Author: joeyh
Date: 2005-07-30 15:24:19 +0000 (Sat, 30 Jul 2005)
New Revision: 1502
Modified:
data/CAN/list
Log:
new vpopmail holes
fetchmail fix didn''t apply
claimed block
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-07-30 13:56:12 UTC (rev 1501)
+++ data/CAN/list 2005-07-30 15:24:19 UTC (rev 1502)
@@ -336,9 +336,12 @@
CAN-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and
earlier ...)
NOTE: not-for-us (Phorum)
CAN-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might
allow ...)
- TODO: check
+ - vpopmail (unfixed; bug filed; low)
+CAN-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
+ NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
+ - vpopmail (unfixed; bug filed; high)
CAN-2004-2238 (** DISPUTED ** ...)
- TODO: check
+ NOTE: format string vuln in vpopmail doesn''t seem to be real
CAN-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact
and ...)
- moodle 1.4-1
CAN-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact
and ...)
@@ -411,7 +414,8 @@
CAN-2005-XXXX [tdiary cross-site request forgeries]
- tdiary 2.0.2-1 (medium)
CAN-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2
allows ...)
- - fetchmail 6.2.5-15 (medium)
+ NOTE: previous fix broken
+ - fetchmail (unfixed; bug #320357; medium)
CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to
...)
{DSA-766-1}
- webcalender (unfixed; bug #315671; medium)
@@ -737,6 +741,7 @@
NOTE: not-for-us (Macromedia JRun)
CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a
default ...)
NOTE: not-for-us (Axis network camera)
+begin claimed by joeyh
CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter
...)
TODO: check
CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI
BSD/OS ...)
@@ -829,6 +834,7 @@
TODO: check
CAN-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator
...)
TODO: check
+end claimed by joeyh
CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple
USANet ...)
NOTE: not-for-us (USANet)
CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in
Squito ...)