Secure testing commits - Feb 2005 - r431 - sarge-checks/CAN

Author: djoume-guest
Date: 2005-02-17 23:44:36 +0100 (Thu, 17 Feb 2005)
New Revision: 431

Modified:
   sarge-checks/CAN/list
Log:
* processed my block



Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-17 22:02:45 UTC (rev 430)
+++ sarge-checks/CAN/list	2005-02-17 22:44:36 UTC (rev 431)
@@ -15,79 +15,77 @@
 CAN-2005-0448
 	NOTE: reserved
 CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows
remote ...)
-	TODO: check
-begin claimed by djoume
+	NOTE: not-for-us (Quake3)
 CAN-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of
...)
-	TODO: check
+	NOTE: not-for-us (Solaris)
 CAN-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a
...)
-	TODO: check
+	- squid (unfixed; bug filed)
 CAN-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x
allows ...)
-	TODO: check
+	- openwebmail (unfixed; bug filed)
 CAN-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared
libraries ...)
-	TODO: check
+	NOTE: not-for-us (VMware)
 CAN-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1)
obtain the ...)
-	TODO: check
+	NOTE: not-for-us (CubeCart)
 CAN-2005-0442 (Directory traversal vulnerability in index.php for CubeCart
2.0.4 ...)
-	TODO: check
+	NOTE: not-for-us (CubeCart)
 CAN-2005-0441 (Unknown vulnerability in Sybase Adaptive Server Enterprise (ASE)
...)
-	TODO: check
+  NOTE: not-for-us (Sybase)
 CAN-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass
authentication and ...)
-	TODO: check
+	- elog 2.5.7+r1558-1
 CAN-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7
...)
-	TODO: check
+	- elog 2.5.7+r1558-1
 CAN-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to
obtain ...)
-	TODO: check
+	- awstats 6.3-1
 CAN-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3
and 6.4 ...)
-	TODO: check
+	- awstats 6.3-1
 CAN-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3
and ...)
-	TODO: check
+	- awstats 6.3-1
 CAN-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to
read ...)
-	TODO: check
+	- awstats 6.3-1
 CAN-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke
7.5 ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Nuke)
 CAN-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path
of the ...)
-	TODO: check
+	NOTE: not-for-us (PHP-Nuke)
 CAN-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1
Service ...)
-	TODO: check
+	NOTE: not-for-us (BEA WebLogic Server)
 CAN-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the
...)
-	TODO: check
+	NOTE: not-for-us (Barracuda Spam Firewall)
 CAN-2005-0429 (Direct code injection vulnerability in forumdisplay.php in
vBulletin ...)
-	TODO: check
+	NOTE: not-for-us (vBulletin)
 CAN-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before
2.9.17 ...)
-	TODO: check
+	- pdns 2.9.16-6
 CAN-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in
the ...)
-	TODO: check
+	- webmin 1.180-1
 CAN-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers
to ...)
-	TODO: check
+	NOTE: not-for-us (Solaris)
 CAN-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0,
5.1, ...)
-	TODO: check
+	NOTE: not-for-us (Websphere)
 CAN-2005-0424 (Unknown vulnerability in the delete.asp program in certain
versions of ...)
-	TODO: check
+	NOTE: not-for-us (ASPjar Guestbook)
 CAN-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook
allows ...)
-	TODO: check
+	NOTE: not-for-us (ASPjar Guestbook)
 CAN-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores
usernames and ...)
-	TODO: check
+	NOTE: not-for-us (DelphiTurk)
 CAN-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the
profile.dat ...)
-	TODO: check
+	NOTE: not-for-us (DelphiTurk)
 CAN-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange,
allows ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow
remote ...)
-	TODO: check
+	NOTE: not-for-us (3com)
 CAN-2005-0418
 	NOTE: reserved
 CAN-2005-0417 (Unknown "high risk" vulnerability in DB2
Universal Database 8.1 and ...)
-	TODO: check
+	NOTE: not-for-us (IBM DB2)
 CAN-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT,
Windows ...)
-	TODO: check
+	NOTE: not-for-us (Windows)
 CAN-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22
allow ...)
-	TODO: check
+	NOTE: not-for-us (Emdros)
 CAN-2005-0414 (SQL injection vulnerability in MercuryBoard 1.1.1 allows remote
...)
-	TODO: check
+	NOTE: not-for-us (MercuryBoard)
 CAN-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow
remote ...)
-	TODO: check
+	NOTE: not-for-us (MyPHP Forum)
 CAN-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap
allows ...)
-	TODO: check
-end claimed by djoume
+	NOTE: not-for-us (Spidean PostWrap)
 CAN-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB
0.3.6 and ...)
 	TODO: check
 CAN-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6
and ...)