Author: joeyh
Date: 2005-07-30 03:18:06 +0000 (Sat, 30 Jul 2005)
New Revision: 1491
Modified:
data/CAN/list
Log:
done with block, also vim modeline issue got a CAN, and is fixed
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-07-30 02:40:36 UTC (rev 1490)
+++ data/CAN/list 2005-07-30 03:18:06 UTC (rev 1491)
@@ -1,79 +1,80 @@
-begin claimed by joeyh
CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3
allows ...)
- TODO: check
+ NOTE: not-for-us (Sendcard)
CAN-2005-2403 (The login protocol in RealChat 3.5.1b does not use
authentication, ...)
- TODO: check
+ NPTE: not-for-us (RealChat)
CAN-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...)
- TODO: check
+ NOTE: not-for-us (PHPSiteSearch)
CAN-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading
Style ...)
- TODO: check
+ NOTE: not-for-us (PHP-Fusion)
CAN-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote
attackers to ...)
- TODO: check
+ NOTE: not-for-us (PHPFinance)
CAN-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors
via ...)
- TODO: check
+ NOTE: not-for-us (PHP Surveyor)
CAN-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98
allows ...)
- TODO: check
+ NOTE: not-for-us (PHP Surveyor)
CAN-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in
phpBook ...)
- TODO: check
+ NOTE: not-for-us (phpBook)
CAN-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and
...)
- TODO: check
+ NOTE: see ITP#276057 and #217571
+ TODO: track ITPs/work with mediawiki team (alioth)
CAN-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge
with the ...)
- TODO: check
+ - mozilla-firefox (unfixed; bug filed; medium)
+ - mozilla-browser (unfixed; bug filed; medium)
CAN-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to
obtain the ...)
- TODO: check
+ NOTE: not-for-us (CuteNews)
CAN-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6
allows ...)
- TODO: check
+ NOTE: not-for-us (CuteNews)
CAN-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for
CMSimple 2.4 ...)
- TODO: check
+ NOTE: not-for-us (CMSimple)
CAN-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access
Point ...)
- TODO: check
+ NOTE: not-for-us (3Com OfficeConnect Wireless 11g AP)
CAN-2005-2390 (Multiple format string vulnerabilities in ProFTPD before
1.3.0rc2 ...)
- TODO: check
+ - proftpd 1.2.10-20 (low)
+ NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CAN-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a
...)
- TODO: check
+ NOTE: not-for-us (Veritas NetBackup)
CAN-2005-2388 (Buffer overflow in a certain USB driver, as used on Windows,
allows ...)
- TODO: check
+ NOTE: not-for-us (some windows USB driver)
CAN-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server
5.16 ...)
- TODO: check
+ NOTE: not-for-us (GoodTech SMTP server)
CAN-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in
CartWIZ ...)
- TODO: check
+ NOTE: not-for-us (CartWIZ)
CAN-2005-2385 (Buffer overflow in a third-party compression library
(UNACEV2.DLL), as ...)
- TODO: check
+ NOTE: not-for-us (UNACEV2.DLL)
CAN-2005-2384 (Directory traversal vulnerability in a third-party compression
library ...)
- TODO: check
+ NOTE: not-for-us (UNACEV2.DLL)
CAN-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows
remote ...)
- TODO: check
+ NOTE: not-for-us (PHPNews)
CAN-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop
SYSTEM ...)
- TODO: check
+ NOTE: not-for-us (Oray PeanutHull)
CAN-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive
...)
- TODO: check
+ NOTE: not-for-us (PHP Surveyor)
CAN-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor
0.98 ...)
- TODO: check
+ NOTE: not-for-us (PHP Surveyor)
CAN-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle
Reports ...)
- TODO: check
+ NOTE: not-for-us (Oracle Reports)
CAN-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files
via an ...)
- TODO: check
+ NOTE: not-for-us (Oracle Reports)
CAN-2005-2377 (nss_ldap in Mandrake Corporate Server and Mandrake 10.0 (crond
and ...)
- TODO: check
+ NOTE: appears to be Mandrake specfic
CAN-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote
...)
- TODO: check
+ NOTE: not-for-us (Race Driver)
CAN-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier
allows ...)
- TODO: check
+ NOTE: not-for-us (Race Driver)
CAN-2005-2374 (Belkin 54g wireless routers do not properly set an
administrative ...)
- TODO: check
+ NOTE: not-for-us (Belkin 54g wireless routers)
CAN-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote
authenticated ...)
- TODO: check
+ NOTE: not-for-us (SlimFTPd)
CAN-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from
arbitrary ...)
- TODO: check
+ NOTE: not-for-us (Oracle Forms)
CAN-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g
allows ...)
- TODO: check
-end claimed by joeyh
+ NOTE: not-for-us (Oracle Reports)
CAN-2005-2370 (Multiple "memory alignment errors" in libgadu,
as used in ekg before ...)
{DSA-769-1}
CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg
before ...)
TODO: check
CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows attackers
to ...)
- TODO: check
+ - vim 1:6.3-085+1 (bug #320017; medium)
CAN-2005-2367
NOTE: reserved
CAN-2005-2366
@@ -390,8 +391,6 @@
- netdiag (unfixed; bug #206905; low)
CAN-2005-XXXX [Integer overflow in ffmpeg''s MPEG encoding]
- ffmpeg (unfixed; bug #320150; medium)
-CAN-2005-XXXX [Arbitrary command execution through crafted vim modelines]
- - vim (unfixed; bug #320017; medium)
CAN-2005-XXXX [Multiple integer overflows in clamav]
- clamav 0.86.2-1 (medium)
CAN-2005-XXXX [netpbm: arbitrary postscript code execution]