Author: djoume-guest Date: 2005-02-15 23:10:59 +0100 (Tue, 15 Feb 2005) New Revision: 413 Modified: sarge-checks/CAN/list Log: * processed my block. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-15 20:14:19 UTC (rev 412) +++ sarge-checks/CAN/list 2005-02-15 22:10:59 UTC (rev 413) @@ -116,154 +116,153 @@ - egroupware 1.0.00.004 CAN-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...) - gallery 1.4.4-pl2 -begin claimed by djoume CAN-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...) - TODO: check + NOTE: not-for-us (WinZip) CAN-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...) - TODO: check + - moin 1.2.3-1 CAN-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...) - TODO: check + - moin 1.2.3-1 CAN-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...) - TODO: check + NOTE: not-for-us (Novell) CAN-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...) - TODO: check + - cvstrac 1.1.4-1 CAN-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...) - TODO: check + - xine-lib 1-rc5-1.1 CAN-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...) - TODO: check + NOTE: according to GOTO Masanori this is not a security problem + NOTE: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272210 CAN-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...) - TODO: check + NOTE: not-for-us (Gentoo specific) CAN-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...) - TODO: check + NOTE: mozilla 2:1.6-1 CAN-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...) - TODO: check + - mozilla 2:1.7.1-1 CAN-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...) - TODO: check + - mozilla 2:1.7-1 CAN-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...) - TODO: check + NOTE: not-for-us (Jetbox One) CAN-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...) - TODO: check + NOTE: not-for-us (Jetbox One) CAN-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...) - TODO: check + NOTE: not-for-us (ScreenOS) CAN-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...) - TODO: check + - nessus-core 2.0.12-1 CAN-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...) - TODO: check + - roundup 0.7.3-1 CAN-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...) - TODO: check + - imp3 3.2.5-1 CAN-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...) - TODO: check + NOTE: not-for-us (db2www not in Debian) CAN-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...) - TODO: check + NOTE: not-for-us (Board Power) CAN-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...) - TODO: check + - putty 0.56-1 CAN-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...) - TODO: check + NOTE: not-for-us (BlackJumboDog) CAN-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...) - TODO: check + - subversion 1.0.6-1 CAN-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...) - TODO: check + - pavuk 0.9pl28-3.1 CAN-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...) - TODO: check + NOTE: not-for-us (FormMail.php != nms-formmail) CAN-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows remote ...) - TODO: check + NOTE: not-for-us (Arcade.php) CAN-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...) - TODO: check + NOTE: not-for-us (ArGoSoft) CAN-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...) - TODO: check + NOTE: not-for-us (ArGoSoft) CAN-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog ...) - TODO: check + NOTE: not-for-us (KorWeblog) CAN-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...) - TODO: check + NOTE: not-for-us (KorWeblog) CAN-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...) - TODO: check + - moodle 1.4.3-1 CAN-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...) - TODO: check + - moodle 1.4.3-1 CAN-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1) calendar.php ...) - TODO: check + NOTE: not-for-us (PHP-Calendar) CAN-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...) - TODO: check + NOTE: not-for-us (WHM AutoPilot) CAN-2004-1421 (Multiple PHP remote code injection vulnerabilities (1) step_one.php, ...) - TODO: check + NOTE: not-for-us (WHM AutoPilot) CAN-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...) - TODO: check + NOTE: not-for-us (WHM AutoPilot) CAN-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and ...) - TODO: check + NOTE: not-for-us (ZeroBoard) CAN-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...) - TODO: check + NOTE: not-for-us (WPKontakt) CAN-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...) - TODO: check + NOTE: not-for-us (PsychoStats) CAN-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...) - TODO: check + NOTE: not-for-us (RealOne IE plugin) CAN-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...) - TODO: check + NOTE: not-for-us (2Bgal) CAN-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Gadu-Gadu) CAN-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...) - TODO: check + NOTE: not-for-us (Kayako) CAN-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) - TODO: check + NOTE: not-for-us (Kayako) CAN-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Gadu-Gadu) CAN-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...) - TODO: check + NOTE: not-for-us (Gadu-Gadu) CAN-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...) - TODO: check + NOTE: not-for-us (Image Gallery Web Application) CAN-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...) - TODO: check + NOTE: not-for-us (Image Gallery Web Application) CAN-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...) - TODO: check + NOTE: not-for-us (Image Gallery Web Application) CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...) - TODO: check + NOTE: not-for-us (Ikonboard) CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...) - TODO: check + NOTE: not-for-us (MediaWiki) CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...) - TODO: check + NOTE: not-for-us (Attachment Mod for phpBB) CAN-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...) - TODO: check + NOTE: not-for-us (GNUBoard) CAN-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...) - TODO: check + NOTE: not-for-us (iWebNegar) CAN-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...) - TODO: check + NOTE: not-for-us (Asp-rider) CAN-2004-1400 (The control panel in ASP Calendar does not require authentication to ...) - TODO: check + NOTE: not-for-us (ASP Calendar) CAN-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...) - TODO: check + NOTE: not-for-us (Attachment Mod for phpBB) CAN-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac OS X ...) - TODO: check + NOTE: not-for-us (MacOSX) CAN-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...) - TODO: check + NOTE: not sure if sid version is vulnerable, I have mailed maintainer. CAN-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Winamp) CAN-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...) - TODO: check + NOTE: not-for-us (Lithtech engine) CAN-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...) - TODO: check + - monit 1:4.2.1-1 CAN-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...) - TODO: check -end claimed by djoume + - monit 1:4.2.1-1 CAN-2005-0365 (The dcopidlng script in KDE 3.3.2 creates temporary files with ...) - kdelibs 4:3.3.2-2 CAN-2005-0363