Author: joeyh
Date: 2005-09-29 09:14:18 +0000 (Thu, 29 Sep 2005)
New Revision: 2218
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-29 07:33:41 UTC (rev 2217)
+++ data/CAN/list 2005-09-29 09:14:18 UTC (rev 2218)
@@ -1,3 +1,37 @@
+CAN-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to
...)
+ TODO: check
+CAN-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before
3.2 ...)
+ TODO: check
+CAN-2005-3102 (The administrative interface in Movable Type allows attackers to
...)
+ TODO: check
+CAN-2005-3101 (The password reset feature in Movable Type before 3.2 generates
...)
+ TODO: check
+CAN-2005-3100 (Unspecified "PPTP Remote DoS Vulnerability" in
Astaro Security Linux ...)
+ TODO: check
+CAN-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands
in ...)
+ TODO: check
+CAN-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify
...)
+ TODO: check
+CAN-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi
(aka ...)
+ TODO: check
+CAN-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows
remote ...)
+ TODO: check
+CAN-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote
attackers ...)
+ TODO: check
+CAN-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute
...)
+ TODO: check
+CAN-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of
...)
+ TODO: check
+CAN-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio
5.0.1 ...)
+ TODO: check
+CAN-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before
1.0.0rc1 ...)
+ TODO: check
+CAN-2005-3090 (Cross-site scripting (XSS) vulnerability in
bug_actiongroup_page.php ...)
+ TODO: check
+CAN-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service
(crash) ...)
+ TODO: check
+CAN-2005-3088
+ NOTE: reserved
CAN-2005-XXXX [backupninja insecure temp file]
- backupninja 0.8-2 (medium)
CAN-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
@@ -201,7 +235,7 @@
NOT-FOR-US: YaST
CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for
...)
NOT-FOR-US: SimpleCDR-X
-CAN-2005-3011 (texindex in texinfo 4.7 and earlier allows local users to
overwrite ...)
+CAN-2005-3011 (texindex in texinfo 4.8 and earlier allows local users to
overwrite ...)
- texinfo <unfixed> (bug #328365; low)
CAN-2005-3010 (Direct static code injection vulnerability in the flood
protection ...)
NOT-FOR-US: CuteNews
@@ -305,8 +339,8 @@
RESERVED
CAN-2005-2965
RESERVED
-CAN-2005-2964
- RESERVED
+CAN-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows
attackers ...)
+ TODO: check
CAN-2005-2963 [Mod-Authshadow: Incorrect enforcement of AuthShadow when
''require group'' is set]
RESERVED
- mod-auth-shadow 1.4-2 (bug #323789; medium)
@@ -1419,11 +1453,10 @@
- mysql-dfsg-4.1 4.1.13 (medium)
- mysql-dfsg-5.0 5.0.7beta-1 (medium)
- mysql-dfsg <unfixed> (bug #322133; medium)
-CAN-2005-2557
- RESERVED
+CAN-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in
Mantis ...)
{DSA-778-1}
- mantis 0.19.2-4 (low)
-CAN-2005-2556 (SQL injection vulnerability in Mantis before 0.19.2 allows
remote ...)
+CAN-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with
...)
{DSA-778-1}
- mantis 0.19.2-4 (medium)
CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy
access to ...)