Author: joeyh Date: 2005-03-24 21:14:20 +0000 (Thu, 24 Mar 2005) New Revision: 639 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-24 18:12:16 UTC (rev 638) +++ sarge-checks/CAN/list 2005-03-24 21:14:20 UTC (rev 639) @@ -1,3 +1,70 @@ +CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...) + TODO: check +CAN-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...) + TODO: check +CAN-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...) + TODO: check +CAN-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...) + TODO: check +CAN-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) + TODO: check +CAN-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...) + TODO: check +CAN-2005-0840 + NOTE: rejected + TODO: check +CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...) + TODO: check +CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...) + TODO: check +CAN-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...) + TODO: check +CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) + TODO: check +CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...) + TODO: check +CAN-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...) + TODO: check +CAN-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...) + TODO: check +CAN-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...) + TODO: check +CAN-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...) + TODO: check +CAN-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...) + TODO: check +CAN-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...) + TODO: check +CAN-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...) + TODO: check +CAN-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...) + TODO: check +CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...) + TODO: check +CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...) + TODO: check +CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...) + TODO: check +CAN-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...) + TODO: check +CAN-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...) + TODO: check +CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...) + TODO: check +CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...) + TODO: check +CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...) + TODO: check +CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...) + TODO: check +CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...) + TODO: check +CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...) + TODO: check +CAN-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...) + TODO: check +CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...) + TODO: check CAN-2005-XXXX [Various path disclosure and Cross-Site-Scripting issues in phpsysinfo] - phpsysinfo (unfixed; bug #301118) CAN-2005-XXXX [Various /tmp related security issues in cernlib] @@ -117,7 +184,6 @@ CAN-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...) - ethereal 0.10.10-1 CAN-2005-0764 [Buffer overflow with overly long escape sequences in rxvt-unicode] - NOTE: reserved - rxvt-unicode 5.3-1 CAN-2005-0763 NOTE: reserved @@ -258,16 +324,16 @@ - squid 2.5.8 CAN-2005-0717 NOTE: reserved -CAN-2005-0716 - NOTE: reserved -CAN-2005-0715 - NOTE: reserved +CAN-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...) + TODO: check +CAN-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...) + TODO: check CAN-2005-0714 NOTE: rejected -CAN-2005-0713 - NOTE: reserved -CAN-2005-0712 - NOTE: reserved +CAN-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...) + TODO: check +CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...) + TODO: check CAN-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...) - mysql-dfsg 4.0.24 - mysql-dfsg-4.1 4.1.10a @@ -1624,16 +1690,16 @@ CAN-2005-0403 NOTE: reserved CAN-2005-0402 [Arbitrary code execution from Firefox sidebar panel] + NOTE: reserved - mozilla-firefox (unfixed; bug #301243) +CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox] NOTE: reserved -CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox] - mozilla-firefox (unfixed; bug #301243) - NOTE: reserved CAN-2005-0400 NOTE: reserved CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Firefox] + NOTE: reserved - mozilla-firefox (unfixed; bug #301243) - NOTE: reserved CAN-2005-0398 NOTE: reserved - racoon 1:0.5-5 @@ -1654,7 +1720,7 @@ CAN-2005-0390 NOTE: reserved CAN-2005-0389 - NOTE: reserved + NOTE: rejected - lsh-utils 2.0-1 CAN-2005-0388 NOTE: reserved