Author: joeyh Date: 2005-05-18 09:14:33 +0000 (Wed, 18 May 2005) New Revision: 1091 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-17 21:41:29 UTC (rev 1090) +++ sarge-checks/CAN/list 2005-05-18 09:14:33 UTC (rev 1091) @@ -1,3 +1,133 @@ +CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...) + TODO: check +CAN-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...) + TODO: check +CAN-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...) + TODO: check +CAN-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...) + TODO: check +CAN-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...) + TODO: check +CAN-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...) + TODO: check +CAN-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...) + TODO: check +CAN-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...) + TODO: check +CAN-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...) + TODO: check +CAN-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...) + TODO: check +CAN-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...) + TODO: check +CAN-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...) + TODO: check +CAN-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...) + TODO: check +CAN-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...) + TODO: check +CAN-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...) + TODO: check +CAN-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...) + TODO: check +CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...) + TODO: check +CAN-2005-1636 (mysql_install_db in MySQL 4.x before 4.0.12 and 5.x up to 5.0.4 ...) + TODO: check +CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...) + TODO: check +CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...) + TODO: check +CAN-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...) + TODO: check +CAN-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...) + TODO: check +CAN-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...) + TODO: check +CAN-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...) + TODO: check +CAN-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...) + TODO: check +CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...) + TODO: check +CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...) + TODO: check +CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...) + TODO: check +CAN-2005-1625 + NOTE: reserved +CAN-2005-1624 + NOTE: reserved +CAN-2005-1623 + NOTE: reserved +CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...) + TODO: check +CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...) + TODO: check +CAN-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...) + TODO: check +CAN-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...) + TODO: check +CAN-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...) + TODO: check +CAN-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...) + TODO: check +CAN-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...) + TODO: check +CAN-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...) + TODO: check +CAN-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...) + TODO: check +CAN-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...) + TODO: check +CAN-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...) + TODO: check +CAN-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...) + TODO: check +CAN-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...) + TODO: check +CAN-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...) + TODO: check +CAN-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...) + TODO: check +CAN-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...) + TODO: check +CAN-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...) + TODO: check +CAN-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...) + TODO: check +CAN-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...) + TODO: check +CAN-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...) + TODO: check +CAN-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...) + TODO: check +CAN-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...) + TODO: check +CAN-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature ...) + TODO: check +CAN-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...) + TODO: check +CAN-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...) + TODO: check +CAN-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...) + TODO: check +CAN-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...) + TODO: check +CAN-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...) + TODO: check +CAN-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...) + TODO: check +CAN-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...) + TODO: check +CAN-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before ...) + TODO: check +CAN-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...) + TODO: check +CAN-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...) + TODO: check +CAN-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...) + TODO: check CAN-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...) TODO: check CAN-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...) @@ -7,7 +137,6 @@ CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] - libxpm4 (unfixed; bug #308783) CAN-2005-1589 [Local privilege escalation in the Linux kernel''s pktcdvd ioctl] - NOTE: reserved - kernel-source-2.6.8 (unfixed; bug #309429) - kernel-source-2.6.11 2.6.11-5 CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...) @@ -1263,12 +1392,12 @@ CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) NOTE: does not affect 2.6.8, 2.4.27 per horms - kernel-source-2.6.11 (unfixed; fix in svn; bug #307553) -CAN-2005-1367 - NOTE: reserved -CAN-2005-1366 - NOTE: reserved -CAN-2005-1365 - NOTE: reserved +CAN-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...) + TODO: check +CAN-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...) + TODO: check +CAN-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...) + TODO: check CAN-2005-XXXX [Insecure mailbox generation in passwd''s useradd - shadow (unfixed; bug #307259) CAN-2005-XXXX [Insecure tempfile generation in shadow''s vipw] @@ -1393,8 +1522,8 @@ CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...) NOTE: upstream says attack won''t work - sqwebmail (unfixed; bug #307575) -CAN-2005-1307 - NOTE: reserved +CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...) + TODO: check CAN-2005-1306 NOTE: reserved CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...) @@ -1486,7 +1615,6 @@ CAN-2005-1265 NOTE: reserved CAN-2005-1264 [Local privilege escalation in the Linux kernel''s raw ioctl] - NOTE: reserved - kernel-source-2.6.8 (unfixed; bug #309429) - kernel-source-2.6.11 2.6.11-5 CAN-2005-1263 [Linux kernel ELF core dump privilege escalation] @@ -1523,8 +1651,8 @@ NOTE: reserved CAN-2005-1249 NOTE: reserved -CAN-2005-1248 - NOTE: reserved +CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) + TODO: check CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...) NOTE: not-for-us (Novell Nsure Audit) CAN-2005-1246 (Format string vulnerability in the snmppd_log function in ...) @@ -1645,8 +1773,8 @@ - xine-lib 1.0.1-1 CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...) - nasm (unfixed; bug #309049) -CAN-2005-1193 - NOTE: reserved +CAN-2005-1193 (The make_clickable function in bbcode.php for phpBB before 2.0.15 ...) + TODO: check CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...) NOTE: not-for-us (HP-UX) CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...)