Author: stef-guest Date: 2005-03-21 15:08:29 +0100 (Mon, 21 Mar 2005) New Revision: 594 Modified: sarge-checks/CAN/list Log: checked a few Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-21 13:22:45 UTC (rev 593) +++ sarge-checks/CAN/list 2005-03-21 14:08:29 UTC (rev 594) @@ -56,43 +56,42 @@ TODO: check CAN-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...) TODO: check -begin claimed by stef CAN-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...) - TODO: check + NOTE: not-for-us (ZPanel not in Debian) CAN-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel allows ...) - TODO: check + NOTE: not-for-us (ZPanel not in Debian) CAN-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (ZPanel not in Debian) CAN-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...) - TODO: check + NOTE: not-for-us (phpAdsNew not in Debian) CAN-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...) - TODO: check + NOTE: not-for-us (phpAdsNew not in Debian) CAN-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...) - TODO: check + NOTE: not-for-us (SimpGB not in Debian) CAN-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...) - TODO: check + NOTE: not-for-us (YaBB not in Debian) CAN-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...) - TODO: check + NOTE: not-for-us (Phorum not in Debian) CAN-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...) - TODO: check + NOTE: not-for-us (Phorum not in Debian) CAN-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...) - TODO: check + NOTE: not-for-us (paFileDB not in Debian) CAN-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...) - TODO: check + NOTE: not-for-us (paFileDB not in Debian) CAN-2005-0780 (paFileDB 3.1 and earlier allows remote attackres to obtain sensitive ...) - TODO: check + NOTE: not-for-us (paFileDB not in Debian) CAN-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...) - TODO: check + NOTE: not-for-us (PlatinumFTP not in Debian) CAN-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...) - TODO: check + NOTE: not-for-us (PhotoPost) CAN-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) - TODO: check + NOTE: not-for-us (PhotoPost) CAN-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...) - TODO: check + NOTE: not-for-us (PhotoPost) CAN-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...) - TODO: check + NOTE: not-for-us (PhotoPost) CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...) - TODO: check + NOTE: not-for-us (PhotoPost) CAN-2005-0773 NOTE: reserved CAN-2005-0772 @@ -100,15 +99,15 @@ CAN-2005-0771 NOTE: reserved CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...) - TODO: check + NOTE: not-for-us (IDA Pro) CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...) - TODO: check + NOTE: not-for-us (GoodTech Telnet Server) CAN-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...) - TODO: check + - kernel-source-2.6.8 (unfixed; bug #297203) CAN-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...) - TODO: check + - ethereal 0.10.10-1 CAN-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...) - TODO: check + - ethereal 0.10.10-1 CAN-2005-0764 NOTE: reserved CAN-2005-0763 @@ -142,28 +141,28 @@ CAN-2005-0749 NOTE: reserved CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...) - TODO: check + NOTE: not-for-us (ActiveCampaign KnowledgeBuilder) CAN-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...) - TODO: check + NOTE: not-for-us (Adobe PhotoDeluxe) CAN-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...) - TODO: check + NOTE: not-for-us (Advanced Poll not in Debian) CAN-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...) - TODO: check + NOTE: not-for-us (WinVNC) CAN-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...) - TODO: check + NOTE: not-for-us (AOL Instant Messenger) CAN-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (AOL Instant Messenger) CAN-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (AOL Instant Messenger) CAN-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (AOL Instant Messenger) CAN-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (AOL Instant Messenger) CAN-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...) - TODO: check + NOTE: not-for-us (AOL Instant Messenger) CAN-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...) - TODO: check -end claimed by stef + NOTE: not-for-us + NOTE: Debian''s nvi recover script is very different CAN-2005-XXXX - omniorb4 4.0.5-2 CAN-2005-0789 Possible remote access to arbitrary files in Limewire