thr3ads.net - Secure testing commits - [Secure-testing-commits] r470

If this information is useful, please help other people find it:
Share via:
Micah Anderson
2005-Feb-23 06:55 UTC
[Secure-testing-commits] r470 - sarge-checks/CAN

Author: micah
Date: 2005-02-23 07:55:04 +0100 (Wed, 23 Feb 2005)
New Revision: 470

Modified:
   sarge-checks/CAN/list
Log:
Finished checking my claimed CANs


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-23 06:03:46 UTC (rev 469)
+++ sarge-checks/CAN/list	2005-02-23 06:55:04 UTC (rev 470)
@@ -80,86 +80,84 @@
 CAN-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk
allows ...)
 	TODO: check
 end claimed by djoume
-begin claimed by micah
 CAN-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive
...)
-	TODO: check
+	NOTE: not-for-us (PerlDesk)
 CAN-2004-1676 (Heap-based buffer overflow in the image sending feature in
Gadu-Gadu ...)
-	TODO: check
+	NOTE: not-for-us (Gadu-Gadu)
 CAN-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a
...)
-	TODO: check
+	NOTE: not-for-us (Serv-U FTP)
 CAN-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail
5.2.7 ...)
-	TODO: check
+	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp
Web ...)
-	TODO: check
+	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail
5.2.7 ...)
-	TODO: check
+	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly
other ...)
-	TODO: check
+	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server
7.4.5 ...)
-	TODO: check
+	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server
7.4.5 ...)
-	TODO: check
+	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects
2.0 ...)
-	TODO: check
+	NOTE: not-for-us (Subjects)
 CAN-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (Halo Combat Evolved)
 CAN-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows
remote MSN ...)
-	TODO: check
+	NOTE: not-for-us (Trillian)
 CAN-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews
1.1 ...)
-	TODO: check
+	NOTE: not-for-us (PsNews)
 CAN-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a
denial ...)
-	TODO: check
+	NOTE: not-for-us (Call of Duty)
 CAN-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such
as ...)
-	TODO: check
+	NOTE: not-for-us (Engenio/LSI Logic storage controllers)
 CAN-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive
information ...)
-	TODO: check
+	NOTE: not-for-us (YaBB)
 CAN-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
-	TODO: check
+	NOTE: not-for-us (MailWorks)
 CAN-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and
earlier ...)
-	TODO: check
+	NOTE: not-for-us (CuteNews)
 CAN-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in
CuteNews ...)
-	TODO: check
+	NOTE: not-for-us (CuteNews)
 CAN-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...)
-	TODO: check
+	NOTE: not-for-us (Kerio Personal Firewall)
 CAN-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and
Events ...)
-	TODO: check
+	NOTE: not-for-us (DasBlog)
 CAN-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991
allows ...)
-	TODO: check
+	NOTE: not-for-us (Comersus Shopping Cart)
 CAN-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4
and ...)
-	TODO: check
+	NOTE: not-for-us (phpWebsite)
 CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite
...)
-	TODO: check
+	NOTE: not-for-us (phpWebsite)
 CAN-2004-1653 (The default configuration for OpenSSH enables
AllowTcpForwarding, ...)
-	TODO: check
+	- ssh (unfixed; bug #296547)
 CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges
if ...)
-	TODO: check
+	NOTE: not-for-us (phpScheduleIt)
 CAN-2004-1651 (Multiple Cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOTE: not-for-us (phpScheduleIt)
 CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an
IP ...)
-	TODO: check
+	NOTE: not-for-us (D-Link DCS-900)
 CAN-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local
users to ...)
-	TODO: check
+	NOTE: not-for-us (Msinfo32.exe)
 CAN-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2)
...)
-	TODO: check
+	NOTE: not-for-us (Password Protect)
 CAN-2004-1647 (SQL injection vulnerability in Password Protect allows remote
...)
-	TODO: check
+	NOTE: not-for-us (Password Protect)
 CAN-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote
attackers ...)
-	TODO: check
+	NOTE: not-for-us (Xedus)
 CAN-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (Xedus)
 CAN-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service
(refuse ...)
-	TODO: check
-end claimed by micah
+	NOTE: not-for-us (Xedus)
 CAN-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial
of ...)
-	TODO: check
+	NOTE: not-for-us (WS_FTP)
 CAN-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause
a ...)
-	TODO: check
+	NOTE: not-for-us (WS_FTP)
 CAN-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (Titan)
 CAN-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
0.94 and ...)
-	TODO: check
+	NOTE: not-for-us (XOOPS)
 CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable
modem ...)
-	TODO: check
+	NOTE: not-for-us (Thomson cable modem)
 CAN-2005-0488
 	NOTE: reserved
 CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913
allows ...)
@@ -6840,13 +6838,13 @@
 	{DSA-215}
 	- cyrus-imapd 1.5.19-9.10
 CAN-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial
of ...)
-	NOTE: not for us (SAP)
+	NOTE: not-for-us (SAP)
 CAN-2002-1578 (The default installation of SAP R/3, when using Oracle and
SQL*net V2 ...)
-	NOTE: not for us (SAP)
+	NOTE: not-for-us (SAP)
 CAN-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users
and ...)
-	NOTE: not for us (SAP)
+	NOTE: not-for-us (SAP)
 CAN-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working
directory ...)
-	NOTE: not for us (SAP)
+	NOTE: not-for-us (SAP)
 CAN-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy
via ...)
 	{DSA-437}
 	- cgiemail 1.6-20
Secure testing commits - Feb 2005 - r470 - sarge-checks/CAN

[Secure-testing-commits] r470 - sarge-checks/CAN
