Author: djoume-guest Date: 2005-05-11 20:20:43 +0000 (Wed, 11 May 2005) New Revision: 1043 Modified: sarge-checks/CAN/list Log: * processed my block * claimed a few more Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-11 16:19:54 UTC (rev 1042) +++ sarge-checks/CAN/list 2005-05-11 20:20:43 UTC (rev 1043) @@ -1,103 +1,104 @@ -begin claimed by djoume CAN-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...) - TODO: check + NOTE: not-for-us CAN-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...) - TODO: check + NOTE: not in testing + NOTE: non-free + NOTE: I don''t feel to fill a bug for this (a DoS that could only appen on 64bits + NOTE: plateforms with more than 4GB of memory) CAN-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...) - TODO: check + NOTE: cf CAN-2005-1515 CAN-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...) - TODO: check + NOTE: cf CAN-2005-1515 CAN-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4 allows ...) - TODO: check + NOTE: not-for-us CAN-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...) - TODO: check + NOTE: not-for-us CAN-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...) - TODO: check + - dansguardian 2.5.2-0-0.1 CAN-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and ealier ...) - TODO: check + NOTE: not-for-us CAN-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...) - TODO: check + NOTE: not-for-us CAN-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...) - TODO: check + NOTE: not-for-us CAN-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...) - TODO: check + NOTE: not-for-us CAN-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...) - TODO: check + NOTE: not-for-us CAN-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...) - TODO: check + NOTE: not-for-us CAN-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...) - TODO: check + NOTE: not-for-us CAN-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...) - TODO: check + NOTE: not-for-us CAN-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...) - TODO: check + NOTE: not-for-us CAN-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...) - TODO: check + - phpbb2 2.0.10-1 CAN-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...) - TODO: check + - phpbb2 2.0.10-1 CAN-2004-2053 (PHP remote code injection vulnerability in index.php in EasyIns ...) - TODO: check + NOTE: not-for-us CAN-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...) - TODO: check + NOTE: not-for-us CAN-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...) - TODO: check + NOTE: not-for-us CAN-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...) - TODO: check + NOTE: not-for-us CAN-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...) - TODO: check + NOTE: not-for-us CAN-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...) - TODO: check + NOTE: not-for-us CAN-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...) - TODO: check + NOTE: not-for-us CAN-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...) - TODO: check + NOTE: not-for-us CAN-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...) - TODO: check + NOTE: not-for-us CAN-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...) - TODO: check + NOTE: not-for-us CAN-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...) - TODO: check + NOTE: not-for-us CAN-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...) - TODO: check + NOTE: not-for-us CAN-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php in ...) - TODO: check + NOTE: not-for-us CAN-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...) - TODO: check + NOTE: not-for-us CAN-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...) - TODO: check + NOTE: not-for-us CAN-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) - TODO: check + NOTE: not-for-us CAN-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...) - TODO: check + NOTE: not-for-us CAN-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us CAN-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...) - TODO: check + NOTE: not-for-us CAN-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us CAN-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...) - TODO: check + NOTE: not-for-us CAN-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...) - TODO: check + NOTE: not-for-us CAN-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...) - TODO: check + NOTE: not-for-us CAN-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...) - TODO: check + NOTE: not-for-us CAN-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...) - TODO: check + NOTE: not-for-us CAN-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...) - TODO: check + - icecast2 2.0.1.debian-1 CAN-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...) - TODO: check + - pound 1.7-1 CAN-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...) - TODO: check + NOTE: not-for-us CAN-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...) - TODO: check + NOTE: not-for-us CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...) - TODO: check -end claimed by djoume + NOTE: not-for-us CAN-2004-2022 (Stack-based buffer overflow in ActivePerl for Win32 5.6.1 and 5.8.0 ...) NOTE: not-for-us (various perls on Windows) CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...) @@ -345,6 +346,7 @@ NOTE: not-for-us (IGI 2 Covert Strike server) CAN-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...) - monit 1:4.2.1 +begin claimed by djoume CAN-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...) TODO: check CAN-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...) @@ -463,6 +465,7 @@ TODO: check CAN-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...) TODO: check +end claimed by djoume CAN-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...) TODO: check CAN-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...)