[Secure-testing-commits] r2211 - data/CAN

Wed, 28 Sep 2005 14:14:51 -0700 

Author: joeyh
Date: 2005-09-28 21:14:17 +0000 (Wed, 28 Sep 2005)
New Revision: 2211

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
===================================================================
--- data/CAN/list       2005-09-28 13:25:32 UTC (rev 2210)
+++ data/CAN/list       2005-09-28 21:14:17 UTC (rev 2211)
@@ -1,3 +1,57 @@
+CAN-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number 
generators ...)
+       TODO: check
+CAN-2005-3086 (Directory traversal vulnerability in admin/about.php in 
contentServ ...)
+       TODO: check
+CAN-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php 
in ...)
+       TODO: check
+CAN-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for 
Sony PSP ...)
+       TODO: check
+CAN-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS 
Made ...)
+       TODO: check
+CAN-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 
allows ...)
+       TODO: check
+CAN-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute 
arbitrary ...)
+       TODO: check
+CAN-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote 
attackers to ...)
+       TODO: check
+CAN-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform 
"code inclusion" ...)
+       TODO: check
+CAN-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 
allows ...)
+       TODO: check
+CAN-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote 
attackers ...)
+       TODO: check
+CAN-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary 
SQL ...)
+       TODO: check
+CAN-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote 
...)
+       TODO: check
+CAN-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 
and ...)
+       TODO: check
+CAN-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 
4.9.3, ...)
+       TODO: check
+CAN-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in 
Interchange ...)
+       TODO: check
+CAN-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 
8 and ...)
+       TODO: check
+CAN-2005-3070 (HylaFax 4.2.1 and earlier on Debian GNU/Linux does not create 
or ...)
+       TODO: check
+CAN-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to 
...)
+       TODO: check
+CAN-2005-3068 (Unspecified vulnerability in Eric Integrated Development 
Environment ...)
+       TODO: check
+CAN-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in 
PerlDiver ...)
+       TODO: check
+CAN-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in 
PerlDiver ...)
+       TODO: check
+CAN-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers 
cause a ...)
+       TODO: check
+CAN-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify 
client ...)
+       TODO: check
+CAN-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote 
attackers to ...)
+       TODO: check
+CAN-2005-3062 (PHP remote file inclusion vulnerability in index.php in 
AlstraSoft ...)
+       TODO: check
+CAN-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 
through ...)
+       TODO: check
 CAN-2003-XXXX [libsafe: does not prevent some exploit types]
        TODO: We should push for removal, maintainer already voiced consent 
during Sarge prep phase     
        - libsafe <unfixed> (bug #173227; medium)
@@ -787,8 +841,8 @@
        RESERVED
 CAN-2005-2711
        RESERVED
-CAN-2005-2710
-       RESERVED
+CAN-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 
10 ...)
+       TODO: check
 CAN-2005-2709
        RESERVED
 CAN-2005-2708
@@ -11974,7 +12028,7 @@
        NOT-FOR-US: Kerio
 CAN-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, 
does ...)
        NOT-FOR-US: MacOS
-CAN-2004-1020 (The addslashes function in PHP 4.3.6 through 4.3.9 and 5.0.0 
through ...)
+CAN-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a 
NULL ...)
        - php4 4:4.3.10-1
 CAN-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 
5.0.2 ...)
        - php4 4:4.3.10-1


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to