Author: stef-guest Date: 2005-03-09 12:06:33 +0100 (Wed, 09 Mar 2005) New Revision: 535 Modified: sarge-checks/CAN/list Log: checked a few Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-09 09:49:27 UTC (rev 534) +++ sarge-checks/CAN/list 2005-03-09 11:06:33 UTC (rev 535) @@ -18,50 +18,49 @@ TODO: check CAN-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...) TODO: check -begin claimed by stef CAN-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (JoWood Chaser (for Windows)) CAN-2005-0692 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 5.x allows ...) - TODO: check + NOTE: not-for-us (PHP-Fusion not in Debian) CAN-2005-0691 (PHP remote code injection vulnerability in article mode for ...) - TODO: check + NOTE: not-for-us (SocialMPN not in Debian) CAN-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...) - TODO: check + NOTE: not-for-us (Gene6 FTP Server for Win) CAN-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us (The Includer not in Debian) CAN-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...) - TODO: check + NOTE: not-for-us (Windows) CAN-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...) - TODO: check + - hashcash (unfixed; bug #298692) CAN-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...) - TODO: check + - mlterm 2.9.2 + NOTE: see bug #298621, was stalled in NEW, now accepted CAN-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...) - TODO: check + NOTE: not-for-us (OutStart Participate Enterprise) CAN-2005-0684 NOTE: reserved CAN-2005-0683 (phpBB 2.0.13 and earlier allows remote attackers to obtain the full ...) - TODO: check + - phpbb2 (unfixed; bug #298688) CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...) - TODO: check + - drupal 4.5.2 CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (Nokia) CAN-2005-0680 (PHP remote code injection vulnerability in ...) - TODO: check + NOTE: not-for-us (Download Center Lite not in Debian) CAN-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php for ...) - TODO: check + NOTE: not-for-us (Tell A Friend Script not in Debian) CAN-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for Form ...) - TODO: check + NOTE: not-for-us (Form Mail Script not in Debian) CAN-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...) - TODO: check + NOTE: not-for-us (Zorum not in Debian) CAN-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...) - TODO: check + NOTE: not-for-us (Zorum not in Debian) CAN-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...) - TODO: check + NOTE: not-for-us (Zorum not in Debian) CAN-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...) - TODO: check + NOTE: not-for-us (Pabox for PHPNuke not in Debian) CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...) - TODO: check -end claimed by stef + - phpbb2 (unfixed; bug #298690) begin claimed by djoume CAN-2005-0672 (Carsten''s 3D Engine (Ca3DE), March 2004 version and earlier, allows ...) TODO: check