Author: joeyh
Date: 2005-08-17 21:14:14 +0000 (Wed, 17 Aug 2005)
New Revision: 1602
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-08-17 15:03:00 UTC (rev 1601)
+++ data/CAN/list 2005-08-17 21:14:14 UTC (rev 1602)
@@ -1,3 +1,322 @@
+CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux
kernel ...)
+ TODO: check
+CAN-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow
remote ...)
+ TODO: check
+CAN-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has
unknown ...)
+ TODO: check
+CAN-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that
are ...)
+ TODO: check
+CAN-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP
allows ...)
+ TODO: check
+CAN-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and
earlier ...)
+ TODO: check
+CAN-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup
Exec ...)
+ TODO: check
+CAN-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS
...)
+ TODO: check
+CAN-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions,
allows ...)
+ TODO: check
+CAN-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7
and CSS ...)
+ TODO: check
+CAN-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity
...)
+ TODO: check
+CAN-2005-2606 (Unknown vulnerability in the "frontend
authentication" in PHlyMail ...)
+ TODO: check
+CAN-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and
8.0.5 ...)
+ TODO: check
+CAN-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote
attackers to ...)
+ TODO: check
+CAN-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My
Image ...)
+ TODO: check
+CAN-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote
attackers to ...)
+ TODO: check
+CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers
to ...)
+ TODO: check
+CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled
allows remote attackers to ...)
+ TODO: check
+CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption
(trivial ...)
+ TODO: check
+CAN-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly
...)
+ TODO: check
+CAN-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its
installation ...)
+ TODO: check
+CAN-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any
Admin ...)
+ TODO: check
+CAN-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before
2.10 ...)
+ TODO: check
+CAN-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers
to ...)
+ TODO: check
+CAN-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption,
with ...)
+ TODO: check
+CAN-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later
versions ...)
+ TODO: check
+CAN-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers
to ...)
+ TODO: check
+CAN-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign
5.0 and ...)
+ TODO: check
+CAN-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with
firmware ...)
+ TODO: check
+CAN-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1
SP2 ...)
+ TODO: check
+CAN-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic
Boards ...)
+ TODO: check
+CAN-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the
web ...)
+ TODO: check
+CAN-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows
remote ...)
+ TODO: check
+CAN-2005-2584 (The web administration interface in Mentor ADSL-FR4II router
running ...)
+ TODO: check
+CAN-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an
undocumented ...)
+ TODO: check
+CAN-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...)
+ TODO: check
+CAN-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and
...)
+ TODO: check
+CAN-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB)
1.00 ...)
+ TODO: check
+CAN-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a
certificate ...)
+ TODO: check
+CAN-2005-2578
+ NOTE: rejected
+ TODO: check
+CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows
remote ...)
+ TODO: check
+CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote
attackers ...)
+ TODO: check
+CAN-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1
allows ...)
+ TODO: check
+CAN-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided
...)
+ TODO: check
+CAN-2005-2573 (MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
5.0.7-beta, ...)
+ TODO: check
+CAN-2005-2572 (MySQL, when running on Windows, allows remote authenticated
users with ...)
+ TODO: check
+CAN-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not
properly ...)
+ TODO: check
+CAN-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote
...)
+ TODO: check
+CAN-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard
...)
+ TODO: check
+CAN-2005-2568 (Direct dynamic code evaluation vulnerability in the template
engine ...)
+ TODO: check
+CAN-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and
earlier ...)
+ TODO: check
+CAN-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board
(OpenBB) ...)
+ TODO: check
+CAN-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CAN-2005-2564 (Direct static code injection vulnerability in editcss.php in
Gravity ...)
+ TODO: check
+CAN-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity
Board X ...)
+ TODO: check
+CAN-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows
remote ...)
+ TODO: check
+CAN-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote
...)
+ TODO: check
+CAN-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB
1.1.0 ...)
+ TODO: check
+CAN-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal
allows ...)
+ TODO: check
+CAN-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL
4.0 ...)
+ TODO: check
+CAN-2005-2557
+ NOTE: reserved
+CAN-2005-2556
+ NOTE: reserved
+CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy
access to ...)
+ TODO: check
+CAN-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the
pwd ...)
+ TODO: check
+CAN-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before
2.3.1 ...)
+ TODO: check
+CAN-2004-2386 (Format string vulnerability in the LogMsg function in sercd
before ...)
+ TODO: check
+CAN-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive
path ...)
+ TODO: check
+CAN-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial
of ...)
+ TODO: check
+CAN-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote
attackers to ...)
+ TODO: check
+CAN-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows
remote ...)
+ TODO: check
+CAN-2004-2381 (Unknown vulnerability in Jetty before 4.2.19 allows attackers to
cause ...)
+ TODO: check
+CAN-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight
...)
+ TODO: check
+CAN-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail
3.64 for ...)
+ TODO: check
+CAN-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial
of ...)
+ TODO: check
+CAN-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to
cause a ...)
+ TODO: check
+CAN-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web
Server ...)
+ TODO: check
+CAN-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0
allows ...)
+ TODO: check
+CAN-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of
the ...)
+ TODO: check
+CAN-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through
5.5 is ...)
+ TODO: check
+CAN-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid,
allows ...)
+ TODO: check
+CAN-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4
and ...)
+ TODO: check
+CAN-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and
...)
+ TODO: check
+CAN-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus
Domino R6 ...)
+ TODO: check
+CAN-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X
0.7.2 ...)
+ TODO: check
+CAN-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2
allows ...)
+ TODO: check
+CAN-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0
B03.11.2004.2 ...)
+ TODO: check
+CAN-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003
allows ...)
+ TODO: check
+CAN-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0
through ...)
+ TODO: check
+CAN-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI
function in ...)
+ TODO: check
+CAN-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the
physical ...)
+ TODO: check
+CAN-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through
1.0.7 ...)
+ TODO: check
+CAN-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a
denial of ...)
+ TODO: check
+CAN-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
3.10.39.0 does ...)
+ TODO: check
+CAN-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for
phpBB ...)
+ TODO: check
+CAN-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server
does ...)
+ TODO: check
+CAN-2004-2356 (Fizmez Web Server 1.0 allows remote attackers to cause a denial
of ...)
+ TODO: check
+CAN-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live
Help ...)
+ TODO: check
+CAN-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5
...)
+ TODO: check
+CAN-2004-2353 (BugPort before 1.099 stores its configuration file
(conf/config.conf) ...)
+ TODO: check
+CAN-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke
1.0 ...)
+ TODO: check
+CAN-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke
1.0 ...)
+ TODO: check
+CAN-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through
2.0.6 ...)
+ TODO: check
+CAN-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2
allow ...)
+ TODO: check
+CAN-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote
attackers to ...)
+ TODO: check
+CAN-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote
...)
+ TODO: check
+CAN-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web
...)
+ TODO: check
+CAN-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server
9.0.1.4, ...)
+ TODO: check
+CAN-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec
...)
+ TODO: check
+CAN-2004-2343 (** DISPUTED ** ...)
+ TODO: check
+CAN-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CAN-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for
...)
+ TODO: check
+CAN-2004-2340 (** UNVERIFIABLE ** ...)
+ TODO: check
+CAN-2004-2339 (** DISPUTED ** ...)
+ TODO: check
+CAN-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny
rules ...)
+ TODO: check
+CAN-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is
installed ...)
+ TODO: check
+CAN-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise
WebAccess 6.0 ...)
+ TODO: check
+CAN-2004-2335 (The AuthenticationService file for the Macromedia e-licensing
client ...)
+ TODO: check
+CAN-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU
Webmail ...)
+ TODO: check
+CAN-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload
area, ...)
+ TODO: check
+CAN-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN
WWW::Form ...)
+ TODO: check
+CAN-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass
sandbox ...)
+ TODO: check
+CAN-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause
a ...)
+ TODO: check
+CAN-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to
execute ...)
+ TODO: check
+CAN-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote
attackers ...)
+ TODO: check
+CAN-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial
of ...)
+ TODO: check
+CAN-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance
before ...)
+ TODO: check
+CAN-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for
...)
+ TODO: check
+CAN-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy
Workshop) ...)
+ TODO: check
+CAN-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d
allows ...)
+ TODO: check
+CAN-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes
modules ...)
+ TODO: check
+CAN-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local
users ...)
+ TODO: check
+CAN-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1
SP2 ...)
+ TODO: check
+CAN-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local
users ...)
+ TODO: check
+CAN-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP
Server ...)
+ TODO: check
+CAN-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through
1.1.2 ...)
+ TODO: check
+CAN-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers
to ...)
+ TODO: check
+CAN-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers
to ...)
+ TODO: check
+CAN-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field
Patch 3b ...)
+ TODO: check
+CAN-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error
...)
+ TODO: check
+CAN-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3 allows local users
to ...)
+ TODO: check
+CAN-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus
Domino R6 ...)
+ TODO: check
+CAN-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in
Lotus ...)
+ TODO: check
+CAN-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1
allows ...)
+ TODO: check
+CAN-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and
possibly ...)
+ TODO: check
+CAN-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote
...)
+ TODO: check
+CAN-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is
enabled ...)
+ TODO: check
+CAN-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows
remote ...)
+ TODO: check
+CAN-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro
2.01 ...)
+ TODO: check
+CAN-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates
files ...)
+ TODO: check
+CAN-2003-1228 (Buffer overflow in the prepare_reply function in request.c for
Mathopd ...)
+ TODO: check
+CAN-2003-1227 (PHP remote file include vulnerability in index.php for Gallery
1.4 and ...)
+ TODO: check
+CAN-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain
secrets ...)
+ TODO: check
+CAN-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express
7.0 ...)
+ TODO: check
+CAN-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and
7.0.0.1 ...)
+ TODO: check
+CAN-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through
8.1 ...)
+ TODO: check
+CAN-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using
a ...)
+ TODO: check
+CAN-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under
certain ...)
+ TODO: check
+CAN-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and
Server ...)
+ TODO: check
+CAN-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php
for ...)
+ TODO: check
CAN-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
- clamav 0.86.2-1 (low)
CAN-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent
3.5.0 ...)
@@ -119,8 +438,7 @@
- linux-2.6 2.6.12-1 (medium)
CAN-2005-2499
NOTE: reserved
-CAN-2005-2498 [XMLRPC: Inproper handling of nested tags allows arbitrary code
execution]
- NOTE: reserved
+CAN-2005-2498 (Direct dynamic code evaluation vulnerability in PHPXMLRPC 1.1.1
and ...)
- drupal (unfixed; bug #323347; high)
- phpgroupware (unfixed; bug #323349; high)
- egroupware (unfixed; bug #323350; high)
@@ -216,8 +534,8 @@
NOTE: not-for-us (BusinessMail)
CAN-2005-2471 (pstopnm in netpbm does not properly use the
"-dSAFER" option when ...)
- netpbm (unfixed; bug #319757; low)
-CAN-2005-2470
- NOTE: reserved
+CAN-2005-2470 (Buffer overflow in a "core application
plug-in" for Adobe Reader 5.1 ...)
+ TODO: check
CAN-2005-2469
NOTE: reserved
CAN-2005-2459 [kernel zlib vulnerability]
@@ -610,10 +928,10 @@
- ethereal 0.10.12 (low)
CAN-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when
used ...)
- kfreebsd-5 5.3-1 (medium)
-CAN-2005-2358
- NOTE: reserved
-CAN-2005-2357
- NOTE: reserved
+CAN-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list
...)
+ TODO: check
+CAN-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager
6.4.1.0.0 ...)
+ TODO: check
CAN-2005-2355
NOTE: rejected
NOTE: see CAN-2005-2356
@@ -803,7 +1121,7 @@
NOTE: not-for-us (Ansel)
CAN-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely
during ...)
- uudeview (unfixed; bug #320541; medium)
-CAN-2004-2264 (** DISPUTED ** Format string bug in the open_altfile function in
...)
+CAN-2004-2264 (** DISPUTED ** ...)
NOTE: less is not suid, explotability unlikely
CAN-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php
in ...)
NOTE: not-for-us (PlaySMS)
@@ -1804,14 +2122,12 @@
NOTE: not-for-us (IOS)
CAN-2005-2104
NOTE: reserved
-CAN-2005-2103 [gaim: Away message buffer overflow]
- NOTE: reserved
+CAN-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0
allows ...)
- gaim 1:1.4.0-5 (high)
-CAN-2005-2102 [gaim: DoS through UTF filenames in OSCAR module]
- NOTE: reserved
+CAN-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers
to ...)
- gaim 1:1.4.0-5 (medium)
-CAN-2005-2101
- NOTE: reserved
+CAN-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary
files in ...)
+ TODO: check
CAN-2005-2100
NOTE: reserved
CAN-2005-2099 [kernel 2.6 keyring related DoS]
@@ -1822,8 +2138,7 @@
NOTE: reserved
NOTE: 2.6.8 and 2.4.27 not affected
- linux-2.6 2.6.12-3 (unfixed; bug #323039; medium)
-CAN-2005-2097 [DoS against xpdf by specially crafted loca tables in PDF
documents]
- NOTE: reserved
+CAN-2005-2097 (xpdf and kpdf do not properly validate the
"loca" table in PDF files, ...)
NOTE: kpdf will be fixed with next 3.4.2 upload
- kdegraphics (unfixed; bug #322458; low)
- xpdf (unfixed; bug #322462; low)
@@ -2913,7 +3228,7 @@
NOTE: not-for-us (osCommerce)
CAN-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute
arbitrary ...)
NOTE: not-for-us (Webhints)
-CAN-2005-1949 (The eping_validaddr function in functions.php for the eping
plugin for ...)
+CAN-2005-1949 (The eping_validaddr function in functions.php for the ePing
plugin for ...)
NOTE: not-for-us (e107)
CAN-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery
before ...)
NOTE: not-for-us (Invision Gallery)
@@ -2938,7 +3253,7 @@
CAN-2005-1938
NOTE: rejected
CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows
remote ...)
- {DSA-775-1}
+ {DSA-777-1 DSA-775-1}
- mozilla-firefox 1.0.4-3 (medium)
CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages
using the ...)
NOTE: not-for-us (Microsoft)
@@ -2975,7 +3290,7 @@
CAN-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before
0.86 ...)
{DSA-737-1}
- clamav 0.86.1-1 (low)
-CAN-2005-1921 (PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and
PHPXMLRPC ...)
+CAN-2005-1921 (Direct dynamic code evaluation vulnerability in PEAR XML_RPC
1.3.0 and ...)
{DSA-746-1 DSA-747-1 DSA-745-1}
NOTE: ITP #312413 - submitter contacted, she has already addressed this
NOTE: This will probably be re-organized by the CVE editor, but lets keep it
for now,
@@ -11098,7 +11413,7 @@
CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows
XP, ...)
NOTE: not-fos-us (Microsoft)
CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4)
...)
- {DSA-775-1}
+ {DSA-777-1 DSA-775-1}
NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
NOTE: upstream versions became vulnerable again, see
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
@@ -12065,7 +12380,7 @@
NOTE: not-for-us (rxgoogle.cgi)
CAN-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier
...)
NOTE: not-for-us (PhotoPost PHP Pro)
-CAN-2004-0249 (PHPX 3.2.3 allows remote attackers to gain access to other
accounts by ...)
+CAN-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to
other ...)
NOTE: not-for-us (PHPX)
CAN-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows
remote ...)
NOTE: not-for-us (PHPX)
@@ -13399,7 +13714,7 @@
{DSA-355}
CAN-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier
allows ...)
{DSA-369}
-CAN-2003-0612 (Buffer overflow in main.c for Crafty 19.3 allows local users to
gain ...)
+CAN-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local
users ...)
- crafty 19.3-1
CAN-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users
to ...)
{DSA-356}