Author: joeyh
Date: 2005-05-16 21:14:30 +0000 (Mon, 16 May 2005)
New Revision: 1074
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-05-16 18:36:30 UTC (rev 1073)
+++ sarge-checks/CAN/list 2005-05-16 21:14:30 UTC (rev 1074)
@@ -1,3 +1,149 @@
+CAN-2005-1589
+ NOTE: reserved
+CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0
allows ...)
+ TODO: check
+CAN-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for
Quick.cart ...)
+ TODO: check
+CAN-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such
as ...)
+ TODO: check
+CAN-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6
allow ...)
+ TODO: check
+CAN-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for
Quick.Forum ...)
+ TODO: check
+CAN-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for
new ...)
+ TODO: check
+CAN-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two
News ...)
+ TODO: check
+CAN-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0
allows ...)
+ TODO: check
+CAN-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the
types ...)
+ TODO: check
+CAN-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote
attackers to ...)
+ TODO: check
+CAN-2005-1578 (EnCase Forensic Edition 4.18a does not support Device
Configuration ...)
+ TODO: check
+CAN-2005-1577 (APG Technology ClassMaster does not properly restrict access to
...)
+ TODO: check
+CAN-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for
Windows ...)
+ TODO: check
+CAN-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for
Windows ...)
+ TODO: check
+CAN-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content
...)
+ TODO: check
+CAN-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual
News ...)
+ TODO: check
+CAN-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CAN-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4
allow ...)
+ TODO: check
+CAN-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain
full ...)
+ TODO: check
+CAN-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and
2.2 ...)
+ TODO: check
+CAN-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to
...)
+ TODO: check
+CAN-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and
2.2 ...)
+ TODO: check
+CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to
bypass ...)
+ TODO: check
+CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is
...)
+ TODO: check
+CAN-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2
allows ...)
+ TODO: check
+CAN-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a
different ...)
+ TODO: check
+CAN-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and
...)
+ TODO: check
+CAN-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp
in ...)
+ TODO: check
+CAN-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to
execute ...)
+ TODO: check
+CAN-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to
execute ...)
+ TODO: check
+CAN-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to
bypass ...)
+ TODO: check
+CAN-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp
...)
+ TODO: check
+CAN-2005-1556 (Gamespy cd-key validation system allows remote attackers to
cause a ...)
+ TODO: check
+CAN-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server
in ...)
+ TODO: check
+CAN-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61,
and ...)
+ TODO: check
+CAN-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0
uses a ...)
+ TODO: check
+CAN-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0,
when ...)
+ TODO: check
+CAN-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for
viruses ...)
+ TODO: check
+CAN-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to
execute ...)
+ TODO: check
+CAN-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message
Board ...)
+ TODO: check
+CAN-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook
2.3.1 ...)
+ TODO: check
+CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone
Netvault, ...)
+ TODO: check
+CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0
allows ...)
+ TODO: check
+CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0
allows ...)
+ TODO: check
+CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 1.53 allows remote
...)
+ TODO: check
+CAN-2005-1543
+ NOTE: reserved
+CAN-2005-1542
+ NOTE: reserved
+CAN-2005-1541
+ NOTE: reserved
+CAN-2005-1540
+ NOTE: reserved
+CAN-2005-1539
+ NOTE: reserved
+CAN-2005-1538
+ NOTE: reserved
+CAN-2005-1537
+ NOTE: reserved
+CAN-2005-1536
+ NOTE: reserved
+CAN-2005-1535
+ NOTE: reserved
+CAN-2005-1534
+ NOTE: reserved
+CAN-2005-1533
+ NOTE: reserved
+CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not
properly ...)
+ TODO: check
+CAN-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not
properly ...)
+ TODO: check
+CAN-2005-1530
+ NOTE: reserved
+CAN-2005-1529
+ NOTE: reserved
+CAN-2005-1528
+ NOTE: reserved
+CAN-2005-1527
+ NOTE: reserved
+CAN-2005-1526
+ NOTE: reserved
+CAN-2005-1525
+ NOTE: reserved
+CAN-2005-1524
+ NOTE: reserved
+CAN-2005-1523
+ NOTE: reserved
+CAN-2005-1522
+ NOTE: reserved
+CAN-2005-1521
+ NOTE: reserved
+CAN-2005-1520
+ NOTE: reserved
+CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is
unfiltered ...)
+ TODO: check
+CAN-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using
Federated ...)
+ TODO: check
+CAN-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM)
2.3.1 ...)
+ TODO: check
CAN-2005-XXXX [Buffer overflow in libotr]
- libotr 2.0.2-1
CAN-2005-XXXX [vpnc: config file path security hole]
@@ -1321,7 +1467,7 @@
CAN-2005-1272
NOTE: reserved
CAN-2005-1271
- NOTE: reserved
+ NOTE: rejected
CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit
Hunter ...)
NOTE: not-for-us (Rootkit Hunter)
CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may
allow ...)
@@ -1341,16 +1487,13 @@
CAN-2005-1264
NOTE: reserved
CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
- NOTE: reserved
- kernel-source-2.6.11 2.6.11 2.6.11-4
- kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 2.4.27-10
-CAN-2005-1262
- NOTE: reserved
+CAN-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial
of ...)
NOTE: see http://gaim.sourceforge.net/security/
- gaim
-CAN-2005-1261
- NOTE: reserved
+CAN-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim
before ...)
NOTE: see http://gaim.sourceforge.net/security/
- gaim
CAN-2005-1260
@@ -2120,18 +2263,18 @@
NOTE: not-for-us (Apple)
CAN-2005-0975 (Integer signedness error in the parse_machfile function in the
mach-o ...)
NOTE: not-for-us (Apple)
-CAN-2005-0974
- NOTE: reserved
-CAN-2005-0973
- NOTE: reserved
-CAN-2005-0972
- NOTE: reserved
-CAN-2005-0971
- NOTE: reserved
+CAN-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9
and ...)
+ TODO: check
+CAN-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X
10.3.9 ...)
+ TODO: check
+CAN-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9
and ...)
+ TODO: check
+CAN-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X
...)
+ TODO: check
CAN-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and
...)
NOTE: not-for-us (Apple)
-CAN-2005-0969
- NOTE: reserved
+CAN-2005-0969 (Heap-based buffer overflow in the syscall emulation
functionality in ...)
+ TODO: check
CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows
remote ...)
NOTE: not-for-us (CA eTrust IDS)
CAN-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service
...)
@@ -2720,8 +2863,7 @@
{DSA-702-1}
- imagemagick 5:6.0.0-1
NOTE: Does only affect imagemagick releases prior to 6
-CAN-2005-0758
- NOTE: reserved
+CAN-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments,
which ...)
NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
- gzip (unfixed; bug #308379)
CAN-2005-0757
@@ -5210,7 +5352,7 @@
- maxdb-7.5.00 7.5.00.18
CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
NOTE: not-for-us (MSIE)
-CAN-2005-0109 (Unknown vulnerability in FreeBSD, and possibly other operating
...)
+CAN-2005-0109 (Hyper-Threading technology, as used in FreeBSD other operating
systems ...)
NOTE: not enough info to tell what it affects
TODO: wait until May 13th when it''s supposed to be disclosed.
CAN-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote
...)