Author: joeyh
Date: 2005-04-20 09:14:24 +0000 (Wed, 20 Apr 2005)
New Revision: 869
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-04-20 08:45:44 UTC (rev 868)
+++ sarge-checks/CAN/list 2005-04-20 09:14:24 UTC (rev 869)
@@ -1,3 +1,41 @@
+CAN-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on
Windows ...)
+ TODO: check
+CAN-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to
cause a ...)
+ TODO: check
+CAN-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO
v2.16.468 and ...)
+ TODO: check
+CAN-2005-1188 (Cross-site scripting (XSS) vulnerability in
comersus_searchItem.asp in ...)
+ TODO: check
+CAN-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly
other ...)
+ TODO: check
+CAN-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the
musicmatch.com ...)
+ TODO: check
+CAN-2005-1185 (MMFWLaunch.exe in Musicmatch Jukebox 10.00.2047 and earlier does
not ...)
+ TODO: check
+CAN-2005-1184 (The TCP/IP stack in multiple operating systems allows remote
attackers ...)
+ TODO: check
+CAN-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4
allows ...)
+ TODO: check
+CAN-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access
for ...)
+ TODO: check
+CAN-2005-1181 (PHP remote code injection vulnerability in loader.php for
Ariadne CMS ...)
+ TODO: check
+CAN-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in
...)
+ TODO: check
+CAN-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for
various ...)
+ TODO: check
+CAN-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote
...)
+ TODO: check
+CAN-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200
...)
+ TODO: check
+CAN-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file
while ...)
+ TODO: check
+CAN-2005-1175
+ NOTE: reserved
+CAN-2005-1174
+ NOTE: reserved
+CAN-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2
package ...)
+ TODO: check
CAN-2005-XXXX [Heap overflow in xine-lib''s RTSP streaming code]
- xine-lib (unfixed; bug #305343)
CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows
remote ...)
@@ -4,9 +42,9 @@
NOTE: not-for-us (PMSoftware Simple Web Server)
CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in
Coppermine ...)
NOTE: not-for-us (Coppermine Photo Gallery)
-CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in datenbank module for
phpBB ...)
+CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the
datenbank ...)
NOTE: not-for-us (moddb phpbb2 add-on)
-CAN-2005-1170 (SQL injection vulnerability in datenbank module for phpBB allows
...)
+CAN-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module
for ...)
NOTE: not-for-us (moddb phpbb2 add-on)
CAN-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin
directory, ...)
NOTE: not-for-us (Mafia Blog)
@@ -1330,7 +1368,7 @@
NOTE: not-for-us (Apple QuickTime/Darwin Streaming Server)
CAN-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote
...)
NOTE: not-for-us (AbsoluteTelnet)
-CAN-2005-0703 (Unknown vulnerability in Xerox MicroServer Web Server for
various ...)
+CAN-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products
including ...)
NOTE: not-for-us (Xerox MicroServer Web Server)
CAN-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows
remote ...)
NOTE: not-for-us (phpMyFAQ)
@@ -2574,8 +2612,7 @@
NOTE: reserved
CAN-2005-0392
NOTE: reserved
-CAN-2005-0391
- NOTE: reserved
+CAN-2005-0391 (geneweb 4.10 and earlier does not properly check file
permissions and ...)
{DSA-712-1}
CAN-2005-0390 [axel buffer overflow in HTTP redirection handling in conn.c]
{DSA-706-1}
@@ -3775,8 +3812,7 @@
NOTE: reserved
CAN-2004-1342
NOTE: reserved
-CAN-2004-1341
- NOTE: reserved
+CAN-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before
1.2.2.9 ...)
{DSA-711-1}
CAN-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package
with the ...)
{DSA-659-1}