Secure testing commits - Aug 2005 - r1619 - data/CAN

Author: joeyh
Date: 2005-08-21 21:14:16 +0000 (Sun, 21 Aug 2005)
New Revision: 1619

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-08-21 15:31:49 UTC (rev 1618)
+++ data/CAN/list	2005-08-21 21:14:16 UTC (rev 1619)
@@ -1,3 +1,117 @@
+CAN-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN
...)
+	TODO: check
+CAN-2005-2639 (Buffer overflow in Chris Moneymaker''s World Poker
Championship 1.0 ...)
+	TODO: check
+CAN-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPFreeNews ...)
+	TODO: check
+CAN-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and
earlier ...)
+	TODO: check
+CAN-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in
phpAdsNew ...)
+	TODO: check
+CAN-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and
phpPgAds ...)
+	TODO: check
+CAN-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to
Screen" feature ...)
+	TODO: check
+CAN-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php,
(2) ...)
+	TODO: check
+CAN-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in
...)
+	TODO: check
+CAN-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and
3.5.0 to ...)
+	TODO: check
+CAN-2005-2630
+	NOTE: reserved
+CAN-2005-2629
+	NOTE: reserved
+CAN-2005-2628
+	NOTE: reserved
+CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow
remote ...)
+	TODO: check
+CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows
remote ...)
+	TODO: check
+CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause
a ...)
+	TODO: check
+CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar
2.0.114.1 ...)
+	TODO: check
+CAN-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote
attackers ...)
+	TODO: check
+CAN-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CAN-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to
cause a ...)
+	TODO: check
+CAN-2004-2471 (SQL injection vulnerability in the sloth TCL script in
QuoteEngine ...)
+	TODO: check
+CAN-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown
impact ...)
+	TODO: check
+CAN-2004-2469 (Unspecified vulnerability in Reservation.class.php for
phpScheduleIt ...)
+	TODO: check
+CAN-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and
...)
+	TODO: check
+CAN-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add
a ...)
+	TODO: check
+CAN-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to
cause a ...)
+	TODO: check
+CAN-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy
Chat ...)
+	TODO: check
+CAN-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr)
0.4 ...)
+	TODO: check
+CAN-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote
...)
+	TODO: check
+CAN-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CAN-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows
attackers to ...)
+	TODO: check
+CAN-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows
remote ...)
+	TODO: check
+CAN-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local
users ...)
+	TODO: check
+CAN-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled
or ...)
+	TODO: check
+CAN-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router
allows ...)
+	TODO: check
+CAN-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and
earlier ...)
+	TODO: check
+CAN-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060)
allows ...)
+	TODO: check
+CAN-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain
sensitive ...)
+	TODO: check
+CAN-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and
...)
+	TODO: check
+CAN-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework
01-00, ...)
+	TODO: check
+CAN-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station
0.30a or ...)
+	TODO: check
+CAN-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or
Roger ...)
+	TODO: check
+CAN-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station
0.30a and ...)
+	TODO: check
+CAN-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under
the web ...)
+	TODO: check
+CAN-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail
Server 4.01 ...)
+	TODO: check
+CAN-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01
allows ...)
+	TODO: check
+CAN-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA
allows ...)
+	TODO: check
+CAN-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws
0.3 ...)
+	TODO: check
+CAN-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and
via an ...)
+	TODO: check
+CAN-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus
products, ...)
+	TODO: check
+CAN-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has
unknown ...)
+	TODO: check
+CAN-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and
...)
+	TODO: check
+CAN-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300
printers ...)
+	TODO: check
+CAN-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01
allows ...)
+	TODO: check
+CAN-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote
attackers ...)
+	TODO: check
+CAN-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier
stores ...)
+	TODO: check
+CAN-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human
Resources ...)
+	TODO: check
 CAN-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist
function in ...)
 	NOTE: not-for-us (CPAINT ajax toolkit)
 CAN-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote
attackers ...)
@@ -561,7 +675,7 @@
 	- linux-2.6 2.6.12-1 (medium)
 CAN-2005-2499
 	NOTE: reserved
-CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier
(XML-RPC ...)
+CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier
(PEAR ...)
 	- drupal (unfixed; bug #323347; high)
 	- phpgroupware (unfixed; bug #323349; high)
 	- egroupware (unfixed; bug #323350; high)
@@ -823,7 +937,7 @@
 	- tiff 3.7.0-1
 CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6
enabled, ...)
 	NOTE: not-for-us (IOS)
-CAN-2005-2450 (Multipl integer overflows in the (1) TNEF, (2) CHM, or (3) FSG
file ...)
+CAN-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG
file ...)
 	{DSA-776-1}
 	- clamav 0.86.2-1 (medium)
 CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to
create ...)
@@ -4968,7 +5082,7 @@
 	NOTE: not-for-us
 CAN-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute
...)
 	NOTE: not-for-us
-CAN-2004-1887 (ImgSvr 0.4 allows remote attackers to view directories or
download ...)
+CAN-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view
...)
 	NOTE: not-for-us
 CAN-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a
denial ...)
 	NOTE: not-for-us
@@ -7683,7 +7797,7 @@
 	NOTE: not-for-us (Golden FTP Server)
 CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote
attackers to ...)
 	NOTE: not-for-us (Trillian)
-CAN-2005-0632 (PHP remote code injection vulnerability in auth.php in PHPNews
1.2.4 ...)
+CAN-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews
1.2.4 ...)
 	NOTE: not-for-us (PHPNews)
 CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to
delete ...)
 	NOTE: not-for-us (PBLang)
@@ -8223,7 +8337,7 @@
 	NOTE: See bug #296547 for details
 CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges
if ...)
 	NOTE: not-for-us (phpScheduleIt)
-CAN-2004-1651 (Multiple Cross-site scripting (XSS) vulnerabilities in the ...)
+CAN-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOTE: not-for-us (phpScheduleIt)
 CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an
IP ...)
 	NOTE: not-for-us (D-Link DCS-900)
@@ -8855,12 +8969,12 @@
 	NOTE: reserved
 CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is
marked ...)
 	NOTE: not-for-us (Microsoft)
-CAN-2005-0359
-	NOTE: reserved
-CAN-2005-0358
-	NOTE: reserved
-CAN-2005-0357
-	NOTE: reserved
+CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice
Backup 6.0 ...)
+	TODO: check
+CAN-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge
...)
+	TODO: check
+CAN-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and
StorEdge ...)
+	TODO: check
 CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped
Sequence ...)
 	NOTE: linux is not vulnerable, see #310804
 	- kfreebsd5-source 5.3-15 (medium) 
@@ -10378,7 +10492,7 @@
 	NOTE: not-for-us (Verisign Payflow Link)
 CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers
to ...)
 	NOTE: not-for-us (Orbz)
-CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero"
Intrepid Protocol ...)
+CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid
Protocol ...)
 	NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, (2)
Nitro family, and (3) Serious Sam Second Encounter)
 CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
 	NOTE: not-for-us (pnTresMailer)
@@ -12040,7 +12154,7 @@
 	NOTE: not-for-us (Microsoft)
 CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows
remote ...)
 	NOTE: not-for-us (IRIX)
-CAN-2004-0482 (Multiple "incorrect bounds checking" errors in
certain functions for ...)
+CAN-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...)
 	NOTE: not-for-us (OpenBSD)
 CAN-2004-0481 (The logging feature in kcms_configure in the KCMS package on
Solaris 8 ...)
 	NOTE: not-for-us (the KCMS on Solaris)