thr3ads.net - Secure testing commits - [Secure-testing-commits] r532

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Mar-09 08:14 UTC
[Secure-testing-commits] r532 - sarge-checks/CAN

Author: joeyh
Date: 2005-03-09 09:14:18 +0100 (Wed, 09 Mar 2005)
New Revision: 532

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-03-08 22:23:45 UTC (rev 531)
+++ sarge-checks/CAN/list	2005-03-09 08:14:18 UTC (rev 532)
@@ -1,3 +1,163 @@
+CAN-2005-0703 (Unknown vulnerability in Xerox MicroServer Web Server for
various ...)
+	TODO: check
+CAN-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows
remote ...)
+	TODO: check
+CAN-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i
and 9i ...)
+	TODO: check
+CAN-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0
allows ...)
+	TODO: check
+CAN-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in
the ...)
+	TODO: check
+CAN-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and
earlier ...)
+	TODO: check
+CAN-2005-0697 (SQL injection vulnerability in the process_picture function ...)
+	TODO: check
+CAN-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote
...)
+	TODO: check
+CAN-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting
...)
+	TODO: check
+CAN-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files
under ...)
+	TODO: check
+CAN-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote
...)
+	TODO: check
+CAN-2005-0692 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 5.x
allows ...)
+	TODO: check
+CAN-2005-0691 (PHP remote code injection vulnerability in article mode for ...)
+	TODO: check
+CAN-2005-0690 (Gene6 FTP Server does not properly restrict access to the
control ...)
+	TODO: check
+CAN-2005-0689 (includer.cgi in The Includer allows remote attackers to execute
...)
+	TODO: check
+CAN-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned
off, ...)
+	TODO: check
+CAN-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote
attackers ...)
+	TODO: check
+CAN-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf
...)
+	TODO: check
+CAN-2005-0685 (Multiple access validation errors in OutStart Participate
Enterprise ...)
+	TODO: check
+CAN-2005-0684
+	NOTE: reserved
+CAN-2005-0683 (phpBB 2.0.13 and earlier allows remote attackers to obtain the
full ...)
+	TODO: check
+CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal
...)
+	TODO: check
+CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CAN-2005-0680 (PHP remote code injection vulnerability in ...)
+	TODO: check
+CAN-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php
for ...)
+	TODO: check
+CAN-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for
Form ...)
+	TODO: check
+CAN-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform
certain ...)
+	TODO: check
+CAN-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL
...)
+	TODO: check
+CAN-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum
3.5 ...)
+	TODO: check
+CAN-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for
paBox ...)
+	TODO: check
+CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php
for ...)
+	TODO: check
+CAN-2005-0672 (Carsten''s 3D Engine (Ca3DE), March 2004 version and
earlier, allows ...)
+	TODO: check
+CAN-2005-0671 (Format string vulnerability in Carsten''s 3D Engine
(Ca3DE), March 2004 ...)
+	TODO: check
+CAN-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0
through ...)
+	TODO: check
+CAN-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN
1.2.0 ...)
+	TODO: check
+CAN-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before
0.51 ...)
+	TODO: check
+CAN-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions
before ...)
+	TODO: check
+CAN-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to
2.2 ...)
+	TODO: check
+CAN-2005-0665 (Format string vulnerability in xv before 3.10a allows remote
attackers ...)
+	TODO: check
+CAN-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not
properly ...)
+	TODO: check
+CAN-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2
allows ...)
+	TODO: check
+CAN-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for
MercuryBoard ...)
+	TODO: check
+CAN-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in
...)
+	TODO: check
+CAN-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum
1.11 ...)
+	TODO: check
+CAN-2005-0659 (phpBB 2.0.13 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CAN-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3
allows ...)
+	TODO: check
+CAN-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x
and ...)
+	TODO: check
+CAN-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS
1.5 ...)
+	TODO: check
+CAN-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CAN-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows
remote ...)
+	TODO: check
+CAN-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables
with an ...)
+	TODO: check
+CAN-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS
Alpha ...)
+	TODO: check
+CAN-2005-0651 (SQL injection vulnerability in divers.php (incorrectly referred
to as ...)
+	TODO: check
+CAN-2005-0650 (Cross-site scripting (XSS) vulnerability in divers.php
(incorrectly ...)
+	TODO: check
+CAN-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to
bypass ...)
+	TODO: check
+CAN-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0
allow ...)
+	TODO: check
+CAN-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to
inject ...)
+	TODO: check
+CAN-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows
remote ...)
+	TODO: check
+CAN-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in
cuteNews ...)
+	TODO: check
+CAN-2005-0644
+	NOTE: reserved
+CAN-2005-0643
+	NOTE: reserved
+CAN-2005-0642 (SQL injection vulnerability in the Query Designer for Computer
...)
+	TODO: check
+CAN-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for
Computer ...)
+	TODO: check
+CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0
does not ...)
+	TODO: check
+CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote
attackers ...)
+	TODO: check
+CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers
to ...)
+	TODO: check
+CAN-2005-0637 (The copy functions in locore.s in OpenBSD 3.5 and 3.6 may allow
...)
+	TODO: check
+CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote
...)
+	TODO: check
+CAN-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to
...)
+	TODO: check
+CAN-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote
attackers to ...)
+	TODO: check
+CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote
attackers to ...)
+	TODO: check
+CAN-2005-0632 (PHP remote code injection vulnerability in auth.php in PHPNews
1.2.4 ...)
+	TODO: check
+CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to
delete ...)
+	TODO: check
+CAN-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to
read ...)
+	TODO: check
+CAN-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in
profile.php in ...)
+	TODO: check
+CAN-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa
1.0 ...)
+	TODO: check
+CAN-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could
be ...)
+	TODO: check
+CAN-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security
products ...)
+	TODO: check
+CAN-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the
full ...)
+	TODO: check
+CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum
3.4 ...)
+	TODO: check
 CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using
the ...)
 	- squid 2.5.9-2
 CAN-2005-0940
@@ -42,8 +202,7 @@
 	NOTE: not-for-us (CubeCert)
 CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for
...)
 	NOTE: not-for-us (CubeCert)
-CAN-2005-0605
-	NOTE: reserved
+CAN-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code
via a ...)
 	- lesstif1-1 (unfixed; bug #298183)
 CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the
...)
 	NOTE: not-for-us (GFI Languard Network Security Scanner)
@@ -164,10 +323,10 @@
 	NOTE: reserved
 CAN-2005-0550
 	NOTE: reserved
-CAN-2005-0549
-	NOTE: reserved
-CAN-2005-0548
-	NOTE: reserved
+CAN-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2
...)
+	TODO: check
+CAN-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2
...)
+	TODO: check
 CAN-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla
1.7.2, ...)
 	NOTE: not-for-us (Apple Java plugin)
 CAN-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows
remote ...)
@@ -282,7 +441,7 @@
 	NOTE: not-for-us (MS Office)
 CAN-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path
of ...)
 	- phpmyadmin 3:2.6.1-pl2-1
-CAN-2005-0543 (Cross-site scripting (XSS) vulnerability phpMyAdmin 2.6.1 allows
...)
+CAN-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1
allows ...)
 	- phpmyadmin 3:2.6.1-pl2-1
 CAN-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server
1.2.1 ...)
 	NOTE: not-for-us (Cyclades AlterPath Manager)
@@ -1036,8 +1195,7 @@
 	NOTE: reserved
 CAN-2005-0398
 	NOTE: reserved
-CAN-2005-0397
-	NOTE: reserved
+CAN-2005-0397 (Format string vulnerability in ImageMagick before 6.0.2.5 allows
...)
 	- imagemagick 6:6.0.6.2-2.2
 CAN-2005-0396
 	NOTE: reserved
@@ -1090,7 +1248,7 @@
 	NOTE: not-for-us (sgallery)
 CAN-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and
earlier ...)
 	NOTE: not-for-us (bitboard)
-CAN-2005-0373 (Buffer overflow in digestmd5.c 1.170 (also referred to as ...)
+CAN-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred
to as ...)
 	NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
 	NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
 	NOTE: cyrus-sasl2 already has patch applied
@@ -1127,8 +1285,8 @@
 	NOTE: reserved
 CAN-2005-0354
 	NOTE: reserved
-CAN-2005-0353
-	NOTE: reserved
+CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the
Sentinel ...)
+	TODO: check
 CAN-2005-0352
 	NOTE: reserved
 CAN-2005-0351
@@ -1713,11 +1871,12 @@
 	NOTE: reserved
 CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote
attackers ...)
 	- gaim 1:1.1.4
-CAN-2005-0207
-	NOTE: reserved
+CAN-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x
allows ...)
+	TODO: check
 CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and
3.0 ...)
 	TODO: check
 CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without
certain ...)
+	{DSA-692-1}
 	- kppp 4:3.1.6
 CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel
EM64T ...)
 	NOTE: according to the CAN it is fixed in 2.6.10, but
@@ -1974,8 +2133,8 @@
 	- maxdb-7.5.00 7.5.00.18
 CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
 	NOTE: not-for-us (MSIE)
-CAN-2005-0109
-	NOTE: reserved
+CAN-2005-0109 (Unknown vulnerability in FreeBSD, and possibly other operating
...)
+	TODO: check
 CAN-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote
...)
 	{DSA-659-1}
 	- libapache-mod-auth-radius 1.5.7-6
@@ -1999,11 +2158,9 @@
 	{DSA-685-1 DSA-671-1 DSA-670-1}
 	- emacs21 21.3+1-9
 	- xemacs21 21.4.16-2
-CAN-2005-0099
-	NOTE: reserved
+CAN-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly
drop ...)
 	{DSA-691-1}
-CAN-2005-0098
-	NOTE: reserved
+CAN-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL)
before ...)
 	{DSA-691-1}
 CAN-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows
remote ...)
 	- squid 2.5.7-4
@@ -4252,7 +4409,7 @@
 	NOTE: not-for-us (MacOS)
 CAN-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3
and ...)
 	NOTE: not-for-us (MacOS)
-CAN-2004-0484 (Unknown vulnerability in mshtml.dll in Microsoft Internet
Explorer ...)
+CAN-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote
attackers to ...)
 	NOTE: not-for-us (Microsoft)
 CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows
remote ...)
 	NOTE: not-for-us (IRIX)
@@ -6745,7 +6902,7 @@
 	NOTE: not-for-us (Phorum)
 CAN-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers
to ...)
 	{DSA-344}
-CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 allows local users to execute
...)
+CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5,
and ...)
 	- firebird2 1.5.1-1
 	NOTE: firebird (1) in debian is very insecure and vulnerable, but
 	NOTE: the server is not included, just the libraries. See bug #251458
Secure testing commits - Mar 2005 - r532 - sarge-checks/CAN

[Secure-testing-commits] r532 - sarge-checks/CAN
