Author: stef-guest
Date: 2005-08-19 10:07:47 +0000 (Fri, 19 Aug 2005)
New Revision: 1608
Modified:
data/CAN/list
data/embedded-code-copies
Log:
processed most of my block, unclaimed the rest
fudforum bug
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-19 09:17:37 UTC (rev 1607)
+++ data/CAN/list 2005-08-19 10:07:47 UTC (rev 1608)
@@ -1,90 +1,89 @@
-begin claimed by stef-guest
CAN-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist
function in ...)
- TODO: check
+ NOTE: not-for-us (CPAINT ajax toolkit)
CAN-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us (CPAINT ajax toolkit)
CAN-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost
of ...)
- TODO: check
+ NOTE: not-for-us (ECW Shop)
CAN-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in
ECW-Shop ...)
- TODO: check
+ NOTE: not-for-us (ECW Shop)
CAN-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain
...)
- TODO: check
+ NOTE: not-for-us (ECW Shop)
CAN-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2
stores the ...)
- TODO: check
+ NOTE: not-for-us (Novell GroupWise)
CAN-2005-2619
NOTE: reserved
CAN-2005-2618
NOTE: reserved
CAN-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to
cause a ...)
- TODO: check
+ NOTE: not-for-us (MS IE)
CAN-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX
control ...)
- TODO: check
+ NOTE: not-for-us (ADM ActiveX control)
CAN-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a
denial of ...)
- TODO: check
+ NOTE: not-for-us (WinAgents TFTP Server not in Debian)
CAN-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer
0.1.2 ...)
- TODO: check
+ NOTE: not-for-us (ignitionServer not in Debian)
CAN-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler
does not ...)
- TODO: check
+ NOTE: not-for-us (Trend OfficeScan)
CAN-2004-2429 (Multiple stack-based and heap-based buffer overflows in
EnderUNIX ...)
- TODO: check
+ NOTE: not-for-us (EnderUNIX spamGuard)
CAN-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web
document ...)
- TODO: check
+ NOTE: not-for-us (WWWguestbook not in Debian)
CAN-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and
...)
- TODO: check
+ NOTE: not-for-us (Axis Network Camera)
CAN-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40
and ...)
- TODO: check
+ NOTE: not-for-us (Axis Network Camera)
CAN-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and
...)
- TODO: check
+ NOTE: not-for-us (Axis Network Camera)
CAN-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2
allow ...)
- TODO: check
+ NOTE: not-for-us (BEA)
CAN-2004-2423 (Unknown vulnerability in the Web calendaring component of
Ipswitch ...)
- TODO: check
+ NOTE: not-for-us (Ipswitch IMail Server)
CAN-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow
remote ...)
- TODO: check
+ NOTE: not-for-us (Ipswitch IMail Server)
CAN-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1)
JP1/File ...)
- TODO: check
+ NOTE: not-for-us (Hitachi Job Management Partner)
CAN-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission
Server/FTP ...)
- TODO: check
+ NOTE: not-for-us (Hitachi Job Management Partner)
CAN-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain
...)
- TODO: check
+ NOTE: not-for-us (Keene Digital Media Server)
CAN-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users
to ...)
- TODO: check
+ NOTE: not-for-us (slimftpd not in debian)
CAN-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and
earlier ...)
- TODO: check
+ NOTE: not-for-us (smtp.proxy not in Debian)
CAN-2004-2416 (Buffer overflow in the logging component of CCProxy allows
remote ...)
- TODO: check
+ NOTE: not-for-us (ccproxy not in Debian)
CAN-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of
service ...)
- TODO: check
+ NOTE: not-for-us (Davenport not in Debian)
CAN-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using
the ...)
- TODO: check
+ NOTE: not-for-us (Novell NetWare)
CAN-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through
5.0 ...)
- TODO: check
+ NOTE: not-for-us (VP-ASP Shopping Cart)
CAN-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart
4.0 ...)
- TODO: check
+ NOTE: not-for-us (VP-ASP Shopping Cart)
CAN-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping
Cart ...)
- TODO: check
+ NOTE: not-for-us (VP-ASP Shopping Cart)
CAN-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9
through ...)
- TODO: check
+ - samhain 2.0.2
CAN-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain
1.8.9 ...)
- TODO: check
+ - samhain 2.0.2
CAN-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1
and ...)
- TODO: check
+ - kernel-patch-vserver 1.9.2
CAN-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has
unknown ...)
- TODO: check
+ - phpgroupware 0.9.14.002
CAN-2004-2406 (Unknown "overflow" in the phpgw_config table for
phpGroupWare before ...)
- TODO: check
+ - phpgroupware 0.9.14.002
CAN-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products,
including ...)
- TODO: check
+ NOTE: not-for-us (F-Secure Anti-Virus)
CAN-2004-2404 (blog.cgi in Leif Wright Web Blog 1.1.5 allows remote attackers
to ...)
- TODO: check
+ NOTE: not-for-us (Leif Wright Web Blog)
CAN-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD
SP ...)
- TODO: check
+ NOTE: not-for-us (YaBB)
CAN-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1
GOLD SP ...)
- TODO: check
+ NOTE: not-for-us (YaBB)
CAN-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web
Messaging ...)
- TODO: check
+ NOTE: not-for-us (Ipswitch IMail)
CAN-2004-2400 (WinFTP Server 1.6 stores username and password credentials in
...)
- TODO: check
+ NOTE: not-for-us (WinFTP Server)
CAN-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows
remote ...)
TODO: check
CAN-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that
contain ...)
@@ -113,7 +112,6 @@
TODO: check
CAN-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in
SDK and ...)
TODO: check
-end claimed by stef-guest
CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux
kernel ...)
TODO: check with kernel team (pinged on irc)
NOTE: amd64 specific DOS
@@ -152,7 +150,8 @@
CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers
to ...)
NOTE: not-fur-us (MidiCart)
CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled allows
remote attackers to ...)
- TODO: check
+ - egroupware-fudforum (unfixed; bug #323928; medium)
+ - phpgroupware-fudforum (unfixed; bug #323929; medium)
CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption
(trivial ...)
NOTE: not-for-us (Hummingbird FTP for Connectivity)
CAN-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos
(formerly ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2005-08-19 09:17:37 UTC (rev 1607)
+++ data/embedded-code-copies 2005-08-19 10:07:47 UTC (rev 1608)
@@ -64,3 +64,8 @@
libcdaudio
grip
gnome-vfs (vfs2 as well?)
+
+
+fudforum:
+phpgroupware-fudforum
+egroupware-fudforum
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
