Secure testing commits - Sep 2005 - r1844 - data/CAN

Author: joeyh
Date: 2005-09-07 21:14:18 +0000 (Wed, 07 Sep 2005)
New Revision: 1844

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-09-07 17:12:05 UTC (rev 1843)
+++ data/CAN/list	2005-09-07 21:14:18 UTC (rev 1844)
@@ -1,3 +1,147 @@
+CAN-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and
earlier ...)
+	TODO: check
+CAN-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev
MD-Pro ...)
+	TODO: check
+CAN-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta
and ...)
+	TODO: check
+CAN-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software
WebGUI ...)
+	TODO: check
+CAN-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum
5.0.17a ...)
+	TODO: check
+CAN-2005-2835
+	NOTE: reserved
+CAN-2005-2834
+	NOTE: reserved
+CAN-2005-2833
+	NOTE: reserved
+CAN-2005-2832
+	NOTE: reserved
+CAN-2005-2831
+	NOTE: reserved
+CAN-2005-2830
+	NOTE: reserved
+CAN-2005-2829
+	NOTE: reserved
+CAN-2005-2828
+	NOTE: reserved
+CAN-2005-2827
+	NOTE: reserved
+CAN-2005-2826
+	NOTE: reserved
+CAN-2005-2825
+	NOTE: reserved
+CAN-2005-2824
+	NOTE: reserved
+CAN-2005-2823
+	NOTE: reserved
+CAN-2005-2822
+	NOTE: reserved
+CAN-2005-2821
+	NOTE: reserved
+CAN-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4
allows ...)
+	TODO: check
+CAN-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to
...)
+	TODO: check
+CAN-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows
remote ...)
+	TODO: check
+CAN-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use
of URLs ...)
+	TODO: check
+CAN-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows
remote ...)
+	TODO: check
+CAN-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain
...)
+	TODO: check
+CAN-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6
allows ...)
+	TODO: check
+CAN-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly
...)
+	TODO: check
+CAN-2005-2812 (man2web allows remote attackers to execute arbitrary commands
via -P ...)
+	TODO: check
+CAN-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and
earlier, ...)
+	TODO: check
+CAN-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3
allow ...)
+	TODO: check
+CAN-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing
(SILC) 1.0 ...)
+	TODO: check
+CAN-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny
ACLs, ...)
+	TODO: check
+CAN-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop
...)
+	TODO: check
+CAN-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier
allows ...)
+	TODO: check
+CAN-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to
...)
+	TODO: check
+CAN-2005-2804
+	NOTE: reserved
+CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2
allows ...)
+	TODO: check
+CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs
...)
+	TODO: check
+CAN-2005-2799
+	NOTE: reserved
+CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is
enabled, ...)
+	TODO: check
+CAN-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly
handle ...)
+	TODO: check
+CAN-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10
and ...)
+	TODO: check
+CAN-2005-2795
+	NOTE: reserved
+CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote
attackers to ...)
+	TODO: check
+CAN-2005-2793 (PHP remote code injection vulnerability in welcome.php in
phpLDAPadmin ...)
+	TODO: check
+CAN-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin
0.9.6 ...)
+	TODO: check
+CAN-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and
earlier, and BFVCC ...)
+	TODO: check
+CAN-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and
earlier, and BFVCC ...)
+	TODO: check
+CAN-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and
earlier, and BFVCC ...)
+	TODO: check
+CAN-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU)
801 ...)
+	TODO: check
+CAN-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote
attackers to ...)
+	TODO: check
+CAN-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in
cosmoshop ...)
+	TODO: check
+CAN-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in
the ...)
+	TODO: check
+CAN-2005-2784 (SQL injection vulnerability in the login function for the ...)
+	TODO: check
+CAN-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107
and ...)
+	TODO: check
+CAN-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for
...)
+	TODO: check
+CAN-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not
properly ...)
+	TODO: check
+CAN-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under
(LDU) ...)
+	TODO: check
+CAN-2005-2779 (The iTAN Online-Banking Security System allows remote attackers
to ...)
+	TODO: check
+CAN-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard
(MyBB) ...)
+	TODO: check
+CAN-2005-2777 (Looking Glass 20040427 allows remote attackers to execute
arbitrary ...)
+	TODO: check
+CAN-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking
Glass ...)
+	TODO: check
+CAN-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to
modify ...)
+	TODO: check
+CAN-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2
allows ...)
+	TODO: check
+CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote
...)
+	TODO: check
+CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota
...)
+	TODO: check
+CAN-2005-2771 (Reflection for Secure IT Windows Server 6.0 (formerly known as
...)
+	TODO: check
+CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 does not
properly ...)
+	TODO: check
+CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and
...)
+	TODO: check
+CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as
used by ...)
+	TODO: check
+CAN-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute
...)
+	TODO: check
 CAN-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel
2.6]
 	- linux-2.6 2.6.12-6 (low)
 CAN-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and
possibly ...)
@@ -6,8 +150,8 @@
 	NOTE: not-for-us (Microsoft Windows)
 CAN-2005-2764
 	NOTE: reserved
-CAN-2005-2763
-	NOTE: reserved
+CAN-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1
allow ...)
+	TODO: check
 CAN-2005-2762
 	NOTE: reserved
 CAN-2005-2760
@@ -129,8 +273,7 @@
 	NOTE: reserved
 CAN-2005-2701
 	NOTE: reserved
-CAN-2005-2700 [Insufficient enforcement of SSL cert verification]
-	NOTE: reserved
+CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
 	- libapache-mod-ssl 2.8.24-1 (medium)
 	NOTE: apache2 maintainer working on an update
 	- apache2 (unfixed; medium)
@@ -140,7 +283,7 @@
 	NOTE: not-for-us (Nephp Publisher Enterprise)
 CAN-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard
(MyBB) ...)
 	NOTE: not-for-us (MyBB)
-CAN-2005-2696 (The Lotus Notes client does not properly restrict access to
password ...)
+CAN-2005-2696 (IBM Lotus Notes does not properly restrict access to password
hashes ...)
 	NOTE: not-for-us (Notes)
 CAN-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
 	NOTE: not-for-us (Cisco)
@@ -166,10 +309,10 @@
 CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4
allows ...)
 	{DSA-793-1}
 	- courier 0.47-8 (medium; bug #325631)
-CAN-2005-2801 [xattr sharing bug in kernel''s ext3 code]
+CAN-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel
2.6 ...)
 	- kernel-source-2.4.27 2.4.27-11 (medium)
 	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
-CAN-2005-2802 [Remote DoS when using ipt_recent on 64 bit systems]
+CAN-2005-2802 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
before ...)
 	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
 CAN-2005-XXXX [polygen doesn''t honor umask when creating grm.o files]
 	NOTE: Fix in -8 had problems
@@ -259,8 +402,7 @@
 	NOTE: reserved
 CAN-2005-2657
 	NOTE: reserved
-CAN-2005-2656
-	NOTE: reserved
+CAN-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with
...)
 	{DSA-794-1}
 CAN-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges
before ...)
 	{DSA-791-1 DTSA-11-1}
@@ -1009,8 +1151,8 @@
 	- ntp 1:4.2.0a+stable-4 (medium)
 CAN-2005-2495
 	NOTE: reserved
-CAN-2005-2494
-	NOTE: reserved
+CAN-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain
root ...)
+	TODO: check
 CAN-2005-2493
 	NOTE: reserved
 CAN-2005-2492
@@ -1313,7 +1455,7 @@
 	- gforge (unfixed; medium)
 CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not
properly set ...)
 	NOTE: not-for-us (Firefox on Windows)
-CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form fields
in ...)
+CAN-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for
all fields" ...)
 	NOTE: not-for-us (Lotus Domino)
 CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in
CartWIZ ...)
 	NOTE: not-for-us (CartWIZ)
@@ -1482,6 +1624,7 @@
 	TODO: check gaim and others that embed libgadu in source tree
 	- centericq 4.20.0-8etch1 (bug #323185; medium)
 CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external
...)
+	{DTSA-12-1}
 	- vim 1:6.3-085+1 (bug #320017; medium)
 CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function
in ...)
 	- ethereal 0.10.12 (medium)
@@ -1531,8 +1674,8 @@
 	NOTE: reserved
 CAN-2005-2337
 	NOTE: reserved
-CAN-2005-2336
-	NOTE: reserved
+CAN-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2
allows ...)
+	TODO: check
 CAN-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via
shell ...)
 	NOTE: not-for-us (Y.SAK)
 CAN-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in
...)
@@ -2640,7 +2783,7 @@
 	NOTE: not-for-us (EtoShop)
 CAN-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2
allow ...)
 	NOTE: not-for-us (NetBSD)
-CAN-2005-2133 (The log4sh_readProperties function in log4sh allows local users
to ...)
+CAN-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CAN-2005-1915. 
Reason: ...)
 	NOTE: not-for-us (log4sh)
 CAN-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5,
and ...)
 	NOTE: not-for-us (SCO UnixWare)
@@ -4020,8 +4163,7 @@
 	NOTE: reserved
 CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd)
for SGI ...)
 	NOTE: not-for-us (arshell)
-CAN-2005-1857
-	NOTE: reserved
+CAN-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows
remote ...)
 	{DSA-786-1}
 CAN-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses
a ...)
 	{DSA-787-1}