Author: djoume-guest
Date: 2005-07-01 22:10:20 +0000 (Fri, 01 Jul 2005)
New Revision: 1318
Modified:
data/CAN/list
Log:
* processed my block and a few more
* claimed some more
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-01 14:25:43 UTC (rev 1317)
+++ data/CAN/list 2005-07-01 22:10:20 UTC (rev 1318)
@@ -244,142 +244,141 @@
CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in
phpBB ...)
NOTE: not-for-us
NOTE: fix before phpbb2 was in Debian.
-begin claimed by djoume
CAN-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail
Server Pro ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and
password ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote
attackers to ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to
overwrite ...)
- TODO: check
+ NOTE: not-for-us (RedHat specific)
CAN-2002-1889 (Off-by-one buffer overflow in the context_action function in
context.c ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name
requests to ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1887 (PHP remote code injection vulnerability in customize.php for
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1886 (TightAuction 3.0 stores config.inc under the web document root
with ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1885 (PHP remote code injection vulnerability in showhits.php3 for
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in
as an ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded
from the ...)
- TODO: check
+ - qt-x11-free 2:3.0.4-1
CAN-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle
E-Business ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote
...)
- TODO: check
+ - flashplugin-nonfree 6.0.61.0-1
CAN-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary
messages by ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1878 (PHP remote code injection vulnerability in w-Agora 4.1.3 allows
remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access
restrictions ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers
to cause ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21,
2002, ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1874 (astrocam.cgi in AstroCam 1.7.1 through 2.1.2 allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote
Procedure ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files
setuid/setgid ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly
handle ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and
5.2 does ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute
arbitrary shell ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through
2.26 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1)
D-Link ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS)
0.0.4 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial
of ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1861 (Sybase Enterprise Application Server 4.0, when running on
Windows, ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows
remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1856 (HP Application Server 8.0, when running on Windows, allows
remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows,
allows ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers
to ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4
and 0.4.1 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows
remote ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to
execute ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and
possibly ...)
- TODO: check
+ - apache2 2.0.42-1
CAN-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's
back ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted
passwords ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media
Player (WMP) ...)
- TODO: check
-end claimed by djoume
+ NOTE: not-for-us
CAN-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not
require a ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet
Another ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on
Solaris, ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary
commands ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary
commands ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002,
could ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not
record ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write
to ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image
Display ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech
6115 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech
6115 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech
6115 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115
have a ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1832 (Unknown vulnerability in the "ipopts decode"
functionality in ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers
to ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in
Open ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial
of ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a
denial of ...)
- TODO: check
+ NOTE: not-for-us (Sendmail not in Debian before 8.13)
+begin claimed by djoume
CAN-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to
bypass ...)
TODO: check
CAN-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1,
7.2.0 ...)
@@ -428,6 +427,7 @@
TODO: check
CAN-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows
remote ...)
TODO: check
+end claimed by djoume
CAN-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3
allows ...)
TODO: check
CAN-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain
...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
