Author: djoume-guest Date: 2005-02-18 12:32:09 +0100 (Fri, 18 Feb 2005) New Revision: 441 Modified: sarge-checks/CAN/list Log: * processed my block and a few more Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-18 09:31:59 UTC (rev 440) +++ sarge-checks/CAN/list 2005-02-18 11:32:09 UTC (rev 441) @@ -1,41 +1,42 @@ -begin claimed by djoume CAN-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...) - TODO: check + NOTE: not-for-us (ulog-php) CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...) - TODO: check + NOTE: not-for-us (MercuryBoard) CAN-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...) - TODO: check + NOTE: not-for-us (NewsBruiser) CAN-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...) - TODO: check + NOTE: not-for-us (MercuryBoard) CAN-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...) - TODO: check + NOTE: not sure if this is really a security issue, I have mailed maintainer. CAN-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...) - TODO: check + NOTE: not-for-us (oscommerce) CAN-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an applet''s access to ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-0455 NOTE: reserved CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...) - TODO: check + NOTE: not-for-us (DCP-Portal) CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...) - TODO: check + NOTE: not-for-us (Lighttpd) CAN-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Sami HTTP Server) CAN-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...) - TODO: check + NOTE: not-for-us (Sami HTTP Server) CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...) - TODO: check -end claimed by djoume + NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html + - kernel-source-2.6.8 (unfixed; bug filed) + - kernel-source-2.6.9 (unfixed; bug filed) + - kernel-source-2.6.10 (unfixed; bug filed) CAN-2005-0448 NOTE: reserved CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...) @@ -111,17 +112,17 @@ CAN-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...) NOTE: not-for-us (Spidean PostWrap) CAN-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...) - TODO: check + NOTE: not-for-us (CitrusDB) CAN-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...) - TODO: check + NOTE: not-for-us (CitrusDB) CAN-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...) - TODO: check + NOTE: not-for-us (CitrusDB) CAN-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...) - TODO: check + NOTE: not-for-us (CitrusDB) CAN-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...) - TODO: check + NOTE: not-for-us (Openconf) CAN-2005-0406 (A design flaw in image processing software that modifies JPEG images ...) - TODO: check + TODO: check all softwares that modifies JPEG images in Debian... CAN-2005-0405 NOTE: reserved CAN-2005-0404 @@ -634,13 +635,13 @@ CAN-2005-0255 NOTE: reserved CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...) - TODO: check + NOTE: not-for-us (BibORB) CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...) - TODO: check + NOTE: not-for-us (BibORB) CAN-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...) - TODO: check + NOTE: not-for-us (BibORB) CAN-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...) - TODO: check + NOTE: not-for-us (BibORB) CAN-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...) NOTE: not-for-us (AIX) CAN-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...)