Secure testing commits - Mar 2005 - r544 - sarge-checks/CAN

Author: joeyh
Date: 2005-03-11 09:14:20 +0100 (Fri, 11 Mar 2005)
New Revision: 544

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-03-10 21:51:30 UTC (rev 543)
+++ sarge-checks/CAN/list	2005-03-11 08:14:20 UTC (rev 544)
@@ -1,3 +1,57 @@
+CAN-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch
...)
+	TODO: check
+CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to
cause a ...)
+	TODO: check
+CAN-2005-0705
+	NOTE: reserved
+CAN-2005-0704
+	NOTE: reserved
+CAN-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions,
allows ...)
+	TODO: check
+CAN-2004-1769 (The "Allow cPanel users to reset their password via
email" feature in ...)
+	TODO: check
+CAN-2004-1768 (The character converters in the Spamhunter and Language ID
modules for ...)
+	TODO: check
+CAN-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to
gainp ...)
+	TODO: check
+CAN-2004-1766 (The default installation of NetScreen-Security Manager before
Feature ...)
+	TODO: check
+CAN-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4
for ...)
+	TODO: check
+CAN-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04,
B.11.11, ...)
+	TODO: check
+CAN-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1
Patch 06 ...)
+	TODO: check
+CAN-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for
Linux ...)
+	TODO: check
+CAN-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows
attackers to ...)
+	TODO: check
+CAN-2004-1760 (The default installation of Cisco IBM Director agent does not
require ...)
+	TODO: check
+CAN-2004-1759 (The Cisco IBM Director agent allows remote attackers to cause a
denial ...)
+	TODO: check
+CAN-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2,
7.0 up ...)
+	TODO: check
+CAN-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the
...)
+	TODO: check
+CAN-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier,
and 7.0 ...)
+	TODO: check
+CAN-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express
7.0 ...)
+	TODO: check
+CAN-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses
...)
+	TODO: check
+CAN-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using
"memory" ...)
+	TODO: check
+CAN-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow
certain ...)
+	TODO: check
+CAN-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages
to a ...)
+	TODO: check
+CAN-2003-1092 (Unknown vulnerability in the "Automatic File Content
Type Recognition ...)
+	TODO: check
+CAN-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin
...)
+	TODO: check
+CAN-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote
...)
+	TODO: check
 CAN-2005-0703 (Unknown vulnerability in Xerox MicroServer Web Server for
various ...)
 	NOTE: not-for-us (Xerox MicroServer Web Server)
 CAN-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows
remote ...)
@@ -39,7 +93,8 @@
 	NOTE: not-for-us (OutStart Participate Enterprise)
 CAN-2005-0684
 	NOTE: reserved
-CAN-2005-0683 (phpBB 2.0.13 and earlier allows remote attackers to obtain the
full ...)
+CAN-2005-0683
+	NOTE: rejected
 	NOTE: not applicable to Debian (installation path known anyway)
 CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal
...)
 	- drupal 4.5.2
@@ -88,7 +143,7 @@
 	TODO: check
 CAN-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum
1.11 ...)
 	TODO: check
-CAN-2005-0659 (phpBB 2.0.13 allows remote attackers to obtain sensitive
information ...)
+CAN-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain
sensitive ...)
 	TODO: check
 CAN-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3
allows ...)
 	TODO: check
@@ -3487,8 +3542,7 @@
 	{DSA-607-1}
 	- xfree86 4.3.0.dfsg.1-9
 	- lesstif1-1 (unfixed; bug #294099)
-CAN-2004-0913
-	NOTE: reserved
+CAN-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
 	{DSA-572-1}
 	- squid 2.5.6-9
 CAN-2004-0912
@@ -9421,7 +9475,7 @@
 CAN-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote
...)
 CAN-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server
2.03 ...)
 CAN-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary
commands via ...)
-CAN-2001-0928 (Buffer overflow in the permitted function of GNOME
libgtop_daemon in ...)
+CAN-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon
...)
 	{DSA-301}
 CAN-2001-0927 (Format string vulnerability in the permitted function of GNOME
...)
 CAN-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote
attackers ...)