thr3ads.net - Secure testing commits - [Secure-testing-commits] r938

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Apr-30 21:14 UTC
[Secure-testing-commits] r938 - sarge-checks/CAN

Author: joeyh
Date: 2005-04-30 21:14:17 +0000 (Sat, 30 Apr 2005)
New Revision: 938

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-04-28 21:14:18 UTC (rev 937)
+++ sarge-checks/CAN/list	2005-04-30 21:14:17 UTC (rev 938)
@@ -1,3 +1,195 @@
+CAN-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow
...)
+	TODO: check
+CAN-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for
PayFlow ...)
+	TODO: check
+CAN-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for
Paypal ...)
+	TODO: check
+CAN-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0
allow ...)
+	TODO: check
+CAN-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS
1.1 ...)
+	TODO: check
+CAN-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script
allows ...)
+	TODO: check
+CAN-2005-1358 (text.cgi script allows remote attackers to execute arbitrary
commands ...)
+	TODO: check
+CAN-2005-1357 (text.cgi script allows remote attackers to read arbitrary files
via a ...)
+	TODO: check
+CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script
allows ...)
+	TODO: check
+CAN-2005-1355 (includer.cgi in The Includer allows remote attackers to read
arbitrary ...)
+	TODO: check
+CAN-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary
...)
+	TODO: check
+CAN-2005-1353 (The forum.pl script allows remote attackers to read arbitrary
files ...)
+	TODO: check
+CAN-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script
allows ...)
+	TODO: check
+CAN-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary
...)
+	TODO: check
+CAN-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary
files via ...)
+	TODO: check
+CAN-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051
allows ...)
+	TODO: check
+CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and
earlier ...)
+	TODO: check
+CAN-2005-1347 (Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows
remote ...)
+	TODO: check
+CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus
2005 ...)
+	TODO: check
+CAN-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error
when it ...)
+	TODO: check
+CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers
to ...)
+	TODO: check
+CAN-2005-1343
+	NOTE: reserved
+CAN-2005-1342
+	NOTE: reserved
+CAN-2005-1341
+	NOTE: reserved
+CAN-2005-1340
+	NOTE: reserved
+CAN-2005-1339
+	NOTE: reserved
+CAN-2005-1338
+	NOTE: reserved
+CAN-2005-1337
+	NOTE: reserved
+CAN-2005-1336
+	NOTE: reserved
+CAN-2005-1335
+	NOTE: reserved
+CAN-2005-1334
+	NOTE: reserved
+CAN-2005-1333
+	NOTE: reserved
+CAN-2005-1332
+	NOTE: reserved
+CAN-2005-1331
+	NOTE: reserved
+CAN-2005-1330
+	NOTE: reserved
+CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to
obtain ...)
+	TODO: check
+CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CAN-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab
...)
+	TODO: check
+CAN-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows
remote ...)
+	TODO: check
+CAN-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read
and ...)
+	TODO: check
+CAN-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
for ...)
+	TODO: check
+CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows
remote ...)
+	TODO: check
+CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List
...)
+	TODO: check
+CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation
module ...)
+	TODO: check
+CAN-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note
Manager ...)
+	TODO: check
+CAN-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail
client ...)
+	TODO: check
+CAN-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards
E-Mail ...)
+	TODO: check
+CAN-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module
before ...)
+	TODO: check
+CAN-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts
module ...)
+	TODO: check
+CAN-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module
before ...)
+	TODO: check
+CAN-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith
module ...)
+	TODO: check
+CAN-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module
before ...)
+	TODO: check
+CAN-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2
...)
+	TODO: check
+CAN-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before
2.3.2 ...)
+	TODO: check
+CAN-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote
attackers to ...)
+	TODO: check
+CAN-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows
remote ...)
+	TODO: check
+CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script
or ...)
+	TODO: check
+CAN-2005-1307
+	NOTE: reserved
+CAN-2005-1306
+	NOTE: reserved
+CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary
files ...)
+	TODO: check
+CAN-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary
files ...)
+	TODO: check
+CAN-2005-1303 (The citat.pl script allows remote attackers to read arbitrary
files ...)
+	TODO: check
+CAN-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows
remote ...)
+	TODO: check
+CAN-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the
update ...)
+	TODO: check
+CAN-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi
script ...)
+	TODO: check
+CAN-2005-1299 (The inserter.cgi script allows remote attackers to execute
arbitrary ...)
+	TODO: check
+CAN-2005-1298 (The inserter.cgi script allows remote attackers to read
arbitrary ...)
+	TODO: check
+CAN-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi
script ...)
+	TODO: check
+CAN-2005-1296 (include.cgi script allows remote attackers to execute arbitrary
...)
+	TODO: check
+CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary
files via ...)
+	TODO: check
+CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack
for ...)
+	TODO: check
+CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in
StorePortal ...)
+	TODO: check
+CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ
ASP ...)
+	TODO: check
+CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow
...)
+	TODO: check
+CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB
2.0.14 ...)
+	TODO: check
+CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers
to ...)
+	TODO: check
+CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote
attackers ...)
+	TODO: check
+CAN-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow
remote ...)
+	TODO: check
+CAN-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from
starting ...)
+	TODO: check
+CAN-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in
WoltLab ...)
+	TODO: check
+CAN-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows
remote ...)
+	TODO: check
+CAN-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail
Server ...)
+	TODO: check
+CAN-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft
Mail ...)
+	TODO: check
+CAN-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a
denial ...)
+	TODO: check
+CAN-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows
remote ...)
+	TODO: check
+CAN-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a
denial of ...)
+	TODO: check
+CAN-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump
3.9.1 ...)
+	TODO: check
+CAN-2005-1277
+	NOTE: reserved
+CAN-2005-1276
+	NOTE: reserved
+CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c
for ...)
+	TODO: check
+CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the
WebDAV ...)
+	TODO: check
+CAN-2005-1273
+	NOTE: reserved
+CAN-2005-1272
+	NOTE: reserved
+CAN-2005-1271
+	NOTE: reserved
+CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit
Hunter ...)
+	TODO: check
+CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may
allow ...)
+	TODO: check
 CAN-2005-XXXX [Four DoS vulnerabilities in tcpdump]
 	- tcpdump 3.8.3-4
 CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
@@ -408,9 +600,9 @@
 	NOTE: not-for-us (CalenderScript)
 CAN-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to
obtain ...)
 	NOTE: not-for-us (CalenderScript)
-CAN-2005-1146 (Cross-site scripting (XSS) vulnerability in the login command in
...)
+CAN-2005-1146 (** DISPUTED ** ...)
 	NOTE: not-for-us (CalenderScript)
-CAN-2005-1145 (Cross-site scripting (XSS) vulnerability in calendar.pl in ...)
+CAN-2005-1145 (** DISPUTED ** ...)
 	NOTE: not-for-us (CalenderScript)
 CAN-2005-1144 (popup.php in EasyPHPCalendar allows remote attackers to obtain
...)
 	NOTE: not-for-us (EasyPHPCalender)
@@ -591,10 +783,10 @@
 	NOTE: writiable by normal users in Debian, only by root.
 CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before
1.1.7 ...)
 	- rsnapshot 1.2.1-1 
-CAN-2005-1063
-	NOTE: reserved
-CAN-2005-1062
-	NOTE: reserved
+CAN-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up
to ...)
+	TODO: check
+CAN-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up
to ...)
+	TODO: check
 CAN-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to
prevent ...)
 	TODO: check
 CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in
...)
@@ -1721,8 +1913,8 @@
 	NOTE: see bug #298621, was stalled in NEW, now accepted
 CAN-2005-0685 (Multiple access validation errors in OutStart Participate
Enterprise ...)
 	NOTE: not-for-us (OutStart Participate Enterprise)
-CAN-2005-0684
-	NOTE: reserved
+CAN-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before
...)
+	TODO: check
 CAN-2005-0683
 	NOTE: rejected
 CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal
...)
@@ -2439,7 +2631,7 @@
 	NOTE: not-for-us (Microsoft)
 CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x
...)
 	NOTE: not-for-us (UBB.threads)
-CAN-2004-1621 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6
and ...)
+CAN-2004-1621 (** DISPUTED ** ...)
 	NOTE: not-for-us (Lotus Notes)
 CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before
0.7rc1 ...)
 	NOTE: not-for-us (Serendipity)
@@ -3332,7 +3524,7 @@
 	NOTE: not-for-us (Oracle)
 CAN-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows
...)
 	NOTE: not-for-us (Oracle)
-CAN-2005-0296 (The error module in Novell GroupWise WebAccess allows remote
attackers ...)
+CAN-2005-0296 (** DISPUTED ** ...)
 	NOTE: not-for-us (Novell)
 CAN-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to
any ...)
 	NOTE: not-for-us (nProtect)
@@ -4121,11 +4313,9 @@
 CAN-2004-1344
 	NOTE: reserved
 CAN-2004-1343 [DoS vulnerability in repouid CVS addon patch]
-	NOTE: reserved
 	{DSA-715-1}
 	- 1.12.9-11
 CAN-2004-1342 [Password bypassing in the repouid CVS addon patch]
-	NOTE: reserved
 	{DSA-715-1}
 	- 1.12.9-11
 CAN-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before
1.2.2.9 ...)
@@ -4809,10 +4999,10 @@
 	NOTE: not-for-us (Microsoft)
 CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for
ncpfs ...)
 	- ncpfs 2.2.5-2
-CAN-2004-1078
-	NOTE: reserved
-CAN-2004-1077
-	NOTE: reserved
+CAN-2004-1078 (Stack-based buffer overflow in the client for Citrix Program
...)
+	TODO: check
+CAN-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and
earlier and ...)
+	TODO: check
 CAN-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in
Atari800 ...)
 	{DSA-609-1}
 	- atari800 1.3.2-1
@@ -6908,7 +7098,7 @@
 	{DSA-443}
 CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8
and ...)
 	NOTE: not-for-us (Safari)
-CAN-2004-0091 (Cross-site scripting (XSS) vulnerability in register.php for
unknown ...)
+CAN-2004-0091 (** DISPUTED ** ...)
 	NOTE: not-for-us (vBulletin)
 CAN-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X
10.1.5 ...)
 	NOTE: not-for-us (MacOS)
Secure testing commits - Apr 2005 - r938 - sarge-checks/CAN

[Secure-testing-commits] r938 - sarge-checks/CAN
