Secure testing commits - May 2005 - r981 - sarge-checks/CAN

Author: joeyh
Date: 2005-05-04 09:14:19 +0000 (Wed, 04 May 2005)
New Revision: 981

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-05-04 08:43:56 UTC (rev 980)
+++ sarge-checks/CAN/list	2005-05-04 09:14:19 UTC (rev 981)
@@ -1,3 +1,115 @@
+CAN-2005-1452 (Serendipity before 0.8 allows Chief users to "hide
plugins installed ...)
+	TODO: check
+CAN-2005-1451 (The media manager in Serendipity before 0.8 allows remote
attackers to ...)
+	TODO: check
+CAN-2005-1450 (Unknown vulnerability in "the function used to validate
path-names for ...)
+	TODO: check
+CAN-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for
...)
+	TODO: check
+CAN-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin
for ...)
+	TODO: check
+CAN-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel
2.6.1 ...)
+	TODO: check
+CAN-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers
to ...)
+	TODO: check
+CAN-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1
and ...)
+	TODO: check
+CAN-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel
2.6.1 ...)
+	TODO: check
+CAN-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
for ...)
+	TODO: check
+CAN-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before
6.5.4 ...)
+	TODO: check
+CAN-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5
and ...)
+	TODO: check
+CAN-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt
Shop ...)
+	TODO: check
+CAN-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket
...)
+	TODO: check
+CAN-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket
allows ...)
+	TODO: check
+CAN-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote
...)
+	TODO: check
+CAN-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket
allow ...)
+	TODO: check
+CAN-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote
authenticated ...)
+	TODO: check
+CAN-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node
Manager (OV ...)
+	TODO: check
+CAN-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation
...)
+	TODO: check
+CAN-2005-1432
+	NOTE: reserved
+CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2
before 1.2.3 and 1.0 before ...)
+	TODO: check
+CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a
pseudo ...)
+	TODO: check
+CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1
allows ...)
+	TODO: check
+CAN-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote
attackers ...)
+	TODO: check
+CAN-2005-1427 (Uapplication Uphotogallery stores the database under the web
document ...)
+	TODO: check
+CAN-2005-1426 (Uapplication Ublog Reload stores the database under the web
document ...)
+	TODO: check
+CAN-2005-1425 (Uapplication Uguestbook stores the database under the web
document ...)
+	TODO: check
+CAN-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail
address,and ...)
+	TODO: check
+CAN-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN
SUITE ...)
+	TODO: check
+CAN-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote
attackers to ...)
+	TODO: check
+CAN-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam
Server ...)
+	TODO: check
+CAN-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote
attackers to ...)
+	TODO: check
+CAN-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12
...)
+	TODO: check
+CAN-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock
Password in ...)
+	TODO: check
+CAN-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x,
1.35, and ...)
+	TODO: check
+CAN-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows
remote ...)
+	TODO: check
+CAN-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows
remote ...)
+	TODO: check
+CAN-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information,
...)
+	TODO: check
+CAN-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow
remote ...)
+	TODO: check
+CAN-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional
...)
+	TODO: check
+CAN-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...)
+	TODO: check
+CAN-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the
(1) ...)
+	TODO: check
+CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to
certain ...)
+	TODO: check
+CAN-2005-1408
+	NOTE: reserved
+CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to
bypass the ...)
+	TODO: check
+CAN-2005-1406
+	NOTE: reserved
+CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader
function ...)
+	TODO: check
+CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by
...)
+	TODO: check
+CAN-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in
JustWilliam''s ...)
+	TODO: check
+CAN-2005-1402 (Integer signedness error in certain older versions of the NeL
library, ...)
+	TODO: check
+CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2
and ...)
+	TODO: check
+CAN-2005-1400
+	NOTE: reserved
+CAN-2005-1399
+	NOTE: reserved
+CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other
versions, ...)
+	TODO: check
+CAN-2004-1777 (A "range check error" in Skype for Windows
before 0.98.0.28 allows ...)
+	TODO: check
 CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change
product ...)
 	NOTE: not-for-us (PHPCart)
 CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar
before ...)
@@ -15,9 +127,11 @@
 	NOTE: have to modify it for his purposes anyway, so there''s no
security problem
 CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2
and ...)
 	- pound (unfixed; bug #306649)
-CAN-2005-1390 (Squid before 2.5.STABLE7, when using persistent connections,
allows ...)
+CAN-2005-1390
+	NOTE: rejected
 	- squid 2.5.8-1
-CAN-2005-1389 (HTTP response splitting vulnerability in Squid before
2.5.STABLE7, ...)
+CAN-2005-1389
+	NOTE: rejected
 	- squid 2.5.8-1
 CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before
0.9.6 ...)
 	NOTE: not-for-us (SURVIVOR)
@@ -4017,8 +4131,7 @@
 	{DSA-679-1}
 CAN-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows
remote ...)
 	{DSA-687-1}
-CAN-2005-0157
-	NOTE: reserved
+CAN-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows
attackers to ...)
 	{DSA-720-1}
 CAN-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when
...)
 	- perl 5.8.4-6
@@ -4140,8 +4253,8 @@
 	- libpam-radius-auth 1.3.16-3
 CAN-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail
addresses, ...)
 	{DSA-690-1}
-CAN-2005-0106
-	NOTE: reserved
+CAN-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the
/tmp/entropy file ...)
+	TODO: check
 CAN-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows
local ...)
 	{DSA-684-1}
 CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)