Author: jmm-guest Date: 2005-10-19 15:29:31 +0000 (Wed, 19 Oct 2005) New Revision: 2453 Modified: data/CAN/list Log: more convertions to new syntax, one potential minor pine privacy issue Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-10-19 15:11:26 UTC (rev 2452) +++ data/CAN/list 2005-10-19 15:29:31 UTC (rev 2453) @@ -4268,83 +4268,85 @@ CAN-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...) NOT-FOR-US: Pingtel Xpressa CAN-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...) - NOTE: not-for-us + NOT-FOR-US: Microsoft CAN-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...) - NOTE: not-for-us + NOT-FOR-US: Microsoft CAN-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...) - NOTE: not-for-us + NOT-FOR-US: PHP Arena CAN-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...) - NOTE: not-for-us + NOT-FOR-US: AN HTTPd CAN-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...) - NOTE: not-for-us + NOT-FOR-US: PHP Arena CAN-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...) - NOTE: not-for-us + NOT-FOR-US: 602Pro LAN SUITE CAN-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...) - NOTE: not-for-us + NOT-FOR-US: Aquonics File Manager CAN-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...) - NOTE: not-for-us + NOT-FOR-US: Aquonics File Manager CAN-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...) - NOTE: not-for-us + NOT-FOR-US: Tiny Personal Firewall CAN-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during ...) - NOTE: not-for-us + NOT-FOR-US: Powerchute CAN-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...) - NOT-FOR-US: Windows specific + - mysql <not-affected> (Windows specific) CAN-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...) - NOTE: not-for-us + NOT-FOR-US: vBulletin CAN-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...) - NOT-FOR-US: Windows specific + - mysql <not-affected> (Windows specific) CAN-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...) - NOTE: not-for-us + NOT-FOR-US: FtpXQ CAN-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...) - NOTE: not-for-us + NOT-FOR-US: VS-ASP CAN-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...) - NOTE: not-for-us + NOT-FOR-US: Microsoft ADO CAN-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...) - NOTE: not-for-us + NOT-FOR-US: Geeklog CAN-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...) - NOTE: not-for-us + NOT-FOR-US: Pirch CAN-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...) - NOTE: not-for-us + NOT-FOR-US: tip CAN-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...) - dump 0.4b31-1 CAN-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...) - NOTE: not-for-us + NOT-FOR-US: myPHPNuke CAN-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...) - NOTE: not-for-us + NOT-FOR-US: SkyStream CAN-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...) - NOTE: not-for-us + NOT-FOR-US: ZoneAlarm CAN-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...) - NOTE: not-for-us + NOT-FOR-US: Ingenium Learning Management System CAN-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...) - NOTE: not-for-us + NOT-FOR-US: Ingenium Learning Management System CAN-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...) - NOTE: not-for-us + NOT-FOR-US: CAN-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...) - NOTE: not-for-us + NOT-FOR-US: TelCondex CAN-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...) - NOTE: not-for-us + NOT-FOR-US: ViaVideo CAN-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...) - NOTE: not-for-us + NOT-FOR-US: ViaVideo CAN-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...) - NOTE: not-for-us + NOT-FOR-US: ghttpd CAN-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...) - NOTE: not-for-us + - pine <unfixed> (low) + TODO: Check, whether this still applies to current version, <unfixed> for now + NOTE: non-free CAN-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...) - NOTE: not-for-us + NOT-FOR-US: CGIForum CAN-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...) - NOTE: not-for-us + NOT-FOR-US: BBGallery CAN-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...) - NOTE: not-for-us + NOT-FOR-US: Pinboard CAN-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...) - NOTE: not-for-us + NOT-FOR-US: IceWarp Web Mail CAN-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...) - NOTE: not-for-us + NOT-FOR-US: Mac OS X CAN-2002-1897 (MyWebServer 1.0.2 allows remote attackers to cause a denial of service ...) - NOTE: not-for-us + NOT-FOR-US: MyWebserver CAN-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...) - alsaplayer 0.99.72-1 CAN-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...) - NOT-FOR-US: Windows specific + - tomcat4 <not-affected> (Windows-specific Tomcat problems) CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...) - phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295) CAN-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...)