Author: jmm-guest Date: 2005-06-29 09:42:25 +0000 (Wed, 29 Jun 2005) New Revision: 1300 Modified: data/CAN/list Log: processed the recent block, nothing new except CAN assignments for the two clamav issue. claim some older ones as well. Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-06-29 09:34:25 UTC (rev 1299) +++ data/CAN/list 2005-06-29 09:42:25 UTC (rev 1300) @@ -1,55 +1,54 @@ -begin claimed by jmm CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) - TODO: check + NOTE: not-for-us (BisonFTP Server) CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) - TODO: check + NOTE: not-for-us (Hosting Controller) CAN-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...) - TODO: check + NOTE: not-for-us (HP Version Control Repository Manager) CAN-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...) - TODO: check + NOTE: not-for-us (PHP-Fusion) CAN-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...) - TODO: check + NOTE: not-for-us (PHP-Fusion) CAN-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...) - TODO: check + NOTE: not-for-us (DB2) CAN-2005-2072 (ld.so in Solaris 9 and 10 trusts the LD_AUDIT environment variable in ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...) - TODO: check + - clamav 0.86-1 (medium) CAN-2005-2069 NOTE: reserved CAN-2005-2068 NOTE: reserved CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...) - TODO: check + NOTE: not-for-us (ASP Nuke) CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...) - TODO: check + NOTE: not-for-us (ASP Nuke) CAN-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...) - TODO: check + NOTE: not-for-us (ASP Nuke) CAN-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...) - TODO: check + NOTE: not-for-us (ASP Nuke) CAN-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOTE: not-for-us (ActiveBuyAndSell) CAN-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...) - TODO: check + NOTE: not-for-us (ActiveBuyAndSell) CAN-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...) - TODO: check + NOTE: not-for-us (Infopop UBB.Threads) CAN-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...) - TODO: check + NOTE: not-for-us (Infopop UBB.Threads) CAN-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...) - TODO: check + NOTE: not-for-us (Infopop UBB.Threads) CAN-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...) - TODO: check + NOTE: not-for-us (Infopop UBB.Threads) CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...) - TODO: check + NOTE: not-for-us (Infopop UBB.Threads) CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...) - TODO: check + - clamav 0.86.1-1 (medium) CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...) - TODO: check + NOTE: not-for-us (RealPlayer) CAN-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (RealPlayer) +begin claimed by jmm CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) TODO: check CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) @@ -120,6 +119,7 @@ TODO: check CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) TODO: check +end claimed by jmm CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) TODO: check CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) @@ -484,10 +484,6 @@ NOTE: not-for-us (Duware) CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager] - backup-manager 0.5.8-2 (low) -CAN-2005-XXXX [clamav libmspack decompressor DoS] - - clamav 0.86.1-1 (medium) -CAN-2005-XXXX [clamav-milter timeout DoS] - - clamav 0.86-1 (medium) CAN-2005-XXXX [Buffer overflow in Asterisk''s command parser] - asterisk (unfixed; bug #315532; high) CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)