Author: djoume-guest Date: 2005-03-04 15:45:31 +0100 (Fri, 04 Mar 2005) New Revision: 522 Modified: sarge-checks/CAN/list Log: * processed some CAN Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-04 11:08:48 UTC (rev 521) +++ sarge-checks/CAN/list 2005-03-04 14:45:31 UTC (rev 522) @@ -208,53 +208,55 @@ TODO: check CAN-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows ...) TODO: check + NOTE: I have mailed upstream to be sure. -- Djoume CAN-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...) - TODO: check + NOTE: not-for-us (MyDMS) CAN-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...) - TODO: check + NOTE: not-for-us (MyDMS) CAN-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...) - TODO: check + - mantis 0.19.0-1 CAN-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...) - TODO: check + - mantis 0.19.0-1 + NOTE: I have mailed upstream to be sure. -- Djoume +end claimed by djoume CAN-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...) - TODO: check + NOTE: not-for-us (Nihuo Web Log Analyzer) CAN-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...) - TODO: check + NOTE: not-for-us (sarad) CAN-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (BadBlue) CAN-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...) - TODO: check + NOTE: not-for-us (XV) CAN-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...) - TODO: check + NOTE: not-for-us (XV) CAN-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...) - TODO: check + NOTE: not-for-us (PHP-Fusion) CAN-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...) - TODO: check + NOTE: not-for-us (PHP-Fusion) CAN-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...) - TODO: check + NOTE: not-for-us (Merak Mail Server) CAN-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...) - TODO: check + NOTE: not-for-us (Merak Mail Server) CAN-2004-1720 (The (1) address.html or (2) calendar.html pages in Merak Mail Server ...) - TODO: check + NOTE: not-for-us (Merak Mail Server) CAN-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...) - TODO: check + NOTE: not-for-us (Merak Webmail Server) CAN-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...) - TODO: check + NOTE: not-for-us (IPD) CAN-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...) - TODO: check + - gv 1:3.6.1-1 CAN-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...) - TODO: check + NOTE: not-for-us (PForum) CAN-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...) - TODO: check + NOTE: not-for-us (MIMEsweeper) CAN-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...) - TODO: check + NOTE: not-for-us (BlackICE PC Protection) CAN-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...) - TODO: check + NOTE: not-for-us (PRM on HP-UX) CAN-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...) - TODO: check + NOTE: not-for-us (TypePad) CAN-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...) - TODO: check -end claimed by djoume + - moodle 1.4-1 CAN-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...) NOTE: not-for-us (page.cgi) CAN-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...)