Author: joeyh Date: 2005-05-11 15:03:46 +0000 (Wed, 11 May 2005) New Revision: 1039 Modified: sarge-checks/CAN/list Log: done with claimed cans Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-11 13:49:57 UTC (rev 1038) +++ sarge-checks/CAN/list 2005-05-11 15:03:46 UTC (rev 1039) @@ -98,253 +98,253 @@ CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...) TODO: check end claimed by djoume -begin claimed by joeyh CAN-2004-2022 (Stack-based buffer overflow in ActivePerl for Win32 5.6.1 and 5.8.0 ...) - TODO: check + NOTE: not-for-us (various perls on Windows) CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...) - TODO: check + NOTE: not-for-us (osCommerce) CAN-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...) + NOTE: not-for-us (php-nuke) CAN-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...) - TODO: check + NOTE: not-for-us (php-nuke) CAN-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke 6.x ...) - TODO: check + NOTE: not-for-us (php-nuke) CAN-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...) - TODO: check + NOTE: not-for-us (Turbo Traffic Trader C (TTT-C)) CAN-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...) - TODO: check + NOTE: not-for-us (netchat) CAN-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) - TODO: check + NOTE: not-for-us (WebCT) CAN-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...) - TODO: check + - wget (unfixed; bug #308622) CAN-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...) - TODO: check + NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok CAN-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...) - TODO: check + NOTE: not-for-us (NetBSD) CAN-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (MSIE) CAN-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop 0.7.1 ...) - TODO: check + NOTE: not-for-us (phpShop) CAN-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...) - TODO: check + NOTE: not-for-us (NukeJokes) CAN-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...) - TODO: check + NOTE: not-for-us (NukeJokes) CAN-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...) - TODO: check + NOTE: not-for-us (NukeJokes) CAN-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone ...) - TODO: check + NOTE: not-for-us (OfficeScan) CAN-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...) - TODO: check + NOTE: not-for-us (Eudora) CAN-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...) - TODO: check + NOTE: not-for-us (SUSE Live CD) CAN-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...) - TODO: check + NOTE: not-for-us (DeleGate) CAN-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...) - TODO: check + NOTE: not-for-us (IRIX) CAN-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly ...) - TODO: check + NOTE: not-for-us (IRIX) CAN-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...) - TODO: check + NOTE: not-for-us (Php-Nuke) CAN-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...) - TODO: check + NOTE: not-for-us (Windows) CAN-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...) - TODO: check + NOTE: not-for-us (php-nuke) CAN-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...) - TODO: check + NOTE: not-for-us (kolab) CAN-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...) - TODO: check + NOTE: not-for-us (Simple Machines Forum) CAN-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...) - TODO: check + NOTE: not-for-us (FuseTalk) CAN-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...) - TODO: check + NOTE: not-for-us (FuseTalk) CAN-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...) - TODO: check + NOTE: not-for-us (omail) CAN-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...) - TODO: check + NOTE: not-for-us (Serv-U) CAN-2004-1991 (Directory traversal vulnerability in Aldo''s Web Server (aweb) 1.5 ...) - TODO: check + NOTE: not-for-us (aweb) CAN-2004-1990 (Aldo''s Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...) - TODO: check + NOTE: not-for-us (aweb) CAN-2004-1989 (PHP remote code injection vulnerability in theme.php in Coppermine ...) - TODO: check + NOTE: not-for-us (Coppermine) CAN-2004-1988 (PHP remote code injection vulnerability in init.inc.php in Coppermine ...) - TODO: check + NOTE: not-for-us (Coppermine) CAN-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...) - TODO: check + NOTE: not-for-us (Coppermine) CAN-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...) - TODO: check + NOTE: not-for-us (Coppermine) CAN-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...) - TODO: check + NOTE: not-for-us (Coppermine) CAN-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...) - TODO: check + NOTE: not-for-us (Coppermine) CAN-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...) - TODO: check + NOTE: only affects pax for 2.6; kernel-patch-adamantix contains pax + NOTE: but only for 2.4. CAN-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...) - TODO: check + NOTE: not-for-us (YaBB) CAN-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...) - TODO: check + NOTE: not-for-us (Crystal Reports) CAN-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...) - TODO: check + NOTE: not-for-us (PROPS) CAN-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...) - TODO: check + NOTE: not-for-us (PROPS) CAN-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...) - TODO: check + - moodle 1.3 CAN-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...) - TODO: check + NOTE: not-for-us (3com NBX IP VOIP NetSet Configuration Manager) CAN-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...) - TODO: check + NOTE: not-for-us (SMC Barricade broadband router 7008ABR and 7004VBR) CAN-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...) - TODO: check + NOTE: not-for-us (paFileDB) CAN-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...) - TODO: check + NOTE: not-for-us (paFileDB) CAN-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (DiGi Web Server) CAN-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...) - TODO: check + NOTE: not-for-us (PHP-Nuke) CAN-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...) - TODO: check + NOTE: not-for-us (PHP-Nuke) CAN-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...) - TODO: check + NOTE: not-for-us (Samsung SmartEther SS6215Sswitch) CAN-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...) - TODO: check + NOTE: not-for-us (OpenBB) CAN-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...) - TODO: check + NOTE: not-for-us (OpenBB) CAN-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...) - TODO: check + NOTE: not-for-us (OpenBB) CAN-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) - TODO: check + NOTE: not-for-us (OpenBB) CAN-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...) - TODO: check + NOTE: not-for-us (OpenBB) CAN-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...) - TODO: check + NOTE: not-for-us (Network Query Tool (NQT)) CAN-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Network Query Tool (NQT)) CAN-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...) - TODO: check + NOTE: not-for-us (Protector System) CAN-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Protector System) CAN-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...) - TODO: check + NOTE: not-for-us (Protector System) CAN-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...) - TODO: check + NOTE: not-for-us (Protector System) CAN-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...) - TODO: check + NOTE: not-for-us (Unreal engine) CAN-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...) - TODO: check + NOTE: not-for-us (phProfession) CAN-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...) - TODO: check + NOTE: not-for-us (phProfession) CAN-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...) - TODO: check + NOTE: not-for-us (phProfession) CAN-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...) - TODO: check + NOTE: not-for-us (Advanced Guestbook CAN-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...) - TODO: check + - xine-ui 0.99.1 CAN-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...) - TODO: check + - phpbb2 2.0.9 CAN-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...) - TODO: check + NOTE: nonsense, all command line passwords can be intercepted at least sometimes CAN-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...) - TODO: check + NOTE: not-for-us (bitdefender) CAN-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...) - TODO: check + - cherokee 0.4.21b01-1 CAN-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Kinesphere eXchange POP3 ) CAN-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Eudora) CAN-2004-1943 (PHP remote code injection vulnerability in album_portal.php in phpBB ...) - TODO: check + NOTE: not-for-us (phpbb as modified by przemo) CAN-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Fastream NETFile FTP/Web Server) CAN-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...) - TODO: check + - kphone 1:4.0.2 CAN-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...) - TODO: check + NOTE: not-for-us (Zaep) CAN-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...) - TODO: check + NOTE: not-for-us (Phorum) CAN-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...) - TODO: check + NOTE: not-for-us (Nuked-KlaN) CAN-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...) - TODO: check + NOTE: not-for-us (ZoneAlarm) CAN-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...) - TODO: check + NOTE: not-for-us (SCT Campus Pipeline) CAN-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel 3.50 ...) - TODO: check + NOTE: not-for-us (Gemitel) CAN-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...) - TODO: check + NOTE: not-for-us (Citadel) CAN-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...) - TODO: check + NOTE: not-for-us (PhpNuke) CAN-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...) - TODO: check + NOTE: not-for-us (PhpNuke) CAN-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...) - TODO: check + NOTE: not-for-us (PhpNuke) CAN-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...) - TODO: check + NOTE: not-for-us (tikiwiki) CAN-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...) - TODO: check + NOTE: not-for-us (tikiwiki) CAN-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (tikiwiki) CAN-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...) - TODO: check + NOTE: not-for-us (tikiwiki) CAN-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...) - TODO: check + NOTE: not-for-us (tikiwiki) CAN-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (tikiwiki) CAN-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...) - TODO: check + NOTE: not-for-us (MSIE) CAN-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" ...) - TODO: check + NOTE: not-for-us (X-Micro WLAN 11b Broadband Router) CAN-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...) - TODO: check + NOTE: not-for-us (X-Micro WLAN 11b Broadband Router) CAN-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...) - TODO: check + NOTE: not-for-us (Crackalaka) CAN-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (rsniff) CAN-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...) - TODO: check + - lcdproc 0.4.5 CAN-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...) - TODO: check + - lcdproc 0.4.5 CAN-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...) - TODO: check + - lcdproc 0.4.5 CAN-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...) - TODO: check + NOTE: not-for-us (phpnuke) CAN-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...) - TODO: check + NOTE: not-for-us (phpnuke) CAN-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...) - TODO: check + NOTE: not-for-us (phpnuke) CAN-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...) - TODO: check + NOTE: not-for-us (AzDGDatingLite) CAN-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...) - TODO: check + NOTE: not-for-us (Symantec) CAN-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...) - TODO: check + - clamav 0.68.1 CAN-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...) - TODO: check + NOTE: not-for-us (Mcafee FreeScan) CAN-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...) - TODO: check + NOTE: not-for-us (Kerio Personal Firewall) CAN-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (Mcafee FreeScan) CAN-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...) - TODO: check + NOTE: not-for-us (Panda ActiveScan) CAN-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...) - TODO: check + NOTE: not-for-us (Panda ActiveScan) CAN-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us (blaxxun) CAN-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...) - TODO: check + NOTE: not-for-us (Citrix MetaFrame Password Manager) CAN-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...) - TODO: check + NOTE: not-for-us (gentoo portage) CAN-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...) - TODO: check + NOTE: not-for-us (IGI 2 Covert Strike server) CAN-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...) - TODO: check -end claimed by joeyh + - monit 1:4.2.1 CAN-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...) TODO: check CAN-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...) @@ -734,9 +734,9 @@ CAN-2005-XXXX [phpbb2: Security issue in url/bbcode] - phpbb2 (unfixed; bug #308282) CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...) - - mozilla-firefox (unfixed; bug filed) + - mozilla-firefox (unfixed; bug #308620) CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...) - - mozilla-firefox (unfixed; bug filed) + - mozilla-firefox (unfixed; bug #308620) CAN-2005-1475 NOTE: reserved CAN-2005-1474