Moritz Muehlenhoff
2005-Jun-03 22:11 UTC
[Secure-testing-commits] r1197 - sarge-checks/CAN
Author: jmm-guest Date: 2005-06-03 22:11:00 +0000 (Fri, 03 Jun 2005) New Revision: 1197 Modified: sarge-checks/CAN/list Log: several not-for-us, mailutils already fixed Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-06-03 22:01:05 UTC (rev 1196) +++ sarge-checks/CAN/list 2005-06-03 22:11:00 UTC (rev 1197) @@ -1,61 +1,61 @@ CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) - TODO: check + NOTE: not-for-us (phpCMS) CAN-2005-1839 (Multiple SQL injection vulnerabilities in Liberum Help Desk 0.97.3 ...) - TODO: check + NOTE: not-for-us (Liberum) CAN-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...) - TODO: check + NOTE: not-for-us (Liberum) CAN-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...) - TODO: check + NOTE: not-for-us (Fortinet firewall) CAN-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (NEXTWEB) CAN-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...) - TODO: check + NOTE: not-for-us (NEXTWEB) CAN-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...) - TODO: check + NOTE: not-for-us (NEXTWEB) CAN-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) - TODO: check + NOTE: not-for-us (MyBB) CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) - TODO: check + NOTE: not-for-us (MyBB) CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...) TODO: check CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) - TODO: check + NOTE: not-for-us (SoftICE) CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...) - TODO: check + NOTE: not-for-us (D-Link hardware issue) CAN-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...) - TODO: check + NOTE: not-for-us (D-Link hardware issue) CAN-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...) - TODO: check + NOTE: not-for-us (HP Radia) CAN-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...) - TODO: check + NOTE: not-for-us (HP Radia) CAN-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...) - TODO: check + - mailutils 1:0.6.1-2 CAN-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...) - TODO: check + NOTE: not-for-us (Qualiteam X-Cart) CAN-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...) - TODO: check + NOTE: not-for-us (Qualiteam X-Cart) CAN-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in ...) - TODO: check + NOTE: not-for-us (PowerDownload) CAN-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...) - TODO: check + NOTE: not-for-us (Zeroboard) CAN-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...) - TODO: check + NOTE: not-for-us (NikoSoft WebMail) CAN-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...) - TODO: check + NOTE: not-for-us (NewLife Blogger) CAN-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Invision Power Board) CAN-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...) - TODO: check + NOTE: not-for-us (Invision Power Board) CAN-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...) - TODO: check + NOTE: not-for-us (Hummingbird Connectivity) CAN-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...) - TODO: check + NOTE: not-for-us (PicoWebServer) CAN-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...) - TODO: check + NOTE: not-for-us (FutureSoft TFTP Server) CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...) - TODO: check + NOTE: not-for-us (FutureSoft TFTP Server) CAN-2005-XXXX [Privilege escalation in Drupal] - drupal 4.5.3-1 CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)