thr3ads.net - Secure testing commits - [Secure-testing-commits] r777

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Apr-09 09:14 UTC
[Secure-testing-commits] r777 - sarge-checks/CAN

Author: joeyh
Date: 2005-04-09 09:14:17 +0000 (Sat, 09 Apr 2005)
New Revision: 777

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-04-07 18:51:25 UTC (rev 776)
+++ sarge-checks/CAN/list	2005-04-09 09:14:17 UTC (rev 777)
@@ -1,3 +1,105 @@
+CAN-2005-1017 (SQL injection vulnerability in the Update_Events function in
...)
+	TODO: check
+CAN-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp
for ...)
+	TODO: check
+CAN-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote
...)
+	TODO: check
+CAN-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise
1.04 and ...)
+	TODO: check
+CAN-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and
...)
+	TODO: check
+CAN-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable
allows ...)
+	TODO: check
+CAN-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows
remote ...)
+	TODO: check
+CAN-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6
allows ...)
+	TODO: check
+CAN-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow
(1) ...)
+	TODO: check
+CAN-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for
ASP-DEv XM ...)
+	TODO: check
+CAN-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate
Pro ...)
+	TODO: check
+CAN-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL
SOHO ...)
+	TODO: check
+CAN-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...)
+	TODO: check
+CAN-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in
...)
+	TODO: check
+CAN-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode
...)
+	TODO: check
+CAN-2005-1002 (logwebftbs2000.exe in LOG-FT File Transfer allows remote
attackers to ...)
+	TODO: check
+CAN-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CAN-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke
7.6 ...)
+	TODO: check
+CAN-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x
through ...)
+	TODO: check
+CAN-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to
...)
+	TODO: check
+CAN-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module
for ...)
+	TODO: check
+CAN-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module
for ...)
+	TODO: check
+CAN-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in
ProductCart 2.7 ...)
+	TODO: check
+CAN-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow
remote ...)
+	TODO: check
+CAN-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local
users ...)
+	TODO: check
+CAN-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in
phpMyAdmin ...)
+	TODO: check
+CAN-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not &quot;use a
secure location ...)
+	TODO: check
+CAN-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to
overwrite ...)
+	TODO: check
+CAN-2005-0989 (The Javascript engine in Mozilla Suite 1.7.6 and Firefox 1.0.1
and ...)
+	TODO: check
+CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier when
decompressing a ...)
+	TODO: check
+CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before
5.0.50 ...)
+	TODO: check
+CAN-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server
6.5.1, ...)
+	TODO: check
+CAN-2005-0985
+	NOTE: reserved
+CAN-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi
Knight: ...)
+	TODO: check
+CAN-2005-0983 (Quake 3 engine, as used in multiple games, allows remote
attackers to ...)
+	TODO: check
+CAN-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet
Another ...)
+	TODO: check
+CAN-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft EPay ...)
+	TODO: check
+CAN-2005-0980 (PHP remote code injection vulnerability in index.php in
AlstraSoft ...)
+	TODO: check
+CAN-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote
...)
+	TODO: check
+CAN-2005-0978 (Directory traversal vulnerability in the Object Push service in
IVT ...)
+	TODO: check
+CAN-2005-0977 (The shm_nopage function in the tmpfs driver in Linux kernel 2.6
does ...)
+	TODO: check
+CAN-2005-0976
+	NOTE: reserved
+CAN-2005-0975
+	NOTE: reserved
+CAN-2005-0974
+	NOTE: reserved
+CAN-2005-0973
+	NOTE: reserved
+CAN-2005-0972
+	NOTE: reserved
+CAN-2005-0971
+	NOTE: reserved
+CAN-2005-0970
+	NOTE: reserved
+CAN-2005-0969
+	NOTE: reserved
+CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows
remote ...)
+	TODO: check
+CAN-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service
...)
+	TODO: check
 CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
 	NOTE: Not in testing, only sid
 	- openwebmail (unfixed; bug #291478)
@@ -604,7 +706,6 @@
 	- kernel-source-2.4.27-10
 	- kernel-source-2.6.8 2.6.8-16
 CAN-2005-0749 [Linux kernel DoS vulnerability in elf_load_library()]
-	NOTE: reserved
 	TODO: File similar bug for 2.6.8
 	- kernel-source-2.4.27-10
 CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
@@ -725,8 +826,8 @@
 CAN-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote
...)
 	- mysql-dfsg 4.0.24
 	- mysql-dfsg-4.1 4.1.10a
-CAN-2005-0708
-	NOTE: reserved
+CAN-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5
through 5.4 ...)
+	TODO: check
 CAN-2003-1130
 	NOTE: rejected
 	NOTE: not-for-us (solaris)
@@ -1835,10 +1936,10 @@
 	- putty 0.57-1
 CAN-2005-0466
 	NOTE: reserved
-CAN-2005-0465
-	NOTE: reserved
-CAN-2005-0464
-	NOTE: reserved
+CAN-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening
files, ...)
+	TODO: check
+CAN-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions,
does ...)
+	TODO: check
 CAN-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in
JSPWiki ...)
 	- jspwiki 2.0.52-8
 CAN-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog
...)
@@ -2087,7 +2188,6 @@
 	- mozilla-firefox 1.0.2-1
 	- mozilla-thunderbird 1.0.2-1
 CAN-2005-0400 [ext2 mkdir() directory entry random kernel memory leak]
-	NOTE: reserved
 	- kernel-source-2.4.27 2.4.27-8
 	- kernel-source-2.6.8 2.6.8-16
 CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Mozilla]
@@ -2095,7 +2195,7 @@
 	- mozilla-thunderbird 1.0.2-1
 CAN-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote
...)
 	- racoon 1:0.5-5
-CAN-2005-0397 (Format string vulnerability in ImageMagick before 6.0.2.5 allows
...)
+CAN-2005-0397 (Format string vulnerability in the SetImageInfo function in
image.c ...)
 	{DSA-702-1}
 	- imagemagick 6:6.0.6.2-2.2
 CAN-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in
KDE ...)
@@ -2117,11 +2217,9 @@
 	NOTE: rejected
 	- lsh-utils 2.0-1
 CAN-2005-0388 [Improper IP number validity checking in remstats permits
arbitrary command execution]
-	NOTE: reserved
 	{DSA-704-1}
 	- remstats 1.0.13a-5
 CAN-2005-0387 [Symlink attack in unix-status-server.pl of remstats]
-	NOTE: reserved
 	{DSA-704-1}
 	- remstats 1.0.13a-5
 CAN-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in
mailreader ...)
Secure testing commits - Apr 2005 - r777 - sarge-checks/CAN

[Secure-testing-commits] r777 - sarge-checks/CAN
