Author: jmm-guest Date: 2005-05-04 09:51:45 +0000 (Wed, 04 May 2005) New Revision: 984 Modified: sarge-checks/CAN/list Log: lots of not-for-us Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-04 09:32:48 UTC (rev 983) +++ sarge-checks/CAN/list 2005-05-04 09:51:45 UTC (rev 984) @@ -46,45 +46,44 @@ TODO: check CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...) NOTE: not-for-us (Mac OS X) -begin claimed by jmm CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...) - TODO: check + NOTE: not-for-us (WWWguestbook) CAN-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...) - TODO: check + NOTE: not-for-us (Uapplication Uphotogallery) CAN-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...) - TODO: check + NOTE: not-for-us (Uapplication Uphotogallery) CAN-2005-1426 (Uapplication Ublog Reload stores the database under the web document ...) - TODO: check + NOTE: not-for-us (Uapplication Ublog) CAN-2005-1425 (Uapplication Uguestbook stores the database under the web document ...) - TODO: check + NOTE: not-for-us (Uapplication Uguestbook) CAN-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...) - TODO: check + NOTE: not-for-us (GoText) CAN-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...) - TODO: check + NOTE: not-for-us (602 LAN SUITE) CAN-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Raysoft Video Cam Server) CAN-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...) - TODO: check + NOTE: not-for-us (Raysoft Video Cam Server) CAN-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Raysoft Video Cam Server) CAN-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...) - TODO: check + NOTE: not-for-us (Ocean12 Mailing list manager) CAN-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...) - TODO: check + NOTE: not-for-us (Netleaf) CAN-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...) - TODO: check + NOTE: not-for-us (MaxWebPortal) CAN-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...) - TODO: check + NOTE: not-for-us (04WebServer) CAN-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...) - TODO: check + NOTE: not-for-us (GlobalSCAPE Secure FTP Server) CAN-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...) - TODO: check + NOTE: not-for-us (FilePocket) CAN-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...) - TODO: check + NOTE: not-for-us (enVivo) CAN-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...) - TODO: check + NOTE: not-for-us (ECommPro) CAN-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...) - TODO: check + NOTE: not-for-us (ICUII) CAN-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...) TODO: check CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...) @@ -92,28 +91,27 @@ CAN-2005-1408 NOTE: reserved CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) - TODO: check + NOTE: not-for-us (Skype) CAN-2005-1406 NOTE: reserved CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...) - TODO: check + NOTE: not-for-us (Lotus Domino) CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...) - TODO: check + NOTE: not-for-us (MyPHP Forum) CAN-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam''s ...) - TODO: check + NOTE: not-for-us (JW Amazon Web Store) CAN-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...) - TODO: check + NOTE: not-for-us (NeL libarary) CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...) - TODO: check + NOTE: not-for-us (Mtp-Target) CAN-2005-1400 NOTE: reserved CAN-2005-1399 NOTE: reserved CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...) - TODO: check + NOTE: not-for-us (Skype) CAN-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Skype) CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...) NOTE: not-for-us (PHPCart) CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...)