Author: joeyh Date: 2005-02-21 22:20:57 +0100 (Mon, 21 Feb 2005) New Revision: 461 Modified: sarge-checks/CAN/list Log: update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-21 20:31:59 UTC (rev 460) +++ sarge-checks/CAN/list 2005-02-21 21:20:57 UTC (rev 461) @@ -1,85 +1,86 @@ -begin claimed by joeyh CAN-2005-0488 NOTE: reserved CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) + NOTE: only a DOS; page with example is down, so cannot check. TODO: check CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us (mailcarrier) CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...) - TODO: check + NOTE: not-for-us (Hawking Technologies HAR11A modem/router) CAN-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...) - TODO: check + NOTE: not-for-us (WvTftp) CAN-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...) - TODO: check + NOTE: does not affect older 2.16.7 in sid. CAN-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...) - TODO: check + NOTE: does not affect older 2.16.7 in sid. CAN-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...) - TODO: check + - bugzilla 2.16.7 CAN-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...) - TODO: check + - moniwiki 1.0.9 CAN-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Open WorkFlow Engine) CAN-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...) - TODO: check + NOTE: not-for-us (Open WorkFlow Engine) CAN-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...) - TODO: check + NOTE: not-for-us (Dwc_articles) CAN-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...) - TODO: check + - rssh 2.2.2 CAN-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...) - TODO: check + NOTE: not-for-us (ability server) CAN-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...) - TODO: check + NOTE: not-for-us (ability server) CAN-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...) - TODO: check + NOTE: not-for-us (pGina) CAN-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...) - TODO: check + NOTE: not-for-us (Carbon Copy) CAN-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...) - TODO: check + NOTE: not-for-us (UBB.threads) CAN-2004-1621 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and ...) - TODO: check + NOTE: not-for-us (Lotus Notes) CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...) - TODO: check + NOTE: not-for-us (Serendipity) CAN-2004-1619 (Buffer overflow in Privateer''s Bounty: Age of Sail II allows ...) - TODO: check + NOTE: not-for-us (Privateer''s Bounty: Age of Sail II) CAN-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Tonecast) CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...) - TODO: check + - lynx (unfixed; bug filed) CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...) - TODO: check + - links (unfixed; bug filed) CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6 + NOTE: mozilla-browser 1.7.5-1 also ok CAN-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: example page did not bother firefox 1.0+dfsg.1-6 + NOTE: mozilla-browser 1.7.5-1 also ok CAN-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...) - TODO: check + NOTE: not-for-us (SalesLogix) CAN-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...) - TODO: check + NOTE: not-for-us (SalesLogix) CAN-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...) - TODO: check + NOTE: not-for-us (SalesLogix) CAN-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...) - TODO: check + NOTE: not-for-us (SalesLogix) CAN-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...) - TODO: check + NOTE: not-for-us (SalesLogix) CAN-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (SalesLogix) CAN-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...) - TODO: check + NOTE: not-for-us (SalesLogix) CAN-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...) - TODO: check + NOTE: not-for-us (SalesLogix) CAN-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...) - TODO: check + NOTE: not-for-us (not our cpanel) CAN-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...) - TODO: check + NOTE: not-for-us (not our cpanel) CAN-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...) - TODO: check + - proftpd (unfixed; bug filed) CAN-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...) - TODO: check -end claimed by joeyh + NOTE: not-for-us (coolphp) begin claimed by djoume CAN-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...) TODO: check