Author: joeyh Date: 2005-05-16 23:37:16 +0000 (Mon, 16 May 2005) New Revision: 1076 Modified: sarge-checks/CAN/list Log: process and claim Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-16 22:52:44 UTC (rev 1075) +++ sarge-checks/CAN/list 2005-05-16 23:37:16 UTC (rev 1076) @@ -1,75 +1,75 @@ CAN-2005-1589 NOTE: reserved -begin claimed by joeyh CAN-2005-1588 (SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows ...) - TODO: check + NOTE: not-for-us (Quick.cart) CAN-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...) - TODO: check + NOTE: not-for-us (Quick.cart) CAN-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...) - TODO: check + NOTE: not-for-us (Quick.Forum) CAN-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...) - TODO: check + NOTE: not-for-us (Quick.Forum) CAN-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...) - TODO: check + NOTE: not-for-us (Quick.Forum) CAN-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...) - TODO: check + NOTE: not-for-us (1Two News) CAN-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...) - TODO: check + NOTE: not-for-us (1Two News) CAN-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...) - TODO: check + NOTE: not-for-us (bug_list.php CAN-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...) - TODO: check + NOTE: not-for-us (BoastMachine) CAN-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...) - TODO: check + NOTE: not-for-us (EnCase) CAN-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...) - TODO: check + NOTE: not-for-us (APG Classmaster) CAN-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) - TODO: check + NOTE: appears windows specific CAN-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) - TODO: check + NOTE: appears windows specific CAN-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...) - TODO: check + NOTE: not-for-us (Windows) CAN-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...) - TODO: check + NOTE: not-for-us (ASP Virtual News Manager) CAN-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (ShowOff) CAN-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...) - TODO: check + NOTE: not-for-us (ShowOff) CAN-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...) - TODO: check + NOTE: for-for-us (bttlxeForum) CAN-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...) - TODO: check + NOTE: not-for-us (DirectTopics) CAN-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (DirectTopics) CAN-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...) - TODO: check + NOTE: not-for-us (DirectTopics) CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...) - TODO: check + NOTE: not-for-us (Acrowave AAP-3100AR wireless router) CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...) - TODO: check + - bugzilla (unfixed; bug #308789) + NOTE: only affects sid CAN-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...) - TODO: check + - bugzilla (unfixed; bug #308787) CAN-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...) - TODO: check + - bugzilla (unfixed; bug #308787) CAN-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...) - TODO: check + NOTE: not-for-us (MaxWebPortal) CAN-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...) - TODO: check + NOTE: not-for-us (MaxWebPortal) CAN-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us (Nexusway) CAN-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us (Nexusway) CAN-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...) - TODO: check + NOTE: not-for-us (Nexusway) CAN-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...) - TODO: check + NOTE: not-for-us (WebApp Guestbook PRO) CAN-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Gamespy cd-key validation system) CAN-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...) - TODO: check -end claimed by joeyh + NOTE: not-for-us (JRun) +begin claimed by joeyh CAN-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...) TODO: check CAN-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...) @@ -92,6 +92,7 @@ TODO: check CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 1.53 allows remote ...) TODO: check +end claimed by joeyh CAN-2005-1543 NOTE: reserved CAN-2005-1542 @@ -171,11 +172,6 @@ CAN-2005-XXXX [wordpress: unknown security hole] NOTE: Removed from Sarge due to intransparent handling of security issues by upstream - wordpress 1.5.1-1 -CAN-2005-XXXX [insecure password handling] - - bugzilla (unfixed; bug #308789) - NOTE: only affects sid -CAN-2005-XXXX [Minor information leak in product handling] - - bugzilla (unfixed; bug #308787) CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...) NOTE: not-for-us (PwsPHP) CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)