Author: djoume-guest Date: 2005-06-29 15:47:26 +0000 (Wed, 29 Jun 2005) New Revision: 1303 Modified: data/CAN/list Log: * processed my block : lot of not-for-us * claimed some more Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-06-29 10:40:42 UTC (rev 1302) +++ data/CAN/list 2005-06-29 15:47:26 UTC (rev 1303) @@ -124,124 +124,125 @@ CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...) TODO: check end claimed by jmm -begin claimed by djoume CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...) - TODO: check + NOTE: not-for-us CAN-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...) - TODO: check + NOTE: not-for-us + NOTE: fixed before Gringotts was in Debian CAN-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...) - TODO: check + - webmin (1.000-2) CAN-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...) - TODO: check + NOTE: not-for-us CAN-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us CAN-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...) - TODO: check + NOTE: not-for-us CAN-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...) - TODO: check + NOTE: not-for-us CAN-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...) - TODO: check + NOTE: not-for-us CAN-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...) - TODO: check + NOTE: not-for-us CAN-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...) - TODO: check + NOTE: not-for-us CAN-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...) - TODO: check + NOTE: not-for-us CAN-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...) - TODO: check + NOTE: not-for-us CAN-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...) - TODO: check + NOTE: not-for-us CAN-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...) - TODO: check + NOTE: not-for-us CAN-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...) - TODO: check + NOTE: not-for-us CAN-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...) - TODO: check + NOTE: not-for-us CAN-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...) - TODO: check + NOTE: not-for-us CAN-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...) - TODO: check + NOTE: not-for-us CAN-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...) - TODO: check + NOTE: not-for-us CAN-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...) - TODO: check + NOTE: not-for-us CAN-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...) - TODO: check + NOTE: not-for-us CAN-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...) - TODO: check + NOTE: not-for-us CAN-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during ...) - TODO: check + NOTE: not-for-us CAN-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...) - TODO: check + NOTE: not-for-us (Windows specific) CAN-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...) - TODO: check + NOTE: not-for-us CAN-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...) - TODO: check + NOTE: not-for-us (Windows specific) CAN-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...) - TODO: check + NOTE: not-for-us CAN-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...) - TODO: check + NOTE: not-for-us CAN-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...) - TODO: check + NOTE: not-for-us CAN-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...) - TODO: check + NOTE: not-for-us CAN-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...) - TODO: check + NOTE: not-for-us CAN-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...) - TODO: check + NOTE: not-for-us CAN-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...) - TODO: check + - dump 0.4b31-1 CAN-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...) - TODO: check + NOTE: not-for-us CAN-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...) - TODO: check + NOTE: not-for-us CAN-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...) - TODO: check + NOTE: not-for-us CAN-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...) - TODO: check + NOTE: not-for-us CAN-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...) - TODO: check + NOTE: not-for-us CAN-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us CAN-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...) - TODO: check + NOTE: not-for-us CAN-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...) - TODO: check + NOTE: not-for-us CAN-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...) - TODO: check + NOTE: not-for-us CAN-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...) - TODO: check + NOTE: not-for-us CAN-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us CAN-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...) - TODO: check + NOTE: not-for-us CAN-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...) - TODO: check + NOTE: not-for-us CAN-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...) - TODO: check + NOTE: not-for-us CAN-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us CAN-2002-1897 (MyWebServer 1.0.2 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us CAN-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...) - TODO: check + - alsaplayer 0.99.72-1 CAN-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...) - TODO: check + NOTE: not-for-us (Windows specific) CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...) - TODO: check -end claimed by djoume + NOTE: not-for-us + NOTE: fix before phpbb2 was in Debian. +begin claimed by djoume CAN-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...) TODO: check CAN-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...) @@ -336,6 +337,7 @@ TODO: check CAN-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...) TODO: check +end claimed by djoume CAN-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...) TODO: check CAN-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...)