Author: jmm-guest Date: 2005-07-15 12:38:28 +0000 (Fri, 15 Jul 2005) New Revision: 1402 Modified: data/CAN/list Log: backup-manager CANified, claim more Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-15 12:14:58 UTC (rev 1401) +++ data/CAN/list 2005-07-15 12:38:28 UTC (rev 1402) @@ -101,41 +101,40 @@ NOTE: not-for-us (MediaWiki) CAN-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...) - base-config (unfixed; bug #305142; low) -begin claimed by jmm CAN-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...) - TODO: check + NOTE: not-for-us (MMS Ripper) CAN-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...) - TODO: check + - backup-manager 0.5.8-2 (low) CAN-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...) - TODO: check + - backup-manager 0.5.8-2 (low) CAN-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...) - TODO: check + NOTE: not-for-us (Internet Down) CAN-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...) - TODO: check + NOTE: not-for-us (ScanShare) CAN-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (PrivaShare) CAN-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...) - TODO: check + NOTE: not-for-us (CartWIZ) CAN-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...) - TODO: check + NOTE: not-for-us (CartWIZ) CAN-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...) - TODO: check + NOTE: not-for-us (kaiseki.cgi) CAN-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...) - TODO: check + NOTE: not-for-us (SiteMinder) CAN-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (phpWishlist) CAN-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...) - TODO: check + NOTE: not-for-us (Xerox Hardware issue) CAN-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...) - TODO: check + NOTE: not-for-us (Xerox hardware) CAN-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...) - TODO: check + NOTE: not-for-us (Xerox hardware) CAN-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...) - TODO: check + NOTE: not-for-us (PPA web photo gallery) CAN-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...) - TODO: check + NOTE: not-for-us (SPiD) CAN-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...) - TODO: check + NOTE: not-for-us (Id Board) CAN-2005-2196 NOTE: reserved CAN-2005-2195 @@ -143,16 +142,16 @@ CAN-2005-2194 NOTE: reserved CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in ...) - TODO: check + NOTE: not-for-us (PunBB) CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...) - TODO: check + NOTE: not-for-us (SimplePHPBlog) CAN-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...) - TODO: check + NOTE: not-for-us (Comersus) CAN-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...) - TODO: check + NOTE: not-for-us (Comersus) CAN-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...) - TODO: check -end claimed by jmm + NOTE: not-for-us (Lantronix SecureLinx) +begin claimed by jmm CAN-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...) TODO: check CAN-2005-2187 (McAfee IntruShield Security Management System allows remote ...) @@ -197,6 +196,7 @@ TODO: check CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...) TODO: check +end claimed by jmm CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) TODO: check CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...) @@ -1066,8 +1066,6 @@ NOTE: not-for-us (Duware) CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...) NOTE: not-for-us (Duware) -CAN-2005-XXXX [Insecure handling of tempfile for burning the backup in backup-manager] - - backup-manager 0.5.8-2 (low) CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...) NOTE: not-for-us (ATutor) CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)