Author: joeyh
Date: 2005-02-25 20:50:49 +0100 (Fri, 25 Feb 2005)
New Revision: 492
Modified:
sarge-checks/CAN/list
Log:
processed
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-02-25 19:16:16 UTC (rev 491)
+++ sarge-checks/CAN/list 2005-02-25 19:50:49 UTC (rev 492)
@@ -24,42 +24,40 @@
NOTE: reserved
CAN-2005-0527
NOTE: reserved
-begin claimed by joeyh
CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang
4.65 ...)
- TODO: check
+ NOTE: not-for-us (PBLang)
CAN-2005-0525
NOTE: reserved
CAN-2005-0524
NOTE: reserved
CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier
allows ...)
- TODO: check
+ - prozilla (unfixed; bug filed)
CAN-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as
passwords in ...)
- TODO: check
+ NOTE: not-for-us (Chat Anywhere)
CAN-2005-0521 (SendLink 1.5 stores sensitive information, possibly including
...)
- TODO: check
+ NOTE: not-for-us (SendLink)
CAN-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read
arbitrary ...)
- TODO: check
+ NOTE: not-for-us (ArGoSoft)
CAN-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read
arbitrary ...)
- TODO: check
+ NOTE: not-for-us (ArGoSoft)
CAN-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in
plaintext ...)
- TODO: check
+ NOTE: not-for-us (eXeem)
CAN-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in
plaintext ...)
- TODO: check
+ NOTE: not-for-us (PeerFTP)
CAN-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows
remote ...)
- TODO: check
+ NOTE: not-for-us (ImageGalleryPlugin for Twiki)
CAN-2005-0515
NOTE: reserved
CAN-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek
before ...)
- TODO: check
+ NOTE: not-for-us (Verity Ultraseek)
CAN-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in
...)
- TODO: check
+ NOTE: not-for-us (pMachine)
CAN-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo
4.5.2 ...)
- TODO: check
+ NOTE: not-for-us (Mambo)
CAN-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin
3.0.6 ...)
- TODO: check
+ NOTE: not-for-us (vBulletin)
CAN-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in
pMachine ...)
- TODO: check
-end claimed by joeyh
+ NOTE: not-for-us (pMachine)
CAN-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to
cause ...)
NOTE: not-for-us (fallback-reboot)
CAN-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono
1.0.5 ...)
@@ -1549,9 +1547,9 @@
- openswan 2.2.0-6
NOTE: does not seem to affect freeswan
CAN-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow
...)
- TODO: check
+ - unace (unfixed; bug #296839)
CAN-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to
execute ...)
- TODO: check
+ - unace (unfixed; bug #296839)
CAN-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on
Debian ...)
{DSA-679-1}
CAN-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows
remote ...)
@@ -3947,7 +3945,7 @@
CAN-2004-0482 (Multiple "incorrect bounds checking" errors in
certain functions for ...)
NOTE: not-for-us (OpenBSD)
CAN-2004-0481 (The logging feature in kcms_configure in the KCMS package on
Solaris 8 ...)
- TODO: check
+ NOTE: not-for-us (the KCMS on Solaris)
CAN-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and
6.5 ...)
NOTE: not-for-us (Lotus Notes)
CAN-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of
...)
@@ -3978,9 +3976,9 @@
CAN-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to
cause a ...)
NOTE: not-for-us (Juniper JUNOS)
CAN-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows
remote ...)
- TODO: check
+ NOTE: not-for-us (WebConnect)
CAN-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect
6.5 ...)
- TODO: check
+ NOTE: not-for-us (WebConnect)
CAN-2004-0464
NOTE: reserved
CAN-2004-0463