Author: joeyh
Date: 2005-06-03 21:14:20 +0000 (Fri, 03 Jun 2005)
New Revision: 1195
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-06-03 10:11:45 UTC (rev 1194)
+++ sarge-checks/CAN/list 2005-06-03 21:14:20 UTC (rev 1195)
@@ -1,3 +1,61 @@
+CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in
phpCMS ...)
+ TODO: check
+CAN-2005-1839 (Multiple SQL injection vulnerabilities in Liberum Help Desk
0.97.3 ...)
+ TODO: check
+CAN-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp
in ...)
+ TODO: check
+CAN-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded
uername ...)
+ TODO: check
+CAN-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CAN-2005-1835 (NEXTWEB (i)Site stores databases under the web document root
with ...)
+ TODO: check
+CAN-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site
allows ...)
+ TODO: check
+CAN-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB)
1.00 ...)
+ TODO: check
+CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in
MyBulletinBoard ...)
+ TODO: check
+CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...)
+ TODO: check
+CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and
3.2 ...)
+ TODO: check
+CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to
cause a ...)
+ TODO: check
+CAN-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in
the ...)
+ TODO: check
+CAN-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication
and ...)
+ TODO: check
+CAN-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by
...)
+ TODO: check
+CAN-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function
in HP ...)
+ TODO: check
+CAN-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils
SQL ...)
+ TODO: check
+CAN-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam
...)
+ TODO: check
+CAN-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8
allow ...)
+ TODO: check
+CAN-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in
...)
+ TODO: check
+CAN-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote
...)
+ TODO: check
+CAN-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail
before ...)
+ TODO: check
+CAN-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before
3.3.1 ...)
+ TODO: check
+CAN-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote
attackers to ...)
+ TODO: check
+CAN-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root
admins to ...)
+ TODO: check
+CAN-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD
10.0.0.1 ...)
+ TODO: check
+CAN-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote
...)
+ TODO: check
+CAN-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server
Evaluation ...)
+ TODO: check
+CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server
...)
+ TODO: check
CAN-2005-XXXX [Privilege escalation in Drupal]
- drupal 4.5.3-1
CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
@@ -4763,7 +4821,7 @@
- krb5 1.3.6-2
- heimdal 0.6.3-10
CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in
telnet.c for ...)
- {DSA-703-1}
+ {DSA-731-1 DSA-731-1 DSA-703-1}
- krb5 1.3.6-2
- krb4 1.2.2-11.2
TODO: check netkit-telnet, netkit-telnet-ssl