Author: joeyh
Date: 2005-02-18 09:14:15 +0100 (Fri, 18 Feb 2005)
New Revision: 439
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-02-18 07:28:00 UTC (rev 438)
+++ sarge-checks/CAN/list 2005-02-18 08:14:15 UTC (rev 439)
@@ -1,3 +1,25 @@
+CAN-2005-0463 (Unknown "major security flaws" in Ulog-php
before 1.0, related to ...)
+ TODO: check
+CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x
and ...)
+ TODO: check
+CAN-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows
remote ...)
+ TODO: check
+CAN-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote
attackers to ...)
+ TODO: check
+CAN-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows
remote ...)
+ TODO: check
+CAN-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in
...)
+ TODO: check
+CAN-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for
...)
+ TODO: check
+CAN-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded
...)
+ TODO: check
+CAN-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown
MIME ...)
+ TODO: check
+CAN-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file
types in ...)
+ TODO: check
+CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an
applet''s access to ...)
+ TODO: check
CAN-2005-0455
NOTE: reserved
CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and
earlier ...)
@@ -29,7 +51,7 @@
CAN-2005-0442 (Directory traversal vulnerability in index.php for CubeCart
2.0.4 ...)
NOTE: not-for-us (CubeCart)
CAN-2005-0441 (Unknown vulnerability in Sybase Adaptive Server Enterprise (ASE)
...)
- NOTE: not-for-us (Sybase)
+ NOTE: not-for-us (Sybase)
CAN-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass
authentication and ...)
- elog 2.5.7+r1558-1
CAN-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7
...)
@@ -80,7 +102,7 @@
NOTE: not-for-us (Windows)
CAN-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22
allow ...)
NOTE: not-for-us (Emdros)
-CAN-2005-0414 (SQL injection vulnerability in MercuryBoard 1.1.1 allows remote
...)
+CAN-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1
allows ...)
NOTE: not-for-us (MercuryBoard)
CAN-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow
remote ...)
NOTE: not-for-us (MyPHP Forum)
@@ -172,8 +194,7 @@
NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
NOTE: cyrus-sasl2 already has patch applied
NOTE: cyrus-sasl code seems too old for any of the problems to apply
-CAN-2005-0372
- NOTE: reserved
+CAN-2005-0372 (Directory traversal vulnerability in gftp 2.0.18 and earlier for
GTK+ ...)
{DSA-686-1}
CAN-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0
and ...)
- armagetron (unfixed; bug #295294)
@@ -610,14 +631,14 @@
NOTE: reserved
CAN-2005-0255
NOTE: reserved
-CAN-2005-0254
- NOTE: reserved
-CAN-2005-0253
- NOTE: reserved
-CAN-2005-0252
- NOTE: reserved
-CAN-2005-0251
- NOTE: reserved
+CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly
enforce ...)
+ TODO: check
+CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2,
and ...)
+ TODO: check
+CAN-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly
earlier ...)
+ TODO: check
+CAN-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for
BibORB ...)
+ TODO: check
CAN-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2,
and ...)
NOTE: not-for-us (AIX)
CAN-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec
...)
@@ -2212,7 +2233,7 @@
NOTE: not-for-us (windows)
CAN-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat)
ActiveX ...)
NOTE: not-for-us (windows)
-CAN-2004-0977 (The make_oidjoins_check script in the postgresql package allows
local ...)
+CAN-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier
allows local ...)
{DSA-577-1}
- postgresql 7.4.6-1
CAN-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5
...)