Author: joeyh Date: 2005-09-22 21:14:18 +0000 (Thu, 22 Sep 2005) New Revision: 2105 Modified: data/CAN/list Log: automatic CAN database update Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-22 21:12:38 UTC (rev 2104) +++ data/CAN/list 2005-09-22 21:14:18 UTC (rev 2105) @@ -1,3 +1,108 @@ +CAN-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...) + TODO: check +CAN-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...) + TODO: check +CAN-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before ...) + TODO: check +CAN-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...) + TODO: check +CAN-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...) + TODO: check +CAN-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...) + TODO: check +CAN-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...) + TODO: check +CAN-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...) + TODO: check +CAN-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) + TODO: check +CAN-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) + TODO: check +CAN-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...) + TODO: check +CAN-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...) + TODO: check +CAN-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...) + TODO: check +CAN-2005-3030 (Directory traversal vulnerability in the archive decompression library ...) + TODO: check +CAN-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...) + TODO: check +CAN-2005-3028 + NOTE: rejected + TODO: check +CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...) + TODO: check +CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...) + TODO: check +CAN-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...) + TODO: check +CAN-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...) + TODO: check +CAN-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...) + TODO: check +CAN-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...) + TODO: check +CAN-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...) + TODO: check +CAN-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...) + TODO: check +CAN-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...) + TODO: check +CAN-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...) + TODO: check +CAN-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...) + TODO: check +CAN-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...) + TODO: check +CAN-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...) + TODO: check +CAN-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...) + TODO: check +CAN-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...) + TODO: check +CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...) + TODO: check +CAN-2005-3011 (texindex in texinfo 4.7 and earlier allows local users to overwrite ...) + TODO: check +CAN-2005-3010 (Direct static code injection vulnerability in the flood protection ...) + TODO: check +CAN-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...) + TODO: check +CAN-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...) + TODO: check +CAN-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...) + TODO: check +CAN-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...) + TODO: check +CAN-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...) + TODO: check +CAN-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...) + TODO: check +CAN-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...) + TODO: check +CAN-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...) + TODO: check +CAN-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows ...) + TODO: check +CAN-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...) + TODO: check +CAN-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...) + TODO: check +CAN-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...) + TODO: check +CAN-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...) + TODO: check +CAN-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...) + TODO: check +CAN-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...) + TODO: check +CAN-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...) + TODO: check +CAN-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...) + TODO: check +CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...) + TODO: check CAN-2005-XXXX [miniserv.pl root shell command injection] - webmin 1.220-1 (high) - usermin 1.150-1 (high) @@ -3,4 +108,5 @@ NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821 CAN-2005-2992 [Another arc tempfile issue] + NOTE: reserved - arc 5.21m-1 (low) CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the shell] @@ -59,8 +165,8 @@ NOTE: reserved CAN-2005-2969 NOTE: reserved -CAN-2005-2968 - NOTE: reserved +CAN-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...) + TODO: check CAN-2005-2967 NOTE: reserved CAN-2005-2966 @@ -250,11 +356,9 @@ TODO: be disabled completely, like Microsoft did some time ago? CAN-2005-XXXX [texinfo: /tmp race condition when processing large input files] - texinfo (unfixed; bug #328365; low) -CAN-2005-2920 [clamav: libclamav/upx.c: fix possible buffer overflow.] - NOTE: reserved +CAN-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...) - clamav 0.87-1 (bug #328660; medium) -CAN-2005-2919 [clamav: libclamav/fsg.c: fix possible infinite loop.] - NOTE: reserved +CAN-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...) - clamav 0.87-1 (bug #328660; medium) CAN-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...) - gtkdiskfree (bug #328566; low) @@ -501,8 +605,8 @@ NOTE: not-for-us (Symantec AntiVirus) CAN-2005-2765 (The user interface in the Windows Firewall does not properly display ...) NOTE: not-for-us (Microsoft Windows) -CAN-2005-2764 - NOTE: reserved +CAN-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...) + TODO: check CAN-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...) NOTE: not-for-us (OpenTTD) CAN-2005-2762 @@ -742,11 +846,9 @@ NOTE: not-for-us (elm-me+ is no longer in unstable or testing) CAN-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...) NOTE: not-for-us (Whisper) -CAN-2005-2663 [local file overwrite in masqmail, via a symlink attack] - NOTE: reserved +CAN-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...) - masqmail (unfixed; low; bug #329307) -CAN-2005-2662 [shell command injection in masqmail via email addresses] - NOTE: reserved +CAN-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...) - masqmail (unfixed; high; bug #329307) CAN-2005-2661 NOTE: reserved @@ -10689,10 +10791,10 @@ - mozilla 2:1.7.5 CAN-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...) NOTE: not-for-us (PeID) -CAN-2005-0139 - NOTE: reserved -CAN-2005-0138 - NOTE: reserved +CAN-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...) + TODO: check +CAN-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...) + TODO: check CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...) NOTE: Does not affect 2.6 based kernels in Debian - kernel-source-2.4.27 2.4.27-10