Author: joeyh Date: 2005-03-03 09:14:17 +0100 (Thu, 03 Mar 2005) New Revision: 516 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-02 23:08:45 UTC (rev 515) +++ sarge-checks/CAN/list 2005-03-03 08:14:17 UTC (rev 516) @@ -1,3 +1,68 @@ +CAN-2005-0940 + NOTE: rejected + TODO: check +CAN-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...) + TODO: check +CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...) + TODO: check +CAN-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...) + TODO: check +CAN-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...) + TODO: check +CAN-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...) + TODO: check +CAN-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...) + TODO: check +CAN-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...) + TODO: check +CAN-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...) + TODO: check +CAN-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...) + TODO: check +CAN-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...) + TODO: check +CAN-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...) + TODO: check +CAN-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...) + TODO: check +CAN-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...) + TODO: check +CAN-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...) + TODO: check +CAN-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...) + TODO: check +CAN-2005-0610 + NOTE: reserved +CAN-2005-0609 + NOTE: reserved +CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...) + TODO: check +CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...) + TODO: check +CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...) + TODO: check +CAN-2005-0605 + NOTE: reserved +CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...) + TODO: check +CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...) + TODO: check +CAN-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...) + TODO: check +CAN-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...) + TODO: check +CAN-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...) + TODO: check +CAN-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...) + TODO: check +CAN-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...) + TODO: check +CAN-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...) + TODO: check +CAN-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...) + TODO: check +CAN-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...) + TODO: check CAN-2005-0594 NOTE: reserved CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...) @@ -6,7 +71,7 @@ CAN-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...) - mozilla-firefox 1.0.1 - mozilla-browser (unfixed; bug #297619) -CAN-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the security and ...) +CAN-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...) - mozilla-firefox 1.0.1 CAN-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...) - mozilla-firefox 1.0.1 @@ -26,12 +91,12 @@ CAN-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...) - mozilla-firefox 1.0.1 - mozilla-browser (unfixed; bug #297620) -CAN-2005-0583 - NOTE: reserved -CAN-2005-0582 - NOTE: reserved -CAN-2005-0581 - NOTE: reserved +CAN-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...) + TODO: check +CAN-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...) + TODO: check +CAN-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...) + TODO: check CAN-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...) NOTE: not-for-us (cmd5checkpw) CAN-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...) @@ -353,7 +418,7 @@ NOTE: not-for-us (Pinnacle ShowCenter) CAN-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...) NOTE: not-for-us (PopMessenger) -CAN-2004-1697 (The "Forgot your Password" link in Computer Associates Unicenter ...) +CAN-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter ...) NOTE: not-for-u (Computer Associates Unicenter Management Portal) CAN-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...) NOTE: not-for-us (EmuLive Server4) @@ -847,8 +912,8 @@ NOTE: not-for-us (Opera) CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an applet''s access to ...) NOTE: not-for-us (Opera) -CAN-2005-0455 - NOTE: reserved +CAN-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...) + TODO: check CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...) NOTE: not-for-us (DCP-Portal) CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...) @@ -1021,7 +1086,7 @@ NOTE: not-for-us (sgallery) CAN-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...) NOTE: not-for-us (bitboard) -CAN-2005-0373 (Buffer overflow in digestmda5.c in Cyrus-SASL before 2.1.18-r1 allows ...) +CAN-2005-0373 (Buffer overflow in digestmd5.c 1.170 (also referred to as ...) NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there NOTE: cyrus-sasl2 already has patch applied @@ -1642,8 +1707,8 @@ NOTE: reserved CAN-2005-0209 NOTE: reserved -CAN-2005-0208 - NOTE: reserved +CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...) + TODO: check CAN-2005-0207 NOTE: reserved CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...) @@ -4291,10 +4356,10 @@ NOTE: not-for-us (Apple QuickTime) CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...) NOTE: not-for-us (MacOS) -CAN-2004-0429 - NOTE: reserved -CAN-2004-0428 - NOTE: reserved +CAN-2004-0429 (Unknown vulnerability related to "the handling of large requests" in ...) + TODO: check +CAN-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...) + TODO: check CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...) NOTE: fixed after 2.6.6/2.4.26 kernel CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)