Author: jmm-guest Date: 2005-06-22 23:48:58 +0000 (Wed, 22 Jun 2005) New Revision: 1257 Modified: data/CAN/list Log: lots of not-for-us and issues fixed for long. unclaim the rest of the legacy ones for now and claim a block of the fresh ones instead. Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-06-22 23:21:53 UTC (rev 1256) +++ data/CAN/list 2005-06-22 23:48:58 UTC (rev 1257) @@ -1,3 +1,4 @@ +begin claimed by jmm CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) TODO: check CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) @@ -46,6 +47,7 @@ TODO: check CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...) TODO: check +end claimed by jmm CAN-2005-2020 NOTE: reserved CAN-2005-2019 @@ -278,19 +280,18 @@ TODO: check CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...) TODO: check -begin claimed by jmm CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...) - TODO: check + NOTE: not-for-us (BasiliX) CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...) - TODO: check + NOTE: not-for-us (BasiliX) CAN-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...) - TODO: check + NOTE: not-for-us (BasiliX) CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...) - TODO: check + NOTE: not-for-us (BasiliX) CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...) - TODO: check + - phpbb2 2.0.6c-1 CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) TODO: check CAN-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...) @@ -304,29 +305,29 @@ CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...) TODO: check CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...) TODO: check CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...) - TODO: check + NOTE: not-for-us (Microsoft Outlook plugin) CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) - TODO: check + NOTE: not-for-us (Norton) CAN-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...) - TODO: check + NOTE: not-for-us (Alcatel hardware issue) CAN-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) TODO: check CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) @@ -350,31 +351,33 @@ CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) TODO: check CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) - TODO: check + NOTE: kfreebsd use a much more recent version of the freebsd kernel + NOTE: not-for-us (FreeBSD) CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) TODO: check CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...) TODO: check CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...) - TODO: check + NOTE: not-for-us (FreeBSD) CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...) - TODO: check + NOTE: not-for-us (HP-UX) CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...) - TODO: check + NOTE: kfreebsd use a much more recent version of the freebsd kernel + NOTE: not-for-us (FreeBSD) CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...) TODO: check CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...) - TODO: check + - tinc 1.0pre5-1 CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...) - TODO: check + NOTE: not-for-us (Lotus Notes) CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...) - TODO: check + NOTE: not-for-us (Sun) CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...) TODO: check CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...) @@ -382,48 +385,47 @@ CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...) TODO: check CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...) - TODO: check + NOTE: not-for-us (Check Point) CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...) - TODO: check + NOTE: not-for-us (mod_bf) CAN-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...) TODO: check CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...) TODO: check CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...) - TODO: check + - util-linux 2.11n-1 CAN-2001-1492 ( ...) TODO: check CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...) TODO: check CAN-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...) - TODO: check + NOTE: not-for-us (Open Projects ircd) CAN-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...) TODO: check CAN-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...) - TODO: check + NOTE: not-for-us (Alcatel hardware issue) CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...) TODO: check CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...) - TODO: check + NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...) - TODO: check + NOTE: not-for-us (Xitami) CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...) - TODO: check + NOTE: not-for-us (Sun Java) CAN-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...) - TODO: check + NOTE: not-for-us (Sun) CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...) - TODO: check + NOTE: not-for-us (UnixWare) CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...) - TODO: check + - snort 1.6.1-1 CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Xitami) CAN-2005-XXXX [File upload vulnerability in trac] - trac 0.8.4-1 CAN-2005-XXXX [Race condition in sudo''s pathname validation]