Author: jmm-guest Date: 2005-09-22 21:23:45 +0000 (Thu, 22 Sep 2005) New Revision: 2108 Modified: data/CAN/list Log: processed first block webmin/usermin CANified lots of nfus claim a new block Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-22 21:16:33 UTC (rev 2107) +++ data/CAN/list 2005-09-22 21:23:45 UTC (rev 2108) @@ -1,38 +1,38 @@ -begin claimed by jmm CAN-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...) - TODO: check + NOTE: not-for-us (Mall23 eCommerce) CAN-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...) - TODO: check + - webmin 1.220-1 (high) + - usermin 1.150-1 (high) + NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821 CAN-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...) - TODO: check + NOTE: not-for-us (TAC Vista) CAN-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...) - TODO: check + NOTE: not-for-us (Mall23 eCommerce) CAN-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...) - TODO: check + NOTE: not-for-us (Hosting Controller) CAN-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...) - TODO: check + NOTE: not-for-us (Handy Address Book Server) CAN-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...) - TODO: check + NOTE: not-for-us (File Transfer Anywhere) CAN-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) - TODO: check + NOTE: not-for-us (Compuware DriverStudio) CAN-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) - TODO: check + NOTE: not-for-us (Compuware DriverStudio) CAN-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (vxWeb - WinCE software) CAN-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...) - TODO: check + NOTE: not-for-us (vxTfpSrv - WinCE software) CAN-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...) - TODO: check + NOTE: not-for-us (vxTfpSrv - WinCE software) CAN-2005-3030 (Directory traversal vulnerability in the archive decompression library ...) - TODO: check + NOTE: not-for-us (Ahnlab Anti virus) CAN-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...) - TODO: check + NOTE: not-for-us (Ahnlab Anti virus) CAN-2005-3028 NOTE: rejected - TODO: check -end claimed by jmm +begin claimed by jmm CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...) TODO: check CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...) @@ -63,6 +63,7 @@ TODO: check CAN-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...) TODO: check +end claimed by jmm CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...) TODO: check CAN-2005-3011 (texindex in texinfo 4.7 and earlier allows local users to overwrite ...) @@ -105,10 +106,6 @@ TODO: check CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...) TODO: check -CAN-2005-XXXX [miniserv.pl root shell command injection] - - webmin 1.220-1 (high) - - usermin 1.150-1 (high) - NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821 CAN-2005-2992 [Another arc tempfile issue] NOTE: reserved - arc 5.21m-1 (low)