Author: joeyh
Date: 2005-08-24 19:53:08 +0000 (Wed, 24 Aug 2005)
New Revision: 1637
Modified:
data/CAN/list
Log:
checked old CANs, found a new hole in cplay, bugnum for mozilla silly long
url hole
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-24 18:44:53 UTC (rev 1636)
+++ data/CAN/list 2005-08-24 19:53:08 UTC (rev 1637)
@@ -1,3 +1,5 @@
+CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to
symlink attacks]
+ - cplay (unfixed; bug #324913; low)
CAN-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent
anonymous to access ldap directory]
- phpldapadmin 0.9.6c-5 (bug #322423; low)
CAN-2005-2672 [lm-sensors: Insecure tempfile usage in pwmconfig]
@@ -101,65 +103,65 @@
CAN-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy
Chat ...)
NOTE: not-for-us (Easy Chat Server)
CAN-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr)
0.4 ...)
- TODO: check
+ NOTE: not-for-us (ADA Image Server)
CAN-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote
...)
- TODO: check
+ NOTE: not-for-us (ADA Image Server)
CAN-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary
files ...)
- TODO: check
+ - cplay 1.49-3 (medium)
CAN-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows
attackers to ...)
- TODO: check
+ - gnubiff 2.0.0 (medium)
CAN-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows
remote ...)
- TODO: check
+ - gnubiff 2.0.0 (medium)
CAN-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local
users ...)
- TODO: check
+ - gnubiff 2.0.0 (medium)
CAN-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled
or ...)
- TODO: check
+ NOTE: not-for-us (Open WebMail)
CAN-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router
allows ...)
- TODO: check
+ NOTE: not-for-us (3Com OfficeConnect ADSL 11g Router)
CAN-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and
earlier ...)
- TODO: check
+ NOTE: not-for-us (miniBB)
CAN-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060)
allows ...)
- TODO: check
+ NOTE: not-for-us (Sweex Wireless Broadband Router/Accesspoint 802.11g)
CAN-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain
sensitive ...)
- TODO: check
+ NOTE: not-for-us (aMSN 0.90 for Microsoft Windows)
CAN-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta)
and ...)
- TODO: check
+ NOTE: not-for-us (Tutti Nova)
CAN-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework
01-00, ...)
- TODO: check
+ NOTE: not-for-us (Hitachi Cosminexus Portal Framework)
CAN-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station
0.30a or ...)
- TODO: check
+ NOTE: not-for-us (Roger Wilco)
CAN-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or
Roger ...)
- TODO: check
+ NOTE: not-for-us (Roger Wilco)
CAN-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station
0.30a and ...)
- TODO: check
+ NOTE: not-for-us (Roger Wilco)
CAN-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under
the web ...)
- TODO: check
+ NOTE: not-for-us (S-Mart Shopping Cart or RediCart)
CAN-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail
Server 4.01 ...)
- TODO: check
+ NOTE: not-for-us (*1st Class Mail Server)
CAN-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01
allows ...)
- TODO: check
+ NOTE: not-for-us (*1st Class Mail Server)
CAN-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA
allows ...)
- TODO: check
+ NOTE: not-for-us (Jaws)
CAN-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws
0.3 ...)
- TODO: check
+ NOTE: not-for-us (Jaws)
CAN-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and
via an ...)
- TODO: check
+ NOTE: not-for-us (Jaws)
CAN-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus
products, ...)
- TODO: check
+ NOTE: not-for-us (F-Secure Anti-Virus)
CAN-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has
unknown ...)
- TODO: check
+ NOTE: not-for-us (Kerio)
CAN-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and
...)
- TODO: check
+ NOTE: not-for-us (proxytunnel)
CAN-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300
printers ...)
- TODO: check
+ NOTE: not-for-us (HP printers)
CAN-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01
allows ...)
- TODO: check
+ NOTE: not-for-us (PHP-Fusion)
CAN-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us (PHP-Fusion)
CAN-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier
stores ...)
- TODO: check
+ NOTE: not-for-us (Computer Associates Unicenter Common Services)
CAN-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human
Resources ...)
- TODO: check
+ NOTE: not-for-us (PeopleSoft Human Resources Management System (HRMS))
CAN-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist
function in ...)
NOTE: not-for-us (CPAINT ajax toolkit)
CAN-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote
attackers ...)
@@ -306,9 +308,8 @@
CAN-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My
Image ...)
NOTE: not-for-us (My Image Gallery (Mig))
CAN-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote
attackers to ...)
- - mozilla-firefox (unfixed; bug filed; low)
- - mozilla-browser (unfixed; bug filed; low)
- - mozilla-thunderbird (unfixed; bug filed; low)
+ - mozilla-firefox (unfixed; bug #324907; low)
+ TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird
CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers
to ...)
NOTE: not-fur-us (MidiCart)
CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled allows
remote attackers to ...)
@@ -467,75 +468,74 @@
CAN-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the
physical ...)
NOTE: not-for-us (PHPX CMS)
CAN-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through
1.0.7 ...)
- TODO: check
+ NOTE: not-for-us (Digital Reality game engine, as used in Haegemonia
1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0)
CAN-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a
denial of ...)
- TODO: check
+ NOTE: not-for-us (Targem Battle Mages)
CAN-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
3.10.39.0 does ...)
- TODO: check
+ NOTE: not-for-us (Dell TrueMobile 1300 WLAN Mini-PCI Card Util
TrayApplet)
CAN-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for
phpBB ...)
- TODO: check
+ - phpbb2 2.0.6c (low)
CAN-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server
does ...)
- TODO: check
+ NOTE: not-for-us (roofpoint Protection Server)
CAN-2004-2356 (Fizmez Web Server 1.0 allows remote attackers to cause a denial
of ...)
- TODO: check
+ NOTE: not-for-us (Fizmez)
CAN-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live
Help ...)
- TODO: check
+ NOTE: not-for-us (Crafty Syntax Live Help)
CAN-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke
6.5 ...)
- TODO: check
+ NOTE: not-for-us (4nGuestbook)
CAN-2004-2353 (BugPort before 1.099 stores its configuration file
(conf/config.conf) ...)
- TODO: check
+ NOTE: not-for-us (BugPort)
CAN-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke
1.0 ...)
- TODO: check
+ NOTE: not-for-us (GBook)
CAN-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke
1.0 ...)
- TODO: check
+ NOTE: not-for-us (GBook)
CAN-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through
2.0.6 ...)
- TODO: check
+ - phpbb2 2.0.8 (low)
CAN-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before
1.20-pre2 allow ...)
- TODO: check
+ NOTE: not-for-us (Tunez)
CAN-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote
attackers to ...)
- TODO: check
+ NOTE: not-for-us (Sybari AntiGen for Domino)
CAN-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote
...)
- TODO: check
+ NOTE: not-for-us (Leif M. Wright Web Blog)
CAN-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum
Web ...)
- TODO: check
+ NOTE: not-for-us (Forum Web Server )
CAN-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server
9.0.1.4, ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of
VocalTec ...)
- TODO: check
+ NOTE: not-for-us (VocalTec)
CAN-2004-2343 (** DISPUTED ** ...)
- TODO: check
CAN-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of
service ...)
- TODO: check
+ NOTE: not-for-us (ChatterBox)
CAN-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for
...)
- TODO: check
+ NOTE: not-for-us (iSearch)
CAN-2004-2340 (** UNVERIFIABLE ** ...)
- TODO: check
+ NOTE: not-for-us (PunkBuster Screenshot Database)
CAN-2004-2339 (** DISPUTED ** ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny
rules ...)
- TODO: check
+ NOTE: not-for-us (OpenBSD)
CAN-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is
installed ...)
- TODO: check
+ NOTE: not-for-us (inlook)
CAN-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise
WebAccess 6.0 ...)
- TODO: check
+ NOTE: not-for-us (Novel Groupwise)
CAN-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X,
as used ...)
- TODO: check
+ NOTE: not-for-us (Macromedia installers and e-licensing client on Mac
OS X)
CAN-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU
Webmail ...)
- TODO: check
+ NOTE: not-for-us (EMU Webmail)
CAN-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload
area, ...)
- TODO: check
+ NOTE: not-for-us (Bodington)
CAN-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN
WWW::Form ...)
- TODO: check
+ NOTE: not-for-us (WWW::Form)
CAN-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass
sandbox ...)
- TODO: check
+ NOTE: not-for-us (ColdFusion)
CAN-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause
a ...)
- TODO: check
+ NOTE: not-for-us (ColdFusion)
CAN-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to
execute ...)
- TODO: check
+ NOTE: not-for-us (Kerio Personal Firewal)
CAN-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us (Clearswift MAILsweeper )
CAN-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a
denial of ...)
- TODO: check
+ NOTE: not-for-us (Vizer)
CAN-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance
before ...)
TODO: check
CAN-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for
...)
@@ -697,7 +697,6 @@
CAN-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4
to ...)
NOTE: not-for-us (Mac OS X)
CAN-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and
earlier, ...)
- TODO: check
NOTE: not-for-us (Mac OS X)
CAN-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows
local users ...)
NOTE: not-for-us (Mac OS X)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
