Author: djoume-guest Date: 2005-02-22 15:22:27 +0100 (Tue, 22 Feb 2005) New Revision: 466 Modified: sarge-checks/CAN/list Log: * processed my block Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-22 13:18:28 UTC (rev 465) +++ sarge-checks/CAN/list 2005-02-22 14:22:27 UTC (rev 466) @@ -239,120 +239,120 @@ - proftpd 1.2.10-4 CAN-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...) NOTE: not-for-us (coolphp) -begin claimed by djoume CAN-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...) - TODO: check + NOTE: not-for-us (CoolPHP) CAN-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...) - TODO: check + NOTE: not-for-us (CoolPHP) CAN-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...) - TODO: check + NOTE: not-for-us (Acrobat) CAN-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...) - TODO: check + NOTE: not-for-us (RIM Blackberry) CAN-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...) - TODO: check + NOTE: not-for-us (3COM router) CAN-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...) - TODO: check + NOTE: not-for-us (ShixxNote) CAN-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...) - TODO: check + NOTE: not-for-us (FuseTalk) CAN-2004-1593 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOTE: not-for-us (SCT email client) CAN-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal 1.0.3 ...) - TODO: check + NOTE: not-for-us (ocPortal) CAN-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...) - TODO: check + NOTE: not-for-us (Micronet Wireless Router) CAN-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...) - TODO: check + NOTE: not-for-us (clientexec) CAN-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...) - TODO: check + NOTE: not-for-us (GoSmart) CAN-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...) - TODO: check + NOTE: not-for-us (GoSmart) CAN-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...) - TODO: check + NOTE: not-for-us (Monolith Games) CAN-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...) - TODO: check + NOTE: not-for-us (Flash Messaging) CAN-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...) - TODO: check + NOTE: not-for-us (Flash Messaging) CAN-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...) - TODO: check + - wordpress 1.2.1-1.1 CAN-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...) - TODO: check + NOTE: not-for-us (FTP server in TriDComm) CAN-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1 allows ...) - TODO: check + NOTE: not-for-us (BlackBoard) CAN-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...) - TODO: check + NOTE: not-for-us (BlackBoard) CAN-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...) - TODO: check + NOTE: not-for-us (CubeCart) CAN-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...) - TODO: check + NOTE: not-for-us (CubeCart) CAN-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...) - TODO: check + NOTE: not-for-us (Invision Power Board) CAN-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...) - TODO: check + NOTE: not-for-us (phplinks) CAN-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...) - TODO: check + NOTE: not-for-us (Judge Dredd) CAN-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...) - TODO: check + - xerces25 (unfixed; bug filed) + NOTE: xerces24, xerces23, xerces22, xerces21 could also be concerned by this + NOTE: I have noticed it in the bug report agains xerces25 -- Djoume CAN-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (Vypress) CAN-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...) - TODO: check + NOTE: not-for-us (AJ-Fork) CAN-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...) - TODO: check + NOTE: not-for-us (AJ-Fork) CAN-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...) - TODO: check + NOTE: not-for-us (AJ-Fork) CAN-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...) - TODO: check + NOTE: not-for-us (bBlog) CAN-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...) - TODO: check + NOTE: not-for-us (dbPowerAmp) CAN-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...) - TODO: check + NOTE: not-for-us (Parachat) CAN-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...) - TODO: check + NOTE: not-for-us (Silent Storm Portal) CAN-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...) - TODO: check + NOTE: not-for-us (Silent Storm Portal) CAN-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...) - TODO: check + NOTE: not-for-us (w-Agora) CAN-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...) - TODO: check + NOTE: not-for-us (w-Agora) CAN-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...) - TODO: check + NOTE: not-for-us (w-Agora) CAN-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...) - TODO: check + NOTE: not-for-us (w-Agora) CAN-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...) - TODO: check + - icecast2 2.0.2.debian-1 CAN-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Microsoft SQL Server) CAN-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...) - TODO: check + - wordpress 1.2.2-1.1 CAN-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through 0.6 ...) - TODO: check + NOTE: not-for-us (YahooPOPS) CAN-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...) - TODO: check + NOTE: not-for-us (MyWebServer) CAN-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (MyWebServer) CAN-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...) - TODO: check + NOTE: not-for-us (BroadBoard Instant ASP Message Board) CAN-2004-1554 (PHP remote code injection vulnerability in livre_include.php in @lex ...) - TODO: check + NOTE: not-for-us (@lex GuestBook) CAN-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...) - TODO: check + NOTE: not-for-us (aspWebAlbum) CAN-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...) - TODO: check + NOTE: not-for-us (aspWebCalendar) CAN-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email, (2) ...) - TODO: check + NOTE: not-for-us (PafileDB) CAN-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...) - TODO: check + NOTE: not-for-us (Motorola Router) CAN-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...) - TODO: check + NOTE: not-for-us (ActivePost) CAN-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...) - TODO: check + NOTE: not-for-us (ActivePost) CAN-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (ActivePost) CAN-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...) - TODO: check + NOTE: not-for-us (MDaemon) CAN-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...) - TODO: check -end claimed by djoume + - moniwiki 1.0.9-4 CAN-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...) NOTE: not-for-us (Kyako ESupport) CAN-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...)