Secure testing commits - Jun 2005 - r1255 - data/CAN

Author: joeyh
Date: 2005-06-22 21:14:20 +0000 (Wed, 22 Jun 2005)
New Revision: 1255

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-06-21 21:13:31 UTC (rev 1254)
+++ data/CAN/list	2005-06-22 21:14:20 UTC (rev 1255)
@@ -1,3 +1,427 @@
+CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor
1.4.3 ...)
+	TODO: check
+CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows
remote ...)
+	TODO: check
+CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before
1.8 ...)
+	TODO: check
+CAN-2005-2041 (Buffer overflow in addschup in ViRobot 2.0 allows remote
attackers to ...)
+	TODO: check
+CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in
telnetd ...)
+	TODO: check
+CAN-2005-2039 (Unknown vulnerability in "various plugins" for
NanoBlogger 3.2.1 and ...)
+	TODO: check
+CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information
of ...)
+	TODO: check
+CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0
allow ...)
+	TODO: check
+CAN-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers
to ...)
+	TODO: check
+CAN-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat
1.2.1 ...)
+	TODO: check
+CAN-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for
...)
+	TODO: check
+CAN-2005-2033 (Directory traversal vulnerability in folderview.asp for
BlueCollar ...)
+	TODO: check
+CAN-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9
allows ...)
+	TODO: check
+CAN-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote
...)
+	TODO: check
+CAN-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for
passwords ...)
+	TODO: check
+CAN-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the
web root ...)
+	TODO: check
+CAN-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4
and ...)
+	TODO: check
+CAN-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09
does ...)
+	TODO: check
+CAN-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09
has a ...)
+	TODO: check
+CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote
attackers to ...)
+	TODO: check
+CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote
attackers ...)
+	TODO: check
+CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using
S/MIME ...)
+	TODO: check
+CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2
Patch ...)
+	TODO: check
+CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and
earlier ...)
+	TODO: check
+CAN-2005-2020
+	NOTE: reserved
+CAN-2005-2019
+	NOTE: reserved
+CAN-2005-2018
+	NOTE: reserved
+CAN-2005-2017
+	NOTE: reserved
+CAN-2005-2016
+	NOTE: reserved
+CAN-2005-2015
+	NOTE: reserved
+CAN-2005-2014 (The "upload a language pack" feature in paFAQ
1.0 Beta 4 allows remote ...)
+	TODO: check
+CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive
...)
+	TODO: check
+CAN-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0
Beta 4 ...)
+	TODO: check
+CAN-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0
Beta ...)
+	TODO: check
+CAN-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in
Ublog ...)
+	TODO: check
+CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5
allow ...)
+	TODO: check
+CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to
obtain the ...)
+	TODO: check
+CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and
earlier ...)
+	TODO: check
+CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to
obtain ...)
+	TODO: check
+CAN-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the
users.dat ...)
+	TODO: check
+CAN-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP
Board ...)
+	TODO: check
+CAN-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to
obtain ...)
+	TODO: check
+CAN-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and
...)
+	TODO: check
+CAN-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB
3.1 and ...)
+	TODO: check
+CAN-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and
earlier ...)
+	TODO: check
+CAN-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in
pafiledb.php in ...)
+	TODO: check
+CAN-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1
allows ...)
+	TODO: check
+CAN-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to
...)
+	TODO: check
+CAN-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix
Site ...)
+	TODO: check
+CAN-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to
download ...)
+	TODO: check
+CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
+	TODO: check
+CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8
sets ...)
+	TODO: check
+CAN-2005-1991
+	NOTE: reserved
+CAN-2005-1990
+	NOTE: reserved
+CAN-2005-1989
+	NOTE: reserved
+CAN-2005-1988
+	NOTE: reserved
+CAN-2005-1987
+	NOTE: reserved
+CAN-2005-1986
+	NOTE: reserved
+CAN-2005-1985
+	NOTE: reserved
+CAN-2005-1984
+	NOTE: reserved
+CAN-2005-1983
+	NOTE: reserved
+CAN-2005-1982
+	NOTE: reserved
+CAN-2005-1981
+	NOTE: reserved
+CAN-2005-1980
+	NOTE: reserved
+CAN-2005-1979
+	NOTE: reserved
+CAN-2005-1978
+	NOTE: reserved
+CAN-2005-1977
+	NOTE: reserved
+CAN-2005-1976
+	NOTE: reserved
+CAN-2002-1782 (The default configuration of University of Washington IMAP
daemon ...)
+	TODO: check
+CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow
remote ...)
+	TODO: check
+CAN-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that
allows a ...)
+	TODO: check
+CAN-2002-1779 (The "block fragmented IP Packets" option in
Symantec Norton Personal ...)
+	TODO: check
+CAN-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers
to ...)
+	TODO: check
+CAN-2002-1777 (** DISPUTED ** ...)
+	TODO: check
+CAN-2002-1776 (** DISPUTED ** ...)
+	TODO: check
+CAN-2002-1775 (** DISPUTED ** ...)
+	TODO: check
+CAN-2002-1774 (** DISPUTED ** ...)
+	TODO: check
+CAN-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2
allows ...)
+	TODO: check
+CAN-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain
"Domain ...)
+	TODO: check
+CAN-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to
send ...)
+	TODO: check
+CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary
code ...)
+	TODO: check
+CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user,
...)
+	TODO: check
+CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled,
allows ...)
+	TODO: check
+CAN-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5
for ...)
+	TODO: check
+CAN-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users
to ...)
+	TODO: check
+CAN-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CAN-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local
users to ...)
+	TODO: check
+CAN-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the
"Shift" ...)
+	TODO: check
+CAN-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security
scans ...)
+	TODO: check
+CAN-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1
allows ...)
+	TODO: check
+CAN-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through
3.1 ...)
+	TODO: check
+CAN-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not
properly ...)
+	TODO: check
+CAN-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or
modify ...)
+	TODO: check
+CAN-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for
...)
+	TODO: check
+CAN-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service
...)
+	TODO: check
+CAN-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded
packets, ...)
+	TODO: check
+CAN-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83
allows ...)
+	TODO: check
+CAN-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro)
allows ...)
+	TODO: check
+CAN-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote
attackers ...)
+	TODO: check
+CAN-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote
...)
+	TODO: check
+CAN-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote
...)
+	TODO: check
+CAN-2002-1749 (Windows 2000 Terminal Services, when using the disconnect
feature of ...)
+	TODO: check
+CAN-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as
used in ...)
+	TODO: check
+CAN-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows
...)
+	TODO: check
+CAN-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user
sessions ...)
+	TODO: check
+CAN-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft
IIS ...)
+	TODO: check
+CAN-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft
IIS 5.0 ...)
+	TODO: check
+CAN-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CAN-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load
arbitrary ...)
+	TODO: check
+CAN-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in
WorldClient ...)
+	TODO: check
+CAN-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
+	TODO: check
+CAN-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak
encryption ...)
+	TODO: check
+CAN-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default
...)
+	TODO: check
+CAN-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and
...)
+	TODO: check
+CAN-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote
attackers to ...)
+	TODO: check
+CAN-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain
...)
+	TODO: check
+CAN-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...)
+	TODO: check
+CAN-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based
message ...)
+	TODO: check
+CAN-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic
Catalog ...)
+	TODO: check
+CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list
valid ...)
+	TODO: check
+CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete
arbitrary ...)
+	TODO: check
+CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook
1.00 ...)
+	TODO: check
+CAN-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to
determine ...)
+	TODO: check
+CAN-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and
(2) ...)
+	TODO: check
+CAN-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass
...)
+	TODO: check
+CAN-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to
obtain ...)
+	TODO: check
+CAN-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for
...)
+	TODO: check
+CAN-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path
to the ...)
+	TODO: check
+CAN-2002-1722 (Logitech iTouch keyboards allows attackers with physical access
to the ...)
+	TODO: check
+CAN-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote
...)
+	TODO: check
+CAN-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5
allows ...)
+	TODO: check
+CAN-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to
modify ...)
+	TODO: check
+CAN-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote
...)
+	TODO: check
+CAN-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote
...)
+	TODO: check
+CAN-2002-1716 (The Host() function in the Microsoft spreadsheet component on
...)
+	TODO: check
+CAN-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users
to ...)
+	TODO: check
+CAN-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote
attackers to ...)
+	TODO: check
+CAN-2002-1713 (The Standard security setting for Mandrake-Security package
(msec) in ...)
+	TODO: check
+CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial
of ...)
+	TODO: check
+CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX
...)
+	TODO: check
+CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail
1.1.0 ...)
+	TODO: check
+CAN-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows
remote ...)
+	TODO: check
+CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10
...)
+	TODO: check
+CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when
"allow_url_fopen" and ...)
+	TODO: check
+CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200
and ...)
+	TODO: check
+CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote
attackers to ...)
+	TODO: check
+CAN-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and
"register_globals" ...)
+	TODO: check
+CAN-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for
Mewsoft ...)
+	TODO: check
+CAN-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP
...)
+	TODO: check
+CAN-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template
...)
+	TODO: check
+CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and
1.5 ...)
+	TODO: check
+CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through
4.6 ...)
+	TODO: check
+CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a
weak ...)
+	TODO: check
+CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4
silently ...)
+	TODO: check
+CAN-2002-1695 (Norton Internet Security 2001 opens log files with
FILE_SHARE_READ and ...)
+	TODO: check
+CAN-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files
with ...)
+	TODO: check
+CAN-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows
...)
+	TODO: check
+CAN-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords
in the ...)
+	TODO: check
+CAN-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack
vectors ...)
+	TODO: check
+CAN-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0
could ...)
+	TODO: check
+CAN-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5
through ...)
+	TODO: check
+CAN-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local
users ...)
+	TODO: check
+CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown
...)
+	TODO: check
+CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise
Edition ...)
+	TODO: check
+CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2
or (2) ...)
+	TODO: check
+CAN-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal
Edition ...)
+	TODO: check
+CAN-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow
local ...)
+	TODO: check
+CAN-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS
releases ...)
+	TODO: check
+CAN-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb
...)
+	TODO: check
+CAN-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin
2.2.0 ...)
+	TODO: check
+CAN-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in
Jelsoft ...)
+	TODO: check
+CAN-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to
determine ...)
+	TODO: check
+CAN-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows
local ...)
+	TODO: check
+CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of
cio_main.c ...)
+	TODO: check
+CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a
denial of ...)
+	TODO: check
+CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or
filter ...)
+	TODO: check
+CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin
with ...)
+	TODO: check
+CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote
attackers ...)
+	TODO: check
+CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites
...)
+	TODO: check
+CAN-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory
with ...)
+	TODO: check
+CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of
...)
+	TODO: check
+CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and
...)
+	TODO: check
+CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through
11i.6 ...)
+	TODO: check
+CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in
HP ...)
+	TODO: check
+CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data
into ...)
+	TODO: check
+CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute
arbitrary ...)
+	TODO: check
+CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and
SunOS ...)
+	TODO: check
+CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows
remote ...)
+	TODO: check
+CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other
versions ...)
+	TODO: check
+CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly
...)
+	TODO: check
+CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different
error ...)
+	TODO: check
+CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute
arbitrary ...)
+	TODO: check
+CAN-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local
users to ...)
+	TODO: check
+CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs
thttpd ...)
+	TODO: check
+CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote
attackers ...)
+	TODO: check
+CAN-2001-1494 (script command in the util-linux package before 2.11n allows
local ...)
+	TODO: check
+CAN-2001-1492 ( ...)
+	TODO: check
+CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service
(CPU ...)
+	TODO: check
+CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CAN-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a
...)
+	TODO: check
+CAN-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon
u2.10.05.18 ...)
+	TODO: check
+CAN-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local
users ...)
+	TODO: check
+CAN-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial
File ...)
+	TODO: check
+CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4
allows ...)
+	TODO: check
+CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2
...)
+	TODO: check
+CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in
...)
+	TODO: check
+CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04
allows ...)
+	TODO: check
+CAN-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8
allows ...)
+	TODO: check
+CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open
Unix ...)
+	TODO: check
+CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or
IDS ...)
+	TODO: check
+CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the
cgi-bin ...)
+	TODO: check
 CAN-2005-XXXX [File upload vulnerability in trac]
 	- trac 0.8.4-1
 CAN-2005-XXXX [Race condition in sudo''s pathname validation]
@@ -436,8 +860,7 @@
 	NOTE: not-for-us (HPUX)
 CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast!
Antivirus 4.6 ...)
 	NOTE: not-for-us (Avast)
-CAN-2005-1769 [Multiple Cross Site Scripting vulnerabilities in Squirrelmail]
-	NOTE: reserved
+CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in
SquirrelMail ...)
 	- squirrelmail (unfixed; bug #314374; low)
 CAN-2005-1768
 	NOTE: reserved
@@ -622,8 +1045,8 @@
 	NOTE: reserved
 CAN-2005-1730
 	NOTE: reserved
-CAN-2005-1729
-	NOTE: reserved
+CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a
denial of ...)
+	TODO: check
 CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely
logs ...)
 	NOTE: not-for-us (Apple)
 CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
@@ -747,8 +1170,8 @@
 	NOTE: not-for-us (Yahoo Messenger)
 CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800
switches ...)
 	NOTE: not-for-us (Extreme BlackDiamond hardware)
-CAN-2005-1669
-	NOTE: reserved
+CAN-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final
Build 1095 ...)
+	TODO: check
 CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain
...)
 	NOTE: not-for-us (YusASP Web Asset Manager)
 CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a
...)
@@ -1979,8 +2402,8 @@
 CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary
Javascript ...)
 	- mozilla-firefox 1.0.4-1
 	TODO: check mozilla too
-CAN-2005-1475
-	NOTE: reserved
+CAN-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows
remote ...)
+	TODO: check
 CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to
install ...)
 	NOTE: not-for-us (Apple)
 CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with
physical ...)
@@ -2230,13 +2653,13 @@
 	NOTE: not-for-us (Mandrake specific packaging flaw)
 CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes
module ...)
 	NOTE: not-for-us (phpbb mod)
-CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline
1.5.3 ...)
+CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline
(aka ...)
 	NOTE: not-for-us (Claroline)
 CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php
or ...)
 	NOTE: not-for-us (Claroline)
-CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3
through 1.6 ...)
+CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos)
1.5.3 ...)
 	NOTE: not-for-us (Claroline)
-CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
1.5.3 ...)
+CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
(aka ...)
 	NOTE: not-for-us (Claroline)
 CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4
Koobi ...)
 	NOTE: not-for-us (Koobi CMS)
@@ -2299,7 +2722,7 @@
 	- libconvert-uulib-perl 1.0.5.1
 CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and
earlier ...)
 	NOTE: not-for-us (MailEnable)
-CAN-2005-1347 (Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows
remote ...)
+CAN-2005-1347 (** UNVERIFIABLE ** ...)
 	NOTE: not-for-us (acrobat)
 CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus
2005 ...)
 	NOTE: not-for-us (Symantec)
@@ -2385,8 +2808,7 @@
 	NOTE: upstream says attack won''t work, see bug 307575
 CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local
users to ...)
 	NOTE: not-for-us (Adobe Version Cue)
-CAN-2005-1306 [Information leak through XML external entities in Adobe Reader
7]
-	NOTE: reserved
+CAN-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and
7.0.1 ...)
 	NOTE: not-for-us (Adobe Reader 7)
 CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary
files ...)
 	NOTE: not-for-us (hyper.cgi)
@@ -2470,8 +2892,7 @@
 	- gaim 1:1.3.1-1 (low)
 CAN-2005-1268
 	NOTE: reserved
-CAN-2005-1267 [tcpdump: DoS through endless loop in BGP decoder]
-	NOTE: reserved
+CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly
handle ...)
 	- tcpdump 3.9.0.cvs.20050614-1 (low)
 CAN-2005-1266
 	NOTE: reserved