Moritz Muehlenhoff
2005-Jun-02 09:50 UTC
[Secure-testing-commits] r1188 - sarge-checks/CAN
Author: jmm-guest Date: 2005-06-02 09:50:40 +0000 (Thu, 02 Jun 2005) New Revision: 1188 Modified: sarge-checks/CAN/list Log: processed block, claim new Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-06-02 09:18:21 UTC (rev 1187) +++ sarge-checks/CAN/list 2005-06-02 09:50:40 UTC (rev 1188) @@ -1,88 +1,88 @@ -begin claimed by jmm CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...) - TODO: check + NOTE: not-for-us (MyBB) CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...) - TODO: check + NOTE: Not in Sarge + - wordpress 1.5.1.2-1 CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Sony hardware issue) CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...) - TODO: check + NOTE: not-for-us (Stronghold game) CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...) - TODO: check + NOTE: not-for-us (PHPMailer) CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...) - TODO: check + NOTE: not-for-us (PeerCast) CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...) - TODO: check + NOTE: not-for-us (Online Solutions for Educators) CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...) - TODO: check + NOTE: not-for-us (Net Portal Dynamic System) CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...) - TODO: check + NOTE: not-for-us (Net Portal Dynamic System) CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Nortel hardware) CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Nokia hardware) CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...) - TODO: check + NOTE: not-for-us (Jaws glossary gadget) CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...) - TODO: check + NOTE: not-for-us (FreeStyle Wiki) CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) - TODO: check + NOTE: not-for-us (ServersCheck) CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) - TODO: check + NOTE: Cryptographic attack on AES, cannot be fixed CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) TODO: check CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...) - TODO: check + NOTE: not-for-us (ClamAV on Mac OS X) CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...) - TODO: check + NOTE: not-for-us (India Software Solution shopping cart) CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...) - TODO: check + NOTE: not-for-us (Hosting Controller) CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...) - TODO: check + NOTE: not-for-us (phpStat) CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...) - TODO: check + NOTE: not-for-us (FunkyASP) CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) - TODO: check + NOTE: not-for-us (ZonGG) CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) - TODO: check + NOTE: not-for-us (Hosting Controller) CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) - TODO: check + NOTE: not-for-us (BookReview) CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) - TODO: check + NOTE: not-for-us (BookReview) CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...) - TODO: check + NOTE: not-for-us (MailEnable) CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) - TODO: check + NOTE: not-for-us (Active News Manager) CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...) - TODO: check + NOTE: not-for-us (MaxWebPortal) CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...) - TODO: check + NOTE: not-for-us (PostNuke) CAN-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...) - TODO: check + NOTE: not-for-us (C''Nedra) CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (Terminator game) CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...) - TODO: check + - davfs2 (unfixed; bug #310757) CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...) - TODO: check + NOTE: not-for-us (Listserv) CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) - TODO: check + NOTE: not-for-us (Terminator game) CAN-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...) - TODO: check + NOTE: not-for-us (HPUX) CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) - TODO: check + NOTE: not-for-us (Avast) CAN-2005-1769 NOTE: reserved CAN-2005-1768 @@ -112,38 +112,38 @@ CAN-2005-1756 NOTE: reserved CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) - TODO: check + - shtool (unfixed; bug #311206) CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) TODO: check CAN-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) TODO: check CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...) TODO: check CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...) - TODO: check + NOTE: not-for-us (PJ CGI Nero) CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) - TODO: check + NOTE: not-for-us (Informix Dynamic Server) CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...) - TODO: check + - phpbb2 2.0.6d-2 CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (SurfNOW) CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...) - TODO: check + NOTE: not-for-us (WebWeaver) CAN-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...) - TODO: check + NOTE: not-for-us (Web Blog) CAN-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...) - TODO: check + NOTE: not-for-us (BlackICE) CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and ...) - TODO: check + NOTE: not-for-us (BlackICE) CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...) - TODO: check + - gallery 1.4.4-pl1-1 CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...) - TODO: check + NOTE: not-for-us (Nextplace) CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Intra Forum) +begin claimed by jmm CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...) TODO: check CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...) @@ -208,17 +208,13 @@ TODO: check CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...) TODO: check -CAN-2005-XXXX [SQL injection in Wordpress''s template handling] - NOTE: Not in Sarge - - wordpress 1.5.1.2-1 +end claimed by jmm CAN-2005-XXXX [Unspecified issue in moodle''s admin/delete.php] - moodle 1.4.4.dfsg.1-3 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles] - mutt (unfixed; bug #311296) CAN-2005-XXXX [Buffer overflow in elog header_buffer] - elog 2.5.9+r1674-1 -CAN-2005-XXXX [Insecure tempfile generation in shtool] - - shtool (unfixed; bug #311206) CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php] NOTE: According to advisory posted to Bugtraq fixed in 3.1-30, however it''s NOTE: not mentioned in the changelog, so it''s either a hidden fix or unfixed