Author: joeyh Date: 2005-08-19 00:27:02 +0000 (Fri, 19 Aug 2005) New Revision: 1605 Modified: data/CAN/list Log: mostly finished my block, had to throw a few of the big ones back in due to limited bandwidth Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-18 23:34:12 UTC (rev 1604) +++ data/CAN/list 2005-08-19 00:27:02 UTC (rev 1605) @@ -1,88 +1,88 @@ -begin claimed by joeyh CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...) - TODO: check + TODO: check with kernel team (pinged on irc) + NOTE: amd64 specific DOS CAN-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...) - TODO: check + NOTE: not-for-us (ezUpload) CAN-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...) - TODO: check + NOTE: not-for-us (EQdkp) CAN-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...) - TODO: check + NOTE: not-for-us (Discuz) CAN-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...) - TODO: check + NOTE: not-for-us (CPAINT Ajax) CAN-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...) - TODO: check + - wordpress (unfixed; bug #323040; high) CAN-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...) - TODO: check + NOTE: not-for-us (VERITAS Backup Exec for Windows Servers) CAN-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...) - TODO: check + NOTE: not-for-us (VegaDNS) CAN-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...) - TODO: check + NOTE: not-for-us (VegaDNS) CAN-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...) - TODO: check + NOTE: not-for-us (SafeHTML) CAN-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...) - TODO: check + NOTE: not-for-us (PHPSimplicity) CAN-2005-2606 (Unknown vulnerability in the "frontend authentication" in PHlyMail ...) - TODO: check + NOTE: not-for-us (PHlyMail) CAN-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...) - TODO: check + NOTE: not-for-us (Lasso Professional Server) CAN-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (My Image Gallery (Mig)) CAN-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...) - TODO: check + NOTE: not-for-us (My Image Gallery (Mig)) CAN-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...) - TODO: check + - mozilla-firefox (unfixed; bug filed; low) + - mozilla-browser (unfixed; bug filed; low) + - mozilla-thunderbird (unfixed; bug filed; low) CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...) - TODO: check + NOTE: not-fur-us (MidiCart) CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled allows remote attackers to ...) TODO: check CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...) - TODO: check + NOTE: not-for-us (Hummingbird FTP for Connectivity) CAN-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly ...) - TODO: check + NOTE: not-for-us (Dokeos) CAN-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...) - TODO: check + NOTE: not-for-us (AOL Client) CAN-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...) - TODO: check + NOTE: not-for-us (Gallery, as used in Postnuke) CAN-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...) - TODO: check + NOTE: not-for-us (Dada Mail) CAN-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Apple Safari) CAN-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...) - TODO: check + NOTE: not-for-us (MindAlign) CAN-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...) - TODO: check + NOTE: not-for-us (MindAlign) CAN-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...) - TODO: check + NOTE: not-for-us (MindAlign) CAN-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...) - TODO: check + NOTE: not-for-us (MindAlign) CAN-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...) - TODO: check + NOTE: not-for-us (WRT54GS wireless router) CAN-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...) - TODO: check + NOTE: not-for-us (DVBBS) CAN-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...) - TODO: check + NOTE: not-for-us (PHPTB Topic Boards) CAN-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...) - TODO: check + NOTE: not-for-us (Mentor ADSL-FR4II router) CAN-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...) - TODO: check + NOTE: not-for-us (Mentor ADSL-FR4II router) CAN-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...) - TODO: check + NOTE: not-for-us (Mentor ADSL-FR4II router) CAN-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...) - TODO: check + NOTE: not-for-us (Mentor ADSL-FR4II router) CAN-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...) - TODO: check + NOTE: not-for-us (Kaspersky) CAN-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...) - TODO: check + NOTE: not-for-us (Grandstream BudgeTone) CAN-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) - TODO: check + NOTE: not-for-us (MyBB) CAN-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...) - TODO: check + NOTE: not-for-us (Contivity) CAN-2005-2578 NOTE: rejected - TODO: check -end claimed by joeyh CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...) - TODO: check + NOTE: not-for-us (Wyse Winterm) CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...) TODO: check CAN-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...) @@ -338,8 +338,6 @@ CAN-2005-XXXX [centericq embeds libgadu, which had multiple vulns] NOTE: Will be split once the maintainer has investigated this - centericq (unfixed; bug #323185; medium) -CAN-2005-XXXX [Arbitrary command execution in wordpress through through cookie handling] - - wordpress (unfixed; bug #323040; medium) CAN-2005-XXXX [phpldapadmin doesn''t fully prevent anonymous access when configured so] - phpldapadmin 0.9.6c-5 (medium) CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)