Author: joeyh Date: 2005-06-23 09:14:21 +0000 (Thu, 23 Jun 2005) New Revision: 1263 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-06-23 02:57:40 UTC (rev 1262) +++ data/CAN/list 2005-06-23 09:14:21 UTC (rev 1263) @@ -10,7 +10,7 @@ TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base - heimdal (unfixed; bug #315065; medium) CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...) - - nanoblogger (unfixed; bug pending) + - nanoblogger (unfixed; bug pending) CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...) NOTE: not-for-us (Fortibus CMS) CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...) @@ -74,7 +74,7 @@ CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...) NOTE: not-for-us (Ublog Reload) CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) - - yaws 1.56-1 + - yaws 1.56-1 CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...) - trac 0.8.4-1 CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) @@ -290,7 +290,7 @@ CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...) NOTE: not-for-us (BasiliX) CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...) - - phpbb2 2.0.6c-1 + - phpbb2 2.0.6c-1 CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...) NOTE: not-for-us (Cisco) CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) @@ -352,7 +352,7 @@ CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) TODO: check CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) - NOTE: kfreebsd use a much more recent version of the freebsd kernel + NOTE: kfreebsd use a much more recent version of the freebsd kernel NOTE: not-for-us (FreeBSD) CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) TODO: check @@ -367,14 +367,14 @@ CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...) NOTE: not-for-us (HP-UX) CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...) - NOTE: kfreebsd use a much more recent version of the freebsd kernel + NOTE: kfreebsd use a much more recent version of the freebsd kernel NOTE: not-for-us (FreeBSD) CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) NOTE: not-for-us (Oracle) CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...) TODO: check CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...) - - tinc 1.0pre5-1 + - tinc 1.0pre5-1 CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...) NOTE: not-for-us (Lotus Notes) CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...) @@ -396,7 +396,7 @@ CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...) TODO: check CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...) - - util-linux 2.11n-1 + - util-linux 2.11n-1 CAN-2001-1492 ( ...) TODO: check CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...) @@ -414,7 +414,7 @@ CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...) TODO: check CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...) - NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now + NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...) NOTE: not-for-us (Xitami) CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...) @@ -424,7 +424,7 @@ CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...) NOTE: not-for-us (UnixWare) CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...) - - snort 1.6.1-1 + - snort 1.6.1-1 CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...) NOTE: not-for-us (Xitami) CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls]