Author: jmm-guest Date: 2005-06-23 00:08:26 +0000 (Thu, 23 Jun 2005) New Revision: 1258 Modified: data/CAN/list Log: new nanoblogger issue canified heimdal-telnet lots of not-for-us claim new Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-06-22 23:48:58 UTC (rev 1257) +++ data/CAN/list 2005-06-23 00:08:26 UTC (rev 1258) @@ -1,53 +1,52 @@ -begin claimed by jmm CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) - TODO: check + NOTE: not-for-us (ATutor) CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) - TODO: check + NOTE: not-for-us (XAMPP) CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...) - TODO: check + NOTE: not-for-us (ajax-spell) CAN-2005-2041 (Buffer overflow in addschup in ViRobot 2.0 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (ViRobot) CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...) - TODO: check + TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base + - heimdal (unfixed; bug #315065; medium) CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) - TODO: check + - nanoblogger (unfixed; bug pending) CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) - TODO: check + NOTE: not-for-us (Fortibus CMS) CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) - TODO: check + NOTE: not-for-us (Fortibus CMS) CAN-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Cool Cafe Chat) CAN-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...) - TODO: check + NOTE: not-for-us (Cool Cafe Chat) CAN-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...) - TODO: check + NOTE: not-for-us (iGallery) CAN-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...) - TODO: check + NOTE: not-for-us (iGallery) CAN-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...) - TODO: check + NOTE: not-for-us (socialMPN) CAN-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...) - TODO: check + NOTE: not-for-us (Ultimate PHP Board) CAN-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...) - TODO: check + NOTE: not-for-us (external script that allow interaction between amarok and a browser) CAN-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...) - TODO: check + NOTE: not-for-us (MercuryBoard) CAN-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...) - TODO: check + NOTE: not-for-us (Enterasys hardware issue) CAN-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...) - TODO: check + NOTE: not-for-us (Enterasys hardware issue) CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Cisco) CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...) TODO: check CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using S/MIME ...) TODO: check CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...) - TODO: check + NOTE: not-for-us (iPlanet) CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (cPanel) CAN-2005-2020 NOTE: reserved CAN-2005-2019 @@ -60,6 +59,7 @@ NOTE: reserved CAN-2005-2015 NOTE: reserved +begin claimed by jmm CAN-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...) TODO: check CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...) @@ -106,6 +106,7 @@ TODO: check CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) TODO: check +end claimed by jmm CAN-2005-1991 NOTE: reserved CAN-2005-1990 @@ -432,9 +433,6 @@ - sudo (unfixed; bug #315115; medium) CAN-2005-XXXX [Arbitrary command execution in Ruby''s XMLRPC code] - ruby1.8 (unfixed; bug #315064; medium) -CAN-2005-XXXX [buffer overflow in heimdal''s getterminaltype() function] - TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base - - heimdal (unfixed; bug #315065; medium) CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls] - tor 0.0.9.10-1 (medium) CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)