thr3ads.net - Secure testing commits - [Secure-testing-commits] r551

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Mar-14 08:14 UTC
[Secure-testing-commits] r551 - sarge-checks/CAN

Author: joeyh
Date: 2005-03-14 09:14:34 +0100 (Mon, 14 Mar 2005)
New Revision: 551

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-03-14 04:15:31 UTC (rev 550)
+++ sarge-checks/CAN/list	2005-03-14 08:14:34 UTC (rev 551)
@@ -1,3 +1,176 @@
+CAN-2005-0748 (PHP remote code injection vulnerability in initdb.php for
WEBInsta ...)
+	TODO: check
+CAN-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CAN-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier
...)
+	TODO: check
+CAN-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows
local ...)
+	TODO: check
+CAN-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows
attackers ...)
+	TODO: check
+CAN-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS
2.0.9.2 ...)
+	TODO: check
+CAN-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
+	TODO: check
+CAN-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0
RC1 ...)
+	TODO: check
+CAN-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote
...)
+	TODO: check
+CAN-2005-0739 (The IAPP dissector for Ethereal 0.9.1 to 0.9.9 does not properly
use ...)
+	TODO: check
+CAN-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows
users to ...)
+	TODO: check
+CAN-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to
execute ...)
+	TODO: check
+CAN-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux
kernel 2.6 ...)
+	TODO: check
+CAN-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain
...)
+	TODO: check
+CAN-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
+	TODO: check
+CAN-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
+	TODO: check
+CAN-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
+	TODO: check
+CAN-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
+	TODO: check
+CAN-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
+	TODO: check
+CAN-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier
allows ...)
+	TODO: check
+CAN-2005-0728
+	NOTE: rejected
+	TODO: check
+CAN-2005-0727
+	NOTE: rejected
+	TODO: check
+CAN-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0
allows ...)
+	TODO: check
+CAN-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in
...)
+	TODO: check
+CAN-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CAN-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu
function in ...)
+	TODO: check
+CAN-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for
the ...)
+	TODO: check
+CAN-2005-0721 (PHP remote code injection vulnerability in modules.php in
eXPerience2 ...)
+	TODO: check
+CAN-2005-0720 (PHP remote code injection vulnerability in header.php in PHP
mcNews ...)
+	TODO: check
+CAN-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64
Unix ...)
+	TODO: check
+CAN-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a
...)
+	TODO: check
+CAN-2005-0717
+	NOTE: reserved
+CAN-2005-0716
+	NOTE: reserved
+CAN-2005-0715
+	NOTE: reserved
+CAN-2005-0714
+	NOTE: rejected
+	TODO: check
+CAN-2005-0713
+	NOTE: reserved
+CAN-2005-0712
+	NOTE: reserved
+CAN-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses
predictable ...)
+	TODO: check
+CAN-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote
...)
+	TODO: check
+CAN-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote
...)
+	TODO: check
+CAN-2005-0708
+	NOTE: reserved
+CAN-2003-1130 (rpc.walld on Solaris 2.x through 9, and possibly other operating
...)
+	TODO: check
+CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice
Chat) ...)
+	TODO: check
+CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server
between ...)
+	TODO: check
+CAN-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote
attackers ...)
+	TODO: check
+CAN-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through
SP5 on ...)
+	TODO: check
+CAN-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server
4.16, ...)
+	TODO: check
+CAN-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1,
3.0, and ...)
+	TODO: check
+CAN-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier
allows ...)
+	TODO: check
+CAN-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses
...)
+	TODO: check
+CAN-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before
4.14, ...)
+	TODO: check
+CAN-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix,
when the ...)
+	TODO: check
+CAN-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a
...)
+	TODO: check
+CAN-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions
allows ...)
+	TODO: check
+CAN-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and
RealSystem ...)
+	TODO: check
+CAN-2003-1116 (The communications protocol for the Report Review Agent (RRA),
aka FND ...)
+	TODO: check
+CAN-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel
...)
+	TODO: check
+CAN-2003-1114 (The Session Initiation Protocol (SIP) implementation in
Mediatrix ...)
+	TODO: check
+CAN-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel
SIP ...)
+	TODO: check
+CAN-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate
...)
+	TODO: check
+CAN-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple
...)
+	TODO: check
+CAN-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia
SIP ...)
+	TODO: check
+CAN-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple
Cisco ...)
+	TODO: check
+CAN-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel
...)
+	TODO: check
+CAN-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP)
6.4, 7.0, ...)
+	TODO: check
+CAN-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows
remote ...)
+	TODO: check
+CAN-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0
SP1 ...)
+	TODO: check
+CAN-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows
...)
+	TODO: check
+CAN-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird
CyberDOCS ...)
+	TODO: check
+CAN-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS,
uses ...)
+	TODO: check
+CAN-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote
attackers to ...)
+	TODO: check
+CAN-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in
Hummingbird ...)
+	TODO: check
+CAN-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary
files ...)
+	TODO: check
+CAN-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which
introduced a ...)
+	TODO: check
+CAN-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04,
when ...)
+	TODO: check
+CAN-2002-1600 (Directory traversal vulnerability in Mike Spice''s My
Classifieds ...)
+	TODO: check
+CAN-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass
content ...)
+	TODO: check
+CAN-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and
...)
+	TODO: check
+CAN-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote
...)
+	TODO: check
+CAN-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote
...)
+	TODO: check
+CAN-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers
to ...)
+	TODO: check
+CAN-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid
on a ...)
+	TODO: check
+CAN-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle
versioning ...)
+	TODO: check
+CAN-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a
CGI ...)
+	TODO: check
+CAN-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the
Trusted ...)
+	TODO: check
 CAN-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch
...)
 	NOTE: not-for-us (Ipswitch Collaboration Suite)
 CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to
cause a ...)
@@ -158,9 +331,9 @@
 	- phpmyadmin 3:2.6.1-pl3-1
 CAN-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS
Alpha ...)
 	NOTE: not-for-us (OpenVMS)
-CAN-2005-0651 (SQL injection vulnerability in divers.php (incorrectly referred
to as ...)
+CAN-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1
allow ...)
 	NOTE: not-for-us (ProjectBB)
-CAN-2005-0650 (Cross-site scripting (XSS) vulnerability in divers.php
(incorrectly ...)
+CAN-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB
...)
 	NOTE: not-for-us (ProjectBB)
 CAN-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to
bypass ...)
 	NOTE: not-for-us (Pixel-Apes SafeHTML)
@@ -1151,8 +1324,7 @@
 	- kernel-source-2.6.8 (unfixed; bug #295949)
 	- kernel-source-2.6.9 (unfixed; bug #295948)
 	- kernel-source-2.6.10 (unfixed; bug #295947)
-CAN-2005-0448
-	NOTE: reserved
+CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl
before ...)
 	- perl 5.8.4-7
 CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows
remote ...)
 	NOTE: not-for-us (Quake3)
@@ -3719,7 +3891,7 @@
 	NOTE: not-for-us (microsoft)
 CAN-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in
...)
 	NOTE: not-for-us (microsoft)
-CAN-2004-0842 (Internet Explorer 6.1 SP1 and earlier, and possibly other
versions, ...)
+CAN-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other
versions, ...)
 	NOTE: not-for-us (microsoft)
 CAN-2004-0841 (Internet Explorer 6.x allows remote attackers to install
arbitrary ...)
 	NOTE: not-for-us (microsoft)
@@ -5951,7 +6123,7 @@
 	{DSA-379}
 CAN-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP
address ...)
 	{DSA-379}
-CAN-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allows remote ...)
+CAN-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote
authenticated ...)
 	NOTE: not-for-us (WS_FTP server)
 CAN-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable
temporary ...)
 	- libapache-gallery-perl 0.7
@@ -6669,7 +6841,7 @@
 	- ethereal 0.9.13
 CAN-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote
...)
 	{DSA-324}
-CAN-2003-0428 (Unknown vulnerability in the DCERPC dissector in Ethereal 0.9.12
and ...)
+CAN-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in
Ethereal ...)
 	{DSA-324}
 CAN-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote
attackers to ...)
 	{DSA-320}
Secure testing commits - Mar 2005 - r551 - sarge-checks/CAN

[Secure-testing-commits] r551 - sarge-checks/CAN
