Moritz Muehlenhoff
2005-May-18 14:43 UTC
[Secure-testing-commits] r1094 - sarge-checks/CAN
Author: jmm-guest Date: 2005-05-18 14:43:38 +0000 (Wed, 18 May 2005) New Revision: 1094 Modified: sarge-checks/CAN/list Log: processed my block. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-18 13:59:05 UTC (rev 1093) +++ sarge-checks/CAN/list 2005-05-18 14:43:38 UTC (rev 1094) @@ -1,60 +1,62 @@ -begin claimed by jmm CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...) - TODO: check + NOTE: not-for-us (Woppoware) CAN-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...) - TODO: check + NOTE: not-for-us (Woppoware) CAN-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...) - TODO: check + NOTE: not-for-us (Woppoware) CAN-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...) - TODO: check + NOTE: not-for-us (Woppoware) CAN-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...) - TODO: check + NOTE: not-for-us (Windows) CAN-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...) - TODO: check + NOTE: not-for-us (GASoft) CAN-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...) - TODO: check + NOTE: not-for-us (GASoft) CAN-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...) - TODO: check + NOTE: not-for-us (Fastream NETFile) CAN-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...) - TODO: check + NOTE: not-for-us (Keyvan1 Gallery) CAN-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...) - TODO: check + NOTE: not-for-us (Livre d''Or) CAN-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...) - TODO: check + NOTE: not-for-us (Zoidcom) CAN-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...) - TODO: check + NOTE: not-for-us (Woltlab Burning Board) CAN-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...) - TODO: check + NOTE: not-for-us (Ignition Project) CAN-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...) - TODO: check + NOTE: not-for-us (Ignition Project) CAN-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...) - TODO: check + NOTE: not-for-us (Sigma) CAN-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...) - TODO: check + NOTE: not-for-us (SafeHTML) CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...) - TODO: check + NOTE: not-for-us (NPDS) CAN-2005-1636 (mysql_install_db in MySQL 4.x before 4.0.12 and 5.x up to 5.0.4 ...) - TODO: check + TODO: mysql-dfsg-4.1 should be already be fixed as well, double check + - mysql-dfsg 4.0.12-2 CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (JGS-Portal) CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...) - TODO: check + NOTE: not-for-us (JGS-Portal) CAN-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...) - TODO: check + NOTE: not-for-us (JGS-Portal) CAN-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...) - TODO: check + - cheetah (unfixed; bug filed) CAN-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...) - TODO: check + NOTE: not-for-us (Booby) CAN-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...) - TODO: check + NOTE: not-for-us (phpbb attachment mod) CAN-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...) - TODO: check + NOTE: not-for-us (Photopost) CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...) - TODO: check + NOTE: not-for-us (WebAPP) CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...) - TODO: check + NOTE: The reporter of the supposed vulnerability is the Debian maintainer; I''ve + NOTE: send him mail wrt his plans for this fix + TODO: Recheck with maintainer CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...) - TODO: check + NOTE: not-for-us (Pico Server) CAN-2005-1625 NOTE: reserved CAN-2005-1624 @@ -62,20 +64,19 @@ CAN-2005-1623 NOTE: reserved CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...) - TODO: check + NOTE: not-for-us (MetaCart) CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...) - TODO: check + NOTE: not-for-us (Postnuke mod) CAN-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...) - TODO: check + NOTE: not-for-us (Skull-Splitter Guestbook) CAN-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...) - TODO: check + NOTE: not-for-us (PHPMyChat) CAN-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...) - TODO: check + NOTE: not-for-us (Yahoo Messenger) CAN-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...) - TODO: check + NOTE: not-for-us (Willings WebCAM) CAN-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Ultimate PHP Board) CAN-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...) TODO: check CAN-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...)