Author: djoume-guest Date: 2005-05-17 10:47:22 +0000 (Tue, 17 May 2005) New Revision: 1084 Modified: sarge-checks/CAN/list Log: * processed my block Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-17 10:36:11 UTC (rev 1083) +++ sarge-checks/CAN/list 2005-05-17 10:47:22 UTC (rev 1084) @@ -805,116 +805,110 @@ NOTE: not-for-us CAN-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...) NOTE: not-for-us -begin claimed by djoume CAN-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...) - TODO: check + NOTE: not-for-us (Edimax Router) CAN-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...) - TODO: check + NOTE: not-for-us (Edimax Router) CAN-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...) - TODO: check + NOTE: not-for-us (ZyWALL) CAN-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...) - TODO: check + NOTE: not-for-us (ASP-Nuke) CAN-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...) - TODO: check + NOTE: not-for-us (PostCalendar) CAN-2004-1786 (PortalApp places user credentials under the web root with insufficient ...) - TODO: check + NOTE: not-for-us (PortalApp) CAN-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...) - TODO: check + NOTE: not-for-us (Invision Power Board) CAN-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...) - TODO: check + NOTE: not-for-us (web server of Webcam Watchdog) CAN-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...) - TODO: check + NOTE: not-for-us (Net2Soft Flash FTP Server) CAN-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Athena Web Registration) CAN-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...) - TODO: check + NOTE: not-for-us (Info Touch Surfnet kiosk) CAN-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...) - TODO: check + NOTE: not-for-us (Info Touch Surfnet kiosk) CAN-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...) - TODO: check + NOTE: not-for-us (ThWboard) CAN-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...) - TODO: check + NOTE: not-for-us (omail webmail) CAN-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...) - TODO: check + - openldap2 2.1.17-1 CAN-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...) - TODO: check + NOTE: not-for-us (MDaemon) CAN-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...) - TODO: check + NOTE: not-for-us (MyProxy) CAN-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...) - TODO: check -CAN-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...) - TODO: check + - cherokee 0.4.21b01-1 CAN-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...) - TODO: check + NOTE: not-for-us (VieBoard) CAN-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...) - TODO: check + NOTE: not-for-us (VieBoard) CAN-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...) - TODO: check + NOTE: not-for-us (Booby) CAN-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...) - TODO: check + NOTE: not-for-us (Portal DB) CAN-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...) - TODO: check + NOTE: not-for-us (IA WebMail Server) CAN-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (e107) CAN-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...) - TODO: check + NOTE: not-for-us (PHPRecipeBook) CAN-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...) - TODO: check + NOTE: not-for-us (Nokia IPSO) CAN-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...) - TODO: check + NOTE: not-for-us (Unichat) CAN-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...) - TODO: check + NOTE: not-for-us (PHPKIT) CAN-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...) - TODO: check + NOTE: not-for-us (TelCondex SimpleWebServer) CAN-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...) - TODO: check + NOTE: not-for-us (ThWboard) CAN-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...) - TODO: check + NOTE: not-for-us (ThWboard) CAN-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...) - TODO: check + NOTE: not-for-us (Oracle Collaboration Suite) CAN-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...) - TODO: check + NOTE: not-for-us (MPM Guestbook) CAN-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...) - TODO: check + NOTE: not-for-us (Advanced Poll) CAN-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...) - TODO: check + NOTE: not-for-us (Advanced Poll) CAN-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced Poll ...) - TODO: check + NOTE: not-for-us (Advanced Poll) CAN-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us (Advanced Poll) CAN-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...) - TODO: check + NOTE: not-for-us (MERCUR Mailserver) CAN-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...) - TODO: check + NOTE: not-for-us (Web Wiz Forums) CAN-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...) - TODO: check + NOTE: not-for-us (Sympoll) CAN-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...) - TODO: check + NOTE: not-for-us (NullSoft Shoutcast Server) CAN-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...) - TODO: check + NOTE: not-for-us (Centrinity FirstClass) CAN-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...) - TODO: check + NOTE: not-for-us (Apache Software Foundation Cocoon) CAN-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...) - TODO: check + - libapache-mod-security 1.8.4-1 CAN-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...) - TODO: check + NOTE: not-for-us (kpopup) CAN-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...) - TODO: check -CAN-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...) - TODO: check + NOTE: not-for-us (DATEV Nutzungskontrolle) CAN-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...) - TODO: check + NOTE: not-for-us (kpopup) CAN-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...) - TODO: check + NOTE: not-for-us (HTTP Commander) CAN-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (BRS WebWeaver) CAN-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...) - TODO: check + - mldonkey 2.5.11-1 CAN-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Ganglia gmond) CAN-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...) - TODO: check -end claimed by djoume + NOTE: not-for-us (Tritanium Bulletin Board) CAN-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...) NOTE: ancient and unreleased source code with backdoor CAN-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...)