTE: not-for-us (Hosting Controller) + NOTE: not-for-us (Hosting Controller) CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...) - NOTE: not-for-us (phpStat) + NOTE: not-for-us (phpStat) CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...) - NOTE: not-for-us (FunkyASP) + NOTE: not-for-us (FunkyASP) CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) - NOTE: not-for-us (ZonGG) + NOTE: not-for-us (ZonGG) CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) - NOTE: not-for-us (Hosting Controller) + NOTE: not-for-us (Hosting Controller) CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) - NOTE: not-for-us (BookReview) + NOTE: not-for-us (BookReview) CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) - NOTE: not-for-us (BookReview) + NOTE: not-for-us (BookReview) CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...) - NOTE: not-for-us (MailEnable) + NOTE: not-for-us (MailEnable) CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) - NOTE: not-for-us (Active News Manager) + NOTE: not-for-us (Active News Manager) CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...) NOTE: not-for-us (MaxWebPortal) CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...) @@ -76,7 +76,7 @@ CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...) NOTE: not-for-us (Terminator game) CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...) - - davfs2 (unfixed; bug #310757) + - davfs2 (unfixed; bug #310757) CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...) NOTE: not-for-us (Listserv) CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) @@ -128,7 +128,7 @@ CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) NOTE: not-for-us (Informix Dynamic Server) CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) - - phpbb2 2.0.6d-2 + - phpbb2 2.0.6d-2 CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...) NOTE: not-for-us (SurfNOW) CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) @@ -140,7 +140,7 @@ CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and ...) NOTE: not-for-us (BlackICE) CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...) - - gallery 1.4.4-pl1-1 + - gallery 1.4.4-pl1-1 CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...) NOTE: not-for-us (Nextplace) CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) @@ -199,13 +199,13 @@ CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) NOTE: not-for-us (Mephistoles) CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) - - honeyd 0.8-1 + - honeyd 0.8-1 CAN-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...) NOTE: not-for-us (WebcamXP) CAN-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) - - phpbb2 2.0.8a-1 + - phpbb2 2.0.8a-1 CAN-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) - - phpbb2 2.0.8a-1 + - phpbb2 2.0.8a-1 CAN-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) NOTE: not-for-us (Yahoo Messenger) CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...)