Author: joeyh Date: 2005-04-25 09:14:28 +0000 (Mon, 25 Apr 2005) New Revision: 904 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-24 14:25:11 UTC (rev 903) +++ sarge-checks/CAN/list 2005-04-25 09:14:28 UTC (rev 904) @@ -1,3 +1,87 @@ +CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...) + TODO: check +CAN-2005-1244 (Directory traversal vulnerability in the third party tool from NetIQ, ...) + TODO: check +CAN-2005-1243 (Directory traversal vulnerability in the third party tool from ...) + TODO: check +CAN-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...) + TODO: check +CAN-2005-1241 (Directory traversal vulnerability in the third party tool from ...) + TODO: check +CAN-2005-1240 (Directory traversal vulnerability in the third party tool from ...) + TODO: check +CAN-2005-1239 (Directory traversal vulnerability in the third party tool from ...) + TODO: check +CAN-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...) + TODO: check +CAN-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...) + TODO: check +CAN-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...) + TODO: check +CAN-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...) + TODO: check +CAN-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...) + TODO: check +CAN-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...) + TODO: check +CAN-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...) + TODO: check +CAN-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...) + TODO: check +CAN-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...) + TODO: check +CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...) + TODO: check +CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...) + TODO: check +CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...) + TODO: check +CAN-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...) + TODO: check +CAN-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...) + TODO: check +CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUportal Pro 3.4 allow ...) + TODO: check +CAN-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...) + TODO: check +CAN-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...) + TODO: check +CAN-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...) + TODO: check +CAN-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...) + TODO: check +CAN-2005-1219 + NOTE: reserved +CAN-2005-1218 + NOTE: reserved +CAN-2005-1217 + NOTE: reserved +CAN-2005-1216 + NOTE: reserved +CAN-2005-1215 + NOTE: reserved +CAN-2005-1214 + NOTE: reserved +CAN-2005-1213 + NOTE: reserved +CAN-2005-1212 + NOTE: reserved +CAN-2005-1211 + NOTE: reserved +CAN-2005-1210 + NOTE: reserved +CAN-2005-1209 + NOTE: reserved +CAN-2005-1208 + NOTE: reserved +CAN-2005-1207 + NOTE: reserved +CAN-2005-1206 + NOTE: reserved +CAN-2005-1205 + NOTE: reserved +CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...) + TODO: check CAN-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications] - libpam-ssh 1.91.0-9 CAN-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...) @@ -6,7 +90,7 @@ - egroupware 1.0.0.007-2.dfsg-1 CAN-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...) - egroupware 1.0.0.007-2.dfsg-1 -CAN-2005-1201 (Multiple directory traversal vulnerabilities in AZBB before 1.0.08 ...) +CAN-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...) NOTE: not-for-us (AZbb) CAN-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ ...) NOTE: not-for-us (AZbb) @@ -294,7 +378,7 @@ NOTE: not-for-us (Serendipity) CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...) NOTE: not-for-us (AS/400 system software) -CAN-2005-1132 (LG U8120 modile phone allows remote attackers to cause a denial of ...) +CAN-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...) NOTE: not-for-us (LG mobile phone) CAN-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...) NOTE: not-for-us (Veritas Focalpoint Server) @@ -645,8 +729,8 @@ - kernel-source-2.6.8 2.6.8-16 CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...) NOTE: not-for-us (Apple) -CAN-2005-0975 - NOTE: reserved +CAN-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...) + TODO: check CAN-2005-0974 NOTE: reserved CAN-2005-0973 @@ -655,8 +739,8 @@ NOTE: reserved CAN-2005-0971 NOTE: reserved -CAN-2005-0970 - NOTE: reserved +CAN-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...) + TODO: check CAN-2005-0969 NOTE: reserved CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...) @@ -1256,7 +1340,6 @@ CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) TODO: check CAN-2005-0754 [Untrusted code execution in Kommander] - NOTE: reserved - kdewebdev (unfixed; bug #305833) CAN-2005-0753 [Buffer overflow and several memory access problems in CVS] - cvs (unfixed; bug #305254) @@ -3667,13 +3750,12 @@ NOTE: reserved CAN-2005-0138 NOTE: reserved -CAN-2005-0137 - NOTE: reserved +CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...) + TODO: check CAN-2005-0136 NOTE: reserved - kernel-source-2.6.8 2.6.8-14 -CAN-2005-0135 - NOTE: reserved +CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...) - kernel-source-2.6.8 2.6.8-14 CAN-2005-0134 NOTE: reserved @@ -3706,7 +3788,8 @@ NOTE: 2.6.8 apparently ok CAN-2005-0123 NOTE: reserved -CAN-2005-0122 (Integer signedness error in the parse_machfile function in the mach-o ...) +CAN-2005-0122 + NOTE: rejected NOTE: not-for-us (MacOS X) CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...) NOTE: not-for-us (golddig)