Author: djoume-guest Date: 2005-02-19 11:27:20 +0100 (Sat, 19 Feb 2005) New Revision: 449 Modified: sarge-checks/CAN/list Log: * set bug number and claimed some CAN Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-19 08:14:19 UTC (rev 448) +++ sarge-checks/CAN/list 2005-02-19 10:27:20 UTC (rev 449) @@ -10,6 +10,7 @@ NOTE: reserved CAN-2005-0464 NOTE: reserved +begin claimed by djoume CAN-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...) TODO: check CAN-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...) @@ -116,6 +117,7 @@ TODO: check CAN-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) TODO: check +end claimed by djoume CAN-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...) NOTE: not-for-us (ulog-php) CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...) @@ -154,9 +156,9 @@ NOTE: not-for-us (Sami HTTP Server) CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...) NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html - - kernel-source-2.6.8 (unfixed; bug filed) - - kernel-source-2.6.9 (unfixed; bug filed) - - kernel-source-2.6.10 (unfixed; bug filed) + - kernel-source-2.6.8 (unfixed; bug #295949) + - kernel-source-2.6.9 (unfixed; bug #295948) + - kernel-source-2.6.10 (unfixed; bug #295947) CAN-2005-0448 NOTE: reserved CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...)