thr3ads.net - Secure testing commits - [Secure-testing-commits] r391

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Feb-11 08:14 UTC
[Secure-testing-commits] r391 - sarge-checks/CAN

Author: joeyh
Date: 2005-02-11 09:14:22 +0100 (Fri, 11 Feb 2005)
New Revision: 391

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-10 20:14:18 UTC (rev 390)
+++ sarge-checks/CAN/list	2005-02-11 08:14:22 UTC (rev 391)
@@ -1,3 +1,181 @@
+CAN-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows
...)
+	TODO: check
+CAN-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows
remote ...)
+	TODO: check
+CAN-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password
(pre-shared key) ...)
+	TODO: check
+CAN-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id
or ...)
+	TODO: check
+CAN-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221
...)
+	TODO: check
+CAN-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote
attackers to ...)
+	TODO: check
+CAN-2005-0342 (The Finder in Mac OS X and earlier allows local users to
overwrite ...)
+	TODO: check
+CAN-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the
HTTP ...)
+	TODO: check
+CAN-2005-0340 (Integer signedness error in Apple File Service (AFP Server)
allows ...)
+	TODO: check
+CAN-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause
a ...)
+	TODO: check
+CAN-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers
to ...)
+	TODO: check
+CAN-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...)
+	TODO: check
+CAN-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner
Web ...)
+	TODO: check
+CAN-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web
Server ...)
+	TODO: check
+CAN-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to
cause a ...)
+	TODO: check
+CAN-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a
denial ...)
+	TODO: check
+CAN-2005-0332 (Directory traversal vulnerability in DeskNow Mail and
Collaboration ...)
+	TODO: check
+CAN-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier,
when the ...)
+	TODO: check
+CAN-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly
other ...)
+	TODO: check
+CAN-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier
allows ...)
+	TODO: check
+CAN-2005-0328 (Zyxel P310, P314, P324 and Netgaear RT311, RT314 running the
latest ...)
+	TODO: check
+CAN-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to
execute ...)
+	TODO: check
+CAN-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain
sensitive ...)
+	TODO: check
+CAN-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious
game ...)
+	TODO: check
+CAN-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to
gain ...)
+	TODO: check
+CAN-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile
Delivery ...)
+	TODO: check
+CAN-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail
Server ...)
+	TODO: check
+CAN-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows
remote ...)
+	TODO: check
+CAN-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail
Server ...)
+	TODO: check
+CAN-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N
...)
+	TODO: check
+CAN-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly
...)
+	TODO: check
+CAN-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm
in ...)
+	TODO: check
+CAN-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode,
does not ...)
+	TODO: check
+CAN-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not
verify ...)
+	TODO: check
+CAN-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic
Winmail ...)
+	TODO: check
+CAN-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail
Server ...)
+	TODO: check
+CAN-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote
...)
+	TODO: check
+CAN-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP
session ...)
+	TODO: check
+CAN-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CAN-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1)
index.php ...)
+	TODO: check
+CAN-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and
earlier ...)
+	TODO: check
+CAN-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CAN-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive
...)
+	TODO: check
+CAN-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and
...)
+	TODO: check
+CAN-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier
...)
+	TODO: check
+CAN-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+	TODO: check
+CAN-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite
6.0 and ...)
+	TODO: check
+CAN-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and
6.01 ...)
+	TODO: check
+CAN-2005-0300 (Directory traversal vulnerability in session.php in JSBoard
2.0.9 and ...)
+	TODO: check
+CAN-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier
allows ...)
+	TODO: check
+CAN-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain
the ...)
+	TODO: check
+CAN-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows
...)
+	TODO: check
+CAN-2005-0296 (The error module in Novell GroupWise WebAccess allows remote
attackers ...)
+	TODO: check
+CAN-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to
any ...)
+	TODO: check
+CAN-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CAN-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1
allows ...)
+	TODO: check
+CAN-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift
...)
+	TODO: check
+CAN-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in
NETGEAR ...)
+	TODO: check
+CAN-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other
versions, ...)
+	TODO: check
+CAN-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1,
...)
+	TODO: check
+CAN-2005-0288 (The change password functionality in Bottomline Webseries
Payment ...)
+	TODO: check
+CAN-2005-0287 (Bottomline Webseries Payment Application allows remote attackers
to ...)
+	TODO: check
+CAN-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote
attackers to ...)
+	TODO: check
+CAN-2005-0285 (Webseries Payment Application does not properly restrict
privileged ...)
+	TODO: check
+CAN-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning
Book ...)
+	TODO: check
+CAN-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki
allows ...)
+	TODO: check
+CAN-2005-0282 (SQL injection vulnerability in member.php in MyBB allows remote
...)
+	TODO: check
+CAN-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in
...)
+	TODO: check
+CAN-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and
earlier ...)
+	TODO: check
+CAN-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle
the ...)
+	TODO: check
+CAN-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote
...)
+	TODO: check
+CAN-2005-0277 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote
...)
+	TODO: check
+CAN-2005-0276 (Multiple format string vulnerabilities in the FTP service in
3Com ...)
+	TODO: check
+CAN-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to
cause ...)
+	TODO: check
+CAN-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in
showgallery.php ...)
+	TODO: check
+CAN-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in
PhotoPost ...)
+	TODO: check
+CAN-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload
and ...)
+	TODO: check
+CAN-2005-0271 (Multiple SQL injection vulnerbilities in ReviewPost PHP Pro
before ...)
+	TODO: check
+CAN-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in
ReviewPost PHP ...)
+	TODO: check
+CAN-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only
verifies ...)
+	TODO: check
+CAN-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows
remote ...)
+	TODO: check
+CAN-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an
...)
+	TODO: check
+CAN-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in
SugarCRM 1.X ...)
+	TODO: check
+CAN-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7
and ...)
+	TODO: check
+CAN-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in
browse.php in ...)
+	TODO: check
+CAN-2005-0263 (Buffer overflow in netpmon on AIX 5.2, and possibly earlier
versions, ...)
+	TODO: check
+CAN-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.2, 5.3, and possibly
earlier ...)
+	TODO: check
+CAN-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not
drop ...)
+	TODO: check
+CAN-2005-0260 (Stack-based buffer overflow in the Discovery Service for
BrightStor ...)
+	TODO: check
 CAN-2005-0259
 	NOTE: reserved
 CAN-2005-0258
@@ -135,8 +313,8 @@
 	- mozilla-firefox 1.0+dfsg.1-6
 CAN-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when
a ...)
 	- mozilla-firefox 1.0+dfsg.1-6
-CAN-2005-0230
-	NOTE: reserved
+CAN-2005-0230 (Firefox 1.0 does not prevent the user from dragging an
executable file ...)
+	TODO: check
 CAN-2005-0229
 	NOTE: reserved
 CAN-2005-0228
@@ -439,7 +617,7 @@
 	- evolution 2.0.3-1.2
 CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1
and ...)
 	- newspost 2.1.1-2
-CAN-2005-0100 (Format string vulnerability in the movemail utility in Emacs
21.3 ...)
+CAN-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs
20.x, ...)
 	{DSA-671-1 DSA-670-1}
 	- emacs21 21.3+1-9
 	- xemacs21 21.4.16-2
@@ -467,8 +645,8 @@
 	NOTE: reserved
 CAN-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before
2.3.5, ...)
 	{DSA-666-1}
-CAN-2005-0088
-	NOTE: reserved
+CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows
remote ...)
+	TODO: check
 CAN-2005-0087
 	NOTE: reserved
 CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3
...)
@@ -504,8 +682,7 @@
 	{DSA-660-1}
 CAN-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to
overwrite ...)
 	{DSA-658-1}
-CAN-2005-0076
-	NOTE: reserved
+CAN-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow
local ...)
 	{DSA-672-1}
 CAN-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals
enabled, ...)
 	- squirrelmail 2:1.4.4-1
Secure testing commits - Feb 2005 - r391 - sarge-checks/CAN

[Secure-testing-commits] r391 - sarge-checks/CAN
