Author: joeyh
Date: 2005-07-17 07:13:40 +0000 (Sun, 17 Jul 2005)
New Revision: 1413
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-07-16 17:48:35 UTC (rev 1412)
+++ data/CAN/list 2005-07-17 07:13:40 UTC (rev 1413)
@@ -1,3 +1,387 @@
+CAN-2005-2275
+ NOTE: reserved
+CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a
...)
+ TODO: check
+CAN-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a
Javascript ...)
+ TODO: check
+CAN-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript
...)
+ TODO: check
+CAN-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box
with the ...)
+ TODO: check
+CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly
clone ...)
+ TODO: check
+CAN-2005-2269 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly
verify ...)
+ TODO: check
+CAN-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly
...)
+ TODO: check
+CAN-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal
information and ...)
+ TODO: check
+CAN-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child
frame to ...)
+ TODO: check
+CAN-2005-2265 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote
attackers ...)
+ TODO: check
+CAN-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive
...)
+ TODO: check
+CAN-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and
Mozilla ...)
+ TODO: check
+CAN-2005-2262 (Firefox 1.0.3 and 1.0.4 allows remote attackers to execute
arbitrary ...)
+ TODO: check
+CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, and Mozilla
before ...)
+ TODO: check
+CAN-2005-2260 (The browser user interface in Firefox before 1.0.5 and Mozilla
before ...)
+ TODO: check
+CAN-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML
of ...)
+ TODO: check
+CAN-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum
3.82 ...)
+ TODO: check
+CAN-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02
allows ...)
+ TODO: check
+CAN-2002-2083 (The Novell Netware client running on Windows 95 allows local
users to ...)
+ TODO: check
+CAN-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before
authentication ...)
+ TODO: check
+CAN-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers
to ...)
+ TODO: check
+CAN-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a
denial of ...)
+ TODO: check
+CAN-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX
...)
+ TODO: check
+CAN-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and
(2) ...)
+ TODO: check
+CAN-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly
clear ...)
+ TODO: check
+CAN-2002-2076 (Directory traversal vulnerability in Lil'' HTTP server
2.1 and 2.2 ...)
+ TODO: check
+CAN-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of
...)
+ TODO: check
+CAN-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows
remote ...)
+ TODO: check
+CAN-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP
pages on ...)
+ TODO: check
+CAN-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM)
in ...)
+ TODO: check
+CAN-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of
...)
+ TODO: check
+CAN-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data
streams ...)
+ TODO: check
+CAN-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams
that are ...)
+ TODO: check
+CAN-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that
are ...)
+ TODO: check
+CAN-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data
streams ...)
+ TODO: check
+CAN-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear
Windows ...)
+ TODO: check
+CAN-2002-2065 (WebCalendar 0.9.34 and earlier with ''browsing in
includes directory'' ...)
+ TODO: check
+CAN-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain
...)
+ TODO: check
+CAN-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters
and ...)
+ TODO: check
+CAN-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet
...)
+ TODO: check
+CAN-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and
...)
+ TODO: check
+CAN-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to
crash ...)
+ TODO: check
+CAN-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards
does not ...)
+ TODO: check
+CAN-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage
...)
+ TODO: check
+CAN-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in
...)
+ TODO: check
+CAN-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2
allows ...)
+ TODO: check
+CAN-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in
TeeKai ...)
+ TODO: check
+CAN-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the
...)
+ TODO: check
+CAN-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as
implemented ...)
+ TODO: check
+CAN-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim
release, ...)
+ TODO: check
+CAN-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when
used ...)
+ TODO: check
+CAN-2002-2050 (Directory traversal vulnerability in processor_web plugin for
ModLogAn ...)
+ TODO: check
+CAN-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6,
when ...)
+ TODO: check
+CAN-2002-2048 (** local / non-priv overflow only? ** ...)
+ TODO: check
+CAN-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier
allows ...)
+ TODO: check
+CAN-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote
attackers ...)
+ TODO: check
+CAN-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote
attackers to ...)
+ TODO: check
+CAN-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in
x-stat ...)
+ TODO: check
+CAN-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication
patch ...)
+ TODO: check
+CAN-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and
6.1.0 ...)
+ TODO: check
+CAN-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS)
6.1.0 ...)
+ TODO: check
+CAN-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime
...)
+ TODO: check
+CAN-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0
allows ...)
+ TODO: check
+CAN-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a
filesystem-based ...)
+ TODO: check
+CAN-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and
...)
+ TODO: check
+CAN-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility
(NSCM) ...)
+ TODO: check
+CAN-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0
and ...)
+ TODO: check
+CAN-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote
attackers ...)
+ TODO: check
+CAN-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote
attackers ...)
+ TODO: check
+CAN-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict
access to ...)
+ TODO: check
+CAN-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution
enabled ...)
+ TODO: check
+CAN-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0
allows ...)
+ TODO: check
+CAN-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for
/php/ ...)
+ TODO: check
+CAN-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not
verify ...)
+ TODO: check
+CAN-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not
...)
+ TODO: check
+CAN-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP
servers to ...)
+ TODO: check
+CAN-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers
to ...)
+ TODO: check
+CAN-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web
root ...)
+ TODO: check
+CAN-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0,
1.1 and ...)
+ TODO: check
+CAN-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier
allows ...)
+ TODO: check
+CAN-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning
Board ...)
+ TODO: check
+CAN-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a
default ...)
+ TODO: check
+CAN-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in
...)
+ TODO: check
+CAN-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain
privileges by ...)
+ TODO: check
+CAN-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary
code ...)
+ TODO: check
+CAN-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to
kernel ...)
+ TODO: check
+CAN-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703
allows ...)
+ TODO: check
+CAN-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages
when a ...)
+ TODO: check
+CAN-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows
remote ...)
+ TODO: check
+CAN-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS
for ...)
+ TODO: check
+CAN-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program
...)
+ TODO: check
+CAN-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in
htdig ...)
+ TODO: check
+CAN-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web
root ...)
+ TODO: check
+CAN-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to
obtain the ...)
+ TODO: check
+CAN-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4
allows ...)
+ TODO: check
+CAN-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and
3.0 ...)
+ TODO: check
+CAN-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and
...)
+ TODO: check
+CAN-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers
to ...)
+ TODO: check
+CAN-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows
remote ...)
+ TODO: check
+CAN-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A
allows ...)
+ TODO: check
+CAN-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with
predictable ...)
+ TODO: check
+CAN-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly
use ...)
+ TODO: check
+CAN-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could
allow ...)
+ TODO: check
+CAN-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX
8.0.0 ...)
+ TODO: check
+CAN-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass
filtering ...)
+ TODO: check
+CAN-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and
earlier ...)
+ TODO: check
+CAN-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for
PHP-Nuke ...)
+ TODO: check
+CAN-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional
1.030000 ...)
+ TODO: check
+CAN-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to
execute ...)
+ TODO: check
+CAN-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS
4 or ...)
+ TODO: check
+CAN-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute
arbitrary ...)
+ TODO: check
+CAN-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal
physical ...)
+ TODO: check
+CAN-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service
...)
+ TODO: check
+CAN-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service
...)
+ TODO: check
+CAN-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin
2.1.2 ...)
+ TODO: check
+CAN-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through
2.4.11, when ...)
+ TODO: check
+CAN-2001-1571 (The Remote Desktop client in Windows XP sends the most recent
user ...)
+ TODO: check
+CAN-2001-1570 (Windows XP with fast user switching and account lockout enabled
allows ...)
+ TODO: check
+CAN-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain
name ...)
+ TODO: check
+CAN-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name
URL ...)
+ TODO: check
+CAN-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers
to ...)
+ TODO: check
+CAN-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in
Perdition ...)
+ TODO: check
+CAN-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1
through ...)
+ TODO: check
+CAN-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and
11.11 ...)
+ TODO: check
+CAN-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS
for ...)
+ TODO: check
+CAN-2001-1562 (Format string vulnerability in nvi before 1.79 allows local
users to ...)
+ TODO: check
+CAN-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local
users to ...)
+ TODO: check
+CAN-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000
and ...)
+ TODO: check
+CAN-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0
provide ...)
+ TODO: check
+CAN-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before
1.8.3 ...)
+ TODO: check
+CAN-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers
to ...)
+ TODO: check
+CAN-2001-1556 (The log files in Apache web server contain information directly
...)
+ TODO: check
+CAN-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal
...)
+ TODO: check
+CAN-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows
remote ...)
+ TODO: check
+CAN-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed
setuid, ...)
+ TODO: check
+CAN-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a
denial of ...)
+ TODO: check
+CAN-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid
processes, ...)
+ TODO: check
+CAN-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled
creates ...)
+ TODO: check
+CAN-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass
...)
+ TODO: check
+CAN-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows
local ...)
+ TODO: check
+CAN-2001-1547 (Outlook Express 6.0, with "Do not allow attachments to
be saved or ...)
+ TODO: check
+CAN-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and
...)
+ TODO: check
+CAN-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL
requests ...)
+ TODO: check
+CAN-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server
(JWS) ...)
+ TODO: check
+CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a
default ...)
+ TODO: check
+CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter
...)
+ TODO: check
+CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI
BSD/OS ...)
+ TODO: check
+CAN-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a
...)
+ TODO: check
+CAN-2001-1539 (The JavaScript settimeout function in Internet Explorer allows
remote ...)
+ TODO: check
+CAN-2001-1538 (SpeedXess HA-120 DSL router has a default administrative
password of ...)
+ TODO: check
+CAN-2001-1537 (The default "basic" security setting''
in config.php for TWIG webmail ...)
+ TODO: check
+CAN-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in
cookies, ...)
+ TODO: check
+CAN-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random
...)
+ TODO: check
+CAN-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session
ID''s ...)
+ TODO: check
+CAN-2001-1533 (** DISPUTED * ...)
+ TODO: check
+CAN-2001-1532 (WebX stores authentication information in the HTTP_REFERER
variable, ...)
+ TODO: check
+CAN-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers
to ...)
+ TODO: check
+CAN-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with
...)
+ TODO: check
+CAN-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows
...)
+ TODO: check
+CAN-2001-1528 (AmTote International homebet program returns different error
messages ...)
+ TODO: check
+CAN-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in
cleartext ...)
+ TODO: check
+CAN-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action
in ...)
+ TODO: check
+CAN-2001-1525 (Directory traversal vulnerability in the comments action in
easyNews ...)
+ TODO: check
+CAN-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and
earlier ...)
+ TODO: check
+CAN-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway
module for ...)
+ TODO: check
+CAN-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger
for ...)
+ TODO: check
+CAN-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke
0.64 ...)
+ TODO: check
+CAN-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by
...)
+ TODO: check
+CAN-2001-1519 (** DISPUTED ** ...)
+ TODO: check
+CAN-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session
instance at ...)
+ TODO: check
+CAN-2001-1517 (** DISPUTED ** ...)
+ TODO: check
+CAN-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2
and ...)
+ TODO: check
+CAN-2001-1515 (Macintosh clients, when using NT file system volumes on Windows
2000 ...)
+ TODO: check
+CAN-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced
...)
+ TODO: check
+CAN-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain
...)
+ TODO: check
+CAN-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote
attackers to ...)
+ TODO: check
+CAN-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows
...)
+ TODO: check
+CAN-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0,
iPlanet, ...)
+ TODO: check
+CAN-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does
not ...)
+ TODO: check
+CAN-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a
allows ...)
+ TODO: check
+CAN-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly
...)
+ TODO: check
+CAN-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving
an ...)
+ TODO: check
+CAN-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet
Application ...)
+ TODO: check
+CAN-2000-1235 (The default configurations of (1) the port listener and (2)
modplsql ...)
+ TODO: check
+CAN-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send
e-mails ...)
+ TODO: check
+CAN-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in
Phorum ...)
+ TODO: check
+CAN-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to
modify ...)
+ TODO: check
+CAN-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read
arbitrary ...)
+ TODO: check
+CAN-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to
...)
+ TODO: check
+CAN-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote
Phorum ...)
+ TODO: check
+CAN-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator
...)
+ TODO: check
CAN-2005-XXXX [netpanzer: DoS through endless loop trigged through a crafted
packet]
- netpanzer (unfixed; bug #318329; medium)
CAN-2005-XXXX [Missing input sanitising in affix''s btsrv/btobex
services]
@@ -499,8 +883,7 @@
- rageircd 2.0.0-3sid1 (medium)
- systemimager-ssh (unfixed; bug #318101; medium)
- texmacs (unfixed; bug #318100; medium)
-CAN-2005-2095
- NOTE: reserved
+CAN-2005-2095 (SquirrelMail 1.4.4 and earlier does not properly handle the
$_POST ...)
{DSA-756-1}
- squirrelmail (unfixed; #317094; medium)
CAN-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison
the ...)
@@ -651,7 +1034,7 @@
NOTE: not-for-us (IPFilter)
CAN-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according
to ...)
NOTE: not-for-us (Proprietary PGP)
-CAN-2002-1976 (ifconfig in Linux kernel 2.2 and 2.4 does not report when the
network ...)
+CAN-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not
report ...)
NOTE: Kernel 2.2 introduced a different way to set promisc mode through
setsockopt()
NOTE: instead through an ioctl() as before.
TODO: check, whether current ifconfig handles that correctly, I guess so