Secure testing commits - Feb 2005 - r457 - sarge-checks/CAN

Author: joeyh
Date: 2005-02-21 09:14:16 +0100 (Mon, 21 Feb 2005)
New Revision: 457

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-20 12:44:03 UTC (rev 456)
+++ sarge-checks/CAN/list	2005-02-21 08:14:16 UTC (rev 457)
@@ -1,3 +1,195 @@
+CAN-2005-0488
+	NOTE: reserved
+CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913
allows ...)
+	TODO: check
+CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to
execute ...)
+	TODO: check
+CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote
attackers ...)
+	TODO: check
+CAN-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection
...)
+	TODO: check
+CAN-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using
the ...)
+	TODO: check
+CAN-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from
CVS, ...)
+	TODO: check
+CAN-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from
CVS does ...)
+	TODO: check
+CAN-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki
1.0.8 ...)
+	TODO: check
+CAN-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to
...)
+	TODO: check
+CAN-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in
Open ...)
+	TODO: check
+CAN-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and
earlier ...)
+	TODO: check
+CAN-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows
...)
+	TODO: check
+CAN-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly
other ...)
+	TODO: check
+CAN-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other
versions, ...)
+	TODO: check
+CAN-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or
Shutdown ...)
+	TODO: check
+CAN-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when
opening ...)
+	TODO: check
+CAN-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote
...)
+	TODO: check
+CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x
...)
+	TODO: check
+CAN-2004-1621 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6
and ...)
+	TODO: check
+CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before
0.7rc1 ...)
+	TODO: check
+CAN-2004-1619 (Buffer overflow in Privateer''s Bounty: Age of Sail II
allows ...)
+	TODO: check
+CAN-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to
cause a ...)
+	TODO: check
+CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service
(infinite ...)
+	TODO: check
+CAN-2004-1616 (Links allows remote attackers to cause a denial of service
(memory ...)
+	TODO: check
+CAN-2004-1615 (Opera allows remote attackers to cause a denial of service
(invalid ...)
+	TODO: check
+CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service
...)
+	TODO: check
+CAN-2004-1613 (Mozilla allows remote attackers to cause a denial of service
...)
+	TODO: check
+CAN-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows
remote ...)
+	TODO: check
+CAN-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before
...)
+	TODO: check
+CAN-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing
certain ...)
+	TODO: check
+CAN-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other
sensitive ...)
+	TODO: check
+CAN-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote
attackers ...)
+	TODO: check
+CAN-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain
...)
+	TODO: check
+CAN-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a
denial ...)
+	TODO: check
+CAN-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication
by ...)
+	TODO: check
+CAN-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to
chmod ...)
+	TODO: check
+CAN-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local
users ...)
+	TODO: check
+CAN-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a
different ...)
+	TODO: check
+CAN-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP
1.0-stable ...)
+	TODO: check
+CAN-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain
...)
+	TODO: check
+CAN-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP
...)
+	TODO: check
+CAN-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to
read ...)
+	TODO: check
+CAN-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows
remote ...)
+	TODO: check
+CAN-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows
...)
+	TODO: check
+CAN-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote
attackers ...)
+	TODO: check
+CAN-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows
remote ...)
+	TODO: check
+CAN-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CAN-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal
1.0.3 ...)
+	TODO: check
+CAN-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM
...)
+	TODO: check
+CAN-2004-1590 (Clientexec allows remote attackers to gain sensitive information
via ...)
+	TODO: check
+CAN-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message
Board ...)
+	TODO: check
+CAN-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows
remote ...)
+	TODO: check
+CAN-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus
Predator ...)
+	TODO: check
+CAN-2004-1586 (Flash Messaging clients can ignore disconnecting commands such
as ...)
+	TODO: check
+CAN-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote
attackers ...)
+	TODO: check
+CAN-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2
allows ...)
+	TODO: check
+CAN-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm
1.3 ...)
+	TODO: check
+CAN-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1
allows ...)
+	TODO: check
+CAN-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
+	TODO: check
+CAN-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1
allows ...)
+	TODO: check
+CAN-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain
sensitive ...)
+	TODO: check
+CAN-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in
Invision ...)
+	TODO: check
+CAN-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive
...)
+	TODO: check
+CAN-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01
and ...)
+	TODO: check
+CAN-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to
cause a ...)
+	TODO: check
+CAN-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows
remote ...)
+	TODO: check
+CAN-2004-1573 (The documentation for AJ-Fork 167 implies that users should set
...)
+	TODO: check
+CAN-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1)
data, ...)
+	TODO: check
+CAN-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive
information via ...)
+	TODO: check
+CAN-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows
remote ...)
+	TODO: check
+CAN-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and
(3) ...)
+	TODO: check
+CAN-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows
remote ...)
+	TODO: check
+CAN-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote
attackers ...)
+	TODO: check
+CAN-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent
Storm ...)
+	TODO: check
+CAN-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the
full ...)
+	TODO: check
+CAN-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora
4.1.6a ...)
+	TODO: check
+CAN-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora
4.1.6a allow ...)
+	TODO: check
+CAN-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a
allows ...)
+	TODO: check
+CAN-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote
attackers ...)
+	TODO: check
+CAN-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CAN-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress
1.2 ...)
+	TODO: check
+CAN-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through
0.6 ...)
+	TODO: check
+CAN-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass
authentication, ...)
+	TODO: check
+CAN-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CAN-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP
...)
+	TODO: check
+CAN-2004-1554 (PHP remote code injection vulnerability in livre_include.php in
@lex ...)
+	TODO: check
+CAN-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote
attackers to ...)
+	TODO: check
+CAN-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote
attackers ...)
+	TODO: check
+CAN-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email, (2)
...)
+	TODO: check
+CAN-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows
remote ...)
+	TODO: check
+CAN-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords
of ...)
+	TODO: check
+CAN-2004-1548 (Directory traversal vulnerability in the file server in
ActivePost ...)
+	TODO: check
+CAN-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows
remote ...)
+	TODO: check
+CAN-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote
attackers to ...)
+	TODO: check
+CAN-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with
Apache ...)
+	TODO: check
 CAN-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako
...)
 	NOTE: not-for-us (Kyako ESupport)
 CAN-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and
3.42, and ...)
@@ -1864,7 +2056,7 @@
 	NOTE: not-for-us (Verisign Payflow Link)
 CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers
to ...)
 	NOTE: not-for-us (Orbz)
-CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro
family, ...)
+CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero"
Intrepid Protocol ...)
 	NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, (2)
Nitro family, and (3) Serious Sam Second Encounter)
 CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
 	NOTE: not-for-us (pnTresMailer)
@@ -2453,9 +2645,9 @@
 	- freeradius 1.0.1
 CAN-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a
denial of ...)
 	- freeradius 1.0.1
-CAN-2004-0959 (PHP before 5.0.2 allows local users to upload files to arbitrary
...)
+CAN-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files
to ...)
 	- php4 4.3.9
-CAN-2004-0958 (PHP before 5.0.2 allows remote attackers to read sensitive
memory ...)
+CAN-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to
read ...)
 	- php4 4.3.9
 CAN-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local
user ...)
 	- mysql-dfsg 3.23.58
@@ -2738,7 +2930,7 @@
 CAN-2004-0839 (Internet Explorer in Windows XP SP2, and other versions
including 5.01 ...)
 	NOTE: not-for-us (microsoft)
 CAN-2004-0838
-	NOTE: reserved
+	TODO: check
 CAN-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows
attackers to ...)
 	{DSA-562-2}
 CAN-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x
before ...)