Moritz Muehlenhoff
2005-May-25 09:40 UTC
[Secure-testing-commits] r1148 - sarge-checks/CAN
Author: jmm-guest Date: 2005-05-25 09:40:10 +0000 (Wed, 25 May 2005) New Revision: 1148 Modified: sarge-checks/CAN/list Log: processed first block, claim new Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-25 09:22:07 UTC (rev 1147) +++ sarge-checks/CAN/list 2005-05-25 09:40:10 UTC (rev 1148) @@ -1,42 +1,41 @@ -begin claimed by jmm CAN-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...) - TODO: check + NOTE: not-for-us (ezwdc NewsletterEz) CAN-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...) - TODO: check + NOTE: not-for-us (BEA Weblogic) CAN-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...) - TODO: check + NOTE: not-for-us (BEA Weblogic) CAN-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...) - TODO: check + NOTE: not-for-us (BEA Weblogic) CAN-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...) - TODO: check + NOTE: not-for-us (BEA Weblogic) CAN-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...) - TODO: check + NOTE: not-for-us (BEA Weblogic) CAN-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...) - TODO: check + NOTE: not-for-us (BEA Weblogic) CAN-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...) - TODO: check + NOTE: not-for-us (BEA Weblogic) CAN-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...) - TODO: check + NOTE: not-for-us (BEA Weblogic) CAN-2005-1741 (Gearbox Software Halo Combat Evolved 1.6 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Halo) CAN-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...) - net-snmp (unfixed; bug filed) CAN-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...) - imagemagick (unfixed; bug #310690) CAN-2005-1738 (Multiple format string vulnerabilities in the (1) logPrintBadfile ...) - TODO: check + NOTE: not-for-us (Iron Bars Shell) CAN-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized ...) - TODO: check + NOTE: not-for-us (PROMS) CAN-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights," ...) - TODO: check + NOTE: not-for-us (PROMS) CAN-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...) - TODO: check + NOTE: not-for-us (PROMS) CAN-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...) - TODO: check + NOTE: not-for-us (PROMS) CAN-2005-1733 (Cookie Cart stores the password file under the web document root with ...) - TODO: check + NOTE: not-for-us (Cookie Cart) CAN-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...) - TODO: check + NOTE: not-for-us (Cookie Cart) CAN-2005-1731 NOTE: reserved CAN-2005-1730 @@ -62,38 +61,39 @@ CAN-2005-1720 NOTE: reserved CAN-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...) - TODO: check + NOTE: not-for-us (avast! antivirus) CAN-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (War Times) CAN-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...) - TODO: check + NOTE: not-for-us (Zyxel hardware) CAN-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...) - TODO: check + NOTE: not-for-us (TOPo) CAN-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...) - TODO: check + NOTE: not-for-us (TOPo) CAN-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...) - TODO: check + NOTE: not-for-us (SurgeMail) CAN-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...) - TODO: check + NOTE: not-for-us (Serendipity) CAN-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...) - TODO: check + NOTE: not-for-us (Serendipity) CAN-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...) - TODO: check + NOTE: not-for-us (Gibraltar Firewall) + TODO: check, whether gibraltar-bootcd is in any way related/affected CAN-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...) - TODO: check + NOTE: not-for-us (Blue Coat) CAN-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...) - TODO: check + NOTE: not-for-us (Blue Coat) CAN-2005-1708 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows ...) - TODO: check + NOTE: not-for-us (Blue Coat) CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) - TODO: check + NOTE: not-for-us (Gentoo) CAN-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...) - TODO: check + - mailscanner (unfixed) CAN-2005-1705 (gdb before 6.3 searches the current working directory to load the ...) - TODO: check -end claimed by jmm + - gdb (unfixed) CAN-2005-1704 (Integer overflow in the BFD library for gdb before 6.3 allows ...) - gdb (unfixed; bug #308624) +begin claimed by jmm CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...) TODO: check CAN-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...) @@ -210,6 +210,7 @@ TODO: check CAN-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...) TODO: check +end claimed by jmm CAN-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...) TODO: check CAN-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...)