Author: djoume-guest Date: 2005-03-01 23:30:44 +0100 (Tue, 01 Mar 2005) New Revision: 511 Modified: sarge-checks/CAN/list Log: * processed a part of my block Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-01 20:27:29 UTC (rev 510) +++ sarge-checks/CAN/list 2005-03-01 22:30:44 UTC (rev 511) @@ -33,40 +33,39 @@ NOTE: reserved CAN-2005-0581 NOTE: reserved -begin claimed by djoume CAN-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...) - TODO: check + NOTE: not-for-us (cmd5checkpw) CAN-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...) - TODO: check + NOTE: not-for-us (FreeNX) CAN-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...) - TODO: check + - mozilla-firefox 1.0.1-1 CAN-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...) - TODO: check + NOTE: not-for-us (MKBold-MKItalic) CAN-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...) - TODO: check + NOTE: not-for-us (STSF in Solaris) CAN-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...) - TODO: check + NOTE: not-for-us (Stormy Studios Knet) CAN-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...) - TODO: check + NOTE: not-for-us (CIS Webserver) CAN-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...) + NOTE: don''t know if we are vulnerable, I''ve mailed maintainers -- Djoume TODO: check CAN-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...) - TODO: check + NOTE: not-for-us (phpWebSite) CAN-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...) - TODO: check + NOTE: not-for-us (PunBB) CAN-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...) - TODO: check + NOTE: not-for-us (PunBB) CAN-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...) - TODO: check + NOTE: not-for-us (PunBB) CAN-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Soldier of Fortune II) CAN-2005-0567 (Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1 ...) - TODO: check + - phpmyadmin 3:2.6.1-pl2-1 CAN-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote attackers ...) - TODO: check + NOTE: not-for-us (Golden FTP Server) CAN-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...) - TODO: check -end claimed by djoume + NOTE: not-for-us (phpWebSite) CAN-2005-0564 NOTE: reserved CAN-2005-0563 @@ -188,29 +187,29 @@ TODO: check CAN-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...) TODO: check +end claimed by djoume CAN-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...) - TODO: check + NOTE: not-for-us (page.cgi) CAN-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...) - TODO: check + NOTE: not-for-us (Datakey Rainbow iKey2032 USB token) CAN-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Webbsyte) CAN-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...) - TODO: check + NOTE: not-for-us (U.S. Robotics wireless access point) CAN-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...) - TODO: check + NOTE: not-for-us (Citadel/UX) CAN-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...) - TODO: check + NOTE: not-for-us (WpQuiz) CAN-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...) - TODO: check + NOTE: not-for-us (Fusion News) CAN-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...) - TODO: check + NOTE: not-for-us (Lexar Safe Guard) CAN-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...) - TODO: check + NOTE: not-for-us (diagmond on HP-UX) CAN-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...) - TODO: check -end claimed by djoume + NOTE: not-for-us (ftpd on HP-UX) CAN-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...) - cyrus21-imapd (unfixed; bug #296681) CAN-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...)