thr3ads.net - Secure testing commits - [Secure-testing-commits] r681

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Mar-29 21:15 UTC
[Secure-testing-commits] r681 - sarge-checks/CAN

Author: joeyh
Date: 2005-03-29 21:14:52 +0000 (Tue, 29 Mar 2005)
New Revision: 681

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-03-29 19:57:21 UTC (rev 680)
+++ sarge-checks/CAN/list	2005-03-29 21:14:52 UTC (rev 681)
@@ -1,3 +1,113 @@
+CAN-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to
...)
+	TODO: check
+CAN-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG
Dragonfly ...)
+	TODO: check
+CAN-2005-0913 (Unknown vulnerability in the regex_replace modifier ...)
+	TODO: check
+CAN-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown
impact, ...)
+	TODO: check
+CAN-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow
remote ...)
+	TODO: check
+CAN-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops
allow ...)
+	TODO: check
+CAN-2005-0909 (PHP remote code injection vulnerability in shoutact.php for
TKai''s ...)
+	TODO: check
+CAN-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in
Valdersoft ...)
+	TODO: check
+CAN-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping
Cart 3.0 ...)
+	TODO: check
+CAN-2005-0906 (Buffer overflow in a player logging function in the Tincat
network ...)
+	TODO: check
+CAN-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain
potentially ...)
+	TODO: check
+CAN-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the
&quot;Force shutdown ...)
+	TODO: check
+CAN-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote
...)
+	TODO: check
+CAN-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6
for ...)
+	TODO: check
+CAN-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in
NukeBookmarks ...)
+	TODO: check
+CAN-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote
attackers to ...)
+	TODO: check
+CAN-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default,
which ...)
+	TODO: check
+CAN-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in
...)
+	TODO: check
+CAN-2005-0897 (PHP remote code injection vulnerability in catalog.php in
E-Store ...)
+	TODO: check
+CAN-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in
review.php in ...)
+	TODO: check
+CAN-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a
denial of ...)
+	TODO: check
+CAN-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow
local ...)
+	TODO: check
+CAN-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with
certain ...)
+	TODO: check
+CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or
local ...)
+	TODO: check
+CAN-2005-0891
+	NOTE: reserved
+CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may
allow ...)
+	TODO: check
+CAN-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1
allows ...)
+	TODO: check
+CAN-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate
as ...)
+	TODO: check
+CAN-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and
...)
+	TODO: check
+CAN-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise
Server ...)
+	TODO: check
+CAN-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option,
does ...)
+	TODO: check
+CAN-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote
attackers ...)
+	TODO: check
+CAN-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97
allows ...)
+	TODO: check
+CAN-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail
before ...)
+	TODO: check
+CAN-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in
...)
+	TODO: check
+CAN-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php
in ...)
+	TODO: check
+CAN-2002-1647 (The quick login feature in Slash Slashcode does not redirect the
user ...)
+	TODO: check
+CAN-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote
attackers to ...)
+	TODO: check
+CAN-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell
for ...)
+	TODO: check
+CAN-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for
Workstations ...)
+	TODO: check
+CAN-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server
9.0 ...)
+	TODO: check
+CAN-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete
transaction ...)
+	TODO: check
+CAN-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...)
+	TODO: check
+CAN-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle
...)
+	TODO: check
+CAN-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows
remote ...)
+	TODO: check
+CAN-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i
...)
+	TODO: check
+CAN-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are
...)
+	TODO: check
+CAN-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL
package for ...)
+	TODO: check
+CAN-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i
Application ...)
+	TODO: check
+CAN-2002-1634 (Novell NetWare 5.1 installs sample applications that allow
remote ...)
+	TODO: check
+CAN-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to
execute ...)
+	TODO: check
+CAN-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample
pages ...)
+	TODO: check
+CAN-2002-1631 (SQL injection vulnerability in the query.xsql sample page in
Oracle 9i ...)
+	TODO: check
+CAN-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server
(9iAS) ...)
+	TODO: check
+CAN-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120,
MTPSR1-202ST, ...)
+	TODO: check
 CAN-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows
remote ...)
 	NOTE: not-for-us (Dream4 Koobi CMS)
 CAN-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4
Koobi ...)
@@ -347,6 +457,7 @@
 	- rxvt-unicode 5.3-1
 CAN-2005-0763
 	NOTE: reserved
+	{DSA-698-1}
 CAN-2005-0762 [imagemagick SGI heap overflow allows arbitrary code execution]
 	- imagemagick 5:6.0.0-1
 	NOTE: Does only affect imagemagick releases prior to 6
@@ -375,9 +486,9 @@
 CAN-2005-0751
 	NOTE: reserved
 CAN-2005-0750 [Linux kernel af_bluetooth range check flaw; possibly local root]
+	NOTE: reserved
 	- kernel-source-2.4.27 (unfixed)
 	- kernel-source-2.6.8 2.6.8-16
-	NOTE: reserved
 	NOTE: according to changelog, "Fix signedness problem at socket
 	NOTE: creation in bluetooth which can lead to local root exploit."
 	NOTE: Fixed in 2.4.30rc2, so 2.4 is affected as well
@@ -606,7 +717,7 @@
 	NOTE: not-for-us (not our cpanel)
 CAN-2004-1768 (The character converters in the Spamhunter and Language ID
modules for ...)
 	NOTE: not-for-us (Symantec Brightmail AntiSpam)
-CAN-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to
gainp ...)
+CAN-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to
gain ...)
 	NOTE: not-for-us (Solaris)
 CAN-2004-1766 (The default installation of NetScreen-Security Manager before
Feature ...)
 	NOTE: not-for-us (NetScreen-Security Manager)
@@ -1050,7 +1161,7 @@
 	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak
Mail ...)
 	NOTE: not-for-us (Merak Mail Server)
-CAN-2004-1720 (The (1) address.html or (2) calendar.html pages in Merak Mail
Server ...)
+CAN-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in
Merak ...)
 	NOTE: not-for-us (Merak Mail Server)
 CAN-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak
Webmail ...)
 	NOTE: not-for-us (Merak Webmail Server)
@@ -1586,10 +1697,10 @@
 	NOTE: not-for-us (SUN JRE)
 CAN-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote
attackers ...)
 	- wpasupplicant 0.3.8-1
-CAN-2005-0469
-	NOTE: reserved
-CAN-2005-0468
-	NOTE: reserved
+CAN-2005-0469 (Buffer overflow in the slc_add_reply function in various
BSD-based ...)
+	{ DSA-697-1}
+CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in
telnet.c for ...)
+	TODO: check
 CAN-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2)
...)
 	- putty 0.57-1
 CAN-2005-0466
@@ -1844,9 +1955,9 @@
 CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox]
 	- mozilla-firefox 1.0.2-1
 CAN-2005-0400 [ext2 mkdir() directory entry random kernel memory leak]
+	NOTE: reserved
 	- kernel-source-2.4.27 (unfixed)
 	- kernel-source-2.6.8 2.6.8-16
-	NOTE: reserved
 	NOTE: according to changelog, "Fix information leak in ext2."
 CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Firefox]
 	- mozilla-firefox 1.0.2-1
Secure testing commits - Mar 2005 - r681 - sarge-checks/CAN

[Secure-testing-commits] r681 - sarge-checks/CAN
