Author: djoume-guest
Date: 2005-02-04 22:58:40 +0100 (Fri, 04 Feb 2005)
New Revision: 346
Modified:
sarge-checks/CAN/list
Log:
* processed my block and a few more
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-02-04 21:57:13 UTC (rev 345)
+++ sarge-checks/CAN/list 2005-02-04 21:58:40 UTC (rev 346)
@@ -900,6 +900,9 @@
TODO: check
NOTE: unable to really reproduce it using their test page and
NOTE: firefox.. but my setup is pretty nonstandard -- joey
+ NOTE: I can confirm it works on Debian sid -- Djoume
+ - mozilla (unfixed; bug filed)
+ - mozilla-firefox (unfixed; bug filed)
CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to
spoof ...)
NOTE: not-for-us (Microsoft MSIE)
CAN-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and
3.0.x ...)
@@ -6136,119 +6139,119 @@
CAN-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of
...)
NOTE: not-for-us (ZyXEL)
CAN-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki
module ...)
- TODO: check
+ - phpwiki 1.3.4-1
CAN-2002-1069 (The remote administration capability for the D-Link DI-804
router 4.68 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1068 (The web server for D-Link DP-300 print server allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1067 (Administrative web interface for IC9 Pocket Print Server
Firmware ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote
attackers to ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and
earlier, ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and
earlier, ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and
earlier, ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1,
and ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x
through ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt
Qube ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1055 (Buffer overflow in administrative web server for Brother
NC-3100h ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use
MS-DOS ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1051
{DSA-254}
CAN-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows
remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial
of ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote
attackers to ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial
of ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1042 (Directory traversal vulnerability in search engine for iPlanet
web ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2)
configuration ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly
verify if a ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL)
before ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid
Dynamics ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to
read ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook
2.5.2 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier
allows ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1023 (BadBlue server allows remote attackers to cause a denial of
service ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini
file, ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1021 (BadBlue server allows remote attackers to read restricted files,
such ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify
if a ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to
other ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for
copy, ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1012 (Buffer overflow in web server for Tivoli Management Framework
(TMF) ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1011 (Buffer overflow in web server for Tivoli Management Framework
(TMF) ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access
restrictions ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi,
as ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow
remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user
to ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta
1.0.02 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002
before ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS)
3.0.3 ...)
- TODO: check
+ NOTE: not-for-us (Novell)
CAN-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before
3.0.3C ...)
- TODO: check
+ NOTE: not-for-us (Novell)
CAN-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows
remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition
(ISEE) ...)
- TODO: check
+ NOTE: not-for-us (HP)
CAN-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1)
dced ...)
- TODO: check
+ NOTE: not-for-us (HP)
CAN-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000
Client ...)
- TODO: check
+ NOTE: not-for-us (HP)
CAN-2002-0986
{DSA-168}
CAN-2002-0985
@@ -6256,121 +6259,119 @@
CAN-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote
attackers to ...)
{DSA-157}
CAN-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor,
...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0
writes an ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-0979 (The Java logging feature for the Java Virtual Machine in
Internet ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0
...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX
...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read
...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX
control ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-0973 (Integer signedness error in several system calls for FreeBSD
4.6.1 ...)
- TODO: check
+ NOTE: not-for-us (FreeBSD)
CAN-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a
denial ...)
{DSA-165}
-begin claimed by djoume
CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users
to ...)
- TODO: check
+ NOTE: not-for-us (Microsoft Windows specific)
CAN-2002-0970
{DSA-155}
CAN-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to
cause ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and
earlier ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow
remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net
CBMS ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows
remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh
has a ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another
...)
- TODO: check
+ NOTE: not-for-us (YaBB not in Debian)
CAN-2002-0954 (The encryption algorithms for enable and passwd commands on
Cisco PIX ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2002-0951 (SQL injection vulnerability in Ruslan
<Body>Builder allows remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail
1.422 and ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0943 (MetaCart2.sql stores the user database under the web document
root ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow
attackers ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does
not use ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use
Operator ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page
owners to ...)
- TODO: check
+ NOTE: not-for-us (JRun not in Debian)
CAN-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page
owners to ...)
- TODO: check
+ - tomcat 3.2.3-1
CAN-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2
(typically ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and
passwords ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk
20020509, and ...)
- TODO: check
+ NOTE: not-for-us (MyHelpDesk not in Debian)
CAN-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and
...)
- TODO: check
+ NOTE: not-for-us (MyHelpDesk not in Debian)
CAN-2002-0930 (Format string vulnerability in the FTP server for Novell Netware
6.0 ...)
- TODO: check
+ NOTE: not-for-us (Netware)
CAN-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow
remote ...)
- TODO: check
+ NOTE: not-for-us (Netware)
CAN-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote
attackers to ...)
- TODO: check
+ NOTE: not-for-us (pirch not in Debian)
CAN-2002-0926 (Directory traversal vulnerability in Wolfram Research
webMathematica ...)
- TODO: check
+ NOTE: not-for-us (webMathematica not in Debian)
CAN-2002-0925 (Format string vulnerability in mmsyslog function allows remote
...)
- TODO: check
+ NOTE: not-for-us (mmftpd not in Debian anymore)
CAN-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to
execute ...)
- TODO: check
+ NOTE: not-for-us (CGIScript.net not int Debian)
CAN-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to
read ...)
- TODO: check
+ NOTE: not-for-us (CGIScript.net not int Debian)
CAN-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain
database ...)
- TODO: check
+ NOTE: not-for-us (CGIScript.net not int Debian)
CAN-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain
potentially ...)
- TODO: check
+ NOTE: not-for-us (CGIScript.net not int Debian)
CAN-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted
...)
- TODO: check
+ NOTE: not-for-us (CGIScript.net not int Debian)
CAN-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users
to ...)
- TODO: check
+ NOTE: not-for-us (CGIScript.net not int Debian)
CAN-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as
the ...)
- TODO: check
+ NOTE: not-for-us (CGIScript.net not int Debian)
CAN-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the
web ...)
- TODO: check
+ NOTE: not-for-us (CGIScript.net not int Debian)
CAN-2002-0915 (autorun in Xandros based Linux distributions allows local users
to ...)
- TODO: check
+ NOTE: not-for-us (Xandros specific)
CAN-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP
client ...)
- TODO: check
+ NOTE: not-for-us (Slurp NNTP not in Debian)
CAN-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other
...)
- TODO: check
+ {DSA-129}
CAN-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS
servers ...)
- TODO: check
+ NOTE: not-for-us (netstd not in Debian anymore)
CAN-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a
remote ...)
- TODO: check
+ NOTE: not-for-us (mnews not in Debian)
CAN-2002-0908 (Directory traversal vulnerability in the web server for Cisco
IDS ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before
1.8.12 ...)
- TODO: check
+ NOTE: not-for-us (SHOUTcast not in Debian)
CAN-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local
users to ...)
- TODO: check
-end claimed by djoume
+ NOTE: not-for-us (Informix)
CAN-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a
small ...)
NOTE: not-for-us (wbboard not in Debian)
CAN-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2)
allows ...)
@@ -6580,11 +6581,11 @@
CAN-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows
local ...)
NOTE: not-for-us (windows)
CAN-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in
Microsoft ...)
- TODO: not-for-us (windows)
+ NOTE: not-for-us (windows)
CAN-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify
the ...)
- TODO: not-for-us (internet explorer)
+ NOTE: not-for-us (internet explorer)
CAN-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions
for ...)
- TODO: not-for-us (Microsoft SQL Server)
+ NOTE: not-for-us (Microsoft SQL Server)
CAN-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of
...)
- php4 4:4.2.2-1
CAN-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...)