Author: jmm-guest
Date: 2005-09-09 10:51:13 +0000 (Fri, 09 Sep 2005)
New Revision: 1873
Modified:
data/CAN/list
Log:
smb4k CANified
new issues in phpmyadmin and nikto
lots of nfus
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-09 09:29:45 UTC (rev 1872)
+++ data/CAN/list 2005-09-09 10:51:13 UTC (rev 1873)
@@ -1,65 +1,63 @@
-begin claimed by jmm
CAN-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows
...)
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
TODO: check
CAN-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in
the ...)
- TODO: check
+ NOTE: not-for-us (ZipTorrent)
CAN-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote
attackers to ...)
- TODO: check
+ NOTE: not-for-us (BlueWhaleCRM)
CAN-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in
plaintext in ...)
- TODO: check
+ NOTE: not-for-us (Mercora IMRadio)
CAN-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember
Pro ...)
- TODO: check
+ NOTE: not-for-us (aMember Pro)
CAN-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files
via a ...)
- TODO: check
+ NOTE: not-for-us (URBAN)
CAN-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl
in ...)
- TODO: check
+ NOTE: not-for-us (OpenWebmail)
CAN-2005-2862 (ADSL Road Runner modem in the Annex A family has a service
running on ...)
- TODO: check
+ NOTE: not-for-us (ADSL hardware)
CAN-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial
...)
- TODO: check
+ NOTE: not-for-us (N-Stealth)
CAN-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and
earlier ...)
- TODO: check
+ - nikto (unfixed; bug filed; medium)
CAN-2005-2859 (Savant Web Server stores user credentials in plaintext in the
...)
- TODO: check
+ NOTE: not-for-us (Savant Web Server)
CAN-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff
Bol ...)
- TODO: check
+ NOTE: not-for-us (Rediff BOL))
CAN-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server
as an ...)
- TODO: check
+ NOTE: not-for-us (Free SMTP Server)
CAN-2005-2856 (Stack-based buffer overflow in UNACEV2.DLL for ALZip 5.51
through 6.11 ...)
- TODO: check
+ NOTE: not-for-us (ALZip)
CAN-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified
NewsBoard ...)
- TODO: check
+ NOTE: not-for-us (Unclassified Newsboard)
CAN-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl
...)
- TODO: check
+ NOTE: not-for-us ()
CAN-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY
4.5.3a ...)
- TODO: check
+ NOTE: not-for-us (GuppY)
CAN-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and
SP3, ...)
- TODO: check
+ NOTE: not-for-us (Novell Netware)
CAN-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to
read ...)
- TODO: check
+ - smb4k 0.6.3-1 (medium)
CAN-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of
service ...)
- TODO: check
+ NOTE: not-for-us (SlimFTPD)
CAN-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall
running ...)
- TODO: check
+ NOTE: not-for-us (Barracuda antispam solution)
CAN-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam
Firewall ...)
- TODO: check
+ NOTE: not-for-us (Barracuda antispam solution)
CAN-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and
3.1.17 ...)
- TODO: check
+ NOTE: not-for-us (Barracuda antispam solution)
CAN-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made
Simple ...)
- TODO: check
+ NOTE: not-for-us (CMS Made Simple)
CAN-2005-2845 (Ariba Spend Management System sends the username and password to
the ...)
- TODO: check
+ NOTE: not-for-us (Ariba Spend Management System)
CAN-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0
allows ...)
- TODO: check
+ NOTE: not-for-us (Indiatimes Messenger)
CAN-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames
and ...)
- TODO: check
+ NOTE: not-for-us (Hesk)
CAN-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control
before ...)
- TODO: check
+ NOTE: not-for-us (DameWare Mini)
CAN-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or
Telnet ...)
- TODO: check
-end claimed by jmm
+ NOTE: not-for-us (IOS)
CAN-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and
earlier ...)
NOTE: not-for-us (MAXdev)
CAN-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev
MD-Pro ...)
@@ -365,8 +363,6 @@
CAN-2005-XXXX [osh buffer overflow in handlers.c]
NOTE: This is not the same as -13
- osh 1.7-14 (bug #323424; medium)
-CAN-2005-XXXX [Insecure symlink handling in smb4k]
- - smb4k 0.6.3-1 (medium)
CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4
allows ...)
{DSA-793-1}
- courier 0.47-8 (medium; bug #325631)