Author: joeyh Date: 2005-02-19 09:14:19 +0100 (Sat, 19 Feb 2005) New Revision: 448 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-19 01:21:40 UTC (rev 447) +++ sarge-checks/CAN/list 2005-02-19 08:14:19 UTC (rev 448) @@ -1,3 +1,121 @@ +CAN-2005-0469 + NOTE: reserved +CAN-2005-0468 + NOTE: reserved +CAN-2005-0467 + NOTE: reserved +CAN-2005-0466 + NOTE: reserved +CAN-2005-0465 + NOTE: reserved +CAN-2005-0464 + NOTE: reserved +CAN-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...) + TODO: check +CAN-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...) + TODO: check +CAN-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...) + TODO: check +CAN-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...) + TODO: check +CAN-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...) + TODO: check +CAN-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...) + TODO: check +CAN-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...) + TODO: check +CAN-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...) + TODO: check +CAN-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...) + TODO: check +CAN-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for the Cash ...) + TODO: check +CAN-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...) + TODO: check +CAN-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...) + TODO: check +CAN-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...) + TODO: check +CAN-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...) + TODO: check +CAN-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...) + TODO: check +CAN-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...) + TODO: check +CAN-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...) + TODO: check +CAN-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...) + TODO: check +CAN-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...) + TODO: check +CAN-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...) + TODO: check +CAN-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...) + TODO: check +CAN-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...) + TODO: check +CAN-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...) + TODO: check +CAN-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...) + TODO: check +CAN-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...) + TODO: check +CAN-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...) + TODO: check +CAN-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...) + TODO: check +CAN-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...) + TODO: check +CAN-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...) + TODO: check +CAN-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...) + TODO: check +CAN-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...) + TODO: check +CAN-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...) + TODO: check +CAN-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...) + TODO: check +CAN-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...) + TODO: check +CAN-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...) + TODO: check +CAN-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...) + TODO: check +CAN-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...) + TODO: check +CAN-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...) + TODO: check +CAN-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) + TODO: check +CAN-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...) + TODO: check +CAN-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...) + TODO: check +CAN-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...) + TODO: check +CAN-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) + TODO: check +CAN-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) + TODO: check +CAN-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...) + TODO: check +CAN-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...) + TODO: check +CAN-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...) + TODO: check +CAN-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...) + TODO: check +CAN-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...) + TODO: check +CAN-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...) + TODO: check +CAN-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...) + TODO: check +CAN-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) + TODO: check +CAN-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) + TODO: check CAN-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...) NOTE: not-for-us (ulog-php) CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...) @@ -660,10 +778,10 @@ - postgresql 7.4.7-1 CAN-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...) - postgresql 7.4.7-1 -CAN-2005-0243 - NOTE: reserved -CAN-2005-0242 - NOTE: reserved +CAN-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...) + TODO: check +CAN-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...) + TODO: check CAN-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...) - squid 2.5.7-7 CAN-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...) @@ -947,8 +1065,7 @@ NOTE: reserved CAN-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...) {DSA-679-1} -CAN-2005-0158 - NOTE: reserved +CAN-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...) {DSA-687-1} CAN-2005-0157 NOTE: reserved