Author: djoume-guest Date: 2005-05-12 21:00:12 +0000 (Thu, 12 May 2005) New Revision: 1047 Modified: sarge-checks/CAN/list Log: * processed my block * claimed a few more Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-12 14:26:58 UTC (rev 1046) +++ sarge-checks/CAN/list 2005-05-12 21:00:12 UTC (rev 1047) @@ -421,126 +421,125 @@ NOTE: not-for-us (IGI 2 Covert Strike server) CAN-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...) - monit 1:4.2.1 -begin claimed by djoume CAN-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...) - TODO: check + - monit 1:4.2.1-1 CAN-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...) - TODO: check + - monit 1:4.2.1-1 CAN-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...) - TODO: check + NOTE: not-for-us CAN-2004-1895 (YaST Online Update (YOU) in SuSE 9.0 allows local users to overwrite ...) - TODO: check + NOTE: not-for-us CAN-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...) - TODO: check + NOTE: not-for-us CAN-2004-1893 (Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on ...) - TODO: check + NOTE: not-for-us CAN-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...) - TODO: check + NOTE: not-for-us CAN-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn''t work with ...) - TODO: check + NOTE: not-for-us CAN-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) - TODO: check + NOTE: not-for-us CAN-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...) - TODO: check + NOTE: not-for-us CAN-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...) - TODO: check + NOTE: not-for-us CAN-2004-1887 (ImgSvr 0.4 allows remote attackers to view directories or download ...) - TODO: check + NOTE: not-for-us CAN-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...) - TODO: check + NOTE: not-for-us CAN-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...) - TODO: check + NOTE: not-for-us CAN-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...) - TODO: check + NOTE: not-for-us CAN-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...) - TODO: check + NOTE: not-for-us CAN-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...) - TODO: check + NOTE: not-for-us CAN-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...) - TODO: check + NOTE: not-for-us CAN-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...) - TODO: check + - openldap2 2.1.17-1 CAN-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...) - TODO: check + NOTE: not-for-us CAN-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...) - TODO: check + NOTE: not-for-us CAN-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...) - TODO: check + NOTE: not-for-us CAN-2004-1876 (The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...) - TODO: check + - clamav 0.70-1 CAN-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...) - TODO: check + NOTE: not-for-us CAN-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...) - TODO: check + NOTE: not-for-us CAN-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...) - TODO: check + NOTE: not-for-us CAN-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...) - TODO: check + NOTE: not-for-us CAN-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...) - TODO: check + NOTE: not-for-us CAN-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...) - TODO: check + NOTE: not-for-us CAN-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...) - TODO: check + NOTE: not-for-us CAN-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...) - TODO: check + NOTE: not-for-us CAN-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...) - TODO: check + NOTE: not-for-us CAN-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...) - TODO: check + - nstx 1.1-beta4-1 CAN-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...) - TODO: check + NOTE: not-for-us CAN-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...) - TODO: check + NOTE: not-for-us CAN-2004-1863 (Cross-site scripting (XSS) vulnerability in editprofile.php in Extreme ...) - TODO: check + NOTE: not-for-us CAN-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...) - TODO: check + NOTE: not-for-us CAN-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...) - TODO: check + NOTE: not-for-us CAN-2004-1860 (Buffer overflow in Check Point Smartview Tracker in Check Point NG AI ...) - TODO: check + NOTE: not-for-us CAN-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...) - TODO: check + NOTE: not-for-us CAN-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us CAN-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...) - TODO: check + NOTE: not-for-us CAN-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...) - TODO: check + NOTE: not-for-us CAN-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...) - TODO: check + NOTE: not-for-us CAN-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...) - TODO: check + NOTE: not-for-us CAN-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...) - TODO: check + NOTE: not-for-us CAN-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...) - TODO: check + NOTE: not-for-us CAN-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us CAN-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...) - TODO: check + NOTE: not-for-us CAN-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...) - TODO: check + NOTE: not-for-us CAN-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...) - TODO: check + NOTE: not-for-us CAN-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...) - TODO: check + NOTE: not-for-us CAN-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...) - TODO: check + NOTE: not-for-us CAN-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...) - TODO: check + NOTE: not-for-us CAN-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...) - TODO: check + NOTE: not-for-us CAN-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...) - TODO: check + NOTE: not-for-us CAN-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...) - TODO: check + NOTE: not-for-us CAN-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...) - TODO: check -end claimed by djoume + NOTE: not-for-us +begin claimed by djoume CAN-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...) TODO: check CAN-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...) @@ -635,6 +634,7 @@ TODO: check CAN-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...) TODO: check +end claimed by djoume CAN-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...) TODO: check CAN-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...)