Author: joeyh Date: 2005-05-03 09:14:43 +0000 (Tue, 03 May 2005) New Revision: 964 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-03 06:53:37 UTC (rev 963) +++ sarge-checks/CAN/list 2005-05-03 09:14:43 UTC (rev 964) @@ -1,3 +1,71 @@ +CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...) + TODO: check +CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...) + TODO: check +CAN-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...) + TODO: check +CAN-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...) + TODO: check +CAN-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) + TODO: check +CAN-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) + TODO: check +CAN-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...) + TODO: check +CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) + TODO: check +CAN-2005-1390 (Squid before 2.5.STABLE7, when using persistent connections, allows ...) + TODO: check +CAN-2005-1389 (HTTP response splitting vulnerability in Squid before 2.5.STABLE7, ...) + TODO: check +CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...) + TODO: check +CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...) + TODO: check +CAN-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...) + TODO: check +CAN-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...) + TODO: check +CAN-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...) + TODO: check +CAN-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...) + TODO: check +CAN-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...) + TODO: check +CAN-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...) + TODO: check +CAN-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...) + TODO: check +CAN-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...) + TODO: check +CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...) + TODO: check +CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline 1.5.3 ...) + TODO: check +CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...) + TODO: check +CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...) + TODO: check +CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...) + TODO: check +CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...) + TODO: check +CAN-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...) + TODO: check +CAN-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...) + TODO: check +CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...) + TODO: check +CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...) + TODO: check +CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) + TODO: check +CAN-2005-1367 + NOTE: reserved +CAN-2005-1366 + NOTE: reserved +CAN-2005-1365 + NOTE: reserved CAN-2005-XXXX [Insecure mailbox generation in passwd''s useradd - shadow (unfixed; bug #307259) CAN-2005-XXXX [Insecure tempfile generation in shadow''s vipw] @@ -7118,7 +7186,7 @@ NOTE: rejected CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...) NOTE: turned out not to be vulnerable. See bug #278777 -CAN-2004-0073 (PHP remote code injection vulnerability in config.php for ...) +CAN-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...) NOTE: not-for-us (EasyDynamicPages) CAN-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...) NOTE: not-for-us (Accipiter Direct Server 6.0)