Author: joeyh Date: 2005-07-15 18:23:55 +0000 (Fri, 15 Jul 2005) New Revision: 1404 Modified: data/CAN/list Log: hole in gnats and claim rest of recent cans Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-15 12:50:31 UTC (rev 1403) +++ data/CAN/list 2005-07-15 18:23:55 UTC (rev 1404) @@ -168,7 +168,7 @@ CAN-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...) NOTE: not-for-us (SIP phone hardware issue) CAN-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...) - TODO: check + - gnats (unfixed; bug filed; high) CAN-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...) NOTE: not-for-us (Jaws) CAN-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...) @@ -196,6 +196,7 @@ NOTE: not-for-us (AliveSites) CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...) NOTE: not-for-us (Express-Web) +begin claimed by joeyh CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) TODO: check CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) @@ -306,6 +307,7 @@ TODO: check CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...) TODO: check +end claimed by joeyh CAN-2005-XXXX [base-config log should not be world readable] - base-config 2.68 (low) CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...)