Author: joeyh Date: 2005-03-26 09:14:18 +0000 (Sat, 26 Mar 2005) New Revision: 667 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-26 08:38:40 UTC (rev 666) +++ sarge-checks/CAN/list 2005-03-26 09:14:18 UTC (rev 667) @@ -1,3 +1,75 @@ +CAN-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...) + TODO: check +CAN-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...) + TODO: check +CAN-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...) + TODO: check +CAN-2005-0862 (Multiple PHP remote code injection vulnerabilities in PHPOpenChat ...) + TODO: check +CAN-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...) + TODO: check +CAN-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0 allows ...) + TODO: check +CAN-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b allows ...) + TODO: check +CAN-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...) + TODO: check +CAN-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...) + TODO: check +CAN-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...) + TODO: check +CAN-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...) + TODO: check +CAN-2005-0854 (betaparticle blog (bp blog) allows remote attackers to bypass ...) + TODO: check +CAN-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...) + TODO: check +CAN-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...) + TODO: check +CAN-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...) + TODO: check +CAN-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...) + TODO: check +CAN-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) + TODO: check +CAN-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) + TODO: check +CAN-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...) + TODO: check +CAN-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...) + TODO: check +CAN-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...) + TODO: check +CAN-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + TODO: check +CAN-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + TODO: check +CAN-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...) + TODO: check +CAN-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) + TODO: check +CAN-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + TODO: check +CAN-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + TODO: check +CAN-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) + TODO: check +CAN-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + TODO: check +CAN-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) + TODO: check +CAN-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + TODO: check +CAN-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) + TODO: check +CAN-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) + TODO: check +CAN-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...) + TODO: check +CAN-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...) + TODO: check +CAN-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...) + TODO: check CAN-2005-XXXX [Exploitable race conditions in OpenMosixView may lead to filesystem trashing] - openmosixview (unfixed; bug #301430) CAN-2005-XXXX [Buffer overflow in display of messages with MIME encoded filenames in Sylpheed] @@ -111,7 +183,7 @@ NOTE: not-for-us (NotifyLink) CAN-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...) NOTE: not-for-us (Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/) -CAN-2005-0807 (Heap-based buffer overflow in the PSK sniffer for Cain & Abel 2.65 ...) +CAN-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67 allow remote ...) NOTE: not-for-us (Cain & Abel) CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...) - evolution (unfixed; bug #300815) @@ -1651,8 +1723,8 @@ NOTE: not-for-us (Microsoft) CAN-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...) NOTE: not-for-us (3com) -CAN-2005-0418 - NOTE: reserved +CAN-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) + TODO: check CAN-2005-0417 (Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and ...) NOTE: not-for-us (IBM DB2) CAN-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...) @@ -1685,15 +1757,12 @@ CAN-2005-0403 NOTE: reserved CAN-2005-0402 [Arbitrary code execution from Firefox sidebar panel] - NOTE: reserved - mozilla-firefox 1.0.2-1 CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox] - NOTE: reserved - mozilla-firefox 1.0.2-1 CAN-2005-0400 NOTE: reserved CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Firefox] - NOTE: reserved - mozilla-firefox 1.0.2-1 CAN-2005-0398 NOTE: reserved @@ -2193,7 +2262,7 @@ NOTE: reserved CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...) - wu-ftpd 2.6.2-19 -CAN-2005-0255 (String handling functions in Mozilla 1.7.3 and Firefox 1.0, such as ...) +CAN-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...) - mozilla-firefox 1.0.1 NOTE: didn''t other with YA mozilla-browser bug, it has enough for 1.7.6 already.. - mozilla 2:1.7.6