Moritz Muehlenhoff
2005-Jun-09 09:41 UTC
[Secure-testing-commits] r1215 - sarge-checks/CAN
Author: jmm-guest Date: 2005-06-09 09:41:24 +0000 (Thu, 09 Jun 2005) New Revision: 1215 Modified: sarge-checks/CAN/list Log: drupal CANified, the rest only not-for-us Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-06-09 09:27:16 UTC (rev 1214) +++ sarge-checks/CAN/list 2005-06-09 09:41:24 UTC (rev 1215) @@ -36,104 +36,103 @@ NOTE: reserved CAN-2005-1912 NOTE: reserved -begin claimed by jmm CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...) - leafnode 1.11.3.rel-1 CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...) - TODO: check + NOTE: not-for-us (WWWeb Concepts Events System) CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...) - TODO: check + NOTE: not-for-us (602LAN SUITE) CAN-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...) - TODO: check + NOTE: not-for-us (Perception LiteWeb) CAN-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...) - TODO: check + NOTE: not-for-us (livingmailing) CAN-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...) - TODO: check + NOTE: not-for-us (Kaspersky) CAN-2005-1904 (SQL injection vulnerability in login.asp in JiRo''s Upload System (JUS) ...) - TODO: check + NOTE: not-for-us (JiRo''s Upload Systems) CAN-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...) - TODO: check + NOTE: not-for-us (SPA-PRO Mail) CAN-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...) - TODO: check + NOTE: not-for-us (SPA-PRO Mail) CAN-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...) - TODO: check + NOTE: not-for-us (Sawmill) CAN-2005-1900 (Multiple unknown vulnerabilities in Sawmill before 7.1.6 allow remote ...) - TODO: check + NOTE: not-for-us (Sawmill) CAN-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...) - TODO: check + NOTE: not-for-us (RakNet) CAN-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...) - TODO: check + NOTE: not-for-us (phpThumb) CAN-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...) - TODO: check + NOTE: not-for-us (FlexCast) CAN-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...) - TODO: check + NOTE: not-for-us (AOL Instant Messenger) CAN-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...) - TODO: check + NOTE: not-for-us (Mortiforo) CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...) - TODO: check + NOTE: not-for-us (Sun ONE) CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...) - TODO: check + NOTE: not-for-us (MediaWiki not yet in Debian) + TODO: track ITP: #217571 CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...) - TODO: check + NOTE: not-for-us (YaPiG) CAN-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...) - TODO: check + NOTE: not-for-us (everybuddy) CAN-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...) - TODO: check + NOTE: not-for-us (LutelWall) CAN-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...) - TODO: check + NOTE: not-for-us (GIPTables) CAN-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...) - TODO: check + NOTE: not-for-us (Lpanel) CAN-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...) - TODO: check + NOTE: not-for-us (CuteNews) CAN-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...) - TODO: check + NOTE: not-for-us (Exhibit Engine) CAN-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...) - TODO: check + NOTE: not-for-us (Dzip) CAN-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...) - TODO: check + NOTE: not-for-us (Crob) CAN-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...) - TODO: check + NOTE: not-for-us (WebSphere) CAN-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...) - TODO: check + - drupal 4.5.3-1 CAN-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...) - TODO: check + NOTE: not-for-us (Popper) CAN-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...) - TODO: check + NOTE: not-for-us (MWChat) CAN-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...) - TODO: check + NOTE: not-for-us (I-Man) CAN-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...) - TODO: check + NOTE: not-for-us (Symantec) CAN-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...) - TODO: check + NOTE: not-for-us (Calendarix) CAN-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...) - TODO: check + NOTE: not-for-us (Calendarix) CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Calendarix) CAN-2003-1218 NOTE: reserved CAN-2003-1217 @@ -247,8 +246,6 @@ NOTE: not-for-us (FutureSoft TFTP Server) CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...) NOTE: not-for-us (FutureSoft TFTP Server) -CAN-2005-XXXX [Privilege escalation in Drupal] - - drupal 4.5.3-1 CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) NOTE: not-for-us (MyBB) CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...)