Author: jmm-guest Date: 2005-04-18 13:00:08 +0000 (Mon, 18 Apr 2005) New Revision: 845 Modified: sarge-checks/CAN/list Log: Checked all claimed, all not-for-us. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-18 12:02:45 UTC (rev 844) +++ sarge-checks/CAN/list 2005-04-18 13:00:08 UTC (rev 845) @@ -1,20 +1,19 @@ -begin claimed by jmm CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...) NOTE: not-for-us (Sun Java) CAN-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...) - TODO: check + NOTE: not-for-us (ACNews) CAN-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (CalenderScript) CAN-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (CalenderScript) CAN-2005-1146 (Cross-site scripting (XSS) vulnerability in the login command in ...) - TODO: check + NOTE: not-for-us (CalenderScript) CAN-2005-1145 (Cross-site scripting (XSS) vulnerability in calendar.pl in ...) - TODO: check + NOTE: not-for-us (CalenderScript) CAN-2005-1144 (popup.php in EasyPHPCalendar allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (EasyPHPCalender) CAN-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...) - TODO: check + NOTE: not-for-us (EasyPHPCalender) CAN-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...) - gocr (unfixed; bug #305068) CAN-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...) @@ -22,7 +21,7 @@ CAN-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...) NOTE: not-for-us (MyBloggie) CAN-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...) NOTE: not-for-us (Kerio) CAN-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...) @@ -30,7 +29,7 @@ CAN-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...) NOTE: not-for-us (sphpBlog) CAN-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...) - TODO: check + NOTE: not-for-us (sphpBlog) CAN-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...) TODO: check CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...) @@ -44,15 +43,15 @@ CAN-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...) - egroupware (unfixed; bug #304496) CAN-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...) - TODO: check + NOTE: not-for-us (VHCS) CAN-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...) NOTE: not-for-us (Free BSD) CAN-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...) - TODO: check + NOTE: not-for-us (Free BSD) CAN-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...) - libsafe (unfixed; bug #305070) CAN-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...) NOTE: not-for-us (monkeyd) CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...) @@ -63,7 +62,8 @@ TODO: file bug - ilohamail (unfixed) CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...) - TODO: Somehow related bug 283161, but file a proper one + TODO: Somehow related bug 283161, but file a proper one, unfortunately information + TODO: is very sparse - sudo (unfixed) CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...) NOTE: not-for-us (RSA authentication agent) @@ -71,7 +71,6 @@ NOTE: not-for-us (All4WWW Homepage creator) CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...) TODO: check whether this is part of standard phpbb or an addon -end claimed by jmm CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...) TODO: check CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...)