Author: jmm-guest
Date: 2005-06-23 00:14:41 +0000 (Thu, 23 Jun 2005)
New Revision: 1259
Modified:
data/CAN/list
Log:
canified ruby, trac and sudo
yaws already fixed
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-06-23 00:08:26 UTC (rev 1258)
+++ data/CAN/list 2005-06-23 00:14:41 UTC (rev 1259)
@@ -59,54 +59,52 @@
NOTE: reserved
CAN-2005-2015
NOTE: reserved
-begin claimed by jmm
CAN-2005-2014 (The "upload a language pack" feature in paFAQ
1.0 Beta 4 allows remote ...)
- TODO: check
+ NOTE: not-for-us (paFAQ)
CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive
...)
- TODO: check
+ NOTE: not-for-us (paFAQ)
CAN-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0
Beta 4 ...)
- TODO: check
+ NOTE: not-for-us (paFAQ)
CAN-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0
Beta ...)
- TODO: check
+ NOTE: not-for-us (paFAQ)
CAN-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in
Ublog ...)
- TODO: check
+ NOTE: not-for-us (Ublog Reload)
CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5
allow ...)
- TODO: check
+ NOTE: not-for-us (Ublog Reload)
CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to
obtain the ...)
- TODO: check
+ - yaws 1.56-1
CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and
earlier ...)
- TODO: check
+ - trac 0.8.4-1
CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to
obtain ...)
- TODO: check
+ NOTE: not-for-us (JBOSS)
CAN-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the
users.dat ...)
- TODO: check
+ NOTE: not-for-us (Ultimate PHP Board)
CAN-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP
Board ...)
- TODO: check
+ NOTE: not-for-us (Ultimate PHP Board)
CAN-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to
obtain ...)
- TODO: check
+ NOTE: not-for-us (Ultimate PHP Board)
CAN-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and
...)
- TODO: check
+ NOTE: not-for-us (Mambo)
CAN-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB
3.1 and ...)
- TODO: check
+ NOTE: not-for-us (paFileDB)
CAN-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and
earlier ...)
- TODO: check
+ NOTE: not-for-us (paFileDB)
CAN-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in
pafiledb.php in ...)
- TODO: check
+ NOTE: not-for-us (paFileDB)
CAN-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1
allows ...)
- TODO: check
+ NOTE: not-for-us (McGallery)
CAN-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to
...)
- TODO: check
+ NOTE: not-for-us (McGallery)
CAN-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix
Site ...)
- TODO: check
+ NOTE: not-for-us (Bitrix Site Manager)
CAN-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOTE: not-for-us (Bitrix Site Manager)
CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to
download ...)
- TODO: check
+ NOTE: not-for-us (Finjan SurfinGate)
CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
- TODO: check
+ - sudo (unfixed; bug #315115; medium)
CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8
sets ...)
- TODO: check
-end claimed by jmm
+ - ruby1.8 (unfixed; bug #315064; medium)
CAN-2005-1991
NOTE: reserved
CAN-2005-1990
@@ -427,12 +425,6 @@
- snort 1.6.1-1
CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the
cgi-bin ...)
NOTE: not-for-us (Xitami)
-CAN-2005-XXXX [File upload vulnerability in trac]
- - trac 0.8.4-1
-CAN-2005-XXXX [Race condition in sudo''s pathname validation]
- - sudo (unfixed; bug #315115; medium)
-CAN-2005-XXXX [Arbitrary command execution in Ruby''s XMLRPC code]
- - ruby1.8 (unfixed; bug #315064; medium)
CAN-2005-XXXX [Tor: Information leak through insufficient length verification
of relay calls]
- tor 0.0.9.10-1 (medium)
CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire
1Two ...)