Author: djoume-guest Date: 2005-02-11 15:39:02 +0100 (Fri, 11 Feb 2005) New Revision: 393 Modified: sarge-checks/CAN/list Log: * processed my block Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-11 09:00:18 UTC (rev 392) +++ sarge-checks/CAN/list 2005-02-11 14:39:02 UTC (rev 393) @@ -1,183 +1,179 @@ -begin claimed by djoume CAN-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...) - TODO: check + NOTE: not-for-us (RealArcade) CAN-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (RealArcade) CAN-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...) - TODO: check + NOTE: not-for-us (SafeNet) CAN-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...) - TODO: check + NOTE: not-for-us (php-fusion) CAN-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...) - TODO: check + NOTE: not-for-us (602LAN SUITE) CAN-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...) - TODO: check + NOTE: not-for-us (PerlDesk) CAN-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Foxmail) CAN-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Savant Web Server) CAN-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...) - TODO: check + - postfix 2.1.4-5 CAN-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...) - TODO: check + NOTE: not-for-us (eMotion MediaPartner) CAN-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...) - TODO: check + NOTE: not-for-us (eMotion MediaPartner) CAN-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Linksys) CAN-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...) - TODO: check + NOTE: not-for-us (LanChat) CAN-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...) - TODO: check + NOTE: not-for-us (DeskNow Mail server) CAN-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...) - TODO: check + NOTE: not-for-us (Winrar) CAN-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...) - TODO: check + NOTE: not-for-us (Painkiller) CAN-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...) - TODO: check + NOTE: not-for-us (ZipGenius) CAN-2005-0328 (Zyxel P310, P314, P324 and Netgaear RT311, RT314 running the latest ...) - TODO: check + NOTE: not-for-us (Netgear) CAN-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...) - TODO: check + NOTE: not-for-us (PafileDB) CAN-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...) - TODO: check + NOTE: not-for-us (PafileDB) CAN-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...) - TODO: check + NOTE: not-for-us (Xpand Rally) CAN-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...) - TODO: check + NOTE: not-for-us (Infinite Mobile Delivery Webmail) CAN-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...) - TODO: check + NOTE: not-for-us (Infinite Mobile Delivery Webmail) CAN-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...) - TODO: check + NOTE: not-for-us (Merak Mail server) CAN-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...) - TODO: check + NOTE: not-for-us (Merak Mail server) CAN-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...) - TODO: check + NOTE: not-for-us (Merak Mail server) CAN-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...) - TODO: check + NOTE: not-for-us (Webadmin) CAN-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...) - TODO: check + NOTE: not-for-us (Webadmin) CAN-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...) - TODO: check + NOTE: not-for-us (Webadmin) CAN-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...) - TODO: check + NOTE: not-for-us (WebWasher) CAN-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...) - TODO: check + NOTE: not-for-us (Magic Winmail) CAN-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...) - TODO: check + NOTE: not-for-us (Magic Winmail) CAN-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...) - TODO: check + NOTE: not-for-us (Magic Winmail) CAN-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...) - TODO: check + NOTE: not-for-us (WarFTPD under NT) CAN-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...) - TODO: check + NOTE: not-for-us (Ingate) CAN-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...) - TODO: check + NOTE: not-for-us (Exponent) CAN-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...) - TODO: check + NOTE: not-for-us (Exponent) CAN-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...) - TODO: check + NOTE: not-for-us (W32Dasm) CAN-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOTE: not-for-us (MercuryBoard) CAN-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...) - TODO: check + NOTE: not-for-us (MercuryBoard) CAN-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...) - TODO: check + NOTE: not-for-us (Siteman) CAN-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...) - TODO: check + NOTE: not-for-us (DivX Player) CAN-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - TODO: check + NOTE: not-for-us (BackOffice Lite) CAN-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...) - TODO: check + NOTE: not-for-us (BackOffice Lite) CAN-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...) - TODO: check + NOTE: not-for-us (BackOffice Lite) CAN-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...) - TODO: check + - jsboard 2.0.10-1 CAN-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...) - TODO: check + - gforge 3.1-26 CAN-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2005-0296 (The error module in Novell GroupWise WebAccess allows remote attackers ...) - TODO: check + NOTE: not-for-us (Novell) CAN-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...) - TODO: check + NOTE: not-for-us (nProtect) CAN-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Minis) CAN-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...) - TODO: check + NOTE: not-for-us (Minis) CAN-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...) - TODO: check + NOTE: not-for-us (phpGiftReg) CAN-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...) - TODO: check + NOTE: not-for-us (NetGear) CAN-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...) - TODO: check + NOTE: not-for-us (NetGear) CAN-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-0288 (The change password functionality in Bottomline Webseries Payment ...) - TODO: check + NOTE: not-for-us (BottomLine WebSeries) CAN-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...) - TODO: check + NOTE: not-for-us (BottomLine WebSeries) CAN-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (eMotion MediaPartner) CAN-2005-0285 (Webseries Payment Application does not properly restrict privileged ...) - TODO: check -CAN-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...) - TODO: check + NOTE: not-for-us (BottomLine WebSeries) CAN-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...) - TODO: check + NOTE: not-for-us (QwikiWiki) CAN-2005-0282 (SQL injection vulnerability in member.php in MyBB allows remote ...) - TODO: check + NOTE: not-for-us (MyBB) CAN-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...) - TODO: check + NOTE: not-for-us (Soldner Secret) CAN-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...) - TODO: check + NOTE: not-for-us (Soldner Secret) CAN-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...) - TODO: check + NOTE: not-for-us (Soldner Secret) CAN-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...) - TODO: check + NOTE: not-for-us (3COM 3CDaemon) CAN-2005-0277 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...) - TODO: check + NOTE: not-for-us (3COM 3CDaemon) CAN-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...) - TODO: check + NOTE: not-for-us (3COM 3CDaemon) CAN-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...) - TODO: check + NOTE: not-for-us (3COM 3CDaemon) CAN-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...) - TODO: check + NOTE: not-for-us (PhotoPost) CAN-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...) - TODO: check + NOTE: not-for-us (PhotoPost) CAN-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...) - TODO: check + NOTE: not-for-us (ReviewPost) CAN-2005-0271 (Multiple SQL injection vulnerbilities in ReviewPost PHP Pro before ...) - TODO: check + NOTE: not-for-us (ReviewPost) CAN-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...) - TODO: check + NOTE: not-for-us (ReviewPost) CAN-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only verifies ...) - TODO: check + NOTE: not-for-us (GNUBoard) CAN-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...) - TODO: check + NOTE: not-for-us (FlatNuke) CAN-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...) - TODO: check + NOTE: not-for-us (SugerCRM) CAN-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...) - TODO: check + NOTE: not-for-us (OWL intranet) CAN-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...) - TODO: check + NOTE: not-for-us (OWL intranet) CAN-2005-0263 (Buffer overflow in netpmon on AIX 5.2, and possibly earlier versions, ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.2, 5.3, and possibly earlier ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...) - TODO: check -end claimed by djoume + NOTE: not-for-us (ARCserve Backup) CAN-2005-0259 NOTE: reserved CAN-2005-0258 @@ -295,7 +291,7 @@ CAN-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...) NOTE: not-for-us (AIX) CAN-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...) - TODO: check + NOTE: not-for-us (S/MIME plugin not in Debian) CAN-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...) NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381 - epiphany-browser (unfixed; bug #294270) @@ -316,6 +312,7 @@ CAN-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...) - mozilla-firefox 1.0+dfsg.1-6 CAN-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...) + NOTE: I don''t know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link TODO: check CAN-2005-0229 NOTE: reserved