|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster MISC-2002a - 39 candidates
I am proposing cluster MISC-2002a for review and voting by the Editorial Board. Name: MISC-2002a Description: Misc CANs from Jun 2002 to Aug 2002 Size: 39 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-1410 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1410 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020727 Easy Guestbook Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0356.html Reference: BID:5341 Reference: URL:http://www.securityfocus.com/bid/5341 Reference: XF:easy-guestbook-gain-access(9697) Reference: URL:http://www.iss.net/security_center/static/9697.php Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi. Analysis ---------------- ED_PRI CAN-2002-1410 3 Vendor Acknowledgement: Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1411 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1411 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020622 DPGS allows any file to be overwritten Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0265.html Reference: BID:5081 Reference: URL:http://www.securityfocus.com/bid/5081 Reference: XF:dpgs-dotdot-directory-traversal(9414) Reference: URL:http://www.iss.net/security_center/static/9414.php Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter. Analysis ---------------- ED_PRI CAN-2002-1411 3 Vendor Acknowledgement: no not-supported Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1415 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1415 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 Advisory: DoS in WebEasyMail +more possible? Reference: URL:http://online.securityfocus.com/archive/1/288222 Reference: BID:5518 Reference: URL:http://www.securityfocus.com/bid/5518 Reference: XF:webeasymail-smtp-service-dos(9924) Reference: URL:http://www.iss.net/security_center/static/9924.php Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests. Analysis ---------------- ED_PRI CAN-2002-1415 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1416 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1416 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 Advisory: DoS in WebEasyMail +more possible? Reference: URL:http://online.securityfocus.com/archive/1/288222 Reference: XF:webeasymail-pop3-bruteforce(9925) Reference: URL:http://www.iss.net/security_center/static/9925.php Reference: BID:5519 Reference: URL:http://www.securityfocus.com/bid/5519 The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks. Analysis ---------------- ED_PRI CAN-2002-1416 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1421 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1421 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020818 FUDforum file access and SQL Injection Reference: URL:http://online.securityfocus.com/archive/1/288042 Reference: VULNWATCH:20020818 FUDforum file access and SQL Injection Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html Reference: BID:5500 Reference: URL:http://www.securityfocus.com/bid/5500 Reference: XF:fudforum-sql-injection(9912) Reference: URL:http://www.iss.net/security_center/static/9912.php SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php. Analysis ---------------- ED_PRI CAN-2002-1421 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1422 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1422 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020818 FUDforum file access and SQL Injection Reference: URL:http://online.securityfocus.com/archive/1/288042 Reference: VULNWATCH:20020818 FUDforum file access and SQL Injection Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html Reference: XF:fudforum-admnbrowse-modify-files(9901) Reference: URL:http://www.iss.net/security_center/static/9901.php Reference: BID:5502 Reference: URL:http://www.securityfocus.com/bid/5502 admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters. Analysis ---------------- ED_PRI CAN-2002-1422 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-EXEC, SF-LOC ABSTRACTION: while the tmp_view.php and admbrowse.php problems appear to be of the same type (file retrieval via /absolute/pathname), the admbrowse.php issue has another aspect - URL encoding - that suggests that the issues may be slightly different. Therefore CD:SF-EXEC suggests creating separate candidates. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1423 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1423 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020818 FUDforum file access and SQL Injection Reference: URL:http://online.securityfocus.com/archive/1/288042 Reference: VULNWATCH:20020818 FUDforum file access and SQL Injection Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html Reference: XF:fudforum-tmpview-download-files(9896) Reference: URL:http://www.iss.net/security_center/static/9896.php Reference: BID:5501 Reference: URL:http://www.securityfocus.com/bid/5501 tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter. Analysis ---------------- ED_PRI CAN-2002-1423 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-EXEC, SF-LOC ABSTRACTION: while the tmp_view.php and admbrowse.php problems appear to be of the same type (file retrieval via /absolute/pathname), the admbrowse.php issue has another aspect - URL encoding - that suggests that the issues may be slightly different. Therefore CD:SF-EXEC suggests creating separate candidates. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1426 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1426 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020727 Phenoelit Advisory 0815 ++ /+ HP ProCurve Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0338.html Reference: MISC:http://www.phenoelit.de/stuff/HP_ProCurve.txt Reference: BID:5336 Reference: URL:http://www.securityfocus.com/bid/5336 Reference: XF:hp-procurve-snmp-write-dos(9708) Reference: URL:http://www.iss.net/security_center/static/9708.php HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-1426 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1427 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1427 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020727 Easy Homepage Creator Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html Reference: BID:5340 Reference: URL:http://www.securityfocus.com/bid/5340 Reference: XF:easy-homepage-gain-access(9696) Reference: URL:http://www.iss.net/security_center/static/9696.php The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users. Analysis ---------------- ED_PRI CAN-2002-1427 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1428 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1428 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020728 php dotProject by pass authentication Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0366.html Reference: BID:5347 Reference: URL:http://www.securityfocus.com/bid/5347 Reference: XF:dotproject-admin-access(9720) Reference: URL:http://www.iss.net/security_center/static/9720.php index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1. Analysis ---------------- ED_PRI CAN-2002-1428 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1429 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1429 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020729 Code injection Vulnerability in endity.com Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0389.html Reference: MISC:http://endity.com/board/index.php?act=ST&f=3&t=68&s=363128162825b2d7fcf60c9cd2a292fe Reference: XF:shoutbox-site-html-injection(9739) Reference: URL:http://www.iss.net/security_center/static/9739.php Reference: BID:5354 Reference: URL:http://www.securityfocus.com/bid/5354 Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter. Analysis ---------------- ED_PRI CAN-2002-1429 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: a post to a user board dated August 9, 2002, says "The new download is safer as it contains the security patch," but it does not say whether the patch is related to the Bugtraq post or not. A look at the source code for board.php does suggest that the site variable is being quoted, but it is not clear whether that was the change that was made. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1431 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1431 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020609 Problem with IP reporting - Belkin Cable/DSL router Reference: URL:http://online.securityfocus.com/archive/1/276256 Reference: BID:4982 Reference: URL:http://www.securityfocus.com/bid/4982 Reference: XF:belkin-incorrect-ip(9324) Reference: URL:http://www.iss.net/security_center/static/9324.php Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server. Analysis ---------------- ED_PRI CAN-2002-1431 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1432 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1432 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: CF Reference: BUGTRAQ:20020807 MidiCart Shopping Cart Software database vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0074.html Reference: BID:5438 Reference: URL:http://www.securityfocus.com/bid/5438 Reference: XF:shopping-cart-database-access(9816) Reference: URL:http://www.iss.net/security_center/static/9816.php MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. Analysis ---------------- ED_PRI CAN-2002-1432 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1433 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1433 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020819 Kerio Mail Server Multiple Security Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html Reference: XF:kerio-mailserver-syn-dos(9904) Reference: URL:http://www.iss.net/security_center/static/9904.php Reference: BID:5505 Reference: URL:http://www.securityfocus.com/bid/5505 Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services. Analysis ---------------- ED_PRI CAN-2002-1433 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1434 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1434 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020819 Kerio Mail Server Multiple Security Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html Reference: BID:5507 Reference: URL:http://www.securityfocus.com/bid/5507 Reference: XF:kerio-webserver-webmail-xss(9905) Reference: URL:http://www.iss.net/security_center/static/9905.php Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs. Analysis ---------------- ED_PRI CAN-2002-1434 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1440 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1440 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020814 Trivial root compromise in Gateway GS-400 NAS Servers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0126.html Reference: XF:gateway-gs400-default-password(9864) Reference: URL:http://www.iss.net/security_center/static/9864.php Reference: BID:5472 Reference: URL:http://www.securityfocus.com/bid/5472 The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges. Analysis ---------------- ED_PRI CAN-2002-1440 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1441 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1441 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020819 Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B) Reference: URL:http://online.securityfocus.com/archive/1/288013 Reference: VULNWATCH:20020819 Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0085.html Reference: MISC:http://www.steelarrow.com/ Reference: MISC:http://www.nextgenss.com/advisories/steel-arrow-bo.txt Reference: MISC:http://www.nextgenss.com/vna/tom-saro.txt Reference: XF:steelarrow-userident-bo(9888) Reference: URL:http://www.iss.net/security_center/static/9888.php Reference: XF:steelarrow-long-aro-bo(9889) Reference: URL:http://www.iss.net/security_center/static/9889.php Reference: XF:steelarrow-chunked-aro-bo(9890) Reference: URL:http://www.iss.net/security_center/static/9890.php Reference: BID:4860 Reference: URL:http://www.securityfocus.com/bid/4860 Reference: BID:5494 Reference: URL:http://www.securityfocus.com/bid/5494 Reference: BID:5496 Reference: URL:http://www.securityfocus.com/bid/5496 Reference: BID:5495 Reference: URL:http://www.securityfocus.com/bid/5495 Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request. Analysis ---------------- ED_PRI CAN-2002-1441 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-EXEC ACKNOWLEDGEMENT: the vendor's front page includes an item dated August 2002 which states "version [4.5] also eliminates a buffer overrun issue found in version 4.1," but since it does not credit NGSSoftware (the disclosers) and it only mentions one overflow instead of 3, it cannot be certain whether the fix was for the issues identified by this candidate. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1442 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1442 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC) Reference: URL:http://online.securityfocus.com/archive/1/286527 Reference: NTBUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC) Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html Reference: MISC:http://sec.greymagic.com/adv/gm001-mc/ Reference: BID:5424 Reference: URL:http://www.securityfocus.com/bid/5424 The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check. Analysis ---------------- ED_PRI CAN-2002-1442 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1444 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1444 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020815 IE [with Google Toolbar installed] crash Reference: URL:http://online.securityfocus.com/archive/1/287498 Reference: MISC:http://www.sztolnia.pl/hack/googIE/googIE.html Reference: XF:ie-google-toolbar-dos(9883) Reference: URL:http://www.iss.net/security_center/static/9883.php Reference: BID:5477 Reference: URL:http://www.securityfocus.com/bid/5477 The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function. Analysis ---------------- ED_PRI CAN-2002-1444 3 Vendor Acknowledgement: unknown discloser-claimed ACCURACY: the discloser provides no diagnosis of where the problem could lie, or which parts of the "exploit code" are malformed. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1445 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1445 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html Reference: BID:5447 Reference: URL:http://www.securityfocus.com/bid/5447 Reference: XF:cern-proxy-xss(9834) Reference: URL:http://www.iss.net/security_center/static/9834.php Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page. Analysis ---------------- ED_PRI CAN-2002-1445 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1449 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1449 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020730 Bug in Eupload Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0412.html Reference: BID:5369 Reference: URL:http://online.securityfocus.com/bid/5369 Reference: XF:eupload-passwordtxt-overwrite-files(9733) Reference: URL:http://www.iss.net/security_center/static/9733.php eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt. Analysis ---------------- ED_PRI CAN-2002-1449 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1450 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1450 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020731 TZ Advisores - Buffer Overflow in IBM U2 UniVerse ODBC Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0442.html Reference: XF:ibm-universe-invalid-query-dos(9736) Reference: URL:http://www.iss.net/security_center/static/9736.php IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-1450 3 Vendor Acknowledgement: no ACCURACY: while the original Bugtraq post's subject line includes the word "buffer overflow," the discloser provides little information to indicate where the overflow may be. ACKNOWLEDGEMENT: a search for "vulnerability" or "buffer" at http://www-3.ibm.com/software/data/u2/universe/support/ produced no results. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1451 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1451 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020824 Blazix 1.2 jsp view and free protected folder access Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0259.html Reference: BID:5566 Reference: URL:http://www.securityfocus.com/bid/5566 Reference: XF:blazix-unauth-file-access(9952) Reference: URL:http://www.iss.net/security_center/static/9952.php Reference: BID:5567 Reference: URL:http://www.securityfocus.com/bid/5567 Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character. Analysis ---------------- ED_PRI CAN-2002-1451 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Email inquiry sent to support@desisoft.com on November 18, 2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1452 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1452 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULNWATCH:20020814 new bugs in MyWebServer Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html Reference: BUGTRAQ:20020814 new bugs in MyWebServer Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102935720109934&w=2 Reference: XF:mywebserver-search-bo(9859) Reference: URL:http://www.iss.net/security_center/static/9859.php Reference: BID:5469 Reference: URL:http://www.securityfocus.com/bid/5469 Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter. Analysis ---------------- ED_PRI CAN-2002-1452 3 Vendor Acknowledgement: no Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1453 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1453 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULNWATCH:20020814 new bugs in MyWebServer Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html Reference: BUGTRAQ:20020814 new bugs in MyWebServer Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102935720109934&w=2 Reference: BID:5470 Reference: URL:http://www.securityfocus.com/bid/5470 Reference: XF:mywebserver-long-http-xss(9861) Reference: URL:http://www.iss.net/security_center/static/9861.php Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message. Analysis ---------------- ED_PRI CAN-2002-1453 3 Vendor Acknowledgement: no Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1454 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1454 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULNWATCH:20020814 new bugs in MyWebServer Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html Reference: BUGTRAQ:20020814 new bugs in MyWebServer Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102935720109934&w=2 Reference: XF:mywebserver-invalid-path-disclosure(9862) Reference: URL:http://www.iss.net/security_center/static/9862.php Reference: BID:5471 Reference: URL:http://www.securityfocus.com/bid/5471 MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message. Analysis ---------------- ED_PRI CAN-2002-1454 3 Vendor Acknowledgement: no Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1455 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1455 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020825 OmniHTTPd test.shtml Cross-Site Scripting Issue Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html Reference: BUGTRAQ:20020825 OmniHTTPd test.php Cross-Site Scripting Issue Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html Reference: BUGTRAQ:20020825 More OmniHTTPd Problems Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe. Analysis ---------------- ED_PRI CAN-2002-1455 3 Vendor Acknowledgement: no Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1456 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1456 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020827 uuuppz.com - Advisory 002 - mIRC $asctime overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103046375002380&w=2 Reference: NTBUGTRAQ:20020827 uuuppz.com - Advisory 002 - mIRC $asctime overflow Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103046138631893&w=2 Reference: VULNWATCH:20020827 uuuppz.com - Advisory 002 - mIRC $asctime overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0092.html Reference: MISC:http://www.mirc.co.uk/whatsnew.txt Reference: XF:mirc-asctime-bo(9970) Reference: BID:5576 Reference: URL:http://online.securityfocus.com/bid/5576 Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value. Analysis ---------------- ED_PRI CAN-2002-1456 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: the vendor changelog for 2.0.3 is too vague to know whether it's addressing a vulnerability or not; it simply refers to "the $asctime() bug." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1457 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1457 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULNWATCH:20020813 L-Forum Vulnerability - SQL Injection Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0074.html Reference: XF:lforum-search-sql-injection(9837) Reference: URL:http://www.iss.net/security_center/static/9837.php Reference: BID:5468 Reference: URL:http://www.securityfocus.com/bid/5468 SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter. Analysis ---------------- ED_PRI CAN-2002-1457 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1458 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1458 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020813 L-Forum XSS and upload spoofing Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html Reference: MISC:http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278 Reference: XF:lforum-html-message-xss(9838) Reference: URL:http://www.iss.net/security_center/static/9838.php Reference: BID:5462 Reference: URL:http://www.securityfocus.com/bid/5462 Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body. Analysis ---------------- ED_PRI CAN-2002-1458 3 Vendor Acknowledgement: no Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests a SPLIT of items if one item appears in a different version than another. As noted in the Bugtraq post and vendor acknowledgement, the bugs with the "Enable HTML" option *off* were fixed, but related bugs when "Enable HTML" is *off* were NOT fixed. Therefore these items should be SPLIT. ACKNOWLEDGEMENT: the patch supplied by the vendor clearly indicates that it only removes XSS issues when "Enable HTML" is *OFF*. Therefore, the vendor has not fixed the problem when "Enable HTML" is on, and there is no acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1461 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1461 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020815 Web Shop Manager Security Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0130.html Reference: MISC:http://www.securiteam.com/securitynews/5KP0G0080E.html Reference: BID:5474 Reference: URL:http://www.securityfocus.com/bid/5474 Reference: XF:webshop-manager-execute-commands(9817) Reference: URL:http://www.iss.net/security_center/static/9817.php Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box. Analysis ---------------- ED_PRI CAN-2002-1461 3 Vendor Acknowledgement: no ACKNOWLEDGEMENT: inquiry posted to vendor form at http://www.webscriptworld.com/contact.phtml on November 18, 2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1462 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1462 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020815 Input validation attack in php-affiliate-v1.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0141.html Reference: BID:5482 Reference: URL:http://www.securityfocus.com/bid/5482 Reference: XF:phpaffiliate-details-account-access(9858) Reference: URL:http://www.iss.net/security_center/static/9858.php details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields. Analysis ---------------- ED_PRI CAN-2002-1462 3 Vendor Acknowledgement: no vendor inaccessible ACKNOWLEDGEMENT: there is no clear acknowledgement. The vendor site at http://www.organicphp.com/ includes an item for 1.1 that says there were "some bugs found," and 1.2 says that two scripts "were faulty." But there is no way to know whether these bugs were security-related. The site requires registration to obtain the software, and there is no email POC, so the possibility of acknowledgement was not investigated further. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1464 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1464 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html Reference: BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package Reference: URL:http://online.securityfocus.com/archive/1/287228 Reference: BID:5455 Reference: URL:http://www.securityfocus.com/bid/5455 Reference: XF:b2-gpc-xss(9835) Reference: URL:http://www.iss.net/security_center/static/9835.php Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable. Analysis ---------------- ED_PRI CAN-2002-1464 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1465 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1465 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html Reference: BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package Reference: URL:http://online.securityfocus.com/archive/1/287228 Reference: BID:5456 Reference: URL:http://www.securityfocus.com/bid/5456 Reference: XF:b2-tableposts-sql-injection(9836) Reference: URL:http://www.iss.net/security_center/static/9836.php SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable. Analysis ---------------- ED_PRI CAN-2002-1465 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1466 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1466 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html Reference: BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package Reference: URL:http://online.securityfocus.com/archive/1/287228 CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. Analysis ---------------- ED_PRI CAN-2002-1466 3 Vendor Acknowledgement: Content Decisions: INCLUSION ACCURACY/INCLUSION: This may be a duplicate or variant of CAN-2002-0734. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1470 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1470 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020806 Fate Research Labs Advisory: Retrieve SHOUTcast Admin Password Through GET / Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0017.html Reference: XF:shoutcast-scservlog-world-readable(9775) Reference: URL:http://www.iss.net/security_center/static/9775.php Reference: BID:5414 Reference: URL:http://www.securityfocus.com/bid/5414 SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file. Analysis ---------------- ED_PRI CAN-2002-1470 3 Vendor Acknowledgement: no disputed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1498 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1498 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020828 SWServer 2.2 directory traversal bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0307.html Reference: BID:5590 Reference: URL:http://www.securityfocus.com/bid/5590 Reference: XF:swserver-encoded-directory-traversal(9981) Reference: URL:http://www.iss.net/security_center/static/9981.php Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with "/" or "\" characters. Analysis ---------------- ED_PRI CAN-2002-1498 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1499 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1499 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020831 FactoSystem CMS Contains Multiple Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/290021 Reference: VULNWATCH:20020830 FactoSystem CMS Contains Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668 Reference: XF:factosystem-asp-sql-injection(10000) Reference: URL:http://www.iss.net/security_center/static/10000.php Reference: BID:5600 Reference: URL:http://www.securityfocus.com/bid/5600 Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp. Analysis ---------------- ED_PRI CAN-2002-1499 3 Vendor Acknowledgement: no Content Decisions: SF-LOC, SF-EXEC A bug report was filed, but as of January 2003, the bug status was still "open." Therefore it cannot be certain whether the developer has acknowledged the vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1506 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1506 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020828 iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0304.html Reference: VULNWATCH:20020828 iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0093.html Reference: MISC:http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4 Reference: BID:5585 Reference: URL:http://www.securityfocus.com/bid/5585 Reference: XF:linuxconf-linuxconflang-env-bo(9980) Reference: URL:http://www.iss.net/security_center/static/9980.php Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated. Analysis ---------------- ED_PRI CAN-2002-1506 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: the vendor change log for 1.28r4 discusses a "fix for a local security exploit" but does not provide details. The log is dated August 18; however, iDEFENSE's disclosure timeline says that the vendor was not notified until the 19th. While this may appear to be a minor inconsistency, when viewed in conjunction with the vendor's vague statement, this changelog can NOT be viewed as conclusive evidence that the vendor fixed this particular vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
