[Secure-testing-commits] r2142 - data/CAN
Micah Anderson
micah at costa.debian.org
Fri Sep 23 23:22:18 UTC 2005
Author: micah
Date: 2005-09-23 23:22:07 +0000 (Fri, 23 Sep 2005)
New Revision: 2142
Modified:
data/CAN/list
Log:
Changing NOTE: not-for-us (package_name) to NOT-FOR-US: package_name
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-23 22:55:25 UTC (rev 2141)
+++ data/CAN/list 2005-09-23 23:22:07 UTC (rev 2142)
@@ -3,110 +3,110 @@
CAN-2005-XXXX [ITL injection in interchange]
- interchange 5.2.1-1 (bug #329705; unknown)
CAN-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
- NOTE: not-for-us (Mall23 eCommerce)
+ NOT-FOR-US: Mall23 eCommerce
CAN-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...)
- webmin 1.220-1 (high; bug #329741)
- usermin 1.150-1 (high; bug #329742)
NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821
CAN-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...)
- NOTE: not-for-us (TAC Vista)
+ NOT-FOR-US: TAC Vista
CAN-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...)
- NOTE: not-for-us (Mall23 eCommerce)
+ NOT-FOR-US: Mall23 eCommerce
CAN-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...)
- NOTE: not-for-us (Handy Address Book Server)
+ NOT-FOR-US: Handy Address Book Server
CAN-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...)
- NOTE: not-for-us (File Transfer Anywhere)
+ NOT-FOR-US: File Transfer Anywhere
CAN-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
- NOTE: not-for-us (Compuware DriverStudio)
+ NOT-FOR-US: Compuware DriverStudio
CAN-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
- NOTE: not-for-us (Compuware DriverStudio)
+ NOT-FOR-US: Compuware DriverStudio
CAN-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...)
- NOTE: not-for-us (vxWeb - WinCE software)
+ NOT-FOR-US: vxWeb - WinCE software
CAN-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...)
- NOTE: not-for-us (vxTfpSrv - WinCE software)
+ NOT-FOR-US: vxTfpSrv - WinCE software
CAN-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...)
- NOTE: not-for-us (vxTfpSrv - WinCE software)
+ NOT-FOR-US: vxTfpSrv - WinCE software
CAN-2005-3030 (Directory traversal vulnerability in the archive decompression library ...)
- NOTE: not-for-us (Ahnlab Anti virus)
+ NOT-FOR-US: Ahnlab Anti virus
CAN-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...)
- NOTE: not-for-us (Ahnlab Anti virus)
+ NOT-FOR-US: Ahnlab Anti virus
CAN-2005-3028
NOTE: rejected
CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...)
- NOTE: not-for-us (Sybari Antigen anti spam solution)
+ NOT-FOR-US: Sybari Antigen anti spam solution
CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...)
- NOTE: not-for-us (Epay Pro)
+ NOT-FOR-US: Epay Pro
CAN-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...)
- NOTE: not-for-us (Content2Web)
+ NOT-FOR-US: Content2Web
CAN-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...)
- NOTE: not-for-us (Ensim webppliance)
+ NOT-FOR-US: Ensim webppliance
CAN-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...)
- NOTE: not-for-us (YaST)
+ NOT-FOR-US: YaST
CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
- NOTE: not-for-us (SimpleCDR-X)
+ NOT-FOR-US: SimpleCDR-X
CAN-2005-3011 (texindex in texinfo 4.7 and earlier allows local users to overwrite ...)
- texinfo <unfixed> (bug #328265; low)
CAN-2005-3010 (Direct static code injection vulnerability in the flood protection ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...)
- NOTE: not-for-us (Tofu)
+ NOT-FOR-US: Tofu
TODO: Please double-check, there's a twisted, soya and other stuff, it's all a wild mix
CAN-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...)
- NOTE: not-for-us (Helpdesk Software Hesk)
+ NOT-FOR-US: Helpdesk Software Hesk
CAN-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...)
- NOTE: not-for-us (Interakt MX Shop)
+ NOT-FOR-US: Interakt MX Shop
CAN-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...)
- NOTE: not-for-us (NooTopList)
+ NOT-FOR-US: NooTopList
CAN-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...)
- NOTE: not-for-us (Multi-Computer Control System)
+ NOT-FOR-US: Multi-Computer Control System
CAN-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...)
- NOTE: not-for-us (PHP Advanced Transfer Manager)
+ NOT-FOR-US: PHP Advanced Transfer Manager
CAN-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...)
- NOTE: not-for-us (PHP Advanced Transfer Manager)
+ NOT-FOR-US: PHP Advanced Transfer Manager
CAN-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...)
- NOTE: not-for-us (PHP Advanced Transfer Manager)
+ NOT-FOR-US: PHP Advanced Transfer Manager
CAN-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...)
- NOTE: not-for-us (PHP Advanced Transfer Manager)
+ NOT-FOR-US: PHP Advanced Transfer Manager
CAN-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...)
- NOTE: not-for-us (VERITAS storage solutions)
+ NOT-FOR-US: VERITAS storage solutions
CAN-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...)
- bacula (bug #329271; low)
CAN-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...)
- NOTE: not-for-us (IBM Rational ClearQuest)
+ NOT-FOR-US: IBM Rational ClearQuest
CAN-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
- ncompress <unfixed> (bug #329052; unimportant)
CAN-2005-2992 [Another arc tempfile issue]
@@ -119,29 +119,29 @@
CAN-2005-XXXX [freeradius buffer overflows and SQL injection]
- freeradius 1.0.5-1 (medium)
CAN-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...)
- NOTE: not-for-us (LineControl Java Client)
+ NOT-FOR-US: LineControl Java Client
CAN-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...)
- NOTE: not-for-us (DeluxeBB)
+ NOT-FOR-US: DeluxeBB
CAN-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...)
- NOTE: not-for-us (HP printers)
+ NOT-FOR-US: HP printers
CAN-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...)
- NOTE: not-for-us (Digital Scribe)
+ NOT-FOR-US: Digital Scribe
CAN-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...)
- NOTE: not-for-us (AhnLab antivirus and related products)
+ NOT-FOR-US: AhnLab antivirus and related products
CAN-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...)
- NOTE: not-for-us (aeDating script)
+ NOT-FOR-US: aeDating script
CAN-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...)
- NOTE: not-for-us (Avocent hardware issue)
+ NOT-FOR-US: Avocent hardware issue
CAN-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...)
- NOTE: not-for-us (CompaqHTTPServer)
+ NOT-FOR-US: CompaqHTTPServer
CAN-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...)
- NOTE: not-for-us (Orion)
+ NOT-FOR-US: Orion
CAN-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...)
- NOTE: not-for-us (phpoutsourcing Noah's classifieds)
+ NOT-FOR-US: phpoutsourcing Noah's classifieds
CAN-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...)
- NOTE: not-for-us (phpoutsourcing Noah's classifieds)
+ NOT-FOR-US: phpoutsourcing Noah's classifieds
CAN-2005-2978
NOTE: reserved
CAN-2005-2977
@@ -187,33 +187,33 @@
CAN-2005-2958
NOTE: reserved
CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
- NOTE: not-for-us (AVIRA Desktop)
+ NOT-FOR-US: AVIRA Desktop
CAN-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive data ...)
- NOTE: not-for-us (ATutor)
+ NOT-FOR-US: ATutor
CAN-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...)
- NOTE: not-for-us (ATutor)
+ NOT-FOR-US: ATutor
CAN-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...)
- NOTE: not-for-us (ATutor)
+ NOT-FOR-US: ATutor
CAN-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...)
- NOTE: not-for-us (MIVA Merchant)
+ NOT-FOR-US: MIVA Merchant
CAN-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...)
- NOTE: not-for-us (Subscribe Me Pro)
+ NOT-FOR-US: Subscribe Me Pro
CAN-2005-2951 (Directory traversal vulnerability in security.inc.php in ...)
- NOTE: not-for-us (AzDGDating lite)
+ NOT-FOR-US: AzDGDating lite
CAN-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...)
- NOTE: not-for-us (Sawmill)
+ NOT-FOR-US: Sawmill
CAN-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...)
TODO: check
CAN-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...)
- NOTE: not-for-us (KillProcess)
+ NOT-FOR-US: KillProcess
CAN-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-complicit ...)
- NOTE: not-for-us (KillProcess)
+ NOT-FOR-US: KillProcess
CAN-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...)
- openssl (bug #314465; unimportant)
NOTE: MD5 is still good enough for most applications, second preimage attacks
NOTE: haven't been presented yet
CAN-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...)
- NOTE: not-for-us (GNOME Workstation Command Center)
+ NOT-FOR-US: GNOME Workstation Command Center
CAN-2005-2943
NOTE: reserved
CAN-2005-2942
@@ -231,7 +231,7 @@
CAN-2005-2936
NOTE: reserved
CAN-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...)
- NOTE: not-for-us (Microsoft AntiSpyware)
+ NOT-FOR-US: Microsoft AntiSpyware
CAN-2005-2934
NOTE: reserved
CAN-2005-2933
@@ -261,15 +261,15 @@
CAN-2005-2921
NOTE: reserved
CAN-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2005-2913
NOTE: rejected
CAN-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2005-2911
NOTE: reserved
CAN-2005-2910
@@ -285,57 +285,57 @@
CAN-2005-2905
NOTE: reserved
CAN-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows ...)
- NOTE: not-for-us (Zebedee)
+ NOT-FOR-US: Zebedee
CAN-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...)
- NOTE: not-for-us (NOD32 Anti virus)
+ NOT-FOR-US: NOD32 Anti virus
CAN-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...)
- NOTE: not-for-us (class-1 Forum)
+ NOT-FOR-US: class-1 Forum
CAN-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...)
- NOTE: not-for-us (CjWeb2Mail)
+ NOT-FOR-US: CjWeb2Mail
CAN-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...)
- NOTE: not-for-us (CjLinkOut)
+ NOT-FOR-US: CjLinkOut
CAN-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...)
- NOTE: not-for-us (CjTagBoard)
+ NOT-FOR-US: CjTagBoard
CAN-2005-2898 (** DISPUTED ** ...)
- NOTE: not-for-us (Filezilla)
+ NOT-FOR-US: Filezilla
CAN-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (WEB//NEWS)
+ NOT-FOR-US: WEB//NEWS
CAN-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...)
- NOTE: not-for-us (WEB//NEWS)
+ NOT-FOR-US: WEB//NEWS
CAN-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...)
- NOTE: not-for-us (WebArchiveX)
+ NOT-FOR-US: WebArchiveX
CAN-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...)
- NOTE: not-for-us (SecureOL)
+ NOT-FOR-US: SecureOL
CAN-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...)
- NOTE: not-for-us (Check Point)
+ NOT-FOR-US: Check Point
CAN-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...)
- NOTE: not-for-us (MAXDev MD-Pro)
+ NOT-FOR-US: MAXDev MD-Pro
CAN-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
- NOTE: not-for-us (MAXDev MD-Pro)
+ NOT-FOR-US: MAXDev MD-Pro
CAN-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...)
- NOTE: not-for-us (MAXDev MD-Pro)
+ NOT-FOR-US: MAXDev MD-Pro
CAN-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...)
- NOTE: not-for-us (Land Down Under)
+ NOT-FOR-US: Land Down Under
CAN-2005-2883 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...)
- NOTE: not-for-us (Unclassified News Board)
+ NOT-FOR-US: Unclassified News Board
CAN-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOTE: not-for-us (phpCommunityCalendar)
+ NOT-FOR-US: phpCommunityCalendar
CAN-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...)
- NOTE: not-for-us (phpCommunityCalendar)
+ NOT-FOR-US: phpCommunityCalendar
CAN-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...)
- NOTE: not-for-us (phpCommunityCalendar)
+ NOT-FOR-US: phpCommunityCalendar
CAN-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...)
- NOTE: not-for-us (Advansysperu Software USB Lock Auto-Protect)
+ NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect
CAN-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...)
- arc 5.21m-1 (bug #329053; low)
CAN-2005-2917 [DoS vulnerability in squid's NMTL auth code]
@@ -389,75 +389,75 @@
CAN-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...)
- mailutils 1:0.6.90-3 (bug #327424; high)
CAN-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium)
CAN-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...)
- NOTE: not-for-us (ZipTorrent)
+ NOT-FOR-US: ZipTorrent
CAN-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...)
- NOTE: not-for-us (BlueWhaleCRM)
+ NOT-FOR-US: BlueWhaleCRM
CAN-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...)
- NOTE: not-for-us (Mercora IMRadio)
+ NOT-FOR-US: Mercora IMRadio
CAN-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...)
- NOTE: not-for-us (aMember Pro)
+ NOT-FOR-US: aMember Pro
CAN-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...)
- NOTE: not-for-us (URBAN)
+ NOT-FOR-US: URBAN
CAN-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...)
- NOTE: not-for-us (OpenWebmail)
+ NOT-FOR-US: OpenWebmail
CAN-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...)
- NOTE: not-for-us (ADSL hardware)
+ NOT-FOR-US: ADSL hardware
CAN-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...)
- NOTE: not-for-us (N-Stealth)
+ NOT-FOR-US: N-Stealth
CAN-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...)
- nikto <unfixed> (bug #327339; medium)
CAN-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...)
- NOTE: not-for-us (Savant Web Server)
+ NOT-FOR-US: Savant Web Server
CAN-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...)
- NOTE: not-for-us (Rediff BOL))
+ NOT-FOR-US: Rediff BOL)
CAN-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...)
- NOTE: not-for-us (Free SMTP Server)
+ NOT-FOR-US: Free SMTP Server
CAN-2005-2856 (Stack-based buffer overflow in UNACEV2.DLL for ALZip 5.51 through 6.11 ...)
- NOTE: not-for-us (ALZip)
+ NOT-FOR-US: ALZip
CAN-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...)
- NOTE: not-for-us (Unclassified Newsboard)
+ NOT-FOR-US: Unclassified Newsboard
CAN-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...)
- NOTE: not-for-us ()
+ NOT-FOR-US:
CAN-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...)
- NOTE: not-for-us (GuppY)
+ NOT-FOR-US: GuppY
CAN-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...)
- smb4k 0.6.3-1 (medium)
CAN-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (SlimFTPD)
+ NOT-FOR-US: SlimFTPD
CAN-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...)
- NOTE: not-for-us (Barracuda antispam solution)
+ NOT-FOR-US: Barracuda antispam solution
CAN-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...)
- NOTE: not-for-us (Barracuda antispam solution)
+ NOT-FOR-US: Barracuda antispam solution
CAN-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...)
- NOTE: not-for-us (Barracuda antispam solution)
+ NOT-FOR-US: Barracuda antispam solution
CAN-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...)
- NOTE: not-for-us (CMS Made Simple)
+ NOT-FOR-US: CMS Made Simple
CAN-2005-2845 (Ariba Spend Management System sends the username and password to the ...)
- NOTE: not-for-us (Ariba Spend Management System)
+ NOT-FOR-US: Ariba Spend Management System
CAN-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...)
- NOTE: not-for-us (Indiatimes Messenger)
+ NOT-FOR-US: Indiatimes Messenger
CAN-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...)
- NOTE: not-for-us (Hesk)
+ NOT-FOR-US: Hesk
CAN-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...)
- NOTE: not-for-us (DameWare Mini)
+ NOT-FOR-US: DameWare Mini
CAN-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...)
- NOTE: not-for-us (MAXdev)
+ NOT-FOR-US: MAXdev
CAN-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
- NOTE: not-for-us (MAXdev)
+ NOT-FOR-US: MAXdev
CAN-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...)
- NOTE: not-for-us (myBloggie)
+ NOT-FOR-US: myBloggie
CAN-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...)
- NOTE: not-for-us (WebGUI)
+ NOT-FOR-US: WebGUI
CAN-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2005-2835
NOTE: reserved
CAN-2005-2834
@@ -491,36 +491,36 @@
CAN-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
- courier 0.47-9 (bug #327181; medium)
CAN-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to ...)
- NOTE: not-for-us (DownFile)
+ NOT-FOR-US: DownFile
CAN-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...)
- NOTE: not-for-us (DownFile)
+ NOT-FOR-US: DownFile
CAN-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...)
- NOTE: not-for-us (Simple Machines Forum)
+ NOT-FOR-US: Simple Machines Forum
CAN-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...)
- NOTE: not-for-us (Greymatter)
+ NOT-FOR-US: Greymatter
CAN-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...)
- NOTE: not-for-us (man2web)
+ NOT-FOR-US: man2web
CAN-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...)
NOTE: This looks like a Portage-specific configuration flaw to mee, but please double-check
NOTE: double-checked
CAN-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...)
- NOTE: not-for-us (urban game)
+ NOT-FOR-US: urban game
CAN-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...)
- NOTE: not-for-us (silc daemon)
+ NOT-FOR-US: silc daemon
CAN-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...)
- frox 0.7.18-1 (medium)
CAN-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...)
- frox <not-affected> (does not run setuid root in the Debian package)
CAN-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...)
- NOTE: not-for-us (BNBT EasyTracker)
+ NOT-FOR-US: BNBT EasyTracker
CAN-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2005-2804
NOTE: reserved
CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
@@ -528,7 +528,7 @@
CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
- linux-2.6 2.6.12-6 (low)
CAN-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
- openssh 1:4.2p1-1 (bug #326065; medium)
- openssh-krb5 <unfixed> (bug #327233; medium)
@@ -547,65 +547,65 @@
CAN-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
- phpldapadmin 0.9.6c-7 (bug #325785; medium)
CAN-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
- NOTE: not-for-us (BFCC)
+ NOT-FOR-US: BFCC
CAN-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
- NOTE: not-for-us (BFCC)
+ NOT-FOR-US: BFCC
CAN-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
- NOTE: not-for-us (BFCC)
+ NOT-FOR-US: BFCC
CAN-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...)
- NOTE: not-for-us (Land Down Under)
+ NOT-FOR-US: Land Down Under
CAN-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...)
- NOTE: not-for-us (Simple PHP Blog)
+ NOT-FOR-US: Simple PHP Blog
CAN-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...)
- NOTE: not-for-us (cosmoshop)
+ NOT-FOR-US: cosmoshop
CAN-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...)
- NOTE: not-for-us (cosmoshop)
+ NOT-FOR-US: cosmoshop
CAN-2005-2784 (SQL injection vulnerability in the login function for the ...)
- NOTE: not-for-us (cosmoshop)
+ NOT-FOR-US: cosmoshop
CAN-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...)
- NOTE: not-for-us (AutoLinks Pro)
+ NOT-FOR-US: AutoLinks Pro
CAN-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are affected
CAN-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
- NOTE: not-for-us (Land Down Under)
+ NOT-FOR-US: Land Down Under
CAN-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
- NOTE: not-for-us (iTAN)
+ NOT-FOR-US: iTAN
CAN-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (Looking Glass)
+ NOT-FOR-US: Looking Glass
CAN-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...)
- NOTE: not-for-us (Looking Glass)
+ NOT-FOR-US: Looking Glass
CAN-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...)
- NOTE: not-for-us (Looking Glass)
+ NOT-FOR-US: Looking Glass
CAN-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...)
- NOTE: not-for-us (Litium Quake mod)
+ NOT-FOR-US: Litium Quake mod
CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...)
- NOTE: not-for-us (HP OpenView)
+ NOT-FOR-US: HP OpenView
CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...)
- gopher 3.0.11 (bug #327722; high)
CAN-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
- NOTE: not-for-us (Reflection for Secure IT)
+ NOT-FOR-US: Reflection for Secure IT
CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
- NOTE: not-for-us (Reflection for Secure IT)
+ NOT-FOR-US: Reflection for Secure IT
CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
- sqwebmail 0.47-9 (bug #327727; medium)
CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
- NOTE: not-for-us (Sophos AntiVirus)
+ NOT-FOR-US: Sophos AntiVirus
CAN-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...)
- NOTE: not-for-us (LeapFTP)
+ NOT-FOR-US: LeapFTP
CAN-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
- linux-2.6 2.6.12-6 (low)
CAN-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...)
- NOTE: not-for-us (Symantec AntiVirus)
+ NOT-FOR-US: Symantec AntiVirus
CAN-2005-2765 (The user interface in the Windows Firewall does not properly display ...)
- NOTE: not-for-us (Microsoft Windows)
+ NOT-FOR-US: Microsoft Windows
CAN-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...)
- NOTE: not-for-us (OpenTTD)
+ NOT-FOR-US: OpenTTD
CAN-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
- NOTE: not-for-us (OpenTTD)
+ NOT-FOR-US: OpenTTD
CAN-2005-2762
NOTE: reserved
CAN-2005-2760
@@ -655,47 +655,47 @@
CAN-2005-2738
NOTE: reserved
CAN-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...)
- NOTE: not-for-us (YaPig)
+ NOT-FOR-US: YaPig
CAN-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...)
- NOTE: not-for-us (phpGraphy)
+ NOT-FOR-US: phpGraphy
CAN-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...)
- gallery 1.5-2 (bug #325285; medium)
TODO: check gallery2
CAN-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...)
- NOTE: not-for-us (Simple PHP Blog)
+ NOT-FOR-US: Simple PHP Blog
CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
NOTE: path disclosure, so not very important on debian systems
- awstats <unfixed> (bug #327729; low)
CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...)
- NOTE: not-for-us (Astato specific)
+ NOT-FOR-US: Astato specific
CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)
- NOTE: not-for-us (Astato specific)
+ NOT-FOR-US: Astato specific
CAN-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...)
- NOTE: not-for-us (Astato specific)
+ NOT-FOR-US: Astato specific
CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...)
{DSA-805-1}
NOTE: The CVE description is wrong, this has been merged for 2.0.55
- apache2 2.0.54-5 (bug #326435; medium)
CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...)
- NOTE: not-for-us (Home Ftp Server)
+ NOT-FOR-US: Home Ftp Server
CAN-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...)
- NOTE: not-for-us (Home Ftp Server)
+ NOT-FOR-US: Home Ftp Server
CAN-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...)
- NOTE: not-for-us (PaFileDB)
+ NOT-FOR-US: PaFileDB
CAN-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (Foojan PHP Weblog)
+ NOT-FOR-US: Foojan PHP Weblog
CAN-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
- NOTE: not-for-us (Foojan PHP Weblog)
+ NOT-FOR-US: Foojan PHP Weblog
CAN-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...)
- NOTE: not-for-us (HAURI Antivirus)
+ NOT-FOR-US: HAURI Antivirus
CAN-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...)
- NOTE: not-for-us (Ventrilo)
+ NOT-FOR-US: Ventrilo
CAN-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...)
- NOTE: not-for-us (MPlayer)
+ NOT-FOR-US: MPlayer
CAN-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...)
{DSA-799-1}
- webcalendar 0.9.45-7 (bug #326223; medium)
@@ -748,23 +748,23 @@
- libapache-mod-ssl 2.8.24-1 (medium)
- apache2 2.0.54-5 (bug #327210; medium)
CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
- NOTE: not-for-us (PHPKit)
+ NOT-FOR-US: PHPKit
CAN-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...)
- NOTE: not-for-us (Nephp Publisher Enterprise)
+ NOT-FOR-US: Nephp Publisher Enterprise
CAN-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...)
- NOTE: not-for-us (Notes)
+ NOT-FOR-US: Notes
CAN-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...)
- NOTE: not-for-us (WinAce)
+ NOT-FOR-US: WinAce
CAN-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly ...)
- NOTE: not-for-us (SunOS)
+ NOT-FOR-US: SunOS
CAN-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...)
- NOTE: not-for-us (SunOS)
+ NOT-FOR-US: SunOS
CAN-2005-XXXX [osh buffer overflow in handlers.c]
NOTE: This is not the same as -13
- osh 1.7-14 (bug #323424; bug #323482; medium)
@@ -800,63 +800,63 @@
- cvs 1:1.12.9-15 (bug #325106; unimportant)
- gcvs 1.0final-8 (bug #324969; low)
CAN-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...)
- NOTE: not-for-us (RunCMS)
+ NOT-FOR-US: RunCMS
CAN-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...)
- NOTE: not-for-us (RunCMS)
+ NOT-FOR-US: RunCMS
CAN-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal ...)
- NOTE: not-for-us (SaveWebPortal)
+ NOT-FOR-US: SaveWebPortal
CAN-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows ...)
- NOTE: not-for-us (SaveWebPortal)
+ NOT-FOR-US: SaveWebPortal
CAN-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote ...)
- NOTE: not-for-us (SaveWebPortal)
+ NOT-FOR-US: SaveWebPortal
CAN-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...)
- NOTE: not-for-us (SaveWebPortal)
+ NOT-FOR-US: SaveWebPortal
CAN-2005-XXXX [Insecure temp files in firehol]
- firehol 1.231-4 (low)
CAN-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...)
- NOTE: not-for-us (Virtual Edge Netquery)
+ NOT-FOR-US: Virtual Edge Netquery
CAN-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...)
- NOTE: not-for-us (PHPKit)
+ NOT-FOR-US: PHPKit
CAN-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...)
- NOTE: not-for-us (DTLink AreaEdit)
+ NOT-FOR-US: DTLink AreaEdit
CAN-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...)
- NOTE: not-for-us (BEA WebLogic Portal)
+ NOT-FOR-US: BEA WebLogic Portal
CAN-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...)
- NOTE: not-for-us (Sysinternals Process Explorer)
+ NOT-FOR-US: Sysinternals Process Explorer
CAN-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-2677 (ACNews stores the database in a file under the web document root with ...)
- NOTE: not-for-us (ACNews)
+ NOT-FOR-US: ACNews
CAN-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
- NOTE: not-for-us (Land Down Under)
+ NOT-FOR-US: Land Down Under
CAN-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
- NOTE: not-for-us (Land Down Under)
+ NOT-FOR-US: Land Down Under
CAN-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...)
- NOTE: not-for-us (Burning Board)
+ NOT-FOR-US: Burning Board
CAN-2005-2671
NOTE: rejected
CAN-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...)
- NOTE: not-for-us (HAURI)
+ NOT-FOR-US: HAURI
CAN-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...)
- NOTE: not-for-us (Computer Associates)
+ NOT-FOR-US: Computer Associates
CAN-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...)
- NOTE: not-for-us (Computer Associates)
+ NOT-FOR-US: Computer Associates
CAN-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...)
- NOTE: not-for-us (Computer Associates)
+ NOT-FOR-US: Computer Associates
CAN-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...)
- openssh 1:4.0p1-1 (low)
CAN-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...)
- NOTE: not-for-us (elm-me+ is no longer in unstable or testing)
+ NOT-FOR-US: elm-me+ is no longer in unstable or testing
CAN-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...)
- NOTE: not-for-us (Whisper)
+ NOT-FOR-US: Whisper
CAN-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...)
- masqmail <unfixed> (low; bug #329307)
CAN-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...)
@@ -888,25 +888,25 @@
{DTSA-17-1}
- lm-sensors 1:2.9.1-6etch1 (bug #324193; medium)
CAN-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...)
- NOTE: not-for-us (BBCaffe)
+ NOT-FOR-US: BBCaffe
CAN-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...)
- NOTE: not-for-us (Zorum)
+ NOT-FOR-US: Zorum
CAN-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute ...)
- NOTE: not-for-us (Zorum)
+ NOT-FOR-US: Zorum
CAN-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa ...)
- NOTE: not-for-us (Emefa Guestbook)
+ NOT-FOR-US: Emefa Guestbook
CAN-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...)
- NOTE: not-for-us (ATutor)
+ NOT-FOR-US: ATutor
CAN-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ...)
- NOTE: not-for-us (W-Agora)
+ NOT-FOR-US: W-Agora
CAN-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web ...)
- NOTE: not-for-us (Xerox MicroServer Web Server in Document Centre)
+ NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CAN-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
- NOTE: not-for-us (Xerox MicroServer Web Server in Document Centre)
+ NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CAN-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
- NOTE: not-for-us (Xerox MicroServer Web Server in Document Centre)
+ NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CAN-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl ...)
- NOTE: not-for-us (JaguarControl)
+ NOT-FOR-US: JaguarControl
CAN-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...)
- tor 0.1.0.14-1 (medium)
CAN-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...)
@@ -916,11 +916,11 @@
{DSA-785-1}
- libpam-ldap 178-1sarge1 (bug #324899; unknown)
CAN-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...)
- NOTE: not-for-us (Kerio WinRoute Firewall)
+ NOT-FOR-US: Kerio WinRoute Firewall
CAN-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...)
- NOTE: not-for-us (Outlook)
+ NOT-FOR-US: Outlook
CAN-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to ...)
- NOTE: not-for-us (MyProxy)
+ NOT-FOR-US: MyProxy
CAN-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass ...)
TODO: check
CAN-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain ...)
@@ -928,27 +928,27 @@
CAN-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, which is included in ...)
NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name."
CAN-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the ...)
- NOTE: not-for-us (DiamondCS)
+ NOT-FOR-US: DiamondCS
CAN-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...)
- NOTE: not-for-us (Juniper)
+ NOT-FOR-US: Juniper
CAN-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...)
- NOTE: not-for-us (World Poker Championship)
+ NOT-FOR-US: World Poker Championship
CAN-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...)
- NOTE: not-for-us (PHPFreeNews not in Debian)
+ NOT-FOR-US: PHPFreeNews
CAN-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
- NOTE: not-for-us (PHPFreeNews not in Debian)
+ NOT-FOR-US: PHPFreeNews
CAN-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...)
- phpadsnew <itp> (bug #226636)
CAN-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
- phpadsnew <itp> (bug #226636)
CAN-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...)
- NOTE: not-for-us (WinFTP Server)
+ NOT-FOR-US: WinFTP Server
CAN-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...)
- NOTE: not-for-us (PHPTB Topic Board not in Debian)
+ NOT-FOR-US: PHPTB Topic Board
CAN-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...)
- mediabox404 <itp> (bug #294397)
CAN-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2630
NOTE: reserved
CAN-2005-2629
@@ -962,34 +962,34 @@
{DSA-788-1 DTSA-1-1}
- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
- NOTE: not-for-us (MS IE)
+ NOT-FOR-US: MS IE
CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...)
- NOTE: not-for-us (Google Toolbar)
+ NOT-FOR-US: Google Toolbar
CAN-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...)
- NOTE: not-for-us (PHPNews not in Debian)
+ NOT-FOR-US: PHPNews
CAN-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite arbitrary ...)
- NOTE: not-for-us (wmFrog not in Debian)
+ NOT-FOR-US: wmFrog
NOTE: sent info to RFP #294352
CAN-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...)
- NOTE: not-for-us (Outpost Pro)
+ NOT-FOR-US: Outpost Pro
CAN-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...)
- NOTE: not-for-us (QuoteEngine not in Debian)
+ NOT-FOR-US: QuoteEngine
CAN-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...)
- NOTE: not-for-us (MadBMS not in Debian)
+ NOT-FOR-US: MadBMS
CAN-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...)
- NOTE: not-for-us (phpScheduleIt not in Debian)
+ NOT-FOR-US: phpScheduleIt
CAN-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...)
- NOTE: not-for-us (SillySearch not in Debian)
+ NOT-FOR-US: SillySearch
CAN-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...)
- NOTE: not-for-us (Easy Chat Server)
+ NOT-FOR-US: Easy Chat Server
CAN-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...)
- NOTE: not-for-us (Easy Chat Server)
+ NOT-FOR-US: Easy Chat Server
CAN-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...)
- NOTE: not-for-us (Easy Chat Server)
+ NOT-FOR-US: Easy Chat Server
CAN-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...)
- NOTE: not-for-us (ADA Image Server)
+ NOT-FOR-US: ADA Image Server
CAN-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...)
- NOTE: not-for-us (ADA Image Server)
+ NOT-FOR-US: ADA Image Server
CAN-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...)
- cplay 1.49-3 (medium)
CAN-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...)
@@ -999,117 +999,117 @@
CAN-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...)
- gnubiff 2.0.0 (medium)
CAN-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...)
- NOTE: not-for-us (Open WebMail)
+ NOT-FOR-US: Open WebMail
CAN-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...)
- NOTE: not-for-us (3Com OfficeConnect ADSL 11g Router)
+ NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router
CAN-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...)
- NOTE: not-for-us (miniBB)
+ NOT-FOR-US: miniBB
CAN-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...)
- NOTE: not-for-us (Sweex Wireless Broadband Router/Accesspoint 802.11g)
+ NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g
CAN-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...)
- NOTE: not-for-us (aMSN 0.90 for Microsoft Windows)
+ NOT-FOR-US: aMSN 0.90 for Microsoft Windows
CAN-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...)
- NOTE: not-for-us (Tutti Nova)
+ NOT-FOR-US: Tutti Nova
CAN-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...)
- NOTE: not-for-us (Hitachi Cosminexus Portal Framework)
+ NOT-FOR-US: Hitachi Cosminexus Portal Framework
CAN-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...)
- NOTE: not-for-us (Roger Wilco)
+ NOT-FOR-US: Roger Wilco
CAN-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...)
- NOTE: not-for-us (Roger Wilco)
+ NOT-FOR-US: Roger Wilco
CAN-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...)
- NOTE: not-for-us (Roger Wilco)
+ NOT-FOR-US: Roger Wilco
CAN-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...)
- NOTE: not-for-us (S-Mart Shopping Cart or RediCart)
+ NOT-FOR-US: S-Mart Shopping Cart or RediCart
CAN-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...)
- NOTE: not-for-us (*1st Class Mail Server)
+ NOT-FOR-US: *1st Class Mail Server
CAN-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...)
- NOTE: not-for-us (*1st Class Mail Server)
+ NOT-FOR-US: *1st Class Mail Server
CAN-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...)
- NOTE: not-for-us (Jaws)
+ NOT-FOR-US: Jaws
CAN-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...)
- NOTE: not-for-us (Jaws)
+ NOT-FOR-US: Jaws
CAN-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...)
- NOTE: not-for-us (Jaws)
+ NOT-FOR-US: Jaws
CAN-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...)
- NOTE: not-for-us (proxytunnel)
+ NOT-FOR-US: proxytunnel
CAN-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...)
- NOTE: not-for-us (HP printers)
+ NOT-FOR-US: HP printers
CAN-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...)
- NOTE: not-for-us (Computer Associates Unicenter Common Services)
+ NOT-FOR-US: Computer Associates Unicenter Common Services
CAN-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...)
- NOTE: not-for-us (PeopleSoft Human Resources Management System (HRMS))
+ NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS)
CAN-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...)
- NOTE: not-for-us (CPAINT ajax toolkit)
+ NOT-FOR-US: CPAINT ajax toolkit
CAN-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...)
- NOTE: not-for-us (CPAINT ajax toolkit)
+ NOT-FOR-US: CPAINT ajax toolkit
CAN-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of ...)
- NOTE: not-for-us (ECW Shop)
+ NOT-FOR-US: ECW Shop
CAN-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop ...)
- NOTE: not-for-us (ECW Shop)
+ NOT-FOR-US: ECW Shop
CAN-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain ...)
- NOTE: not-for-us (ECW Shop)
+ NOT-FOR-US: ECW Shop
CAN-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...)
- NOTE: not-for-us (Novell GroupWise)
+ NOT-FOR-US: Novell GroupWise
CAN-2005-2619
NOTE: reserved
CAN-2005-2618
NOTE: reserved
CAN-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
- NOTE: not-for-us (MS IE)
+ NOT-FOR-US: MS IE
CAN-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
- NOTE: not-for-us (ADM ActiveX control)
+ NOT-FOR-US: ADM ActiveX control
CAN-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (WinAgents TFTP Server not in Debian)
+ NOT-FOR-US: WinAgents TFTP Server
CAN-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...)
- NOTE: not-for-us (ignitionServer not in Debian)
+ NOT-FOR-US: ignitionServer
CAN-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...)
- NOTE: not-for-us (Trend OfficeScan)
+ NOT-FOR-US: Trend OfficeScan
CAN-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...)
- NOTE: not-for-us (EnderUNIX spamGuard)
+ NOT-FOR-US: EnderUNIX spamGuard
CAN-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...)
- NOTE: not-for-us (WWWguestbook not in Debian)
+ NOT-FOR-US: WWWguestbook
CAN-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
- NOTE: not-for-us (Axis Network Camera)
+ NOT-FOR-US: Axis Network Camera
CAN-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...)
- NOTE: not-for-us (Axis Network Camera)
+ NOT-FOR-US: Axis Network Camera
CAN-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
- NOTE: not-for-us (Axis Network Camera)
+ NOT-FOR-US: Axis Network Camera
CAN-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch ...)
- NOTE: not-for-us (Ipswitch IMail Server)
+ NOT-FOR-US: Ipswitch IMail Server
CAN-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote ...)
- NOTE: not-for-us (Ipswitch IMail Server)
+ NOT-FOR-US: Ipswitch IMail Server
CAN-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...)
- NOTE: not-for-us (Hitachi Job Management Partner)
+ NOT-FOR-US: Hitachi Job Management Partner
CAN-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...)
- NOTE: not-for-us (Hitachi Job Management Partner)
+ NOT-FOR-US: Hitachi Job Management Partner
CAN-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain ...)
- NOTE: not-for-us (Keene Digital Media Server)
+ NOT-FOR-US: Keene Digital Media Server
CAN-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...)
- NOTE: not-for-us (slimftpd not in debian)
+ NOT-FOR-US: slimftpd not in debian
CAN-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...)
- NOTE: not-for-us (smtp.proxy not in Debian)
+ NOT-FOR-US: smtp.proxy
CAN-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...)
- NOTE: not-for-us (ccproxy not in Debian)
+ NOT-FOR-US: ccproxy
CAN-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...)
- NOTE: not-for-us (Davenport not in Debian)
+ NOT-FOR-US: Davenport
CAN-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...)
- NOTE: not-for-us (VP-ASP Shopping Cart)
+ NOT-FOR-US: VP-ASP Shopping Cart
CAN-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 ...)
- NOTE: not-for-us (VP-ASP Shopping Cart)
+ NOT-FOR-US: VP-ASP Shopping Cart
CAN-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart ...)
- NOTE: not-for-us (VP-ASP Shopping Cart)
+ NOT-FOR-US: VP-ASP Shopping Cart
CAN-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through ...)
- samhain 2.0.2
CAN-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 ...)
@@ -1121,23 +1121,23 @@
CAN-2004-2406 (Unknown "overflow" in the phpgw_config table for phpGroupWare before ...)
- phpgroupware 0.9.14.002
CAN-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2004-2404 (blog.cgi in Leif Wright Web Blog 1.1.5 allows remote attackers to ...)
- NOTE: not-for-us (Leif Wright Web Blog)
+ NOT-FOR-US: Leif Wright Web Blog
CAN-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging ...)
- NOTE: not-for-us (Ipswitch IMail)
+ NOT-FOR-US: Ipswitch IMail
CAN-2004-2400 (WinFTP Server 1.6 stores username and password credentials in ...)
- NOTE: not-for-us (WinFTP Server)
+ NOT-FOR-US: WinFTP Server
CAN-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
- NOTE: not-for-us (Sidewinder)
+ NOT-FOR-US: Sidewinder
CAN-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...)
- NOTE: not-for-us (Netenberg Fantastico De Luxe)
+ NOT-FOR-US: Netenberg Fantastico De Luxe
CAN-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...)
- NOTE: not-for-us (Blue Coat)
+ NOT-FOR-US: Blue Coat
CAN-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...)
NOTE: shadow is a different code base, and does not have this problem
CAN-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ...)
@@ -1145,115 +1145,115 @@
CAN-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin ...)
NOTE: shadow is a different code base, and does not have this problem
CAN-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not ...)
- NOTE: not-for-us (Sun JSSE)
+ NOT-FOR-US: Sun JSSE
CAN-2004-2392 (libuser 0.51.7, as used in Mandrake Linux 9.1 through 10.0 and ...)
- NOTE: not-for-us (libuser)
+ NOT-FOR-US: libuser
CAN-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before ...)
- NOTE: not-for-us (jabber-gg-transport)
+ NOT-FOR-US: jabber-gg-transport
CAN-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport ...)
- NOTE: not-for-us (jabber-gg-transport)
+ NOT-FOR-US: jabber-gg-transport
CAN-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...)
- NOTE: not-for-us (jabber-gg-transport)
+ NOT-FOR-US: jabber-gg-transport
CAN-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...)
- NOTE: not-for-us (ECW-Shop)
+ NOT-FOR-US: ECW-Shop
CAN-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...)
NOTE: old freebsd
CAN-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...)
- NOTE: not-for-us (Sun JSSE and JRE)
+ NOT-FOR-US: Sun JSSE and JRE
CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...)
{DTSA-16-1}
NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html
NOTE: amd64 specific DOS
- linux-2.6 2.6.12-6
CAN-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...)
- NOTE: not-for-us (ezUpload)
+ NOT-FOR-US: ezUpload
CAN-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...)
- NOTE: not-for-us (EQdkp)
+ NOT-FOR-US: EQdkp
CAN-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...)
- NOTE: not-for-us (Discuz)
+ NOT-FOR-US: Discuz
CAN-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...)
- NOTE: not-for-us (CPAINT Ajax)
+ NOT-FOR-US: CPAINT Ajax
CAN-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...)
- wordpress 1.5.2-1 (bug #323040; high)
CAN-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...)
- NOTE: not-for-us (VERITAS Backup Exec for Windows Servers)
+ NOT-FOR-US: VERITAS Backup Exec for Windows Servers
CAN-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...)
- NOTE: not-for-us (VegaDNS)
+ NOT-FOR-US: VegaDNS
CAN-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...)
- NOTE: not-for-us (VegaDNS)
+ NOT-FOR-US: VegaDNS
CAN-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...)
- NOTE: not-for-us (SafeHTML)
+ NOT-FOR-US: SafeHTML
CAN-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...)
- NOTE: not-for-us (PHPSimplicity)
+ NOT-FOR-US: PHPSimplicity
CAN-2005-2606 (Unknown vulnerability in the "frontend authentication" in PHlyMail ...)
- NOTE: not-for-us (PHlyMail)
+ NOT-FOR-US: PHlyMail
CAN-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...)
- NOTE: not-for-us (Lasso Professional Server)
+ NOT-FOR-US: Lasso Professional Server
CAN-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...)
- NOTE: not-for-us (My Image Gallery (Mig))
+ NOT-FOR-US: My Image Gallery (Mig)
CAN-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...)
- NOTE: not-for-us (My Image Gallery (Mig))
+ NOT-FOR-US: My Image Gallery (Mig)
CAN-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...)
- mozilla-firefox <unfixed> (bug #324907; low)
TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird
CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products ...)
{DSA-798-1}
- egroupware-fudforum <unfixed> (bug #323928; medium)
- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...)
- NOTE: not-for-us (Hummingbird FTP for Connectivity)
+ NOT-FOR-US: Hummingbird FTP for Connectivity
CAN-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly ...)
- NOTE: not-for-us (Dokeos)
+ NOT-FOR-US: Dokeos
CAN-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...)
- NOTE: not-for-us (AOL Client)
+ NOT-FOR-US: AOL Client
CAN-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...)
- gallery 1.5-2 (medium)
CAN-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...)
- NOTE: not-for-us (Dada Mail)
+ NOT-FOR-US: Dada Mail
CAN-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...)
- NOTE: not-for-us (Apple Safari)
+ NOT-FOR-US: Apple Safari
CAN-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...)
- NOTE: not-for-us (MindAlign)
+ NOT-FOR-US: MindAlign
CAN-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...)
- NOTE: not-for-us (MindAlign)
+ NOT-FOR-US: MindAlign
CAN-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...)
- NOTE: not-for-us (MindAlign)
+ NOT-FOR-US: MindAlign
CAN-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...)
- NOTE: not-for-us (MindAlign)
+ NOT-FOR-US: MindAlign
CAN-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...)
- NOTE: not-for-us (WRT54GS wireless router)
+ NOT-FOR-US: WRT54GS wireless router
CAN-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...)
- NOTE: not-for-us (DVBBS)
+ NOT-FOR-US: DVBBS
CAN-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...)
- NOTE: not-for-us (PHPTB Topic Boards)
+ NOT-FOR-US: PHPTB Topic Boards
CAN-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...)
- NOTE: not-for-us (Mentor ADSL-FR4II router)
+ NOT-FOR-US: Mentor ADSL-FR4II router
CAN-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...)
- NOTE: not-for-us (Mentor ADSL-FR4II router)
+ NOT-FOR-US: Mentor ADSL-FR4II router
CAN-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...)
- NOTE: not-for-us (Mentor ADSL-FR4II router)
+ NOT-FOR-US: Mentor ADSL-FR4II router
CAN-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...)
- NOTE: not-for-us (Mentor ADSL-FR4II router)
+ NOT-FOR-US: Mentor ADSL-FR4II router
CAN-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...)
- NOTE: not-for-us (Kaspersky)
+ NOT-FOR-US: Kaspersky
CAN-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...)
- NOTE: not-for-us (Grandstream BudgeTone)
+ NOT-FOR-US: Grandstream BudgeTone
CAN-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...)
- NOTE: not-for-us (Contivity)
+ NOT-FOR-US: Contivity
CAN-2005-2578
NOTE: rejected
CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
- NOTE: not-for-us (Wyse Winterm)
+ NOT-FOR-US: Wyse Winterm
CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...)
- NOTE: not-for-us (CaLogic)
+ NOT-FOR-US: CaLogic
CAN-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...)
- NOTE: not-for-us (XMB Forum)
+ NOT-FOR-US: XMB Forum
CAN-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...)
- NOTE: not-for-us (XMB Forum)
+ NOT-FOR-US: XMB Forum
CAN-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...)
- mysql <not-affected> (Windows specific mysql holes)
- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
@@ -1263,31 +1263,31 @@
- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CAN-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly ...)
- NOTE: not-for-us (FunkBoard)
+ NOT-FOR-US: FunkBoard
CAN-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote ...)
- NOTE: not-for-us (FunkBoard)
+ NOT-FOR-US: FunkBoard
CAN-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard ...)
- NOTE: not-for-us (FunkBoard)
+ NOT-FOR-US: FunkBoard
CAN-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 ...)
- NOTE: not-for-us (SysCP)
+ NOT-FOR-US: SysCP
CAN-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier ...)
- NOTE: not-for-us (SysCP)
+ NOT-FOR-US: SysCP
CAN-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (Gravity Board X (GBX))
+ NOT-FOR-US: Gravity Board X (GBX)
CAN-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity ...)
- NOTE: not-for-us (Gravity Board X (GBX))
+ NOT-FOR-US: Gravity Board X (GBX)
CAN-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...)
- NOTE: not-for-us (Gravity Board X (GBX))
+ NOT-FOR-US: Gravity Board X (GBX)
CAN-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...)
- NOTE: not-for-us (Gravity Board X (GBX))
+ NOT-FOR-US: Gravity Board X (GBX)
CAN-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote ...)
- NOTE: not-for-us (MYFAQ)
+ NOT-FOR-US: MYFAQ
CAN-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 ...)
- NOTE: not-for-us (CFBB)
+ NOT-FOR-US: CFBB
CAN-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows ...)
- NOTE: not-for-us (e107 portal)
+ NOT-FOR-US: e107 portal
CAN-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...)
- mysql-dfsg-4.1 4.1.13 (medium)
- mysql-dfsg-5.0 5.0.7beta-1 (medium)
@@ -1304,177 +1304,177 @@
- linux-2.6.12 2.6.12-6 (medium)
- kernel-source-2.4.27 2.4.27-12 (medium)
CAN-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...)
- NOTE: not-for-us (rexecd)
+ NOT-FOR-US: rexecd
CAN-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...)
- NOTE: not-for-us (sercd)
+ NOT-FOR-US: sercd
CAN-2004-2386 (Format string vulnerability in the LogMsg function in sercd before ...)
- NOTE: not-for-us (sercd)
+ NOT-FOR-US: sercd
CAN-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path ...)
- NOTE: not-for-us (EMU Webmail)
+ NOT-FOR-US: EMU Webmail
CAN-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote ...)
- jetty 4.2.19-1 (medium)
CAN-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight ...)
- NOTE: not-for-us (Twilight Utilities Web Server)
+ NOT-FOR-US: Twilight Utilities Web Server
CAN-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...)
- NOTE: not-for-us (@Mail)
+ NOT-FOR-US: @Mail
CAN-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (@Mail)
+ NOT-FOR-US: @Mail
CAN-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a ...)
- NOTE: not-for-us (Alcatel OmniSwitch)
+ NOT-FOR-US: Alcatel OmniSwitch
CAN-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server ...)
- NOTE: not-for-us (Twilight Utilities Web Server)
+ NOT-FOR-US: Twilight Utilities Web Server
CAN-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...)
- NOTE: not-for-us (1st Class Mail Server)
+ NOT-FOR-US: 1st Class Mail Server
CAN-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the ...)
- NOTE: not-for-us (BadBlue)
+ NOT-FOR-US: BadBlue
CAN-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...)
- NOTE: not-for-us (AIM)
+ NOT-FOR-US: AIM
CAN-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows ...)
- bochs 2.1.1-1
CAN-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and ...)
- NOTE: not-for-us (Red Storm Games)
+ NOT-FOR-US: Red Storm Games
CAN-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 ...)
- NOTE: not-for-us (Opt-X)
+ NOT-FOR-US: Opt-X
CAN-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...)
- NOTE: not-for-us (WFTPD)
+ NOT-FOR-US: WFTPD
CAN-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 ...)
- NOTE: not-for-us (GlobalScape Secure FTP Server)
+ NOT-FOR-US: GlobalScape Secure FTP Server
CAN-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through ...)
- NOTE: not-for-us (PHPX CMS)
+ NOT-FOR-US: PHPX CMS
CAN-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...)
- NOTE: not-for-us (PHPX CMS)
+ NOT-FOR-US: PHPX CMS
CAN-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...)
- NOTE: not-for-us (PHPX CMS)
+ NOT-FOR-US: PHPX CMS
CAN-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...)
- NOTE: not-for-us (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0)
+ NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0
CAN-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Targem Battle Mages)
+ NOT-FOR-US: Targem Battle Mages
CAN-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...)
- NOTE: not-for-us (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet)
+ NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
CAN-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...)
- phpbb2 2.0.6c (low)
CAN-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...)
- NOTE: not-for-us (roofpoint Protection Server)
+ NOT-FOR-US: roofpoint Protection Server
CAN-2004-2356 (Fizmez Web Server 1.0 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Fizmez)
+ NOT-FOR-US: Fizmez
CAN-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...)
- NOTE: not-for-us (Crafty Syntax Live Help)
+ NOT-FOR-US: Crafty Syntax Live Help
CAN-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...)
- NOTE: not-for-us (4nGuestbook)
+ NOT-FOR-US: 4nGuestbook
CAN-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...)
- NOTE: not-for-us (BugPort)
+ NOT-FOR-US: BugPort
CAN-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...)
- NOTE: not-for-us (GBook)
+ NOT-FOR-US: GBook
CAN-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...)
- NOTE: not-for-us (GBook)
+ NOT-FOR-US: GBook
CAN-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...)
- phpbb2 2.0.8 (low)
CAN-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...)
- NOTE: not-for-us (Tunez)
+ NOT-FOR-US: Tunez
CAN-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...)
- NOTE: not-for-us (Sybari AntiGen for Domino)
+ NOT-FOR-US: Sybari AntiGen for Domino
CAN-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...)
- NOTE: not-for-us (Leif M. Wright Web Blog)
+ NOT-FOR-US: Leif M. Wright Web Blog
CAN-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...)
- NOTE: not-for-us (Forum Web Server )
+ NOT-FOR-US: Forum Web Server
CAN-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...)
- NOTE: not-for-us (VocalTec)
+ NOT-FOR-US: VocalTec
CAN-2004-2343 (** DISPUTED ** ...)
NOTE: apache disputes this and I agree -- joeyh
CAN-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (ChatterBox)
+ NOT-FOR-US: ChatterBox
CAN-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...)
- NOTE: not-for-us (iSearch)
+ NOT-FOR-US: iSearch
CAN-2004-2340 (** UNVERIFIABLE ** ...)
- NOTE: not-for-us (PunkBuster Screenshot Database)
+ NOT-FOR-US: PunkBuster Screenshot Database
CAN-2004-2339 (** DISPUTED ** ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...)
- NOTE: not-for-us (inlook)
+ NOT-FOR-US: inlook
CAN-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...)
- NOTE: not-for-us (Novel Groupwise)
+ NOT-FOR-US: Novel Groupwise
CAN-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...)
- NOTE: not-for-us (Macromedia installers and e-licensing client on Mac OS X)
+ NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X
CAN-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...)
- NOTE: not-for-us (EMU Webmail)
+ NOT-FOR-US: EMU Webmail
CAN-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...)
- NOTE: not-for-us (Bodington)
+ NOT-FOR-US: Bodington
CAN-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...)
- NOTE: not-for-us (WWW::Form)
+ NOT-FOR-US: WWW::Form
CAN-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...)
- NOTE: not-for-us (Kerio Personal Firewal)
+ NOT-FOR-US: Kerio Personal Firewal
CAN-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...)
- NOTE: not-for-us (Clearswift MAILsweeper )
+ NOT-FOR-US: Clearswift MAILsweeper
CAN-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Vizer)
+ NOT-FOR-US: Vizer
CAN-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...)
- NOTE: not-for-us (IP3 Networks NetAccess)
+ NOT-FOR-US: IP3 Networks NetAccess
CAN-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...)
- NOTE: not-for-us (DotNetNuke)
+ NOT-FOR-US: DotNetNuke
CAN-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...)
- NOTE: not-for-us (DotNetNuke)
+ NOT-FOR-US: DotNetNuke
CAN-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows ...)
- NOTE: not-for-us (DotNetNuke)
+ NOT-FOR-US: DotNetNuke
CAN-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CAN-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...)
- NOTE: not-for-us (IBM Informatik Dynamic Server)
+ NOT-FOR-US: IBM Informatik Dynamic Server
CAN-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server ...)
- NOTE: not-for-us (SurgeFTP Server)
+ NOT-FOR-US: SurgeFTP Server
CAN-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 ...)
- NOTE: not-for-us (AppWeb HTTP server)
+ NOT-FOR-US: AppWeb HTTP server
CAN-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
- NOTE: not-for-us (AppWeb HTTP server)
+ NOT-FOR-US: AppWeb HTTP server
CAN-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
- NOTE: not-for-us (AppWeb HTTP server)
+ NOT-FOR-US: AppWeb HTTP server
CAN-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...)
- NOTE: not-for-us (Novell iChain Server)
+ NOT-FOR-US: Novell iChain Server
CAN-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...)
TODO: check
NOTE: Did not find reference to fix in upstream changelog or any other hint that it is fixed
NOTE: pinged Maintainer
CAN-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...)
- NOTE: not-for-us (AIX only)
+ NOT-FOR-US: AIX only
CAN-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows ...)
- NOTE: not-for-us (Crob FTP Server)
+ NOT-FOR-US: Crob FTP Server
CAN-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...)
- NOTE: not-for-us (cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel)
+ NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel
CAN-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote ...)
- NOTE: not-for-us (MS IE)
+ NOT-FOR-US: MS IE
CAN-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...)
- NOTE: not-for-us (Computer Associates)
+ NOT-FOR-US: Computer Associates
CAN-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...)
- mtools 3.9.9
CAN-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...)
@@ -1482,61 +1482,61 @@
CAN-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...)
- gallery 1.4.1
CAN-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for ...)
- gallery 1.3.3
CAN-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
- clamav 0.86.2-1 (low)
CAN-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
- NOTE: not-for-us (Network Associated ePolicy Orchestrator Agent)
+ NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CAN-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
- kernel-source-2.4.27 <unfixed> (bug #323363; medium)
CAN-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...)
- NOTE: not-for-us (Integrated Light Out in HP servers)
+ NOT-FOR-US: Integrated Light Out in HP servers
CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
- NOTE: not-for-us (Novell eDirectory)
+ NOT-FOR-US: Novell eDirectory
CAN-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...)
{DSA-782-1 DTSA-9-1}
- bluez-utils 2.19-0.1etch1 (bug #323365; medium)
CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (Arab Portal)
+ NOT-FOR-US: Arab Portal
CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
- NOTE: not-for-us (PHPOpenChat)
+ NOT-FOR-US: PHPOpenChat
CAN-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...)
- NOTE: not-for-us (Comdev eCommerce)
+ NOT-FOR-US: Comdev eCommerce
CAN-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...)
- NOTE: not-for-us (Comdev eCommerce)
+ NOT-FOR-US: Comdev eCommerce
CAN-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...)
NOTE: This is intended behaviour, after all tar is an archiving tool and you
NOTE: need to give -p as a command line flag
- tar <unfixed> (bug #328228; unimportant)
CAN-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when ...)
{DSA-792-1}
- pstotext 1.9-2 (medium)
CAN-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
- NOTE: not-for-us (ARCserve Backup)
+ NOT-FOR-US: ARCserve Backup
CAN-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...)
- openvpn 2.0.2-1 (bug #324167; high)
CAN-2005-2533 (OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging ...)
@@ -1554,57 +1554,57 @@
CAN-2005-2527
NOTE: reserved
CAN-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...)
- NOTE: not-for-us (MacOS X)
+ NOT-FOR-US: MacOS X
CAN-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...)
- NOTE: not-for-us (MacOS X)
+ NOT-FOR-US: MacOS X
CAN-2005-2524
NOTE: reserved
CAN-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...)
- NOTE: not-for-us (Weblog Server in Mac OS X)
+ NOT-FOR-US: Weblog Server in Mac OS X
CAN-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...)
NOTE: Does not affect 2.6.8 or 2.4.27, fixed in current 2.6.12 kernels
- linux-2.6 2.6.12-1 (medium)
@@ -1674,45 +1674,45 @@
CAN-2005-XXXX [Unspecified buffer overflow in metar]
- metar 20050807.1-1 (unknown)
CAN-2005-2489 (Web Content Management News System allows remote attackers to create ...)
- NOTE: not-for-us (Web Content Management News System)
+ NOT-FOR-US: Web Content Management News System
CAN-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...)
- NOTE: not-for-us (Web Content Management News System)
+ NOT-FOR-US: Web Content Management News System
CAN-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...)
- NOTE: not-for-us (Sun switches)
+ NOT-FOR-US: Sun switches
CAN-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...)
- NOTE: not-for-us (PortailPHP)
+ NOT-FOR-US: PortailPHP
CAN-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...)
- NOTE: not-for-us (Logicampus)
+ NOT-FOR-US: Logicampus
CAN-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...)
- NOTE: not-for-us (Denora IRC stats)
+ NOT-FOR-US: Denora IRC stats
CAN-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote ...)
- NOTE: not-for-us (Karrigell)
+ NOT-FOR-US: Karrigell
CAN-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...)
- NOTE: not-for-us (Metasploit Framework)
+ NOT-FOR-US: Metasploit Framework
CAN-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (Fusebox)
+ NOT-FOR-US: Fusebox
CAN-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...)
- NOTE: not-for-us (Fusebox)
+ NOT-FOR-US: Fusebox
CAN-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...)
- NOTE: not-for-us (Quick 'n Easy FTP Server)
+ NOT-FOR-US: Quick 'n Easy FTP Server
CAN-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...)
- NOTE: not-for-us (Silvernews)
+ NOT-FOR-US: Silvernews
CAN-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...)
- NOTE: not-for-us (Naxtor Shopping Cart)
+ NOT-FOR-US: Naxtor Shopping Cart
CAN-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...)
- NOTE: not-for-us (Naxtor Shopping Cart)
+ NOT-FOR-US: Naxtor Shopping Cart
CAN-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...)
- unzip <unfixed> (bug #321927; low)
CAN-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...)
- NOTE: not-for-us (ChurchInfo)
+ NOT-FOR-US: ChurchInfo
CAN-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...)
- NOTE: not-for-us (ChurchInfo)
+ NOT-FOR-US: ChurchInfo
CAN-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...)
- NOTE: not-for-us (BusinessMail)
+ NOT-FOR-US: BusinessMail
CAN-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when ...)
- netpbm 2:10.0-9 (bug #319757; low)
CAN-2005-2470 (Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 ...)
- NOTE: not-for-us (Adobe)
+ NOT-FOR-US: Adobe
CAN-2005-2469
NOTE: reserved
CAN-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
@@ -1726,102 +1726,102 @@
- linux-2.6 2.6.12-3 (bug #323173; medium)
- kernel-source-2.4.27 2.4.27-11 (medium)
CAN-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)
NOTE: snmpd is neither setuid nor setgid in Debian
CAN-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...)
- NOTE: not-for-us (Omnicron)
+ NOT-FOR-US: Omnicron
CAN-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...)
- NOTE: not-for-us (Novell Internet Messaging System)
+ NOT-FOR-US: Novell Internet Messaging System
CAN-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...)
- NOTE: not-for-us (Pointsec)
+ NOT-FOR-US: Pointsec
CAN-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...)
- NOTE: not-for-us (SurfControl)
+ NOT-FOR-US: SurfControl
CAN-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...)
- NOTE: not-for-us (Novell eDirectory)
+ NOT-FOR-US: Novell eDirectory
CAN-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...)
- NOTE: not-for-us (Blue World Lasso Web Data Engine)
+ NOT-FOR-US: Blue World Lasso Web Data Engine
CAN-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...)
- NOTE: not-for-us (Netgear RM-356 and RT-338 series SOHO routers)
+ NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers
CAN-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...)
NOTE: nor-for-us (Hyper NIKKI System (HNS) Lite)
CAN-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...)
- netjuke 1.0b7
CAN-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...)
- NOTE: not-for-us (HTMLsearch)
+ NOT-FOR-US: HTMLsearch
CAN-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...)
- NOTE: not-for-us (RCA Digital Cable Modem)
+ NOT-FOR-US: RCA Digital Cable Modem
CAN-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Fwmon)
+ NOT-FOR-US: Fwmon
CAN-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...)
- NOTE: not-for-us (RCA Digital Cable Modems DCM225 and DCM225E)
+ NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E
CAN-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...)
NOTE: debian's nms-formmail is a reimplementation of old formmail
CAN-2002-2108 (Unknown vulnerability in the "VAIO Manual" software in certain Sony ...)
- NOTE: not-for-us (Sony VAIO)
+ NOT-FOR-US: Sony VAIO
CAN-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...)
- NOTE: not-for-us (OpenKeyServer)
+ NOT-FOR-US: OpenKeyServer
CAN-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...)
- NOTE: not-for-us (WikkiTikkiTavi)
+ NOT-FOR-US: WikkiTikkiTavi
CAN-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...)
- NOTE: not-for-us (Ganglia PHP RRD Web Client)
+ NOT-FOR-US: Ganglia PHP RRD Web Client
NOTE: not ganglia-monitor
CAN-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...)
- apache 1.3.24 (low)
CAN-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...)
- libjzlib-java 0.0.7 (low)
CAN-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...)
NOTE: ddd is not setuid/gid so not exploitable
CAN-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...)
- NOTE: not-for-us (Axspawn-pam)
+ NOT-FOR-US: Axspawn-pam
CAN-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...)
- maradns 0.9.01 (low)
CAN-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...)
- NOTE: not-for-us (Netware)
+ NOT-FOR-US: Netware
CAN-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...)
- NOTE: not-for-us (Joe Testa hellbent 01 webserver)
+ NOT-FOR-US: Joe Testa hellbent 01 webserver
CAN-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...)
- NOTE: not-for-us (Joe Testa hellbent 01 webserver)
+ NOT-FOR-US: Joe Testa hellbent 01 webserver
CAN-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...)
- NOTE: not-for-us (OpenBSD/NetBSD/FreeBSD)
+ NOT-FOR-US: OpenBSD/NetBSD/FreeBSD
CAN-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...)
- NOTE: not-for-us (decfingerd)
+ NOT-FOR-US: decfingerd
CAN-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...)
- NOTE: not-for-us (aucho Technology Resin server)
+ NOT-FOR-US: aucho Technology Resin server
CAN-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...)
- NOTE: not-for-us (clump/os)
+ NOT-FOR-US: clump/os
CAN-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...)
TODO: check firebird as it's based on InterBase 6.0
CAN-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...)
- NOTE: not-for-us (ScriptEase)
+ NOT-FOR-US: ScriptEase
CAN-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...)
- NOTE: not-for-us (UnixWare/OpenUnix)
+ NOT-FOR-US: UnixWare/OpenUnix
CAN-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...)
- NOTE: not-for-us (CDE)
+ NOT-FOR-US: CDE
CAN-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ...)
NOTE: insufficient info to check, but not same code base
CAN-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in ...)
- NOTE: not-for-us (Trend Micro InterScan VirusWall)
+ NOT-FOR-US: Trend Micro InterScan VirusWall
CAN-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall ...)
- NOTE: not-for-us (Trend Micro InterScan VirusWall)
+ NOT-FOR-US: Trend Micro InterScan VirusWall
CAN-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
- wine <unfixed> (bug #321470; low)
CAN-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension]
@@ -1877,21 +1877,21 @@
- linux-2.6 2.6.12-2 (bug #321401; medium)
- kernel-source-2.4.27 2.4.27-11 (medium)
CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
- NOTE: not-for-us (Greasemonkey)
+ NOT-FOR-US: Greasemonkey
CAN-2005-2454
NOTE: reserved
CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
- NOTE: not-for-us (NetworkActiv Web Server)
+ NOT-FOR-US: NetworkActiv Web Server
CAN-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...)
NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7
- tiff 3.7.0-1
CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
{DSA-776-1 DTSA-3-1}
- clamav 0.86.2-1 (medium)
CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
- NOTE: not-for-us (sandbox)
+ NOT-FOR-US: sandbox
CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow ...)
{DSA-813-1 DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
@@ -1901,31 +1901,31 @@
CAN-2005-2446
NOTE: rejected
CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...)
- NOTE: not-for-us (Product Cart)
+ NOT-FOR-US: Product Cart
CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...)
- NOTE: not-for-us (KShout)
+ NOT-FOR-US: KShout
CAN-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...)
- NOTE: not-for-us (SPI Dynamics Web Inspect)
+ NOT-FOR-US: SPI Dynamics Web Inspect
CAN-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...)
- NOTE: not-for-us (VBzoom)
+ NOT-FOR-US: VBzoom
CAN-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...)
- NOTE: not-for-us (Thomson Web Skill Vantage Manager)
+ NOT-FOR-US: Thomson Web Skill Vantage Manager
CAN-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...)
- NOTE: not-for-us (UseBB)
+ NOT-FOR-US: UseBB
CAN-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...)
- NOTE: not-for-us (UseBB)
+ NOT-FOR-US: UseBB
CAN-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...)
- NOTE: not-for-us (Website Baker)
+ NOT-FOR-US: Website Baker
CAN-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...)
- NOTE: not-for-us (Website Baker)
+ NOT-FOR-US: Website Baker
CAN-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...)
- NOTE: not-for-us (Linksys hardware)
+ NOT-FOR-US: Linksys hardware
CAN-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...)
- NOTE: not-for-us (PhpList)
+ NOT-FOR-US: PhpList
CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
- NOTE: not-for-us (PhpList)
+ NOT-FOR-US: PhpList
CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
- gforge (bug #328224; unimportant)
@@ -1935,88 +1935,88 @@
- gforge (bug #328224; medium)
NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
- NOTE: not-for-us (Firefox on Windows)
+ NOT-FOR-US: Firefox on Windows
CAN-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
- NOTE: not-for-us (CartWIZ)
+ NOT-FOR-US: CartWIZ
CAN-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...)
- NOTE: not-for-us (FTPshell Server)
+ NOT-FOR-US: FTPshell Server
CAN-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...)
- NOTE: not-for-us (Ares FileShare)
+ NOT-FOR-US: Ares FileShare
CAN-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...)
- NOTE: not-for-us (Siemens hardware)
+ NOT-FOR-US: Siemens hardware
CAN-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (Beehive)
+ NOT-FOR-US: Beehive
CAN-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...)
- NOTE: not-for-us (Beehive)
+ NOT-FOR-US: Beehive
CAN-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...)
- NOTE: not-for-us (Beehive)
+ NOT-FOR-US: Beehive
CAN-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...)
- NOTE: not-for-us (FtpLocate)
+ NOT-FOR-US: FtpLocate
CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...)
- NOTE: not-for-us (hardware issue)
+ NOT-FOR-US: hardware issue
CAN-2005-2418
NOTE: rejected
- NOTE: not-for-us (Realchat)
+ NOT-FOR-US: Realchat
CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (Contrexx)
+ NOT-FOR-US: Contrexx
CAN-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
- NOTE: not-for-us (Contrexx)
+ NOT-FOR-US: Contrexx
CAN-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
- NOTE: not-for-us (Contrexx)
+ NOT-FOR-US: Contrexx
CAN-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
- mozilla-firefox (bug #327549; medium)
- mozilla (bug #327550; medium)
TODO: check more Mozilla-based browsers
CAN-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...)
- NOTE: not-for-us (Atomic Photo Album)
+ NOT-FOR-US: Atomic Photo Album
CAN-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...)
- NOTE: not-for-us (First Post)
+ NOT-FOR-US: First Post
CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...)
{DSA-808-1}
- tdiary 2.0.2-1 (medium)
CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
- NOTE: not-for-us (Network Manager)
+ NOT-FOR-US: Network Manager
CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...)
- NOTE: not-for-us (nbsmtp)
+ NOT-FOR-US: nbsmtp
CAN-2005-2408
NOTE: reserved
CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform "link ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...)
- NOTE: not-for-us (Alt-N Technologies Mdaemon)
+ NOT-FOR-US: Alt-N Technologies Mdaemon
CAN-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...)
- NOTE: not-for-us (Light Web File Manager)
+ NOT-FOR-US: Light Web File Manager
CAN-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...)
- NOTE: not-for-us (ActivePerl)
+ NOT-FOR-US: ActivePerl
CAN-2004-2285
NOTE: rejected
- NOTE: not-for-us (Perl on Windows)
+ NOT-FOR-US: Perl on Windows
CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2005-XXXX [DoS against rsync in embedded zlib copy]
NOTE: This is distinct from CAN-2005-2096, please see rsync's 2.6.6 announcement
NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3
@@ -2025,76 +2025,76 @@
NOTE: zlib 1.2 are affected as well
- rsync 2.6.6-1 (low)
CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
- NOTE: not-for-us (Sendcard)
+ NOT-FOR-US: Sendcard
CAN-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...)
- NOTE: not-for-us (RealChat)
+ NOT-FOR-US: RealChat
CAN-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...)
- NOTE: not-for-us (PHPSiteSearch)
+ NOT-FOR-US: PHPSiteSearch
CAN-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...)
- NOTE: not-for-us (PHPFinance)
+ NOT-FOR-US: PHPFinance
CAN-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via ...)
- NOTE: not-for-us (PHP Surveyor)
+ NOT-FOR-US: PHP Surveyor
CAN-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows ...)
- NOTE: not-for-us (PHP Surveyor)
+ NOT-FOR-US: PHP Surveyor
CAN-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...)
- NOTE: not-for-us (phpBook)
+ NOT-FOR-US: phpBook
CAN-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...)
- mediawiki <itp> (bug #276057)
CAN-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
- mozilla-firefox <unfixed> (bug #320539; medium)
- mozilla <unfixed> (bug #320538; medium)
CAN-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...)
- NOTE: not-for-us (CMSimple)
+ NOT-FOR-US: CMSimple
CAN-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...)
- NOTE: not-for-us (3Com OfficeConnect Wireless 11g AP)
+ NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
CAN-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...)
{DSA-795-2}
- proftpd 1.2.10-20 (low)
NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CAN-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...)
- NOTE: not-for-us (Veritas NetBackup)
+ NOT-FOR-US: Veritas NetBackup
CAN-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...)
- NOTE: not-for-us (some windows USB driver)
+ NOT-FOR-US: some windows USB driver
CAN-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 ...)
- NOTE: not-for-us (GoodTech SMTP server)
+ NOT-FOR-US: GoodTech SMTP server
CAN-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
- NOTE: not-for-us (CartWIZ)
+ NOT-FOR-US: CartWIZ
CAN-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...)
- NOTE: not-for-us (UNACEV2.DLL)
+ NOT-FOR-US: UNACEV2.DLL
CAN-2005-2384 (Directory traversal vulnerability in a third-party compression library ...)
- NOTE: not-for-us (UNACEV2.DLL)
+ NOT-FOR-US: UNACEV2.DLL
CAN-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...)
- NOTE: not-for-us (PHPNews)
+ NOT-FOR-US: PHPNews
CAN-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM ...)
- NOTE: not-for-us (Oray PeanutHull)
+ NOT-FOR-US: Oray PeanutHull
CAN-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (PHP Surveyor)
+ NOT-FOR-US: PHP Surveyor
CAN-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 ...)
- NOTE: not-for-us (PHP Surveyor)
+ NOT-FOR-US: PHP Surveyor
CAN-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...)
- NOTE: not-for-us (Oracle Reports)
+ NOT-FOR-US: Oracle Reports
CAN-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files via an ...)
- NOTE: not-for-us (Oracle Reports)
+ NOT-FOR-US: Oracle Reports
CAN-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...)
NOTE: appears to be Mandrake specfic
CAN-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...)
- NOTE: not-for-us (Race Driver)
+ NOT-FOR-US: Race Driver
CAN-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows ...)
- NOTE: not-for-us (Race Driver)
+ NOT-FOR-US: Race Driver
CAN-2005-2374 (Belkin 54g wireless routers do not properly set an administrative ...)
- NOTE: not-for-us (Belkin 54g wireless routers)
+ NOT-FOR-US: Belkin 54g wireless routers
CAN-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...)
- NOTE: not-for-us (SlimFTPd)
+ NOT-FOR-US: SlimFTPd
CAN-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...)
- NOTE: not-for-us (Oracle Forms)
+ NOT-FOR-US: Oracle Forms
CAN-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows ...)
- NOTE: not-for-us (Oracle Reports)
+ NOT-FOR-US: Oracle Reports
CAN-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before ...)
{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
- gaim 1:1.4.0-5 (low)
@@ -2125,9 +2125,9 @@
CAN-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...)
- kfreebsd-5 5.3-1 (medium)
CAN-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list ...)
- NOTE: not-for-us (EMC Navisphere Manager)
+ NOT-FOR-US: EMC Navisphere Manager
CAN-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...)
- NOTE: not-for-us (EMC Navisphere Manager)
+ NOT-FOR-US: EMC Navisphere Manager
CAN-2005-2355
NOTE: rejected
NOTE: see CAN-2005-2356
@@ -2135,7 +2135,7 @@
NOTE: reserved
- xsupplicant 1.0.1-5 (bug #317703; low)
CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-2345
NOTE: reserved
CAN-2005-2344
@@ -2157,37 +2157,37 @@
CAN-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
- hiki 0.8.2-1
CAN-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...)
- NOTE: not-for-us (Y.SAK)
+ NOT-FOR-US: Y.SAK
CAN-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...)
- NOTE: not-for-us (smilies_popup.php)
+ NOT-FOR-US: smilies_popup.php
CAN-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a ...)
- NOTE: not-for-us (PHPPageProtect)
+ NOT-FOR-US: PHPPageProtect
CAN-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...)
- NOTE: not-for-us (MooseGallery)
+ NOT-FOR-US: MooseGallery
CAN-2005-2330 (Directory traversal vulnerability in update.php in osCommerce 2.2 ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, ...)
- NOTE: not-for-us (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S)
+ NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
CAN-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 ...)
- NOTE: not-for-us (Laffer)
+ NOT-FOR-US: Laffer
CAN-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
- NOTE: not-for-us (Clever Copy)
+ NOT-FOR-US: Clever Copy
CAN-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full ...)
- NOTE: not-for-us (Clever Copy)
+ NOT-FOR-US: Clever Copy
CAN-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
- NOTE: not-for-us (Clever Copy)
+ NOT-FOR-US: Clever Copy
CAN-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and ...)
- NOTE: not-for-us (Class-1 Forum)
+ NOT-FOR-US: Class-1 Forum
CAN-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and ...)
- NOTE: not-for-us (Class-1 Forum)
+ NOT-FOR-US: Class-1 Forum
CAN-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...)
- NOTE: not-for-us (CaLogic)
+ NOT-FOR-US: CaLogic
CAN-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and ...)
- NOTE: not-for-us (Yawp)
+ NOT-FOR-US: Yawp
CAN-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...)
- NOTE: not-for-us (DVBBS)
+ NOT-FOR-US: DVBBS
CAN-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...)
- shorewall 2.4.1-2 (bug #318946; medium)
CAN-2005-2316
@@ -2195,31 +2195,31 @@
CAN-2005-2315
NOTE: reserved
CAN-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...)
- NOTE: not-for-us (PHPsFTPd)
+ NOT-FOR-US: PHPsFTPd
CAN-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...)
- NOTE: not-for-us (Check Point SecuRemote NG with Application Intelligence)
+ NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence
CAN-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...)
- NOTE: not-for-us (Realnode Emilda)
+ NOT-FOR-US: Realnode Emilda
CAN-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
- sms-pl <unfixed> (bug #320540; unimportant)
NOTE: vulnerable contrib file only in source package
CAN-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...)
- NOTE: not-for-us (Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0)
+ NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0
CAN-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...)
- NOTE: not-for-us (DG Remote Control Server)
+ NOT-FOR-US: DG Remote Control Server
CAN-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2303
NOTE: rejected
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
{DSA-771-1}
- pdns 2.9.18-1 (medium; bug #318798)
@@ -2227,94 +2227,94 @@
{DSA-771-1}
- pdns 2.9.18-1 (medium; bug #318798)
CAN-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...)
- NOTE: not-for-us (Skype)
+ NOT-FOR-US: Skype
CAN-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...)
- NOTE: not-for-us (Simple Message Board)
+ NOT-FOR-US: Simple Message Board
CAN-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...)
NOTE: BitDefender can be used by AMaViS but is not shipped in Debian
CAN-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...)
- NOTE: not-for-us (Sybase EAServer)
+ NOT-FOR-US: Sybase EAServer
CAN-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (YabbSE)
+ NOT-FOR-US: YabbSE
CAN-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...)
- netpanzer <unfixed> (bug #318329; medium)
CAN-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...)
- NOTE: not-for-us (WPS)
+ NOT-FOR-US: WPS
CAN-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (PHPCounter)
+ NOT-FOR-US: PHPCounter
CAN-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...)
- NOTE: not-for-us (PHPCounter)
+ NOT-FOR-US: PHPCounter
CAN-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...)
- NOTE: not-for-us (SoftiaCom wMailServer)
+ NOT-FOR-US: SoftiaCom wMailServer
CAN-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...)
{DSA-762-1}
- affix 2.1.2-2 (medium)
CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
- NOTE: not-for-us (Novell Groupwise WebAccess)
+ NOT-FOR-US: Novell Groupwise WebAccess
CAN-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
- NOTE: not-for-us (OpenWebmail)
+ NOT-FOR-US: OpenWebmail
CAN-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...)
- dansguardian 2.6.1-13 (medium)
CAN-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...)
- dansguardian 2.7.7-2
CAN-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...)
- NOTE: not-for-us (IBM Lotus Notes)
+ NOT-FOR-US: IBM Lotus Notes
CAN-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...)
- NOTE: not-for-us (IBM Lotus Notes)
+ NOT-FOR-US: IBM Lotus Notes
CAN-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...)
- NOTE: not-for-us (vHost)
+ NOT-FOR-US: vHost
CAN-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...)
- NOTE: not-for-us (aGSM Half-Life)
+ NOT-FOR-US: aGSM Half-Life
CAN-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...)
- NOTE: not-for-us (I-Mall Commerce)
+ NOT-FOR-US: I-Mall Commerce
CAN-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...)
- NOTE: not-for-us (w3m Jigsaw)
+ NOT-FOR-US: w3m Jigsaw
CAN-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (efFingerD)
+ NOT-FOR-US: efFingerD
CAN-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...)
- NOTE: not-for-us (efFingerD)
+ NOT-FOR-US: efFingerD
CAN-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
- NOTE: not-for-us (MiniShare)
+ NOT-FOR-US: MiniShare
CAN-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...)
- NOTE: not-for-us (IBM Parallel Environment)
+ NOT-FOR-US: IBM Parallel Environment
CAN-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...)
- pads 1.1.1 (high)
CAN-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...)
- NOTE: not-for-us (PimenGest2)
+ NOT-FOR-US: PimenGest2
CAN-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...)
- NOTE: not-for-us (Ansel)
+ NOT-FOR-US: Ansel
CAN-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...)
- NOTE: not-for-us (Ansel)
+ NOT-FOR-US: Ansel
CAN-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...)
- uudeview <unfixed> (bug #320541; medium)
TODO: check libconvert-uulib-perl
@@ -2322,53 +2322,53 @@
CAN-2004-2264 (** DISPUTED ** ...)
NOTE: less is not suid, explotability unlikely
CAN-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...)
- NOTE: not-for-us (PlaySMS)
+ NOT-FOR-US: PlaySMS
CAN-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...)
- vsftpd 2.0.1-1 (low)
CAN-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...)
- NOTE: not-for-us (Hummingbird Exceed)
+ NOT-FOR-US: Hummingbird Exceed
CAN-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...)
- NOTE: not-for-us (phpMyFAQ)
+ NOT-FOR-US: phpMyFAQ
CAN-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...)
- NOTE: not-for-us (phpMyFAQ)
+ NOT-FOR-US: phpMyFAQ
CAN-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...)
- NOTE: not-for-us (phpMyFAQ)
+ NOT-FOR-US: phpMyFAQ
CAN-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...)
- NOTE: not-for-us (SurgeLDAP)
+ NOT-FOR-US: SurgeLDAP
CAN-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...)
- NOTE: not-for-us (SurgeLDAP)
+ NOT-FOR-US: SurgeLDAP
CAN-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...)
- NOTE: not-for-us (Astaro suite)
+ NOT-FOR-US: Astaro suite
CAN-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...)
- NOTE: not-for-us (Astaro suite)
+ NOT-FOR-US: Astaro suite
CAN-2004-2250 (Unknown vulnerability in the "access code" in RemoteEditor before ...)
- NOTE: not-for-us (RemoteEditor)
+ NOT-FOR-US: RemoteEditor
CAN-2004-2249 (Unknown vulnerability in the "access code" in SecureEditor before ...)
- NOTE: not-for-us (SecureEditor)
+ NOT-FOR-US: SecureEditor
CAN-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...)
- NOTE: not-for-us (RemoteEditor)
+ NOT-FOR-US: RemoteEditor
CAN-2004-2247 (Unknown vulnerability in the "admin of paypal email addresses" in ...)
- NOTE: not-for-us (AudienceConnect)
+ NOT-FOR-US: AudienceConnect
CAN-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...)
- NOTE: not-for-us (Goollery)
+ NOT-FOR-US: Goollery
CAN-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...)
- NOTE: not-for-us (Goollery)
+ NOT-FOR-US: Goollery
CAN-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...)
- vpopmail <unfixed> (bug #320608; low)
CAN-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
@@ -2389,13 +2389,13 @@
CAN-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...)
- moodle 1.4.2-1
CAN-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...)
- NOTE: not-for-us (InstallAnywhere)
+ NOT-FOR-US: InstallAnywhere
CAN-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...)
- NOTE: not-for-us (Firefox on MacOS)
+ NOT-FOR-US: Firefox on MacOS
CAN-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...)
- mozilla-firefox 1.0-1
CAN-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...)
@@ -2404,29 +2404,29 @@
CAN-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...)
- mozilla-firefox 0.99+1.0RC1-1
CAN-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...)
- NOTE: not-for-us (Message Foundry)
+ NOT-FOR-US: Message Foundry
CAN-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (FsPHPGallery)
+ NOT-FOR-US: FsPHPGallery
CAN-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...)
- NOTE: not-for-us (FsPHPGallery)
+ NOT-FOR-US: FsPHPGallery
CAN-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows ...)
- NOTE: not-for-us (SoftCart)
+ NOT-FOR-US: SoftCart
CAN-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and ...)
- NOTE: not-for-us (PHPMyWebHosting)
+ NOT-FOR-US: PHPMyWebHosting
CAN-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow ...)
- NOTE: not-for-us (yChat)
+ NOT-FOR-US: yChat
CAN-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, ...)
- rxvt-unicode 3.8-1
CAN-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
- NOTE: not-for-us (AppWeb HTTP server)
+ NOT-FOR-US: AppWeb HTTP server
CAN-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
- NOTE: not-for-us (AppWeb HTTP server)
+ NOT-FOR-US: AppWeb HTTP server
CAN-2005-XXXX [Multiple security problems in ethereal]
- ethereal 0.10.12-1 (medium)
CAN-2005-XXXX [strobe reads file from unsafe directory]
@@ -2449,7 +2449,7 @@
{DSA-766-1}
- webcalendar 0.9.45-7 (bug #315671; medium)
CAN-2005-2437 (Website Baker Project does not properly verify the file extensions of ...)
- NOTE: not-for-us (Website Baker)
+ NOT-FOR-US: Website Baker
CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions]
NOTE: This doesn't look like a real security issue as cron.daily should only be
NOTE: writable by root, but lets include it as the maintainer considers it an issue
@@ -2457,13 +2457,13 @@
CAN-2005-2275
NOTE: reserved
CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript ...)
- NOTE: not-for-us (Sfari)
+ NOT-FOR-US: Sfari
CAN-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...)
- NOTE: not-for-us (iCab)
+ NOT-FOR-US: iCab
CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...)
{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (high)
@@ -2511,56 +2511,56 @@
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge2 (medium)
CAN-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...)
- NOTE: not-for-us (magicHTML)
+ NOT-FOR-US: magicHTML
CAN-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 ...)
- NOTE: not-for-us (WWWeBBB forum)
+ NOT-FOR-US: WWWeBBB forum
CAN-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...)
- NOTE: not-for-us (Portix)
+ NOT-FOR-US: Portix
CAN-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication ...)
- NOTE: not-for-us (FTGate)
+ NOT-FOR-US: FTGate
CAN-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (FTGate)
+ NOT-FOR-US: FTGate
CAN-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...)
- kernel-patch-openmosix <unfixed> (bug #319621; low)
NOTE: filed bug with ftp.debian.org for removal (#319817)
CAN-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...)
- NOTE: not-for-us (FTGate)
+ NOT-FOR-US: FTGate
CAN-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 ...)
- NOTE: not-for-us (Lil' HTTP server)
+ NOT-FOR-US: Lil' HTTP server
CAN-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (ICQ)
+ NOT-FOR-US: ICQ
CAN-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote ...)
- NOTE: not-for-us (Mailidx)
+ NOT-FOR-US: Mailidx
CAN-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Tru64)
+ NOT-FOR-US: Tru64
CAN-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...)
- NOTE: not-for-us (SecureClean)
+ NOT-FOR-US: SecureClean
CAN-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...)
- NOTE: not-for-us (Proprietary PGP)
+ NOT-FOR-US: Proprietary PGP
CAN-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are ...)
- NOTE: not-for-us (Eraser)
+ NOT-FOR-US: Eraser
CAN-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams ...)
- NOTE: not-for-us (Eraser)
+ NOT-FOR-US: Eraser
CAN-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows ...)
- NOTE: not-for-us (BCWipe)
+ NOT-FOR-US: BCWipe
CAN-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' ...)
- NOTE: not-for-us (WebCalender)
+ NOT-FOR-US: WebCalender
CAN-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain ...)
- NOTE: not-for-us (PhpWebGallery)
+ NOT-FOR-US: PhpWebGallery
CAN-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and ...)
- NOTE: not-for-us (AtGuard)
+ NOT-FOR-US: AtGuard
CAN-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and ...)
NOTE: fixed in upstream 1.0.1
NOTE: see http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
@@ -2568,21 +2568,21 @@
CAN-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...)
- links2 2.1pre16-2 (low)
CAN-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...)
- NOTE: not-for-us (Intel)
+ NOT-FOR-US: Intel
CAN-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...)
- NOTE: not-for-us (TeeKai)
+ NOT-FOR-US: TeeKai
CAN-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...)
- NOTE: not-for-us (TeeKai)
+ NOT-FOR-US: TeeKai
CAN-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows ...)
- NOTE: not-for-us (TeeKai)
+ NOT-FOR-US: TeeKai
CAN-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai ...)
- NOTE: not-for-us (TeeKai)
+ NOT-FOR-US: TeeKai
CAN-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the ...)
- NOTE: not-for-us (TeeKai)
+ NOT-FOR-US: TeeKai
CAN-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...)
NOTE: fixed in 0.7.12-1
- modlogan 0.7.12-1 (low)
@@ -2592,153 +2592,153 @@
CAN-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...)
TODO: check
CAN-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...)
- NOTE: not-for-us (PFinger)
+ NOT-FOR-US: PFinger
CAN-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...)
NOTE: fixed in 0.6.13-1
- sketch 0.6.13-1 (low)
CAN-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...)
- NOTE: not-for-us (X-News)
+ NOT-FOR-US: X-News
CAN-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...)
- NOTE: not-for-us (x-stat)
+ NOT-FOR-US: x-stat
CAN-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...)
- NOTE: not-for-us (x-stat)
+ NOT-FOR-US: x-stat
CAN-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...)
TODO: check
CAN-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based ...)
- NOTE: not-for-us (NGPT)
+ NOT-FOR-US: NGPT
NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html
NOTE: NPTL does not have this problem.
CAN-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ...)
- NOTE: not-for-us (RealityScape)
+ NOT-FOR-US: RealityScape
CAN-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...)
- NOTE: not-for-us (Email Sanitizer)
+ NOT-FOR-US: Email Sanitizer
CAN-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...)
- NOTE: not-for-us (FAQManager)
+ NOT-FOR-US: FAQManager
CAN-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...)
- NOTE: not-for-us (PHPNuke)
+ NOT-FOR-US: PHPNuke
CAN-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ ...)
- NOTE: not-for-us (PHP, Mircrosoft)
+ NOT-FOR-US: PHP, Mircrosoft
CAN-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not ...)
- NOTE: not-for-us (DOOW)
+ NOT-FOR-US: DOOW
CAN-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...)
- NOTE: not-for-us (BrowseFTP)
+ NOT-FOR-US: BrowseFTP
CAN-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...)
NOTE: fixed in 3:2.2.6-5
- imp 3:2.2.6-5 (high)
CAN-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...)
- NOTE: not-for-us (We use the OTHER beep program :P)
+ NOT-FOR-US: We use the OTHER beep program :P
CAN-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows ...)
NOTE: only affects old-stable
CAN-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board ...)
- NOTE: not-for-us (wbboard)
+ NOT-FOR-US: wbboard
CAN-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default ...)
- NOTE: not-for-us (Netgear hardware)
+ NOT-FOR-US: Netgear hardware
CAN-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...)
- NOTE: not-for-us (SAS/Base)
+ NOT-FOR-US: SAS/Base
CAN-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...)
- NOTE: not-for-us (SAS/Base)
+ NOT-FOR-US: SAS/Base
CAN-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...)
TODO: check
CAN-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...)
- NOTE: not-for-us (Mozilla)
+ NOT-FOR-US: Mozilla
CAN-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...)
- NOTE: not-for-us (Apache)
+ NOT-FOR-US: Apache
CAN-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...)
- NOTE: not-for-us (faqomatic)
+ NOT-FOR-US: faqomatic
CAN-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...)
- NOTE: not-for-us (faqomatic)
+ NOT-FOR-US: faqomatic
CAN-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...)
- NOTE: not-for-us (Tomcat)
+ NOT-FOR-US: Tomcat
CAN-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...)
- NOTE: not-for-us (Tomcat)
+ NOT-FOR-US: Tomcat
CAN-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows ...)
- NOTE: not-for-us (Tomcat)
+ NOT-FOR-US: Tomcat
CAN-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 ...)
- NOTE: not-for-us (Tomcat)
+ NOT-FOR-US: Tomcat
CAN-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ...)
- NOTE: not-for-us (Compaq)
+ NOT-FOR-US: Compaq
CAN-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote ...)
- NOTE: not-for-us (Compaq)
+ NOT-FOR-US: Compaq
CAN-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...)
- NOTE: not-for-us (Compaq)
+ NOT-FOR-US: Compaq
CAN-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...)
- NOTE: not-for-us (jmcce)
+ NOT-FOR-US: jmcce
CAN-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use ...)
- NOTE: not-for-us (OpenVMS)
+ NOT-FOR-US: OpenVMS
CAN-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow ...)
- NOTE: not-for-us (VVOS)
+ NOT-FOR-US: VVOS
CAN-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...)
- NOTE: not-for-us (UnixWare)
+ NOT-FOR-US: UnixWare
CAN-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...)
- NOTE: not-for-us (ZoneAlarm)
+ NOT-FOR-US: ZoneAlarm
CAN-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...)
- NOTE: not-for-us (Postnuke)
+ NOT-FOR-US: Postnuke
CAN-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...)
- NOTE: not-for-us (Postnuke)
+ NOT-FOR-US: Postnuke
CAN-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...)
- NOTE: not-for-us (WebBBS)
+ NOT-FOR-US: WebBBS
CAN-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical ...)
- NOTE: not-for-us (Resin)
+ NOT-FOR-US: Resin
CAN-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Resin)
+ NOT-FOR-US: Resin
CAN-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Resin)
+ NOT-FOR-US: Resin
CAN-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 ...)
- NOTE: not-for-us (Resin)
+ NOT-FOR-US: Resin
CAN-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...)
NOTE: presumably fixed in linux 2.4.12
CAN-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...)
- NOTE: not-for-us (Openwave WAP gateway)
+ NOT-FOR-US: Openwave WAP gateway
CAN-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...)
- NOTE: not-for-us (CMG WAP gateway)
+ NOT-FOR-US: CMG WAP gateway
CAN-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...)
- vanessa-logger 0.0.2
CAN-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...)
- NOTE: not-for-us (Tomcat 3.2.1 running on HP Secure OS)
+ NOT-FOR-US: Tomcat 3.2.1 running on HP Secure OS
CAN-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...)
- nvi 1.79-16a.1
NOTE: was DSA 085
@@ -2746,62 +2746,62 @@
NOTE: DSA 082
- xvt 2.1-13
CAN-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...)
- snort 1.8.3
CAN-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2001-1556 (The log files in Apache web server contain information directly ...)
NOTE: documented issue in apache, unlikely to be changed
NOTE: see http://httpd.apache.org/docs/logs.html
CAN-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2001-1553 (Buffer overflow in setiathome for SETI at home 3.03, if installed setuid, ...)
NOTE: not suid in debian
CAN-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...)
NOTE: no info in CVE db about fix
TODO: check with current kernel on a system with quotas
CAN-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...)
- NOTE: not-for-us (Centra)
+ NOT-FOR-US: Centra
CAN-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...)
- NOTE: not-for-us (Tiny Personal Firewall)
+ NOT-FOR-US: Tiny Personal Firewall
CAN-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...)
- NOTE: not-for-us (Tiny Personal Firewall)
+ NOT-FOR-US: Tiny Personal Firewall
CAN-2001-1547 (Outlook Express 6.0, with "Do not allow attachments to be saved or ...)
- NOTE: not-for-us (Outlook)
+ NOT-FOR-US: Outlook
CAN-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...)
- NOTE: not-for-us (Pathways Homecare)
+ NOT-FOR-US: Pathways Homecare
CAN-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...)
- NOTE: not-for-us (Macromedia JRun)
+ NOT-FOR-US: Macromedia JRun
CAN-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...)
- NOTE: not-for-us (Macromedia JRun)
+ NOT-FOR-US: Macromedia JRun
CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...)
- NOTE: not-for-us (Axis network camera)
+ NOT-FOR-US: Axis network camera
CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...)
- NOTE: not-for-us (NAI WebShield SMTP)
+ NOT-FOR-US: NAI WebShield SMTP
CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...)
- NOTE: not-for-us (BSDI UUCP)
+ NOT-FOR-US: BSDI UUCP
CAN-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a ...)
- NOTE: not-for-us (IPRoute router software)
+ NOT-FOR-US: IPRoute router software
NOTE: This is not for iproute/iproute2.
NOTE: From Chris Gragsone's message on BUGTRAQ:
NOTE: "IPRoute, by David F. Mischler, is PC-based router software
NOTE: "for networks running the Internet Protocol (IP)."
CAN-2001-1539 (The JavaScript settimeout function in Internet Explorer allows remote ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...)
- NOTE: not-for-us (SpeedXess HA-120 DSL router)
+ NOT-FOR-US: SpeedXess HA-120 DSL router
CAN-2001-1537 (The default "basic" security setting' in config.php for TWIG webmail ...)
NOTE: current twig package seems to have secure cookies enabled
NOTE: still uses "basic" security setting.
CAN-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, ...)
- NOTE: not-for-us (Autogalaxy)
+ NOT-FOR-US: Autogalaxy
CAN-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...)
- slash (bug #328927; unfixed; low)
CAN-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...)
@@ -2810,120 +2810,120 @@
NOTE: Cookies are only used for invading user privacy,
NOTE: not for authentication, so apache and apache2 should be fine.
CAN-2001-1533 (** DISPUTED * ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1532 (WebX stores authentication information in the HTTP_REFERER variable, ...)
- NOTE: not-for-us (WebX)
+ NOT-FOR-US: WebX
CAN-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to ...)
- NOTE: not-for-us (Claris Emailer)
+ NOT-FOR-US: Claris Emailer
CAN-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with ...)
NOTE: verified current webmin is ok
CAN-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2001-1528 (AmTote International homebet program returns different error messages ...)
- NOTE: not-for-us (AmTote International homebet)
+ NOT-FOR-US: AmTote International homebet
CAN-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in cleartext ...)
- NOTE: not-for-us (easynews)
+ NOT-FOR-US: easynews
CAN-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...)
- NOTE: not-for-us (easynews)
+ NOT-FOR-US: easynews
CAN-2001-1525 (Directory traversal vulnerability in the comments action in easyNews ...)
- NOTE: not-for-us (easynews)
+ NOT-FOR-US: easynews
CAN-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway module for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by ...)
- NOTE: not-for-us (Xircom REX)
+ NOT-FOR-US: Xircom REX
CAN-2001-1519 (** DISPUTED ** ...)
- NOTE: not-for-us (RunAs)
+ NOT-FOR-US: RunAs
CAN-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session instance at ...)
- NOTE: not-for-us (RunAs)
+ NOT-FOR-US: RunAs
CAN-2001-1517 (** DISPUTED ** ...)
- NOTE: not-for-us (RunAs)
+ NOT-FOR-US: RunAs
CAN-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and ...)
- NOTE: not-for-us (phpReview)
+ NOT-FOR-US: phpReview
CAN-2001-1515 (Macintosh clients, when using NT file system volumes on Windows 2000 ...)
- NOTE: not-for-us (Macintosh clients, when using NT file system volumes on Windows)
+ NOT-FOR-US: Macintosh clients, when using NT file system volumes on Windows
CAN-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...)
NOTE: lpstat not suid in lprng or cupsys-client in Debian
CAN-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...)
- openssh 1:3.0.1
CAN-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...)
- NOTE: not-for-us (FTGate)
+ NOT-FOR-US: FTGate
CAN-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2000-1235 (The default configurations of (1) the port listener and (2) modplsql ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in Phorum ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
- NOTE: not-for-us (USANet)
+ NOT-FOR-US: USANet
CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
- NOTE: not-for-us (Squito Gallery)
+ NOT-FOR-US: Squito Gallery
CAN-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...)
- NOTE: not-for-us (PhpSlash)
+ NOT-FOR-US: PhpSlash
CAN-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...)
{DSA-759-1}
- phppgadmin 3.5.4-1 (medium)
CAN-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...)
- NOTE: not-for-us (PhpAuction)
+ NOT-FOR-US: PhpAuction
CAN-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...)
- NOTE: not-for-us (PhpAuction)
+ NOT-FOR-US: PhpAuction
CAN-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...)
- NOTE: not-for-us (PhpAuction)
+ NOT-FOR-US: PhpAuction
CAN-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...)
- NOTE: not-for-us (PhpAuction)
+ NOT-FOR-US: PhpAuction
CAN-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...)
- NOTE: not-for-us (PHPSecurePages (phpSP))
+ NOT-FOR-US: PHPSecurePages (phpSP)
CAN-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...)
{DSA-762-1}
- affix 2.1.2-2 (medium)
CAN-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...)
- jinzora <itp> (bug #289487)
CAN-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...)
- NOTE: not-for-us (DownloadProtect)
+ NOT-FOR-US: DownloadProtect
CAN-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...)
NOTE: no details available
- moodle 1.5.1-1
CAN-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...)
- NOTE: not-for-us (iPhotoAlbum)
+ NOT-FOR-US: iPhotoAlbum
CAN-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...)
- NOTE: not-for-us (BIG-IP)
+ NOT-FOR-US: BIG-IP
CAN-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...)
- NOTE: not-for-us (Cisco CallManager)
+ NOT-FOR-US: Cisco CallManager
CAN-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...)
- NOTE: not-for-us (Cisco CallManager)
+ NOT-FOR-US: Cisco CallManager
CAN-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
- NOTE: not-for-us (Cisco CallManager)
+ NOT-FOR-US: Cisco CallManager
CAN-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
- NOTE: not-for-us (Cisco CallManager)
+ NOT-FOR-US: Cisco CallManager
CAN-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
- xpvm 1.2.5-8 (bug #318285; medium)
CAN-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
@@ -2932,19 +2932,19 @@
- oftpd <unfixed> (bug #307957; low)
NOTE: CVE id requested from mitre
CAN-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2233 (Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...)
{DSA-761-2}
- heartbeat 1.2.3-12 (medium)
@@ -2952,116 +2952,116 @@
- elmo <unfixed> (bug #318291; medium)
NOTE: upload to unstable still hasn't occurred (2005-09-18)
CAN-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...)
- NOTE: not-for-us (Blog Torrent)
+ NOT-FOR-US: Blog Torrent
CAN-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...)
- NOTE: not-for-us (Web Wiz Forums)
+ NOT-FOR-US: Web Wiz Forums
CAN-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...)
- NOTE: not-for-us (Softiacom wMailserver)
+ NOT-FOR-US: Softiacom wMailserver
CAN-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...)
- NOTE: not-for-us (Outlook)
+ NOT-FOR-US: Outlook
CAN-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-2221 (** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly ...)
- NOTE: not-for-us (Dragonfly)
+ NOT-FOR-US: Dragonfly
CAN-2005-2220 (** DISPUTED ** Dragonfly Commerce allows remote attackers to change a ...)
- NOTE: not-for-us (Dragonfly)
+ NOT-FOR-US: Dragonfly
CAN-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...)
- kfreebsd5-source 5.3-17 (medium)
CAN-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...)
- NOTE: not-for-us (Dansie Shopping Cart)
+ NOT-FOR-US: Dansie Shopping Cart
CAN-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...)
- NOTE: not-for-us (PhotoGal)
+ NOT-FOR-US: PhotoGal
CAN-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...)
- NOTE: not-for-us (MediaWiki)
+ NOT-FOR-US: MediaWiki
CAN-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
- base-config <unfixed> (bug #305142; low)
CAN-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...)
- NOTE: not-for-us (MMS Ripper)
+ NOT-FOR-US: MMS Ripper
CAN-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...)
- backup-manager 0.5.8-2 (low)
CAN-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
- backup-manager 0.5.8-2 (low)
CAN-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...)
- NOTE: not-for-us (Internet Down)
+ NOT-FOR-US: Internet Down
CAN-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...)
- NOTE: not-for-us (ScanShare)
+ NOT-FOR-US: ScanShare
CAN-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (PrivaShare)
+ NOT-FOR-US: PrivaShare
CAN-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
- NOTE: not-for-us (CartWIZ)
+ NOT-FOR-US: CartWIZ
CAN-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...)
- NOTE: not-for-us (CartWIZ)
+ NOT-FOR-US: CartWIZ
CAN-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...)
- NOTE: not-for-us (kaiseki.cgi)
+ NOT-FOR-US: kaiseki.cgi
CAN-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...)
- NOTE: not-for-us (SiteMinder)
+ NOT-FOR-US: SiteMinder
CAN-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...)
- NOTE: not-for-us (phpWishlist)
+ NOT-FOR-US: phpWishlist
CAN-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
- NOTE: not-for-us (Xerox Hardware issue)
+ NOT-FOR-US: Xerox Hardware issue
CAN-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...)
- NOTE: not-for-us (Xerox hardware)
+ NOT-FOR-US: Xerox hardware
CAN-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...)
- NOTE: not-for-us (Xerox hardware)
+ NOT-FOR-US: Xerox hardware
CAN-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
- NOTE: not-for-us (PPA web photo gallery)
+ NOT-FOR-US: PPA web photo gallery
CAN-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...)
- NOTE: not-for-us (SPiD)
+ NOT-FOR-US: SPiD
CAN-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...)
- NOTE: not-for-us (Id Board)
+ NOT-FOR-US: Id Board
CAN-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...)
- NOTE: not-for-us (Apple Airport)
+ NOT-FOR-US: Apple Airport
CAN-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...)
- NOTE: not-for-us (Apple Darwin Streaming Server)
+ NOT-FOR-US: Apple Darwin Streaming Server
CAN-2005-2194
NOTE: reserved
CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
- NOTE: not-for-us (SimplePHPBlog)
+ NOT-FOR-US: SimplePHPBlog
CAN-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...)
- NOTE: not-for-us (Comersus)
+ NOT-FOR-US: Comersus
CAN-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
- NOTE: not-for-us (Comersus)
+ NOT-FOR-US: Comersus
CAN-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...)
- NOTE: not-for-us (Lantronix SecureLinx)
+ NOT-FOR-US: Lantronix SecureLinx
CAN-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
- NOTE: not-for-us (McAfee IntruShield)
+ NOT-FOR-US: McAfee IntruShield
CAN-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
- NOTE: not-for-us (McAfee IntruShield)
+ NOT-FOR-US: McAfee IntruShield
CAN-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...)
- NOTE: not-for-us (McAfee IntruShield)
+ NOT-FOR-US: McAfee IntruShield
CAN-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...)
- NOTE: not-for-us (eRoom)
+ NOT-FOR-US: eRoom
CAN-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...)
- NOTE: not-for-us (eRoom)
+ NOT-FOR-US: eRoom
CAN-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...)
- NOTE: not-for-us (PhpXmail)
+ NOT-FOR-US: PhpXmail
CAN-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...)
- NOTE: not-for-us (PhpXmail)
+ NOT-FOR-US: PhpXmail
CAN-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...)
- NOTE: not-for-us (SIP phone hardware issue)
+ NOT-FOR-US: SIP phone hardware issue
CAN-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...)
- gnats 4.0 (bug #318481; high)
CAN-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...)
- NOTE: not-for-us (Jaws)
+ NOT-FOR-US: Jaws
CAN-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...)
NOTE: How bizarre, they assign a CVE Id without knowing which product contains
NOTE: the affected probe.cgi
CAN-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...)
- net-snmp 5.2.1.2-1 (medium)
CAN-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
- NOTE: not-for-us (Novell NetMail)
+ NOT-FOR-US: Novell NetMail
CAN-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
- NOTE: not-for-us (Notes)
+ NOT-FOR-US: Notes
CAN-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...)
- bugzilla 2.18.3-1 (low)
CAN-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...)
@@ -3071,58 +3071,58 @@
CAN-2005-2171
NOTE: reserved
CAN-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...)
- NOTE: not-for-us (Tivoli)
+ NOT-FOR-US: Tivoli
CAN-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...)
- NOTE: not-for-us (AliveSites)
+ NOT-FOR-US: AliveSites
CAN-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...)
- NOTE: not-for-us (AliveSites)
+ NOT-FOR-US: AliveSites
CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
- NOTE: not-for-us (Express-Web)
+ NOT-FOR-US: Express-Web
CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
- NOTE: not-for-us (IdealBB)
+ NOT-FOR-US: IdealBB
CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
- NOTE: not-for-us (IdealBB)
+ NOT-FOR-US: IdealBB
CAN-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...)
- NOTE: not-for-us (IdealBB)
+ NOT-FOR-US: IdealBB
CAN-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...)
- NOTE: not-for-us (NatterChat)
+ NOT-FOR-US: NatterChat
CAN-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...)
- NOTE: not-for-us (Veritas)
+ NOT-FOR-US: Veritas
CAN-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...)
- NOTE: not-for-us (Cold Fusion)
+ NOT-FOR-US: Cold Fusion
CAN-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...)
- NOTE: not-for-us (Ansel)
+ NOT-FOR-US: Ansel
CAN-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows remote ...)
- NOTE: not-for-us (DUclassified)
+ NOT-FOR-US: DUclassified
CAN-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...)
- NOTE: not-for-us (DUforum)
+ NOT-FOR-US: DUforum
CAN-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...)
- NOTE: not-for-us (DUforum)
+ NOT-FOR-US: DUforum
CAN-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...)
- NOTE: not-for-us (DUclassified)
+ NOT-FOR-US: DUclassified
CAN-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...)
- NOTE: not-for-us (DUclassmate)
+ NOT-FOR-US: DUclassmate
CAN-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...)
- NOTE: not-for-us (kdocker)
+ NOT-FOR-US: kdocker
CAN-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...)
- NOTE: not-for-us (Zanfi)
+ NOT-FOR-US: Zanfi
CAN-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...)
- NOTE: not-for-us (Zanfi)
+ NOT-FOR-US: Zanfi
CAN-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...)
- NOTE: not-for-us (CJOverkill)
+ NOT-FOR-US: CJOverkill
CAN-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...)
- NOTE: not-for-us (Turbo Traffic Trader)
+ NOT-FOR-US: Turbo Traffic Trader
CAN-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
- NOTE: not-for-us (Turbo Traffic Trader)
+ NOT-FOR-US: Turbo Traffic Trader
CAN-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...)
NOTE: absolutely no useful information, garbage report
NOTE: compare with #306164
CAN-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...)
- NOTE: not-for-us (DMXReady)
+ NOT-FOR-US: DMXReady
CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...)
- NOTE: not-for-us (DMXReady)
+ NOT-FOR-US: DMXReady
CAN-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...)
- mediawiki <itp> (bug #276057)
CAN-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
@@ -3130,49 +3130,49 @@
CAN-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
- mediawiki <itp> (bug #276057)
CAN-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
- NOTE: not-for-us (Digicraft Yak!)
+ NOT-FOR-US: Digicraft Yak!
CAN-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...)
- NOTE: not-for-us (WeHelpBUS)
+ NOT-FOR-US: WeHelpBUS
CAN-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...)
- NOTE: not-for-us (Macromedia JRun)
+ NOT-FOR-US: Macromedia JRun
CAN-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allows ...)
- NOTE: not-for-us (WowBB Forum)
+ NOT-FOR-US: WowBB Forum
CAN-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...)
- NOTE: not-for-us (WowBB Forum)
+ NOT-FOR-US: WowBB Forum
CAN-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...)
- NOTE: not-for-us (DevoyBB)
+ NOT-FOR-US: DevoyBB
CAN-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...)
- NOTE: not-for-us (DevoyBB)
+ NOT-FOR-US: DevoyBB
CAN-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...)
- NOTE: not-for-us (ReviewPost)
+ NOT-FOR-US: ReviewPost
CAN-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...)
- NOTE: not-for-us (EarlyImpact)
+ NOT-FOR-US: EarlyImpact
CAN-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...)
- NOTE: not-for-us (EarlyImpact)
+ NOT-FOR-US: EarlyImpact
CAN-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...)
- NOTE: not-for-us (EarlyImpact)
+ NOT-FOR-US: EarlyImpact
CAN-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...)
- cherokee 0.4.8
CAN-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...)
- NOTE: not-for-us (Caravan)
+ NOT-FOR-US: Caravan
CAN-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...)
- NOTE: not-for-us (Application Access Server (A-A-S))
+ NOT-FOR-US: Application Access Server (A-A-S)
CAN-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (BaSoMail)
+ NOT-FOR-US: BaSoMail
CAN-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...)
- latex2rtf 1.9.16
CAN-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...)
- NOTE: not-for-us (Canon ImageRUNNER)
+ NOT-FOR-US: Canon ImageRUNNER
CAN-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...)
- NOTE: not-for-us (Lords of the Realm)
+ NOT-FOR-US: Lords of the Realm
CAN-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...)
- NOTE: not-for-us (VP-ASP)
+ NOT-FOR-US: VP-ASP
CAN-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...)
- xmlstarlet 1.0.0-1
CAN-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
@@ -3182,54 +3182,54 @@
CAN-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
- serendipity <itp> (bug #312413)
CAN-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
- NOTE: not-for-us (Online Recruitment Agency)
+ NOT-FOR-US: Online Recruitment Agency
CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
- NOTE: not-for-us (Online-bookmarks)
+ NOT-FOR-US: Online-bookmarks
CAN-2005-2348 [base-config log should not be world readable]
NOTE: reserved
- base-config 2.68 (low)
CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...)
- NOTE: not-for-us (PHPSource Printer)
+ NOT-FOR-US: PHPSource Printer
CAN-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...)
- NOTE: not-for-us (Plague)
+ NOT-FOR-US: Plague
CAN-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News ...)
- NOTE: not-for-us (Plague)
+ NOT-FOR-US: Plague
CAN-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...)
- NOTE: not-for-us (Plague)
+ NOT-FOR-US: Plague
CAN-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute ...)
- NOTE: not-for-us (GlobalNoteScript)
+ NOT-FOR-US: GlobalNoteScript
CAN-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote ...)
- NOTE: not-for-us (Covide)
+ NOT-FOR-US: Covide
CAN-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...)
- NOTE: not-for-us (AutoIndex PHP Script)
+ NOT-FOR-US: AutoIndex PHP Script
CAN-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...)
- NOTE: not-for-us (MyGuestbook)
+ NOT-FOR-US: MyGuestbook
CAN-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...)
{DSA-768-1}
- phpbb2 2.0.13-6sarge1 (bug #317739; high)
CAN-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...)
- NOTE: not-for-us (PlanetDNS)
+ NOT-FOR-US: PlanetDNS
CAN-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows ...)
- NOTE: not-for-us (JBoss)
+ NOT-FOR-US: JBoss
CAN-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...)
- NOTE: not-for-us (nabopoll)
+ NOT-FOR-US: nabopoll
CAN-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...)
- NOTE: not-for-us (PHPNews)
+ NOT-FOR-US: PHPNews
CAN-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and ...)
- NOTE: not-for-us (EasyPHPCalender)
+ NOT-FOR-US: EasyPHPCalender
CAN-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...)
- NOTE: not-for-us (Geeklog)
+ NOT-FOR-US: Geeklog
CAN-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...)
{DSA-784-1}
- courier 0.47-6 (low)
CAN-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...)
{DSA-764-1}
- cacti 0.8.6f-1 (high)
@@ -3240,35 +3240,35 @@
TODO: Check, whether this was covered by DSA-739 as well
- trac 0.8.4-1
CAN-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...)
- NOTE: not-for-us (SSH Tectia Server)
+ NOT-FOR-US: SSH Tectia Server
CAN-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...)
- NOTE: not-for-us (Prevx Pro)
+ NOT-FOR-US: Prevx Pro
CAN-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...)
- NOTE: not-for-us (Prevx Pro)
+ NOT-FOR-US: Prevx Pro
CAN-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...)
- NOTE: not-for-us (Golden FTP Server)
+ NOT-FOR-US: Golden FTP Server
CAN-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (TCP Chat)
+ NOT-FOR-US: TCP Chat
CAN-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...)
- NOTE: not-for-us (FSboard)
+ NOT-FOR-US: FSboard
CAN-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...)
- NOTE: not-for-us (Pavsta)
+ NOT-FOR-US: Pavsta
CAN-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...)
- NOTE: not-for-us (Comdev eCommerce)
+ NOT-FOR-US: Comdev eCommerce
CAN-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...)
- NOTE: not-for-us (NateOn Messenger)
+ NOT-FOR-US: NateOn Messenger
CAN-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, ...)
- NOTE: not-for-us (Raritan Dominion SX)
+ NOT-FOR-US: Raritan Dominion SX
CAN-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...)
- NOTE: not-for-us (EtoShop)
+ NOT-FOR-US: EtoShop
CAN-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CAN-2005-1915. Reason: ...)
- NOTE: not-for-us (log4sh)
+ NOT-FOR-US: log4sh
CAN-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
- NOTE: not-for-us (SCO UnixWare)
+ NOT-FOR-US: SCO UnixWare
CAN-2005-2131
NOTE: reserved
CAN-2005-2130
@@ -3278,7 +3278,7 @@
CAN-2005-2128
NOTE: reserved
CAN-2005-2127 (The Microsoft DDS Library Shape Control (Msdds.dll) COM object allows ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-2126
NOTE: reserved
CAN-2005-2125
@@ -3305,17 +3305,17 @@
NOTE: rejected
{DSA-745-1}
CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
- NOTE: not-for-us (Soldier of Fortune)
+ NOT-FOR-US: Soldier of Fortune
CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits
NOTE: did work for mozilla
- mozilla 2:1.7.10-1 (bug #318723; medium)
CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
- NOTE: not-for-us (XOOPS)
+ NOT-FOR-US: XOOPS
CAN-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...)
- NOTE: not-for-us (XOOPS)
+ NOT-FOR-US: XOOPS
CAN-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...)
- NOTE: not-for-us (Community Link Pro Web Editor)
+ NOT-FOR-US: Community Link Pro Web Editor
CAN-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...)
- wordpress 1.5.1.3-1
CAN-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...)
@@ -3328,7 +3328,7 @@
{DSA-745-1}
- drupal 4.5.4-1 (bug #316362)
CAN-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2005-2104
NOTE: reserved
CAN-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...)
@@ -3386,94 +3386,94 @@
{DSA-756-1}
- squirrelmail 2:1.4.4-6
CAN-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...)
- NOTE: not-for-us (Websphere)
+ NOT-FOR-US: Websphere
CAN-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...)
- tomcat4 4.1.28-1
NOTE: tomcat5 in experimental has this fix as well
CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote ...)
{DSA-805-1 DSA-803-1}
- apache 1.3.33-8 (bug #322607; medium)
- apache2 2.0.54-5 (bug #316173; medium)
CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...)
NOTE: phpbb versions in Debian not affected
CAN-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...)
- NOTE: not-for-us (Inframail)
+ NOT-FOR-US: Inframail
CAN-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...)
- NOTE: not-for-us (Community Forum)
+ NOT-FOR-US: Community Forum
CAN-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...)
- NOTE: not-for-us (IA eMailServer)
+ NOT-FOR-US: IA eMailServer
CAN-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...)
- NOTE: not-for-us (imTRSET)
+ NOT-FOR-US: imTRSET
CAN-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...)
- asterisk 1:1.0.9.dfsg-1 (bug #315532; medium)
CAN-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...)
- NOTE: not-for-us (Veritas Backup)
+ NOT-FOR-US: Veritas Backup
CAN-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...)
- NOTE: not-for-us (Veritas Backup)
+ NOT-FOR-US: Veritas Backup
CAN-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...)
- NOTE: not-for-us (Lpanel)
+ NOT-FOR-US: Lpanel
CAN-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (GoodTech SMTP Server)
+ NOT-FOR-US: GoodTech SMTP Server
CAN-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...)
- NOTE: not-for-us (Real Estate Management Software)
+ NOT-FOR-US: Real Estate Management Software
CAN-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
- mediawiki <itp> (bug #276057)
CAN-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (Chatman)
+ NOT-FOR-US: Chatman
CAN-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...)
- NOTE: not-for-us (INTELLIPEER Email Server)
+ NOT-FOR-US: INTELLIPEER Email Server
CAN-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...)
- mysql-dfsg-4.1 4.1.5-1
CAN-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava ...)
- fprobe-ng 1.1-1
TODO: Check, whether fprobe is affected as well
CAN-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...)
- NOTE: not-for-us (Symantec Antivirus)
+ NOT-FOR-US: Symantec Antivirus
CAN-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
- NOTE: not-for-us (MegaBBS)
+ NOT-FOR-US: MegaBBS
CAN-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
- NOTE: not-for-us (MegaBBS)
+ NOT-FOR-US: MegaBBS
CAN-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...)
- NOTE: not-for-us (Baal Smart Forms)
+ NOT-FOR-US: Baal Smart Forms
CAN-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...)
- NOTE: not-for-us (Mambo Portal)
+ NOT-FOR-US: Mambo Portal
CAN-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
- sdd 1.52-1
CAN-2004-2141
NOTE: rejected
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
- NOTE: not-for-us (MySQLGuest)
+ NOT-FOR-US: MySQLGuest
CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...)
- NOTE: not-for-us (BisonFTP Server)
+ NOT-FOR-US: BisonFTP Server
CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...)
- NOTE: not-for-us (HP Version Control Repository Manager)
+ NOT-FOR-US: HP Version Control Repository Manager
CAN-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...)
- NOTE: not-for-us (DB2)
+ NOT-FOR-US: DB2
CAN-2005-2072 (ld.so in Solaris 9 and 10 trusts the LD_AUDIT environment variable in ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...)
{DSA-737-1 DTSA-3-1}
- clamav 0.86.1 (medium)
@@ -3486,101 +3486,101 @@
CAN-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...)
- kfreebsd-source (unfixed)
CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...)
- NOTE: not-for-us (ASP Nuke)
+ NOT-FOR-US: ASP Nuke
CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...)
- NOTE: not-for-us (ASP Nuke)
+ NOT-FOR-US: ASP Nuke
CAN-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...)
- NOTE: not-for-us (ASP Nuke)
+ NOT-FOR-US: ASP Nuke
CAN-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...)
- NOTE: not-for-us (ASP Nuke)
+ NOT-FOR-US: ASP Nuke
CAN-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOTE: not-for-us (ActiveBuyAndSell)
+ NOT-FOR-US: ActiveBuyAndSell
CAN-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...)
- NOTE: not-for-us (ActiveBuyAndSell)
+ NOT-FOR-US: ActiveBuyAndSell
CAN-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...)
- NOTE: not-for-us (Infopop UBB.Threads)
+ NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...)
- NOTE: not-for-us (Infopop UBB.Threads)
+ NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
- NOTE: not-for-us (Infopop UBB.Threads)
+ NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...)
- NOTE: not-for-us (Infopop UBB.Threads)
+ NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...)
- NOTE: not-for-us (Infopop UBB.Threads)
+ NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...)
{DSA-737-1 DTSA-3-1}
- clamav 0.86.1-1 (medium)
CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...)
- NOTE: not-for-us (Perception LiteServe)
+ NOT-FOR-US: Perception LiteServe
CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...)
- NOTE: not-for-us (iSMTP)
+ NOT-FOR-US: iSMTP
CAN-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-1982 (Directory traversal vulnerability in the list_directory function in ...)
NOTE: verified current version is not vulnerable to exploit
CAN-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...)
- NOTE: not-for-us (Watchguard SOHO)
+ NOT-FOR-US: Watchguard SOHO
CAN-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...)
- NOTE: not-for-us (IPFilter)
+ NOT-FOR-US: IPFilter
CAN-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...)
- NOTE: not-for-us (Proprietary PGP)
+ NOT-FOR-US: Proprietary PGP
CAN-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...)
- net-tools <unfixed> (unimportant)
NOTE: This seems to be a misunderstanding of what the PROMISC flag
NOTE: is about. ifconfig reports properly when it is set using
NOTE: "ifconfig promisc".
CAN-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt ...)
- NOTE: not-for-us (Zaurus hardware)
+ NOT-FOR-US: Zaurus hardware
CAN-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...)
- NOTE: not-for-us (Zaurus hardware)
+ NOT-FOR-US: Zaurus hardware
CAN-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...)
- NOTE: not-for-us (pp_powerSwitch)
+ NOT-FOR-US: pp_powerSwitch
CAN-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...)
- NOTE: not-for-us (Sourcecraft Networking Utils)
+ NOT-FOR-US: Sourcecraft Networking Utils
CAN-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...)
- NOTE: not-for-us (SnortCenter)
+ NOT-FOR-US: SnortCenter
CAN-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...)
- NOTE: not-for-us (Magic Notebook)
+ NOT-FOR-US: Magic Notebook
CAN-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...)
- NOTE: not-for-us (Com21 hardware)
+ NOT-FOR-US: Com21 hardware
CAN-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...)
- NOTE: not-for-us (XiRCON)
+ NOT-FOR-US: XiRCON
CAN-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...)
- NOTE: not-for-us (My Postcards Platinum)
+ NOT-FOR-US: My Postcards Platinum
CAN-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...)
- NOTE: not-for-us (Imatix Xitami)
+ NOT-FOR-US: Imatix Xitami
CAN-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...)
- NOTE: not-for-us (phpEventCalender)
+ NOT-FOR-US: phpEventCalender
CAN-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...)
NOTE: No kernels in Sarge or sid affected
CAN-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
- NOTE: not-for-us (SurfinGate)
+ NOT-FOR-US: SurfinGate
CAN-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
- NOTE: not-for-us (SurfinGate)
+ NOT-FOR-US: SurfinGate
CAN-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...)
- NOTE: not-for-us (Cybozu Share)
+ NOT-FOR-US: Cybozu Share
CAN-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...)
NOTE: Nagios was packaged for Debian after these vulnerable versions have been released
CAN-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through 1.0b ...)
- NOTE: not-for-us (kmMail)
+ NOT-FOR-US: kmMail
CAN-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...)
NOTE: pen was introduced after this old vulnerability
CAN-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...)
- rox 1.3.0-1
CAN-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...)
- NOTE: not-for-us (Iomega hardware issue)
+ NOT-FOR-US: Iomega hardware issue
CAN-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
NOTE: php function that displays the PHP logo and version information. In the bug
@@ -3588,9 +3588,9 @@
NOTE: function.
TODO: check, whether the mentioned XSS still affects current PHP versions in Debian
CAN-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...)
- NOTE: not-for-us (AIM)
+ NOT-FOR-US: AIM
CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...)
- NOTE: not-for-us (phpRank)
+ NOT-FOR-US: phpRank
CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...)
NOTE: not-for-us
CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
@@ -3649,11 +3649,11 @@
CAN-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during ...)
NOTE: not-for-us
CAN-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...)
- NOTE: not-for-us (Windows specific)
+ NOT-FOR-US: Windows specific
CAN-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...)
NOTE: not-for-us
CAN-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...)
- NOTE: not-for-us (Windows specific)
+ NOT-FOR-US: Windows specific
CAN-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...)
NOTE: not-for-us
CAN-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...)
@@ -3705,7 +3705,7 @@
CAN-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...)
- alsaplayer 0.99.72-1
CAN-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...)
- NOTE: not-for-us (Windows specific)
+ NOT-FOR-US: Windows specific
CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...)
NOTE: not-for-us
NOTE: fix before phpbb2 was in Debian.
@@ -3716,7 +3716,7 @@
CAN-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...)
NOTE: not-for-us
CAN-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...)
- NOTE: not-for-us (RedHat specific)
+ NOT-FOR-US: RedHat specific
CAN-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...)
NOTE: not-for-us
CAN-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...)
@@ -3842,123 +3842,123 @@
CAN-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...)
NOTE: not-for-us
CAN-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...)
- NOTE: not-for-us (Sendmail not in Debian before 8.13)
+ NOT-FOR-US: Sendmail not in Debian before 8.13
CAN-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...)
NOTE: kernel 2.4.18
CAN-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...)
- NOTE: not-for-us (WAD)
+ NOT-FOR-US: WAD
CAN-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...)
- NOTE: not-for-us (Zeroo)
+ NOT-FOR-US: Zeroo
CAN-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...)
- NOTE: not-for-us (IBM HTTP Server on AS/400)
+ NOT-FOR-US: IBM HTTP Server on AS/400
CAN-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...)
- NOTE: not-for-us (TinyHTTPD)
+ NOT-FOR-US: TinyHTTPD
CAN-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...)
- NOTE: not-for-us (httpbench)
+ NOT-FOR-US: httpbench
CAN-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...)
- NOTE: not-for-us (Veritas)
+ NOT-FOR-US: Veritas
CAN-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...)
- NOTE: not-for-us (ATPhttpd)
+ NOT-FOR-US: ATPhttpd
CAN-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...)
- NOTE: not-for-us (Aquonics)
+ NOT-FOR-US: Aquonics
CAN-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...)
NOTE: efstool not suid on debian
CAN-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...)
- NOTE: not-for-us (AIM)
+ NOT-FOR-US: AIM
CAN-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...)
- NOTE: not-for-us (gdam123)
+ NOT-FOR-US: gdam123
CAN-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...)
- NOTE: not-for-us (Belkin F5D6130 Wireless Network Access Point)
+ NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point
CAN-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...)
- NOTE: not-for-us (D-Link DWL-900AP+ Access Point)
+ NOT-FOR-US: D-Link DWL-900AP+ Access Point
CAN-2002-1809 (The default configuration of the Windows binary release of MySQL ...)
- NOTE: not-for-us (MySQL windows binary)
+ NOT-FOR-US: MySQL windows binary
CAN-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...)
- NOTE: not-for-us (Meunity)
+ NOT-FOR-US: Meunity
CAN-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CAN-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...)
- NOTE: not-for-us (Drupal)
+ NOT-FOR-US: Drupal
CAN-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...)
- dacode <unfixed> (bug #322605; low)
CAN-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...)
- NOTE: not-for-us (NPDS)
+ NOT-FOR-US: NPDS
CAN-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...)
- xoops <itp> (bug #207640)
CAN-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...)
- NOTE: not-for-us (ImageFolio)
+ NOT-FOR-US: ImageFolio
CAN-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...)
- NOTE: not-for-us (phpRank)
+ NOT-FOR-US: phpRank
CAN-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
- NOTE: not-for-us (phpRank)
+ NOT-FOR-US: phpRank
CAN-2002-1798 (MidiCart PHP 1 allows remote attackers to (1) upload arbitrary php ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...)
- NOTE: not-for-us (ChaiVM)
+ NOT-FOR-US: ChaiVM
CAN-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...)
- NOTE: not-for-us (ChaiVM)
+ NOT-FOR-US: ChaiVM
CAN-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...)
NOTE: not-fur us (HP ldapux-pamauthz)
CAN-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...)
- NOTE: not-for-us (HP Virtualvault OS)
+ NOT-FOR-US: HP Virtualvault OS
CAN-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...)
- NOTE: not-for-us (Fake Identd)
+ NOT-FOR-US: Fake Identd
CAN-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...)
- newsx 1.4pl6.0-2
CAN-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...)
- nn 6.6.4-1
CAN-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...)
- NOTE: not-for-us (Zeus Administration Server)
+ NOT-FOR-US: Zeus Administration Server
CAN-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...)
- php4 4:4.3.10-15
CAN-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...)
- NOTE: not-for-us (JAF CMS)
+ NOT-FOR-US: JAF CMS
CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...)
- NOTE: not-for-us (BEWAC)
+ NOT-FOR-US: BEWAC
CAN-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...)
- tor 0.0.9.10-1 (medium)
CAN-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
- NOTE: not-for-us (Duware)
+ NOT-FOR-US: Duware
CAN-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...)
- NOTE: not-for-us (Duware)
+ NOT-FOR-US: Duware
CAN-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...)
- NOTE: not-for-us (Duware)
+ NOT-FOR-US: Duware
CAN-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...)
- NOTE: not-for-us (Duware)
+ NOT-FOR-US: Duware
CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...)
- NOTE: not-for-us (Duware)
+ NOT-FOR-US: Duware
CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
- NOTE: not-for-us (ATutor)
+ NOT-FOR-US: ATutor
CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
- NOTE: not-for-us (XAMPP)
+ NOT-FOR-US: XAMPP
CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...)
- NOTE: not-for-us (ajax-spell)
+ NOT-FOR-US: ajax-spell
CAN-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...)
- NOTE: not-for-us (ViRobot)
+ NOT-FOR-US: ViRobot
CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...)
{DSA-758-1}
TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base
@@ -3966,99 +3966,99 @@
CAN-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and ...)
NOTE: The nanoblogger 3.1 version in Debian was not affected by this vulnerability
CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...)
- NOTE: not-for-us (Fortibus CMS)
+ NOT-FOR-US: Fortibus CMS
CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...)
- NOTE: not-for-us (Fortibus CMS)
+ NOT-FOR-US: Fortibus CMS
CAN-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...)
- NOTE: not-for-us (Cool Cafe Chat)
+ NOT-FOR-US: Cool Cafe Chat
CAN-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...)
- NOTE: not-for-us (Cool Cafe Chat)
+ NOT-FOR-US: Cool Cafe Chat
CAN-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...)
- NOTE: not-for-us (iGallery)
+ NOT-FOR-US: iGallery
CAN-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...)
- NOTE: not-for-us (iGallery)
+ NOT-FOR-US: iGallery
CAN-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...)
- NOTE: not-for-us (socialMPN)
+ NOT-FOR-US: socialMPN
CAN-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...)
- NOTE: not-for-us (external script that allow interaction between amarok and a browser)
+ NOT-FOR-US: external script that allow interaction between amarok and a browser
CAN-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...)
- NOTE: not-for-us (Enterasys hardware issue)
+ NOT-FOR-US: Enterasys hardware issue
CAN-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...)
- NOTE: not-for-us (Enterasys hardware issue)
+ NOT-FOR-US: Enterasys hardware issue
CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...)
{DSA-738-1}
NOTE: varying and apparently innacurate info about what versions fix it
- razor 2.720-1 (low)
CAN-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...)
NOTE: insufficient info, possibly SuSE specific
- NOTE: not-for-us (only affects 1.9.14 of gpg2)
+ NOT-FOR-US: only affects 1.9.14 of gpg2
CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
- NOTE: not-for-us (iPlanet)
+ NOT-FOR-US: iPlanet
CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...)
- NOTE: not-for-us (cPanel)
+ NOT-FOR-US: cPanel
CAN-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network ...)
- NOTE: not-for-us (3com Network Supervisor)
+ NOT-FOR-US: 3com Network Supervisor
CAN-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...)
- NOTE: not-for-us (FreeBSD ipfw)
+ NOT-FOR-US: FreeBSD ipfw
CAN-2005-2018
NOTE: reserved
CAN-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...)
- NOTE: not-for-us (Symantec AntiVirus)
+ NOT-FOR-US: Symantec AntiVirus
CAN-2005-2016
NOTE: reserved
CAN-2005-2015
NOTE: reserved
CAN-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...)
- NOTE: not-for-us (paFAQ)
+ NOT-FOR-US: paFAQ
CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (paFAQ)
+ NOT-FOR-US: paFAQ
CAN-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...)
- NOTE: not-for-us (paFAQ)
+ NOT-FOR-US: paFAQ
CAN-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...)
- NOTE: not-for-us (paFAQ)
+ NOT-FOR-US: paFAQ
CAN-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...)
- NOTE: not-for-us (Ublog Reload)
+ NOT-FOR-US: Ublog Reload
CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...)
- NOTE: not-for-us (Ublog Reload)
+ NOT-FOR-US: Ublog Reload
CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...)
- yaws 1.56-1 (low)
CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...)
{DSA-739-1}
- trac 0.8.4-1
CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...)
- NOTE: not-for-us (JBOSS)
+ NOT-FOR-US: JBOSS
CAN-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...)
- NOTE: not-for-us (McGallery)
+ NOT-FOR-US: McGallery
CAN-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...)
- NOTE: not-for-us (McGallery)
+ NOT-FOR-US: McGallery
CAN-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix Site ...)
- NOTE: not-for-us (Bitrix Site Manager)
+ NOT-FOR-US: Bitrix Site Manager
CAN-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (Bitrix Site Manager)
+ NOT-FOR-US: Bitrix Site Manager
CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...)
- NOTE: not-for-us (Finjan SurfinGate)
+ NOT-FOR-US: Finjan SurfinGate
CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
{DSA-735-2 DSA-735-1}
- sudo 1.6.8p9-1 (medium)
@@ -4069,11 +4069,11 @@
CAN-2005-1991
NOTE: reserved
CAN-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-1987
NOTE: reserved
CAN-2005-1986
@@ -4081,13 +4081,13 @@
CAN-2005-1985
NOTE: reserved
CAN-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...)
- NOTE: not-for-us (Spoolsv.exe)
+ NOT-FOR-US: Spoolsv.exe
CAN-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1980
NOTE: reserved
CAN-2005-1979
@@ -4101,72 +4101,72 @@
CAN-2002-1782 (The default configuration of University of Washington IMAP daemon ...)
- uw-imapd <unfixed> (bug #315499; low)
CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
- NOTE: not-for-us (DeleGate)
+ NOT-FOR-US: DeleGate
CAN-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...)
- NOTE: not-for-us (BPM Studio Pro)
+ NOT-FOR-US: BPM Studio Pro
CAN-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2002-1777 (** DISPUTED ** ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2002-1776 (** DISPUTED ** ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2002-1775 (** DISPUTED ** ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2002-1774 (** DISPUTED ** ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...)
- NOTE: not-for-us (ICQ for MacOS X)
+ NOT-FOR-US: ICQ for MacOS X
CAN-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain ...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...)
- NOTE: not-for-us (FormMail)
+ NOT-FOR-US: FormMail
CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...)
- NOTE: not-for-us (Mirosoft)
+ NOT-FOR-US: Mirosoft
CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...)
- NOTE: not-for-us (Netscape)
+ NOT-FOR-US: Netscape
NOTE: didn't check mozilla
CAN-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...)
- evolution 1.0.5
CAN-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...)
- NOTE: not-for-us (acrobat)
+ NOT-FOR-US: acrobat
CAN-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" ...)
- NOTE: not-for-us (dtscreen Sun Solaris 8 CDE screensaver)
+ NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver
CAN-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...)
- NOTE: not-for-us (PHProjekt)
+ NOT-FOR-US: PHProjekt
CAN-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...)
- NOTE: not-for-us (PHProjekt)
+ NOT-FOR-US: PHProjekt
CAN-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...)
- NOTE: not-for-us (PHProjekt)
+ NOT-FOR-US: PHProjekt
CAN-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...)
- NOTE: not-for-us (PHProjekt)
+ NOT-FOR-US: PHProjekt
CAN-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...)
- NOTE: not-for-us (PHProjekt)
+ NOT-FOR-US: PHProjekt
CAN-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (ACDSee)
+ NOT-FOR-US: ACDSee
CAN-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...)
- tinc 1.0pre5
CAN-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...)
- NOTE: not-for-us (csNews)
+ NOT-FOR-US: csNews
CAN-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...)
- NOTE: not-for-us (csChat-R-Box)
+ NOT-FOR-US: csChat-R-Box
CAN-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...)
- NOTE: not-for-us (csLiveSupport)
+ NOT-FOR-US: csLiveSupport
CAN-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...)
- NOTE: not-for-us (csGuestbook)
+ NOT-FOR-US: csGuestbook
CAN-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...)
- NOTE: not-for-us (Windows 2000 Terminal Services)
+ NOT-FOR-US: Windows 2000 Terminal Services
CAN-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...)
- slash 2.2.3
CAN-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...)
@@ -4174,294 +4174,294 @@
CAN-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...)
- vtun 2.5b2
CAN-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (AOL ICQ)
+ NOT-FOR-US: AOL ICQ
CAN-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...)
- libsoap-lite-perl 0.55
CAN-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...)
- NOTE: not-for-us (WorldClient)
+ NOT-FOR-US: WorldClient
CAN-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
- NOTE: not-for-us (WorldClient)
+ NOT-FOR-US: WorldClient
CAN-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...)
- NOTE: not-for-us (Alt-N Technologies Mdaemon)
+ NOT-FOR-US: Alt-N Technologies Mdaemon
CAN-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...)
- NOTE: not-for-us (Alt-N Technologies Mdaemon)
+ NOT-FOR-US: Alt-N Technologies Mdaemon
CAN-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...)
- NOTE: not-for-us (Astaro Security Linux)
+ NOT-FOR-US: Astaro Security Linux
CAN-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...)
- NOTE: not-for-us (CGINews)
+ NOT-FOR-US: CGINews
CAN-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...)
- NOTE: not-for-us (dlogin)
+ NOT-FOR-US: dlogin
CAN-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...)
- NOTE: not-for-us (NewsPro)
+ NOT-FOR-US: NewsPro
CAN-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...)
- NOTE: not-for-us (Prospero MessageBoards)
+ NOT-FOR-US: Prospero MessageBoards
CAN-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...)
- NOTE: not-for-us (Actinic Catalog)
+ NOT-FOR-US: Actinic Catalog
CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...)
- NOTE: not-for-us (IBM AS/400)
+ NOT-FOR-US: IBM AS/400
CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...)
NOTE: not-fot-us (ASPjar Guestbook)
CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...)
- NOTE: not-for-us (ASPjar Guestbook)
+ NOT-FOR-US: ASPjar Guestbook
CAN-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...)
- NOTE: not-for-us (askSam Web Publisher)
+ NOT-FOR-US: askSam Web Publisher
CAN-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...)
- NOTE: not-for-us (askSam Web Publisher)
+ NOT-FOR-US: askSam Web Publisher
CAN-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...)
- NOTE: not-for-us (PhotoDB)
+ NOT-FOR-US: PhotoDB
CAN-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...)
- NOTE: not-for-us (PHPImageView)
+ NOT-FOR-US: PHPImageView
CAN-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...)
- NOTE: not-for-us (PHPImageView)
+ NOT-FOR-US: PHPImageView
CAN-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...)
- NOTE: not-for-us (Powerboards)
+ NOT-FOR-US: Powerboards
CAN-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...)
- NOTE: not-for-us (alterMIME)
+ NOT-FOR-US: alterMIME
TODO: track RFP: #289546
CAN-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...)
- NOTE: not-for-us (Spooky Login)
+ NOT-FOR-US: Spooky Login
CAN-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...)
- NOTE: not-for-us (Bavo)
+ NOT-FOR-US: Bavo
CAN-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...)
NOTE: "SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1."
CAN-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...)
- NOTE: not-for-us (msec)
+ NOT-FOR-US: msec
CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...)
- NOTE: not-for-us (BasiliX)
+ NOT-FOR-US: BasiliX
CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...)
- NOTE: not-for-us (BasiliX)
+ NOT-FOR-US: BasiliX
CAN-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...)
- NOTE: not-for-us (BasiliX)
+ NOT-FOR-US: BasiliX
CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...)
- NOTE: not-for-us (BasiliX)
+ NOT-FOR-US: BasiliX
CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...)
- phpbb2 2.0.6c-1
CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...)
- NOTE: not-for-us (Zeroboard)
+ NOT-FOR-US: Zeroboard
CAN-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...)
- NOTE: not-for-us (NetAuction)
+ NOT-FOR-US: NetAuction
CAN-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...)
- NOTE: not-for-us (DeltaScripts PHP Classifieds)
+ NOT-FOR-US: DeltaScripts PHP Classifieds
CAN-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...)
- NOTE: not-for-us (ASP Client Check)
+ NOT-FOR-US: ASP Client Check
CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...)
- vtun 2.6-1
CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...)
- NOTE: not-for-us (Microsoft Outlook plugin)
+ NOT-FOR-US: Microsoft Outlook plugin
CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...)
- NOTE: not-for-us (Alcatel hardware issue)
+ NOT-FOR-US: Alcatel hardware issue
CAN-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...)
- NOTE: not-for-us (BadBlue Enterprise Edition)
+ NOT-FOR-US: BadBlue Enterprise Edition
CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...)
- NOTE: not-for-us (Deerfield D2Gfx)
+ NOT-FOR-US: Deerfield D2Gfx
CAN-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...)
- NOTE: not-for-us (BadBlue Personal Edition)
+ NOT-FOR-US: BadBlue Personal Edition
CAN-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...)
- NOTE: not-for-us (NewsReactor)
+ NOT-FOR-US: NewsReactor
CAN-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...)
NOTE: Only present in intermediate CVS version, not released in Debian
CAN-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...)
- NOTE: not-for-us (COWS)
+ NOT-FOR-US: COWS
CAN-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...)
- NOTE: not-for-us (mrtgconfig)
+ NOT-FOR-US: mrtgconfig
CAN-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...)
- NOTE: not-for-us (BindView NetInventory)
+ NOT-FOR-US: BindView NetInventory
CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...)
- NOTE: not-for-us (Unreal IRCd)
+ NOT-FOR-US: Unreal IRCd
CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...)
NOTE: kfreebsd use a much more recent version of the freebsd kernel
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...)
- webmin 0.93 (medium)
CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...)
NOTE: Packaging flaw of an unknown RPM based distro. Permissions of Debian's
NOTE: webmin package look sane and FHS compliant
CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...)
NOTE: kfreebsd use a much more recent version of the freebsd kernel
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...)
- NOTE: not-for-us (HP Secure OS layer)
+ NOT-FOR-US: HP Secure OS layer
CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...)
- tinc 1.0pre5-1
CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (Lotus Notes)
+ NOT-FOR-US: Lotus Notes
CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...)
- NOTE: not-for-us (WebCart)
+ NOT-FOR-US: WebCart
CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...)
NOTE: Fix went into proftpd CVS on 2002-12-12
- proftpd 1.2.8-1
CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...)
- proftpd 1.2.4-1
CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
- NOTE: not-for-us (Check Point)
+ NOT-FOR-US: Check Point
CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...)
- NOTE: not-for-us (mod_bf)
+ NOT-FOR-US: mod_bf
CAN-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...)
- thttpd 2.21
CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...)
- NOTE: not-for-us (Network Query Tool)
+ NOT-FOR-US: Network Query Tool
CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
- util-linux 2.11n-1
CAN-2001-1492
NOTE: rejected
CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...)
NOTE: mozilla is quite easily DOSable with all sorts of large html
NOTE: files, probably not worth following up on.
CAN-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...)
- NOTE: not-for-us (Open Projects ircd)
+ NOT-FOR-US: Open Projects ircd
CAN-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...)
NOTE: verified not present in 4.0.5-4sarge1
CAN-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...)
- NOTE: not-for-us (Alcatel hardware issue)
+ NOT-FOR-US: Alcatel hardware issue
CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
- libpam-opie <unfixed> (bug #112279; low)
CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...)
- NOTE: not-for-us (Xitami)
+ NOT-FOR-US: Xitami
CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...)
- NOTE: not-for-us (UnixWare)
+ NOT-FOR-US: UnixWare
CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...)
- snort 1.6.1-1
CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
- NOTE: not-for-us (Xitami)
+ NOT-FOR-US: Xitami
CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)
- NOTE: not-for-us (Annuaire)
+ NOT-FOR-US: Annuaire
CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...)
- NOTE: not-for-us (InteractivePHP FusionBB)
+ NOT-FOR-US: InteractivePHP FusionBB
CAN-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...)
- NOTE: not-for-us (InteractivePHP FusionBB)
+ NOT-FOR-US: InteractivePHP FusionBB
CAN-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with ...)
- NOTE: not-for-us (pcAnywhere)
+ NOT-FOR-US: pcAnywhere
CAN-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...)
- NOTE: not-for-us (Pragma Telnetserver)
+ NOT-FOR-US: Pragma Telnetserver
CAN-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...)
- NOTE: not-for-us (ProductCart Ecommerce)
+ NOT-FOR-US: ProductCart Ecommerce
CAN-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...)
- NOTE: not-for-us (ProductCart Ecommerce)
+ NOT-FOR-US: ProductCart Ecommerce
CAN-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2005-1965 (PHP remote code injection vulnerability in siteframe.php for Broadpool ...)
- NOTE: not-for-us (Broadpool Siteframe)
+ NOT-FOR-US: Broadpool Siteframe
CAN-2005-1964 (PHP remote code injection vulnerability in utilit.php for Ovidentia ...)
- NOTE: not-for-us (Ovidentia Portal)
+ NOT-FOR-US: Ovidentia Portal
CAN-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (Cerberus Helpdesk)
+ NOT-FOR-US: Cerberus Helpdesk
CAN-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...)
- NOTE: not-for-us (Cerberus Helpdesk)
+ NOT-FOR-US: Cerberus Helpdesk
CAN-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...)
- NOTE: not-for-us (C-JDBC)
+ NOT-FOR-US: C-JDBC
CAN-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...)
- NOTE: not-for-us (C.J. Steele Tattle)
+ NOT-FOR-US: C.J. Steele Tattle
CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...)
- NOTE: not-for-us (JamMail)
+ NOT-FOR-US: JamMail
CAN-2005-1958
NOTE: rejected
NOTE: see CAN-2005-1855
CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...)
- NOTE: not-for-us (File Upload Manager)
+ NOT-FOR-US: File Upload Manager
CAN-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
- NOTE: not-for-us (File Upload Manager)
+ NOT-FOR-US: File Upload Manager
CAN-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
- NOTE: not-for-us (singapore)
+ NOT-FOR-US: singapore
CAN-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (singapore)
+ NOT-FOR-US: singapore
CAN-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...)
- NOTE: not-for-us (Pico Server)
+ NOT-FOR-US: Pico Server
CAN-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...)
- NOTE: not-for-us (Pico Server)
+ NOT-FOR-US: Pico Server
CAN-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (Webhints)
+ NOT-FOR-US: Webhints
CAN-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...)
- NOTE: not-for-us (Invision Gallery)
+ NOT-FOR-US: Invision Gallery
CAN-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...)
- NOTE: not-for-us (Invision Gallery)
+ NOT-FOR-US: Invision Gallery
CAN-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...)
- NOTE: not-for-us (Invision Blog)
+ NOT-FOR-US: Invision Blog
CAN-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...)
- NOTE: not-for-us (Invision Blog)
+ NOT-FOR-US: Invision Blog
CAN-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...)
- NOTE: not-for-us (xmysqladmin)
+ NOT-FOR-US: xmysqladmin
CAN-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...)
- NOTE: not-for-us (Loki download manager)
+ NOT-FOR-US: Loki download manager
CAN-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...)
- NOTE: not-for-us (Cisco hardware issue)
+ NOT-FOR-US: Cisco hardware issue
CAN-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...)
- NOTE: not-for-us (SilverCity)
+ NOT-FOR-US: SilverCity
CAN-2005-1940
NOTE: reserved
CAN-2005-1939
@@ -4473,13 +4473,13 @@
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge1 (medium)
CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...)
- NOTE: not-for-us (Xerox hardware issue)
+ NOT-FOR-US: Xerox hardware issue
CAN-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
{DSA-734-1}
- gaim 1:1.3.1-1 (low)
@@ -4520,13 +4520,13 @@
CAN-2005-1918
NOTE: reserved
CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
- NOTE: not-for-us (kpopper)
+ NOT-FOR-US: kpopper
NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one
CAN-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...)
{DSA-760-1 DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
CAN-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...)
- NOTE: not-for-us (log4sh)
+ NOT-FOR-US: log4sh
CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...)
{DSA-754-1 DTSA-2-1}
- centericq 4.20.0-7 (medium)
@@ -4539,99 +4539,99 @@
CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
- leafnode 1.11.3.rel-1 (low)
CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
- NOTE: not-for-us (WWWeb Concepts Events System)
+ NOT-FOR-US: WWWeb Concepts Events System
CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...)
- NOTE: not-for-us (602LAN SUITE)
+ NOT-FOR-US: 602LAN SUITE
CAN-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...)
- NOTE: not-for-us (Perception LiteWeb)
+ NOT-FOR-US: Perception LiteWeb
CAN-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...)
- NOTE: not-for-us (livingmailing)
+ NOT-FOR-US: livingmailing
CAN-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...)
- NOTE: not-for-us (Kaspersky)
+ NOT-FOR-US: Kaspersky
CAN-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...)
- NOTE: not-for-us (JiRo's Upload Systems)
+ NOT-FOR-US: JiRo's Upload Systems
CAN-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...)
- NOTE: not-for-us (SPA-PRO Mail)
+ NOT-FOR-US: SPA-PRO Mail
CAN-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...)
- NOTE: not-for-us (SPA-PRO Mail)
+ NOT-FOR-US: SPA-PRO Mail
CAN-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...)
- NOTE: not-for-us (Sawmill)
+ NOT-FOR-US: Sawmill
CAN-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...)
- NOTE: not-for-us (Sawmill)
+ NOT-FOR-US: Sawmill
CAN-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...)
- NOTE: not-for-us (RakNet)
+ NOT-FOR-US: RakNet
CAN-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...)
- NOTE: not-for-us (phpThumb)
+ NOT-FOR-US: phpThumb
CAN-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...)
- NOTE: not-for-us (FlexCast)
+ NOT-FOR-US: FlexCast
CAN-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...)
- NOTE: not-for-us (Mortiforo)
+ NOT-FOR-US: Mortiforo
CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...)
- mediawiki <itp> (bug #276057)
CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...)
- NOTE: not-for-us (everybuddy)
+ NOT-FOR-US: everybuddy
CAN-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...)
- NOTE: not-for-us (LutelWall)
+ NOT-FOR-US: LutelWall
CAN-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...)
- NOTE: not-for-us (GIPTables)
+ NOT-FOR-US: GIPTables
CAN-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...)
- NOTE: not-for-us (Lpanel)
+ NOT-FOR-US: Lpanel
CAN-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...)
- NOTE: not-for-us (Exhibit Engine)
+ NOT-FOR-US: Exhibit Engine
CAN-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...)
- NOTE: not-for-us (Dzip)
+ NOT-FOR-US: Dzip
CAN-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...)
- NOTE: not-for-us (Crob)
+ NOT-FOR-US: Crob
CAN-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...)
- NOTE: not-for-us (WebSphere)
+ NOT-FOR-US: WebSphere
CAN-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...)
- drupal 4.5.3-1
CAN-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...)
- NOTE: not-for-us (Popper)
+ NOT-FOR-US: Popper
CAN-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...)
- NOTE: not-for-us (MWChat)
+ NOT-FOR-US: MWChat
CAN-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...)
- NOTE: not-for-us (I-Man)
+ NOT-FOR-US: I-Man
CAN-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...)
- NOTE: not-for-us (Calendarix)
+ NOT-FOR-US: Calendarix
CAN-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...)
- NOTE: not-for-us (Calendarix)
+ NOT-FOR-US: Calendarix
CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...)
- NOTE: not-for-us (Calendarix)
+ NOT-FOR-US: Calendarix
CAN-2003-1218
NOTE: reserved
CAN-2003-1217
@@ -4645,7 +4645,7 @@
CAN-2005-1860
NOTE: reserved
CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
- NOTE: not-for-us (arshell)
+ NOT-FOR-US: arshell
CAN-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...)
{DSA-786-1}
CAN-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...)
@@ -4679,19 +4679,19 @@
{DSA-750-1}
- dhcpcd 1:1.3.22pl4-22 (medium)
CAN-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...)
- NOTE: not-for-us (YaMT)
+ NOT-FOR-US: YaMT
CAN-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...)
- NOTE: not-for-us (YaMT)
+ NOT-FOR-US: YaMT
CAN-2005-1845
NOTE: reserved
CAN-2005-1844
NOTE: reserved
CAN-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...)
- NOTE: not-for-us (acroread)
+ NOT-FOR-US: acroread
CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...)
{DSA-744-1}
- fuse 2.3.0-1
@@ -4705,150 +4705,150 @@
NOTE: could be used to compromise program somehow
NOTE: that is not covered by the CAN though due to vagueness
CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
- NOTE: not-for-us (phpCMS)
+ NOT-FOR-US: phpCMS
CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
- NOTE: not-for-us (Liberum)
+ NOT-FOR-US: Liberum
CAN-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...)
- NOTE: not-for-us (Liberum)
+ NOT-FOR-US: Liberum
CAN-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...)
- NOTE: not-for-us (Fortinet firewall)
+ NOT-FOR-US: Fortinet firewall
CAN-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (NEXTWEB)
+ NOT-FOR-US: NEXTWEB
CAN-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...)
- NOTE: not-for-us (NEXTWEB)
+ NOT-FOR-US: NEXTWEB
CAN-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...)
- NOTE: not-for-us (NEXTWEB)
+ NOT-FOR-US: NEXTWEB
CAN-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...)
NOTE: Unreproducable by SuSE security team, sudo contains code to circumvent such
NOTE: behaviour, seems like a broken PAM setup on the submitter's side
CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...)
- NOTE: not-for-us (SoftICE)
+ NOT-FOR-US: SoftICE
CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...)
- NOTE: not-for-us (D-Link hardware issue)
+ NOT-FOR-US: D-Link hardware issue
CAN-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...)
- NOTE: not-for-us (D-Link hardware issue)
+ NOT-FOR-US: D-Link hardware issue
CAN-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...)
- NOTE: not-for-us (HP Radia)
+ NOT-FOR-US: HP Radia
CAN-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...)
- NOTE: not-for-us (HP Radia)
+ NOT-FOR-US: HP Radia
CAN-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...)
- mailutils 1:0.6.1-2
CAN-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...)
- NOTE: not-for-us (Qualiteam X-Cart)
+ NOT-FOR-US: Qualiteam X-Cart
CAN-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...)
- NOTE: not-for-us (Qualiteam X-Cart)
+ NOT-FOR-US: Qualiteam X-Cart
CAN-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in ...)
- NOTE: not-for-us (PowerDownload)
+ NOT-FOR-US: PowerDownload
CAN-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...)
- NOTE: not-for-us (Zeroboard)
+ NOT-FOR-US: Zeroboard
CAN-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...)
- NOTE: not-for-us (NikoSoft WebMail)
+ NOT-FOR-US: NikoSoft WebMail
CAN-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...)
- NOTE: not-for-us (NewLife Blogger)
+ NOT-FOR-US: NewLife Blogger
CAN-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...)
- NOTE: not-for-us (Hummingbird Connectivity)
+ NOT-FOR-US: Hummingbird Connectivity
CAN-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...)
- NOTE: not-for-us (PicoWebServer)
+ NOT-FOR-US: PicoWebServer
CAN-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...)
- NOTE: not-for-us (FutureSoft TFTP Server)
+ NOT-FOR-US: FutureSoft TFTP Server
CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...)
- NOTE: not-for-us (FutureSoft TFTP Server)
+ NOT-FOR-US: FutureSoft TFTP Server
CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...)
NOTE: Not in Sarge
- wordpress 1.5.1.2-1
CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Sony hardware issue)
+ NOT-FOR-US: Sony hardware issue
CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...)
- NOTE: not-for-us (Stronghold game)
+ NOT-FOR-US: Stronghold game
CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...)
- NOTE: not-for-us (PHPMailer)
+ NOT-FOR-US: PHPMailer
CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...)
- NOTE: not-for-us (PeerCast)
+ NOT-FOR-US: PeerCast
CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...)
- NOTE: not-for-us (Online Solutions for Educators)
+ NOT-FOR-US: Online Solutions for Educators
CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...)
- NOTE: not-for-us (Net Portal Dynamic System)
+ NOT-FOR-US: Net Portal Dynamic System
CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
- NOTE: not-for-us (Net Portal Dynamic System)
+ NOT-FOR-US: Net Portal Dynamic System
CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...)
- NOTE: not-for-us (Nortel hardware)
+ NOT-FOR-US: Nortel hardware
CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...)
- NOTE: not-for-us (Nokia hardware)
+ NOT-FOR-US: Nokia hardware
CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...)
- NOTE: not-for-us (Jaws glossary gadget)
+ NOT-FOR-US: Jaws glossary gadget
CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...)
- NOTE: not-for-us (FreeStyle Wiki)
+ NOT-FOR-US: FreeStyle Wiki
CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...)
- NOTE: not-for-us (ServersCheck)
+ NOT-FOR-US: ServersCheck
CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
NOTE: Cryptographic attack on AES, cannot be fixed
CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
{DSA-749-1}
- ettercap 1:0.7.1-1.1
CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
- NOTE: not-for-us (ClamAV on Mac OS X)
+ NOT-FOR-US: ClamAV on Mac OS X
CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...)
- NOTE: not-for-us (India Software Solution shopping cart)
+ NOT-FOR-US: India Software Solution shopping cart
CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...)
- NOTE: not-for-us (phpStat)
+ NOT-FOR-US: phpStat
CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...)
- NOTE: not-for-us (FunkyASP)
+ NOT-FOR-US: FunkyASP
CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...)
- NOTE: not-for-us (ZonGG)
+ NOT-FOR-US: ZonGG
CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...)
- NOTE: not-for-us (BookReview)
+ NOT-FOR-US: BookReview
CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...)
- NOTE: not-for-us (BookReview)
+ NOT-FOR-US: BookReview
CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...)
- NOTE: not-for-us (Active News Manager)
+ NOT-FOR-US: Active News Manager
CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...)
- NOTE: not-for-us (C'Nedra)
+ NOT-FOR-US: C'Nedra
CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...)
- NOTE: not-for-us (Terminator game)
+ NOT-FOR-US: Terminator game
CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...)
- davfs2 0.2.4-1 (bug #310757; medium)
CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...)
- NOTE: not-for-us (Listserv)
+ NOT-FOR-US: Listserv
CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...)
- NOTE: not-for-us (Terminator game)
+ NOT-FOR-US: Terminator game
CAN-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
- NOTE: not-for-us (Avast)
+ NOT-FOR-US: Avast
CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
{DSA-756-1}
- squirrelmail 2:1.4.4-6 (bug #314374; medium)
@@ -4888,18 +4888,18 @@
- kernel-source-2.6.8 2.6.8-17
- kernel-source-2.4.27 <unfixed> (low)
CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
- NOTE: not-for-us (sysreport)
+ NOT-FOR-US: sysreport
CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
- shtool 2.0.1-2 (low)
- mysql-ocaml 1.0.3-6 (low)
- php4 4:4.4.0-1 (low)
NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and CAN-2005-1751
CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
{DSA-789-1 DTSA-15-1}
- shtool 2.0.1-2 (low)
@@ -4913,98 +4913,98 @@
NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies
TODO: check, whether this still applies
CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...)
- NOTE: not-for-us (CVSup third party modules)
+ NOT-FOR-US: CVSup third party modules
CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...)
- NOTE: not-for-us (PJ CGI Nero)
+ NOT-FOR-US: PJ CGI Nero
CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...)
- NOTE: not-for-us (Informix Dynamic Server)
+ NOT-FOR-US: Informix Dynamic Server
CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...)
- phpbb2 2.0.6d-2
CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (SurfNOW)
+ NOT-FOR-US: SurfNOW
CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...)
- NOTE: not-for-us (WebWeaver)
+ NOT-FOR-US: WebWeaver
CAN-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...)
- NOTE: not-for-us (Web Blog)
+ NOT-FOR-US: Web Blog
CAN-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...)
- NOTE: not-for-us (BlackICE)
+ NOT-FOR-US: BlackICE
CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...)
- NOTE: not-for-us (BlackICE)
+ NOT-FOR-US: BlackICE
CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...)
- gallery 1.4.4-pl1-1
CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...)
- NOTE: not-for-us (Nextplace)
+ NOT-FOR-US: Nextplace
CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...)
- NOTE: not-for-us (Intra Forum)
+ NOT-FOR-US: Intra Forum
CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...)
- NOTE: not-for-us (Borland Web Server)
+ NOT-FOR-US: Borland Web Server
CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Reptile Web Server)
+ NOT-FOR-US: Reptile Web Server
CAN-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...)
- NOTE: not-for-us (Tiny Server)
+ NOT-FOR-US: Tiny Server
CAN-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Tiny Server)
+ NOT-FOR-US: Tiny Server
CAN-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Tiny Server)
+ NOT-FOR-US: Tiny Server
CAN-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...)
- NOTE: not-for-us (Tiny Server)
+ NOT-FOR-US: Tiny Server
CAN-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...)
- NOTE: not-for-us (ProxyNow!)
+ NOT-FOR-US: ProxyNow!
CAN-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...)
- NOTE: not-for-us (BremsServer)
+ NOT-FOR-US: BremsServer
CAN-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...)
- NOTE: not-for-us (BremsServer)
+ NOT-FOR-US: BremsServer
CAN-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...)
- NOTE: not-for-us (Serv-U FTP Server)
+ NOT-FOR-US: Serv-U FTP Server
CAN-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- NOTE: not-for-us (Q-Shop)
+ NOT-FOR-US: Q-Shop
CAN-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...)
- NOTE: not-for-us (Q-Shop)
+ NOT-FOR-US: Q-Shop
CAN-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...)
- NOTE: not-for-us (Finjan SurfinGate)
+ NOT-FOR-US: Finjan SurfinGate
CAN-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...)
- NOTE: not-for-us (Freesco)
+ NOT-FOR-US: Freesco
CAN-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...)
- NOTE: not-for-us (GeoHttpServer)
+ NOT-FOR-US: GeoHttpServer
CAN-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...)
- NOTE: not-for-us (GeoHttpServer)
+ NOT-FOR-US: GeoHttpServer
CAN-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...)
- NOTE: not-for-us (Need for Speed game)
+ NOT-FOR-US: Need for Speed game
CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...)
- NOTE: not-for-us (Banner engine)
+ NOT-FOR-US: Banner engine
CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...)
NOTE: fvwm: uses mktemp
NOTE: fvwm-gnome: same as fvwm
NOTE: x-base-clients: x11perfcomp uses mkdir atomically
NOTE: lvm10: does not contain lvmcreate_initrd
CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...)
- NOTE: not-for-us (Mephistoles)
+ NOT-FOR-US: Mephistoles
CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...)
- honeyd 0.8-1
CAN-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...)
- NOTE: not-for-us (WebcamXP)
+ NOT-FOR-US: WebcamXP
CAN-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...)
- phpbb2 2.0.8a-1
CAN-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...)
- phpbb2 2.0.8a-1
CAN-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...)
- NOTE: not-for-us (Yahoo Messenger)
+ NOT-FOR-US: Yahoo Messenger
CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...)
- NOTE: not-for-us (Yahoo Messenger)
+ NOT-FOR-US: Yahoo Messenger
CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
- moodle 1.4.4.dfsg.1-3
CAN-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
@@ -5019,94 +5019,94 @@
CAN-2005-XXXX [xile buffer overrun in terminal code]
- zile 2.0.4-2
CAN-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...)
- NOTE: not-for-us (ezwdc NewsletterEz)
+ NOT-FOR-US: ezwdc NewsletterEz
CAN-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...)
- NOTE: not-for-us (Halo)
+ NOT-FOR-US: Halo
CAN-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...)
NOTE: fixproc not installed in Debian package
CAN-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...)
- imagemagick 6:6.0.6.2-2.4
CAN-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...)
- NOTE: not-for-us (Iron Bars Shell)
+ NOT-FOR-US: Iron Bars Shell
CAN-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized ...)
- NOTE: not-for-us (PROMS)
+ NOT-FOR-US: PROMS
CAN-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights," ...)
- NOTE: not-for-us (PROMS)
+ NOT-FOR-US: PROMS
CAN-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...)
- NOTE: not-for-us (PROMS)
+ NOT-FOR-US: PROMS
CAN-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...)
- NOTE: not-for-us (PROMS)
+ NOT-FOR-US: PROMS
CAN-2005-1733 (Cookie Cart stores the password file under the web document root with ...)
- NOTE: not-for-us (Cookie Cart)
+ NOT-FOR-US: Cookie Cart
CAN-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...)
- NOTE: not-for-us (Cookie Cart)
+ NOT-FOR-US: Cookie Cart
CAN-2005-1731
NOTE: reserved
CAN-2005-1730
NOTE: reserved
CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1726
NOTE: reserved
CAN-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...)
- NOTE: not-for-us (avast! antivirus)
+ NOT-FOR-US: avast! antivirus
CAN-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...)
- NOTE: not-for-us (War Times)
+ NOT-FOR-US: War Times
CAN-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...)
- NOTE: not-for-us (Zyxel hardware)
+ NOT-FOR-US: Zyxel hardware
CAN-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...)
- NOTE: not-for-us (TOPo)
+ NOT-FOR-US: TOPo
CAN-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...)
- NOTE: not-for-us (TOPo)
+ NOT-FOR-US: TOPo
CAN-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...)
- NOTE: not-for-us (SurgeMail)
+ NOT-FOR-US: SurgeMail
CAN-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...)
- NOTE: not-for-us (Gibraltar Firewall)
+ NOT-FOR-US: Gibraltar Firewall
TODO: check, whether gibraltar-bootcd is in any way related/affected
CAN-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...)
- NOTE: not-for-us (Blue Coat)
+ NOT-FOR-US: Blue Coat
CAN-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...)
- NOTE: not-for-us (Blue Coat)
+ NOT-FOR-US: Blue Coat
CAN-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...)
- NOTE: not-for-us (Blue Coat)
+ NOT-FOR-US: Blue Coat
CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...)
- NOTE: not-for-us (Gentoo)
+ NOT-FOR-US: Gentoo
CAN-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...)
- mailscanner <unfixed> (bug #310774; low)
CAN-2005-1705 (gdb before 6.3 searches the current working directory to load the ...)
@@ -5114,31 +5114,31 @@
CAN-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...)
- gdb 6.3-6
CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...)
- NOTE: not-for-us (Warrior Kings: Battles)
+ NOT-FOR-US: Warrior Kings: Battles
CAN-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
- NOTE: not-for-us (Warrior Kings: Battles)
+ NOT-FOR-US: Warrior Kings: Battles
CAN-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...)
- NOTE: not-for-us (PortailPHP)
+ NOT-FOR-US: PortailPHP
CAN-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
- NOTE: not-for-us (CA Antivirus)
+ NOT-FOR-US: CA Antivirus
CAN-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...)
- gxine 0.4.7-0.1 (bug #310712; medium)
CAN-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2005-1690
NOTE: rejected
CAN-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT ...)
@@ -5155,145 +5155,145 @@
NOTE: Only exploitable under rare circumstances
- gedit 2.10.3-1 (low)
CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
- NOTE: not-for-us (episodex)
+ NOT-FOR-US: episodex
CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...)
- NOTE: not-for-us (episodex)
+ NOT-FOR-US: episodex
CAN-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...)
- NOTE: not-for-us (Solstice Internet Mail Server)
+ NOT-FOR-US: Solstice Internet Mail Server
CAN-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM 1.21, ...)
- NOTE: not-for-us (phpATM)
+ NOT-FOR-US: phpATM
CAN-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
- NOTE: not-for-us (D-Link hardware)
+ NOT-FOR-US: D-Link hardware
CAN-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
- picasm 1.12c-1
CAN-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
- NOTE: not-for-us (Groove)
+ NOT-FOR-US: Groove
CAN-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...)
- NOTE: not-for-us (Groove)
+ NOT-FOR-US: Groove
CAN-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...)
- NOTE: not-for-us (Groove)
+ NOT-FOR-US: Groove
CAN-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
- NOTE: not-for-us (Groove)
+ NOT-FOR-US: Groove
CAN-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...)
- NOTE: not-for-us (Help Center Live)
+ NOT-FOR-US: Help Center Live
CAN-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...)
- NOTE: not-for-us (Help Center Live)
+ NOT-FOR-US: Help Center Live
CAN-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...)
- NOTE: not-for-us (Help Center Live)
+ NOT-FOR-US: Help Center Live
CAN-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...)
- NOTE: not-for-us (Yahoo Messenger)
+ NOT-FOR-US: Yahoo Messenger
CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
- NOTE: not-for-us (Extreme BlackDiamond hardware)
+ NOT-FOR-US: Extreme BlackDiamond hardware
CAN-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
- NOTE: not-for-us (YusASP Web Asset Manager)
+ NOT-FOR-US: YusASP Web Asset Manager
CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
- NOTE: not-for-us (DataTrac Activity Console)
+ NOT-FOR-US: DataTrac Activity Console
CAN-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...)
- NOTE: not-for-us (Orenosv)
+ NOT-FOR-US: Orenosv
CAN-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...)
- NOTE: not-for-us (Jeuce Personal Web Server)
+ NOT-FOR-US: Jeuce Personal Web Server
CAN-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...)
- NOTE: not-for-us (Jeuce Personal Web Server)
+ NOT-FOR-US: Jeuce Personal Web Server
CAN-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...)
- NOTE: not-for-us (Jeuce Personal Web Server)
+ NOT-FOR-US: Jeuce Personal Web Server
CAN-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...)
- NOTE: not-for-us (EZGuestbook)
+ NOT-FOR-US: EZGuestbook
CAN-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...)
- NOTE: not-for-us (MyServer)
+ NOT-FOR-US: MyServer
CAN-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...)
- NOTE: not-for-us (MyServer)
+ NOT-FOR-US: MyServer
CAN-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...)
- NOTE: not-for-us (Mercur Messaging)
+ NOT-FOR-US: Mercur Messaging
CAN-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...)
- NOTE: not-for-us (Mercur Messaging)
+ NOT-FOR-US: Mercur Messaging
CAN-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...)
- rsync 2.6.1-1
CAN-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...)
- NOTE: not-for-us (InoculateIT)
+ NOT-FOR-US: InoculateIT
CAN-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Matrix FTP Server)
+ NOT-FOR-US: Matrix FTP Server
CAN-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...)
- NOTE: not-for-us (Sophos)
+ NOT-FOR-US: Sophos
CAN-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...)
- NOTE: not-for-us (SandSurfer)
+ NOT-FOR-US: SandSurfer
CAN-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...)
- NOTE: not-for-us (Sambar)
+ NOT-FOR-US: Sambar
CAN-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...)
- NOTE: not-for-us (phpcodeCabinet)
+ NOT-FOR-US: phpcodeCabinet
CAN-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...)
- NOTE: not-for-us (JShop)
+ NOT-FOR-US: JShop
CAN-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...)
- NOTE: not-for-us (Sami FTP Server)
+ NOT-FOR-US: Sami FTP Server
CAN-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...)
- NOTE: not-for-us (Sami FTP Server)
+ NOT-FOR-US: Sami FTP Server
CAN-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...)
- NOTE: not-for-us (Red-Alert)
+ NOT-FOR-US: Red-Alert
CAN-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...)
- NOTE: not-for-us (Red-Alert)
+ NOT-FOR-US: Red-Alert
CAN-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...)
- NOTE: not-for-us (Red-Alert)
+ NOT-FOR-US: Red-Alert
CAN-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...)
- NOTE: not-for-us (Nadeo)
+ NOT-FOR-US: Nadeo
CAN-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...)
- NOTE: not-for-us (Jelsoft Bulletin)
+ NOT-FOR-US: Jelsoft Bulletin
CAN-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Sophos)
+ NOT-FOR-US: Sophos
CAN-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...)
- NOTE: not-for-us (Dream FTP)
+ NOT-FOR-US: Dream FTP
CAN-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...)
- kernel-patch-vserver 1.9.4-1
CAN-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...)
- NOTE: not-for-us (Macallan)
+ NOT-FOR-US: Macallan
CAN-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...)
- NOTE: not-for-us (VisualShapers)
+ NOT-FOR-US: VisualShapers
CAN-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...)
- NOTE: not-for-us (Monkey)
+ NOT-FOR-US: Monkey
CAN-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...)
- NOTE: not-for-us (Crob)
+ NOT-FOR-US: Crob
CAN-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...)
- NOTE: not-for-us (Crob)
+ NOT-FOR-US: Crob
CAN-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...)
- NOTE: not-for-us (Crob)
+ NOT-FOR-US: Crob
CAN-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...)
- NOTE: not-for-us (Monkey)
+ NOT-FOR-US: Monkey
CAN-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...)
- NOTE: not-for-us (Caucho Technology Resin)
+ NOT-FOR-US: Caucho Technology Resin
CAN-2005-XXXX [Two DoS condition in ekg]
- ekg 1:1.5+20050411-3
CAN-2005-XXXX [lcrash affected by libbfd integer overflows]
@@ -5301,142 +5301,142 @@
CAN-2005-XXXX [Multiple security problems in lbreakout2]
- lbreakout2 2.5.2-2
CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...)
- NOTE: not-for-us (Woppoware)
+ NOT-FOR-US: Woppoware
CAN-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...)
- NOTE: not-for-us (Woppoware)
+ NOT-FOR-US: Woppoware
CAN-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...)
- NOTE: not-for-us (Woppoware)
+ NOT-FOR-US: Woppoware
CAN-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...)
- NOTE: not-for-us (Woppoware)
+ NOT-FOR-US: Woppoware
CAN-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...)
- NOTE: not-for-us (GASoft)
+ NOT-FOR-US: GASoft
CAN-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...)
- NOTE: not-for-us (GASoft)
+ NOT-FOR-US: GASoft
CAN-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...)
- NOTE: not-for-us (Fastream NETFile)
+ NOT-FOR-US: Fastream NETFile
CAN-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...)
- NOTE: not-for-us (Keyvan1 Gallery)
+ NOT-FOR-US: Keyvan1 Gallery
CAN-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...)
- NOTE: not-for-us (Livre d'Or)
+ NOT-FOR-US: Livre d'Or
CAN-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...)
- NOTE: not-for-us (Zoidcom)
+ NOT-FOR-US: Zoidcom
CAN-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...)
- NOTE: not-for-us (Woltlab Burning Board)
+ NOT-FOR-US: Woltlab Burning Board
CAN-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...)
- NOTE: not-for-us (Ignition Project)
+ NOT-FOR-US: Ignition Project
CAN-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...)
- NOTE: not-for-us (Ignition Project)
+ NOT-FOR-US: Ignition Project
CAN-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...)
- NOTE: not-for-us (Sigma)
+ NOT-FOR-US: Sigma
CAN-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...)
- NOTE: not-for-us (SafeHTML)
+ NOT-FOR-US: SafeHTML
CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
- NOTE: not-for-us (NPDS)
+ NOT-FOR-US: NPDS
CAN-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...)
{DSA-783-1}
- mysql-dfsg 4.0.12-2 (bug #319526; low)
CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
- NOTE: not-for-us (JGS-Portal)
+ NOT-FOR-US: JGS-Portal
CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...)
- NOTE: not-for-us (JGS-Portal)
+ NOT-FOR-US: JGS-Portal
CAN-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...)
- NOTE: not-for-us (JGS-Portal)
+ NOT-FOR-US: JGS-Portal
CAN-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...)
- cheetah 0.9.16-1
NOTE: testing approval is waiting on verification that the fix works.
NOTE: see http://lists.debian.org/debian-release/2005/05/msg01428.html
CAN-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...)
- NOTE: not-for-us (Booby)
+ NOT-FOR-US: Booby
CAN-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...)
- NOTE: not-for-us (phpbb attachment mod)
+ NOT-FOR-US: phpbb attachment mod
CAN-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
- NOTE: not-for-us (Photopost)
+ NOT-FOR-US: Photopost
CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...)
- NOTE: not-for-us (WebAPP)
+ NOT-FOR-US: WebAPP
CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...)
NOTE: The 1.x version in Sarge and sid is not vulnerable
CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
- NOTE: not-for-us (Pico Server)
+ NOT-FOR-US: Pico Server
CAN-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...)
- NOTE: not-for-us (Acrobat Reader)
+ NOT-FOR-US: Acrobat Reader
CAN-2005-1624
NOTE: reserved
CAN-2005-1623
NOTE: reserved
CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...)
- NOTE: not-for-us (MetaCart)
+ NOT-FOR-US: MetaCart
CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...)
- NOTE: not-for-us (Postnuke mod)
+ NOT-FOR-US: Postnuke mod
CAN-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...)
- NOTE: not-for-us (Skull-Splitter Guestbook)
+ NOT-FOR-US: Skull-Splitter Guestbook
CAN-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...)
- NOTE: not-for-us (PHPMyChat)
+ NOT-FOR-US: PHPMyChat
CAN-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...)
- NOTE: not-for-us (Yahoo Messenger)
+ NOT-FOR-US: Yahoo Messenger
CAN-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...)
- NOTE: not-for-us (Willings WebCAM)
+ NOT-FOR-US: Willings WebCAM
CAN-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...)
- NOTE: not-for-us (Web Crossing)
+ NOT-FOR-US: Web Crossing
CAN-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...)
- NOTE: not-for-us (Tru-Zone NukeET)
+ NOT-FOR-US: Tru-Zone NukeET
CAN-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...)
- NOTE: not-for-us (Sun StorEdge 6130 Arrays)
+ NOT-FOR-US: Sun StorEdge 6130 Arrays
CAN-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...)
- NOTE: not-for-us (Spidean AutoTheme 1.7 and AT-Lite for PostNuke)
+ NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke
CAN-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...)
- NOTE: not-for-us (Remote Cart)
+ NOT-FOR-US: Remote Cart
CAN-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...)
- NOTE: not-for-us (H-Sphere Winbox)
+ NOT-FOR-US: H-Sphere Winbox
CAN-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...)
- NOTE: not-for-us (guestbook for SiteStudio)
+ NOT-FOR-US: guestbook for SiteStudio
CAN-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...)
- NOTE: not-for-us (phpATM)
+ NOT-FOR-US: phpATM
CAN-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...)
- NOTE: not-for-us ( NiteEnterprises Remote File Manager)
+ NOT-FOR-US: NiteEnterprises Remote File Manager
CAN-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...)
- NOTE: not-for-us (Net56 Browser Based File Manager)
+ NOT-FOR-US: Net56 Browser Based File Manager
CAN-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...)
- NOTE: not-for-us ( MRO Maximo Self Service)
+ NOT-FOR-US: MRO Maximo Self Service
CAN-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature ...)
- NOTE: not-for-us (LibTomCrypt)
+ NOT-FOR-US: LibTomCrypt
CAN-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...)
- NOTE: not-for-us (Kryloff Technologies Subject Search Server)
+ NOT-FOR-US: Kryloff Technologies Subject Search Server
CAN-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...)
- NOTE: not-for-us (Fusion SBX)
+ NOT-FOR-US: Fusion SBX
CAN-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...)
- NOTE: not-for-us (CodeThat ShoppingCart)
+ NOT-FOR-US: CodeThat ShoppingCart
CAN-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...)
- NOTE: not-for-us (CodeThat ShoppingCart)
+ NOT-FOR-US: CodeThat ShoppingCart
CAN-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...)
- NOTE: not-for-us (CodeThat ShoppingCart)
+ NOT-FOR-US: CodeThat ShoppingCart
CAN-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before ...)
- NOTE: not-for-us (BirdBlog)
+ NOT-FOR-US: BirdBlog
CAN-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...)
- NOTE: not-for-us (Altiris Client Service for Windows)
+ NOT-FOR-US: Altiris Client Service for Windows
CAN-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...)
- NOTE: not-for-us (Altiris Client Service for Windows)
+ NOT-FOR-US: Altiris Client Service for Windows
CAN-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...)
- NOTE: not-for-us (LedForums)
+ NOT-FOR-US: LedForums
CAN-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (HTTP Commander)
+ NOT-FOR-US: HTTP Commander
CAN-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
- clamav 0.85.1-1
CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
@@ -5447,51 +5447,51 @@
NOTE: According to Horms from kernel team 2.6.8 not affected
- kernel-source-2.6.11 2.6.11-5
CAN-2005-1588 (** DISPUTED ** ...)
- NOTE: not-for-us (Quick.cart)
+ NOT-FOR-US: Quick.cart
CAN-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...)
- NOTE: not-for-us (Quick.cart)
+ NOT-FOR-US: Quick.cart
CAN-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...)
- NOTE: not-for-us (Quick.Forum)
+ NOT-FOR-US: Quick.Forum
CAN-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...)
- NOTE: not-for-us (Quick.Forum)
+ NOT-FOR-US: Quick.Forum
CAN-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...)
- NOTE: not-for-us (Quick.Forum)
+ NOT-FOR-US: Quick.Forum
CAN-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...)
- NOTE: not-for-us (1Two News)
+ NOT-FOR-US: 1Two News
CAN-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...)
- NOTE: not-for-us (1Two News)
+ NOT-FOR-US: 1Two News
CAN-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...)
- NOTE: not-for-us (bug_list.php)
+ NOT-FOR-US: bug_list.php
CAN-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...)
- NOTE: not-for-us (BoastMachine)
+ NOT-FOR-US: BoastMachine
CAN-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...)
- NOTE: not-for-us (EnCase)
+ NOT-FOR-US: EnCase
CAN-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...)
- NOTE: not-for-us (APG Classmaster)
+ NOT-FOR-US: APG Classmaster
CAN-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
NOTE: appears windows specific
CAN-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
NOTE: appears windows specific
CAN-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...)
- NOTE: not-for-us (ASP Virtual News Manager)
+ NOT-FOR-US: ASP Virtual News Manager
CAN-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (ShowOff)
+ NOT-FOR-US: ShowOff
CAN-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...)
- NOTE: not-for-us (ShowOff)
+ NOT-FOR-US: ShowOff
CAN-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...)
NOTE: for-for-us (bttlxeForum)
CAN-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...)
- NOTE: not-for-us (DirectTopics)
+ NOT-FOR-US: DirectTopics
CAN-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...)
- NOTE: not-for-us (DirectTopics)
+ NOT-FOR-US: DirectTopics
CAN-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...)
- NOTE: not-for-us (DirectTopics)
+ NOT-FOR-US: DirectTopics
CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...)
- NOTE: not-for-us (Acrowave AAP-3100AR wireless router)
+ NOT-FOR-US: Acrowave AAP-3100AR wireless router
CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...)
- bugzilla 2.18-7 (medium)
NOTE: only affects sid
@@ -5500,37 +5500,37 @@
CAN-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...)
- bugzilla 2.16.7-7sarge1
CAN-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...)
- NOTE: not-for-us (Nexusway)
+ NOT-FOR-US: Nexusway
CAN-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...)
- NOTE: not-for-us (Nexusway)
+ NOT-FOR-US: Nexusway
CAN-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...)
- NOTE: not-for-us (Nexusway)
+ NOT-FOR-US: Nexusway
CAN-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...)
- NOTE: not-for-us (WebApp Guestbook PRO)
+ NOT-FOR-US: WebApp Guestbook PRO
CAN-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...)
- NOTE: not-for-us (Gamespy cd-key validation system)
+ NOT-FOR-US: Gamespy cd-key validation system
CAN-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...)
- NOTE: not-for-us (WowBB)
+ NOT-FOR-US: WowBB
CAN-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...)
- NOTE: not-for-us (GeoVision Digital Video Surveillance System)
+ NOT-FOR-US: GeoVision Digital Video Surveillance System
CAN-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...)
- NOTE: not-for-us (GeoVision Digital Video Surveillance System)
+ NOT-FOR-US: GeoVision Digital Video Surveillance System
CAN-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...)
- NOTE: not-for-us (Sophos Anti-Virus)
+ NOT-FOR-US: Sophos Anti-Virus
CAN-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...)
- NOTE: not-for-us (easy message board)
+ NOT-FOR-US: easy message board
CAN-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...)
- NOTE: not-for-us (easy message board)
+ NOT-FOR-US: easy message board
CAN-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...)
- NOTE: not-for-us (Advanced Guestbook)
+ NOT-FOR-US: Advanced Guestbook
CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...)
- NOTE: not-for-us (Bakbone Netvault)
+ NOT-FOR-US: Bakbone Netvault
CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...)
{DSA-743-1}
- ht 0.8.0-2
@@ -5543,7 +5543,7 @@
- tiff 3.7.2-3
NOTE: tiff3g not in testing
CAN-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...)
- NOTE: not-for-us (Novell Zenworks)
+ NOT-FOR-US: Novell Zenworks
CAN-2005-1542
NOTE: reserved
CAN-2005-1541
@@ -5573,7 +5573,7 @@
- mozilla-firefox 1.0.4
- mozilla 2:1.7.8
CAN-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, ...)
- NOTE: not-for-us (Sophos)
+ NOT-FOR-US: Sophos
CAN-2005-1529
NOTE: reserved
CAN-2005-1528
@@ -5605,9 +5605,9 @@
{DSA-751-1}
- squid 2.5.9-9
CAN-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-XXXX [Buffer overflow in libotr]
- libotr 2.0.2-1
CAN-2005-XXXX [vpnc: config file path security hole]
@@ -5626,77 +5626,77 @@
NOTE: Source package has been renamed from unrar to unrar-free
- unrar-free 1:0.0.1-2
CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...)
- NOTE: not-for-us (PwsPHP)
+ NOT-FOR-US: PwsPHP
CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)
- NOTE: not-for-us (PwsPHP)
+ NOT-FOR-US: PwsPHP
CAN-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (PwsPHP)
+ NOT-FOR-US: PwsPHP
CAN-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...)
- NOTE: not-for-us (PwsPHP)
+ NOT-FOR-US: PwsPHP
CAN-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...)
- NOTE: not-for-us (PwsPHP)
+ NOT-FOR-US: PwsPHP
CAN-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...)
- NOTE: not-for-us (WebSTAR)
+ NOT-FOR-US: WebSTAR
CAN-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...)
- NOTE: not-for-us (CJ Ultra Plus)
+ NOT-FOR-US: CJ Ultra Plus
CAN-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...)
- NOTE: not-for-us (GameSpy SDK CD-Key Validation Toolkit)
+ NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit
CAN-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...)
- NOTE: not-for-us (myBloggie)
+ NOT-FOR-US: myBloggie
CAN-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...)
- NOTE: not-for-us (myBloggie)
+ NOT-FOR-US: myBloggie
CAN-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...)
- NOTE: not-for-us (myBloggie)
+ NOT-FOR-US: myBloggie
CAN-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...)
- NOTE: not-for-us (myBloggie)
+ NOT-FOR-US: myBloggie
CAN-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...)
- NOTE: not-for-us (MegaBook)
+ NOT-FOR-US: MegaBook
CAN-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...)
- NOTE: not-for-us (SimpleCam)
+ NOT-FOR-US: SimpleCam
CAN-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...)
- NOTE: not-for-us (Gossamer Threads Links)
+ NOT-FOR-US: Gossamer Threads Links
CAN-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...)
- NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
+ NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CAN-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...)
- NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
+ NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CAN-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...)
- NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
+ NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CAN-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...)
- NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
+ NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CAN-2005-1487 (Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote ...)
- NOTE: not-for-us (FishCart)
+ NOT-FOR-US: FishCart
CAN-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...)
- NOTE: not-for-us (FishCart)
+ NOT-FOR-US: FishCart
CAN-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...)
- NOTE: not-for-us (Golden FTP Server Pro)
+ NOT-FOR-US: Golden FTP Server Pro
CAN-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...)
- NOTE: not-for-us (Golden FTP Server Pro)
+ NOT-FOR-US: Golden FTP Server Pro
CAN-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...)
- NOTE: not-for-us (ArticleLive)
+ NOT-FOR-US: ArticleLive
CAN-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...)
- NOTE: not-for-us (ArticleLive)
+ NOT-FOR-US: ArticleLive
CAN-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...)
- NOTE: not-for-us (ASP Inline Corporate Calendar)
+ NOT-FOR-US: ASP Inline Corporate Calendar
CAN-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...)
- NOTE: not-for-us (RaidenFTPD)
+ NOT-FOR-US: RaidenFTPD
CAN-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...)
- NOTE: not-for-us (JGS-Portal)
+ NOT-FOR-US: JGS-Portal
CAN-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...)
- NOTE: not-for-us (DMail)
+ NOT-FOR-US: DMail
CAN-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
- NOTE: not-for-us (DMail)
+ NOT-FOR-US: DMail
CAN-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
NOTE: not in testing
NOTE: non-free
@@ -5707,21 +5707,21 @@
CAN-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...)
- qmail-src 1.03-38
CAN-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4 allows ...)
- NOTE: not-for-us (JAWS)
+ NOT-FOR-US: JAWS
CAN-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...)
- NOTE: not-for-us (LinPHA)
+ NOT-FOR-US: LinPHA
CAN-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...)
- dansguardian 2.5.2-0-0.1
CAN-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and ealier ...)
- NOTE: not-for-us (lostBook)
+ NOT-FOR-US: lostBook
CAN-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...)
- NOTE: not-for-us (AntiBoard)
+ NOT-FOR-US: AntiBoard
CAN-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...)
- NOTE: not-for-us (AntiBoard)
+ NOT-FOR-US: AntiBoard
CAN-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...)
- NOTE: not-for-us (RiSearch)
+ NOT-FOR-US: RiSearch
CAN-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...)
- NOTE: not-for-us (ASPRunner)
+ NOT-FOR-US: ASPRunner
CAN-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...)
NOTE: not-for-us
CAN-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...)
@@ -5739,272 +5739,272 @@
CAN-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...)
NOTE: not-for-us
CAN-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php in ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...)
- icecast2 2.0.1.debian-1
CAN-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...)
- pound 1.7-1
CAN-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...)
- NOTE: not-for-us (various perls on Windows)
+ NOT-FOR-US: various perls on Windows
CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...)
- NOTE: not-for-us (php-nuke)
+ NOT-FOR-US: php-nuke
CAN-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...)
- NOTE: not-for-us (php-nuke)
+ NOT-FOR-US: php-nuke
CAN-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke 6.x ...)
- NOTE: not-for-us (php-nuke)
+ NOT-FOR-US: php-nuke
CAN-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...)
- NOTE: not-for-us (Turbo Traffic Trader C (TTT-C))
+ NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
CAN-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...)
- NOTE: not-for-us (netchat)
+ NOT-FOR-US: netchat
CAN-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
- NOTE: not-for-us (WebCT)
+ NOT-FOR-US: WebCT
CAN-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...)
- wget 1.9.1-12
CAN-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...)
NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok
CAN-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop 0.7.1 ...)
- NOTE: not-for-us (phpShop)
+ NOT-FOR-US: phpShop
CAN-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...)
- NOTE: not-for-us (NukeJokes)
+ NOT-FOR-US: NukeJokes
CAN-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...)
- NOTE: not-for-us (NukeJokes)
+ NOT-FOR-US: NukeJokes
CAN-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...)
- NOTE: not-for-us (NukeJokes)
+ NOT-FOR-US: NukeJokes
CAN-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone ...)
- NOTE: not-for-us (OfficeScan)
+ NOT-FOR-US: OfficeScan
CAN-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...)
- NOTE: not-for-us (SUSE Live CD)
+ NOT-FOR-US: SUSE Live CD
CAN-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...)
- NOTE: not-for-us (DeleGate)
+ NOT-FOR-US: DeleGate
CAN-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...)
- NOTE: not-for-us (Php-Nuke)
+ NOT-FOR-US: Php-Nuke
CAN-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...)
- NOTE: not-for-us (php-nuke)
+ NOT-FOR-US: php-nuke
CAN-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...)
- NOTE: not-for-us (kolab)
+ NOT-FOR-US: kolab
CAN-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
- NOTE: not-for-us (Simple Machines Forum)
+ NOT-FOR-US: Simple Machines Forum
CAN-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...)
- NOTE: not-for-us (FuseTalk)
+ NOT-FOR-US: FuseTalk
CAN-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...)
- NOTE: not-for-us (FuseTalk)
+ NOT-FOR-US: FuseTalk
CAN-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...)
- NOTE: not-for-us (omail)
+ NOT-FOR-US: omail
CAN-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...)
- NOTE: not-for-us (Serv-U)
+ NOT-FOR-US: Serv-U
CAN-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...)
- NOTE: not-for-us (aweb)
+ NOT-FOR-US: aweb
CAN-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...)
- NOTE: not-for-us (aweb)
+ NOT-FOR-US: aweb
CAN-2004-1989 (PHP remote code injection vulnerability in theme.php in Coppermine ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1988 (PHP remote code injection vulnerability in init.inc.php in Coppermine ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...)
NOTE: only affects pax for 2.6; kernel-patch-adamantix contains pax
NOTE: but only for 2.4.
CAN-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...)
- NOTE: not-for-us (Crystal Reports)
+ NOT-FOR-US: Crystal Reports
CAN-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...)
- NOTE: not-for-us (PROPS)
+ NOT-FOR-US: PROPS
CAN-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...)
- NOTE: not-for-us (PROPS)
+ NOT-FOR-US: PROPS
CAN-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...)
- moodle 1.3
CAN-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...)
- NOTE: not-for-us (3com NBX IP VOIP NetSet Configuration Manager)
+ NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager
CAN-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...)
- NOTE: not-for-us (SMC Barricade broadband router 7008ABR and 7004VBR)
+ NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR
CAN-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (DiGi Web Server)
+ NOT-FOR-US: DiGi Web Server
CAN-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...)
- NOTE: not-for-us (Samsung SmartEther SS6215Sswitch)
+ NOT-FOR-US: Samsung SmartEther SS6215Sswitch
CAN-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...)
- NOTE: not-for-us (Network Query Tool (NQT))
+ NOT-FOR-US: Network Query Tool (NQT)
CAN-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...)
- NOTE: not-for-us (Network Query Tool (NQT))
+ NOT-FOR-US: Network Query Tool (NQT)
CAN-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...)
- NOTE: not-for-us (Protector System)
+ NOT-FOR-US: Protector System
CAN-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...)
- NOTE: not-for-us (Protector System)
+ NOT-FOR-US: Protector System
CAN-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...)
- NOTE: not-for-us (Protector System)
+ NOT-FOR-US: Protector System
CAN-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...)
- NOTE: not-for-us (Protector System)
+ NOT-FOR-US: Protector System
CAN-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...)
- NOTE: not-for-us (Unreal engine)
+ NOT-FOR-US: Unreal engine
CAN-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...)
- NOTE: not-for-us (phProfession)
+ NOT-FOR-US: phProfession
CAN-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
- NOTE: not-for-us (phProfession)
+ NOT-FOR-US: phProfession
CAN-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...)
- NOTE: not-for-us (phProfession)
+ NOT-FOR-US: phProfession
CAN-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...)
- NOTE: not-for-us (Advanced Guestbook)
+ NOT-FOR-US: Advanced Guestbook
CAN-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...)
- xine-ui 0.99.1
CAN-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...)
- phpbb2 2.0.9
CAN-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...)
NOTE: nonsense, all command line passwords can be intercepted at least sometimes
CAN-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...)
- NOTE: not-for-us (bitdefender)
+ NOT-FOR-US: bitdefender
CAN-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...)
- cherokee 0.4.21b01-1
CAN-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...)
- NOTE: not-for-us (Kinesphere eXchange POP3 )
+ NOT-FOR-US: Kinesphere eXchange POP3
CAN-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2004-1943 (PHP remote code injection vulnerability in album_portal.php in phpBB ...)
- NOTE: not-for-us (phpbb as modified by przemo)
+ NOT-FOR-US: phpbb as modified by przemo
CAN-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...)
- NOTE: not-for-us (Fastream NETFile FTP/Web Server)
+ NOT-FOR-US: Fastream NETFile FTP/Web Server
CAN-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...)
- kphone 1:4.0.2
CAN-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...)
- NOTE: not-for-us (Zaep)
+ NOT-FOR-US: Zaep
CAN-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...)
- NOTE: not-for-us (Nuked-KlaN)
+ NOT-FOR-US: Nuked-KlaN
CAN-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...)
- NOTE: not-for-us (ZoneAlarm)
+ NOT-FOR-US: ZoneAlarm
CAN-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...)
- NOTE: not-for-us (SCT Campus Pipeline)
+ NOT-FOR-US: SCT Campus Pipeline
CAN-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel 3.50 ...)
- NOTE: not-for-us (Gemitel)
+ NOT-FOR-US: Gemitel
CAN-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...)
- NOTE: not-for-us (Citadel)
+ NOT-FOR-US: Citadel
CAN-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...)
- NOTE: not-for-us (PhpNuke)
+ NOT-FOR-US: PhpNuke
CAN-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...)
- NOTE: not-for-us (PhpNuke)
+ NOT-FOR-US: PhpNuke
CAN-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...)
- NOTE: not-for-us (PhpNuke)
+ NOT-FOR-US: PhpNuke
CAN-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" ...)
- NOTE: not-for-us (X-Micro WLAN 11b Broadband Router)
+ NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CAN-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...)
- NOTE: not-for-us (X-Micro WLAN 11b Broadband Router)
+ NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CAN-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...)
- NOTE: not-for-us (Crackalaka)
+ NOT-FOR-US: Crackalaka
CAN-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (rsniff)
+ NOT-FOR-US: rsniff
CAN-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...)
- lcdproc 0.4.5
CAN-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...)
@@ -6012,35 +6012,35 @@
CAN-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...)
- lcdproc 0.4.5
CAN-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...)
- NOTE: not-for-us (AzDGDatingLite)
+ NOT-FOR-US: AzDGDatingLite
CAN-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...)
- clamav 0.68.1
CAN-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...)
- NOTE: not-for-us (Mcafee FreeScan)
+ NOT-FOR-US: Mcafee FreeScan
CAN-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...)
- NOTE: not-for-us (Kerio Personal Firewall)
+ NOT-FOR-US: Kerio Personal Firewall
CAN-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Mcafee FreeScan)
+ NOT-FOR-US: Mcafee FreeScan
CAN-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
- NOTE: not-for-us (Panda ActiveScan)
+ NOT-FOR-US: Panda ActiveScan
CAN-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
- NOTE: not-for-us (Panda ActiveScan)
+ NOT-FOR-US: Panda ActiveScan
CAN-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...)
- NOTE: not-for-us (blaxxun)
+ NOT-FOR-US: blaxxun
CAN-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...)
- NOTE: not-for-us (Citrix MetaFrame Password Manager)
+ NOT-FOR-US: Citrix MetaFrame Password Manager
CAN-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...)
- NOTE: not-for-us (gentoo portage)
+ NOT-FOR-US: gentoo portage
CAN-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...)
- NOTE: not-for-us (IGI 2 Covert Strike server)
+ NOT-FOR-US: IGI 2 Covert Strike server
CAN-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...)
- monit 1:4.2.1
CAN-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...)
@@ -6048,179 +6048,179 @@
CAN-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...)
- monit 1:4.2.1-1
CAN-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1895 (YaST Online Update (YOU) in SuSE 9.0 allows local users to overwrite ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1893 (Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...)
- openldap2 2.1.17-1
CAN-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1876 (The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...)
- clamav 0.70-1
CAN-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...)
- nstx 1.1-beta4-1
CAN-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1863 (Cross-site scripting (XSS) vulnerability in editprofile.php in Extreme ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...)
- apache2 2.0.53-1
CAN-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1820 (PHP remote code injection vulnerability in displaycategory.php in ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...)
- phpbb2 2.0.10-1
NOTE: probably fixed in 2.0.6d-3
@@ -6228,219 +6228,219 @@
NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail
NOTE: see bug #308875
CAN-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1796 (PHP remote code injection vulnerability in HotNews 0.7.2 and earlier ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...)
- NOTE: not-for-us (Edimax Router)
+ NOT-FOR-US: Edimax Router
CAN-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...)
- NOTE: not-for-us (Edimax Router)
+ NOT-FOR-US: Edimax Router
CAN-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...)
- NOTE: not-for-us (ZyWALL)
+ NOT-FOR-US: ZyWALL
CAN-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...)
- NOTE: not-for-us (ASP-Nuke)
+ NOT-FOR-US: ASP-Nuke
CAN-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...)
- NOTE: not-for-us (PostCalendar)
+ NOT-FOR-US: PostCalendar
CAN-2004-1786 (PortalApp places user credentials under the web root with insufficient ...)
- NOTE: not-for-us (PortalApp)
+ NOT-FOR-US: PortalApp
CAN-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...)
- NOTE: not-for-us (web server of Webcam Watchdog)
+ NOT-FOR-US: web server of Webcam Watchdog
CAN-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...)
- NOTE: not-for-us (Net2Soft Flash FTP Server)
+ NOT-FOR-US: Net2Soft Flash FTP Server
CAN-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...)
- NOTE: not-for-us (Athena Web Registration)
+ NOT-FOR-US: Athena Web Registration
CAN-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...)
- NOTE: not-for-us (Info Touch Surfnet kiosk)
+ NOT-FOR-US: Info Touch Surfnet kiosk
CAN-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...)
- NOTE: not-for-us (Info Touch Surfnet kiosk)
+ NOT-FOR-US: Info Touch Surfnet kiosk
CAN-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...)
- NOTE: not-for-us (ThWboard)
+ NOT-FOR-US: ThWboard
CAN-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...)
- NOTE: not-for-us (omail webmail)
+ NOT-FOR-US: omail webmail
CAN-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...)
- openldap2 2.1.17-1
CAN-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...)
- NOTE: not-for-us (MDaemon)
+ NOT-FOR-US: MDaemon
CAN-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...)
- NOTE: not-for-us (MyProxy)
+ NOT-FOR-US: MyProxy
CAN-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...)
- cherokee 0.4.21b01-1
CAN-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...)
- NOTE: not-for-us (VieBoard)
+ NOT-FOR-US: VieBoard
CAN-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...)
- NOTE: not-for-us (VieBoard)
+ NOT-FOR-US: VieBoard
CAN-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...)
- NOTE: not-for-us (Booby)
+ NOT-FOR-US: Booby
CAN-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...)
- NOTE: not-for-us (Portal DB)
+ NOT-FOR-US: Portal DB
CAN-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...)
- NOTE: not-for-us (IA WebMail Server)
+ NOT-FOR-US: IA WebMail Server
CAN-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...)
- NOTE: not-for-us (PHPRecipeBook)
+ NOT-FOR-US: PHPRecipeBook
CAN-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...)
- NOTE: not-for-us (Nokia IPSO)
+ NOT-FOR-US: Nokia IPSO
CAN-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...)
- NOTE: not-for-us (Unichat)
+ NOT-FOR-US: Unichat
CAN-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...)
- NOTE: not-for-us (PHPKIT)
+ NOT-FOR-US: PHPKIT
CAN-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...)
- NOTE: not-for-us (TelCondex SimpleWebServer)
+ NOT-FOR-US: TelCondex SimpleWebServer
CAN-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...)
- NOTE: not-for-us (ThWboard)
+ NOT-FOR-US: ThWboard
CAN-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...)
- NOTE: not-for-us (ThWboard)
+ NOT-FOR-US: ThWboard
CAN-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...)
- NOTE: not-for-us (Oracle Collaboration Suite)
+ NOT-FOR-US: Oracle Collaboration Suite
CAN-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...)
- NOTE: not-for-us (MPM Guestbook)
+ NOT-FOR-US: MPM Guestbook
CAN-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (Advanced Poll)
+ NOT-FOR-US: Advanced Poll
CAN-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...)
- NOTE: not-for-us (Advanced Poll)
+ NOT-FOR-US: Advanced Poll
CAN-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced Poll ...)
- NOTE: not-for-us (Advanced Poll)
+ NOT-FOR-US: Advanced Poll
CAN-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to execute ...)
- NOTE: not-for-us (Advanced Poll)
+ NOT-FOR-US: Advanced Poll
CAN-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...)
- NOTE: not-for-us (MERCUR Mailserver)
+ NOT-FOR-US: MERCUR Mailserver
CAN-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...)
- NOTE: not-for-us (Web Wiz Forums)
+ NOT-FOR-US: Web Wiz Forums
CAN-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...)
- NOTE: not-for-us (Sympoll)
+ NOT-FOR-US: Sympoll
CAN-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...)
- NOTE: not-for-us (NullSoft Shoutcast Server)
+ NOT-FOR-US: NullSoft Shoutcast Server
CAN-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...)
- NOTE: not-for-us (Centrinity FirstClass)
+ NOT-FOR-US: Centrinity FirstClass
CAN-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...)
- NOTE: not-for-us (Apache Software Foundation Cocoon)
+ NOT-FOR-US: Apache Software Foundation Cocoon
CAN-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...)
- libapache-mod-security 1.8.4-1
CAN-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...)
- NOTE: not-for-us (kpopup)
+ NOT-FOR-US: kpopup
CAN-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...)
- NOTE: not-for-us (DATEV Nutzungskontrolle)
+ NOT-FOR-US: DATEV Nutzungskontrolle
CAN-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...)
- NOTE: not-for-us (kpopup)
+ NOT-FOR-US: kpopup
CAN-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...)
- NOTE: not-for-us (HTTP Commander)
+ NOT-FOR-US: HTTP Commander
CAN-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...)
- NOTE: not-for-us (BRS WebWeaver)
+ NOT-FOR-US: BRS WebWeaver
CAN-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...)
- mldonkey 2.5.11-1
CAN-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...)
- NOTE: not-for-us (Ganglia gmond)
+ NOT-FOR-US: Ganglia gmond
CAN-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...)
- NOTE: not-for-us (Tritanium Bulletin Board)
+ NOT-FOR-US: Tritanium Bulletin Board
CAN-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...)
NOTE: ancient and unreleased source code with backdoor
CAN-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...)
- NOTE: not-for-us (FlexWATCH)
+ NOT-FOR-US: FlexWATCH
CAN-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...)
- NOTE: not-for-us (Plug and Play Web Server)
+ NOT-FOR-US: Plug and Play Web Server
CAN-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...)
- NOTE: not-for-us (Plug and Play Web Server)
+ NOT-FOR-US: Plug and Play Web Server
CAN-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...)
- NOTE: not-for-us (Citrix)
+ NOT-FOR-US: Citrix
CAN-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...)
- NOTE: not-for-us (Sun JRE/SDK)
+ NOT-FOR-US: Sun JRE/SDK
CAN-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...)
- xcdroast 0.98+0alpha15-1
NOTE: woody seems to be vulnerable (see bug #310046)
CAN-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...)
- NOTE: not-for-us (MAILsweeper)
+ NOT-FOR-US: MAILsweeper
CAN-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...)
- NOTE: not-for-us (byteHoard)
+ NOT-FOR-US: byteHoard
CAN-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...)
- NOTE: not-for-us (WebTide)
+ NOT-FOR-US: WebTide
CAN-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...)
- NOTE: not-for-us (Fastream)
+ NOT-FOR-US: Fastream
CAN-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...)
- NOTE: not-for-us (Novell portmapper)
+ NOT-FOR-US: Novell portmapper
CAN-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...)
- NOTE: not-for-us (Symantec Norton Internet Security)
+ NOT-FOR-US: Symantec Norton Internet Security
CAN-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php and (2) ...)
- NOTE: not-for-us (Les Visiteurs)
+ NOT-FOR-US: Les Visiteurs
CAN-2003-1147
NOTE: rejected
CAN-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...)
- NOTE: not-for-us (Easy PHP Photo Album)
+ NOT-FOR-US: Easy PHP Photo Album
CAN-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...)
- NOTE: not-for-us (OpenAutoClassifieds)
+ NOT-FOR-US: OpenAutoClassifieds
CAN-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...)
- NOTE: not-for-us (Perception LiteServe)
+ NOT-FOR-US: Perception LiteServe
CAN-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...)
- NOTE: not-for-us (Croteam Serious Sam demo)
+ NOT-FOR-US: Croteam Serious Sam demo
CAN-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...)
- NOTE: not-for-us (NIPrint LPD-LPR)
+ NOT-FOR-US: NIPrint LPD-LPR
CAN-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...)
- NOTE: not-for-us (NIPrint LPD-LPR)
+ NOT-FOR-US: NIPrint LPD-LPR
CAN-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...)
- NOTE: not-for-us (Musicqueue)
+ NOT-FOR-US: Musicqueue
CAN-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...)
- NOTE: not-for-us (Musicqueue)
+ NOT-FOR-US: Musicqueue
CAN-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...)
- apache2 <not-affected> (Red Hat specific default config)
CAN-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...)
- NOTE: not-for-us (sh-httpd)
+ NOT-FOR-US: sh-httpd
CAN-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...)
- NOTE: not-for-us (Chi Kien Uong Guestbook)
+ NOT-FOR-US: Chi Kien Uong Guestbook
CAN-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...)
- NOTE: not-for-us (Yahoo! Messenger)
+ NOT-FOR-US: Yahoo! Messenger
CAN-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...)
- NOTE: not-for-us (Sun JVM)
+ NOT-FOR-US: Sun JVM
CAN-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...)
- NOTE: not-for-us (The Bat!)
+ NOT-FOR-US: The Bat!
CAN-2002-1660 (calendar.php in vBulletin 2.0.3 and earlier allows remote attackers to ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...)
- NOTE: not-for-us (PortalApp)
+ NOT-FOR-US: PortalApp
CAN-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...)
- NOTE: not-for-us (BEA Tuxedo)
+ NOT-FOR-US: BEA Tuxedo
CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...)
- mozilla-firefox 1.0.4-1
CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...)
- mozilla-firefox 1.0.4-1
TODO: check mozilla too
CAN-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...)
- NOTE: not-for-us (RSA SecurID Web Agent)
+ NOT-FOR-US: RSA SecurID Web Agent
CAN-2005-XXXX [race condition with a buffered temp file]
NOTE: no bug ever filed for this one
- pysvn 1.1.2-3
@@ -6507,9 +6507,9 @@
CAN-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...)
- openssh 1:3.8p1
CAN-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...)
- NOTE: not-for-us (Leafnode2 development branch)
+ NOT-FOR-US: Leafnode2 development branch
CAN-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...)
- NOTE: not-for-us (Leafnode2 development branch)
+ NOT-FOR-US: Leafnode2 development branch
CAN-2005-XXXX [Missing input validation in xtradius]
NOTE: not shipped in deb
- xtradius 1.2.1-beta2-2 (low)
@@ -6530,130 +6530,130 @@
CAN-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
- ipsec-tools 0.5.2-1
CAN-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel 2.6.1 ...)
- NOTE: not-for-us (SitePanel)
+ NOT-FOR-US: SitePanel
CAN-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...)
- NOTE: not-for-us (SitePanel)
+ NOT-FOR-US: SitePanel
CAN-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...)
- NOTE: not-for-us (SitePanel)
+ NOT-FOR-US: SitePanel
CAN-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...)
- NOTE: not-for-us (SitePanel)
+ NOT-FOR-US: SitePanel
CAN-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...)
- NOTE: not-for-us (ViArt Shop)
+ NOT-FOR-US: ViArt Shop
CAN-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket allows ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...)
NOTE: Was once part of Debian, but has been removed
CAN-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...)
- NOTE: not-for-us (HP OpenView)
+ NOT-FOR-US: HP OpenView
CAN-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...)
- NOTE: not-for-us (HP OpenView)
+ NOT-FOR-US: HP OpenView
CAN-2005-1432
NOTE: reserved
CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
NOTE: Sarge will get a different fix with only the security fix
- gnutls11 1.0.16-13.1
CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...)
- NOTE: not-for-us (WWWguestbook)
+ NOT-FOR-US: WWWguestbook
CAN-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...)
- NOTE: not-for-us (Uapplication Uphotogallery)
+ NOT-FOR-US: Uapplication Uphotogallery
CAN-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...)
- NOTE: not-for-us (Uapplication Uphotogallery)
+ NOT-FOR-US: Uapplication Uphotogallery
CAN-2005-1426 (Uapplication Ublog Reload stores the database under the web document ...)
- NOTE: not-for-us (Uapplication Ublog)
+ NOT-FOR-US: Uapplication Ublog
CAN-2005-1425 (Uapplication Uguestbook stores the database under the web document ...)
- NOTE: not-for-us (Uapplication Uguestbook)
+ NOT-FOR-US: Uapplication Uguestbook
CAN-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...)
- NOTE: not-for-us (GoText)
+ NOT-FOR-US: GoText
CAN-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...)
- NOTE: not-for-us (602 LAN SUITE)
+ NOT-FOR-US: 602 LAN SUITE
CAN-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
- NOTE: not-for-us (Raysoft Video Cam Server)
+ NOT-FOR-US: Raysoft Video Cam Server
CAN-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...)
- NOTE: not-for-us (Raysoft Video Cam Server)
+ NOT-FOR-US: Raysoft Video Cam Server
CAN-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
- NOTE: not-for-us (Raysoft Video Cam Server)
+ NOT-FOR-US: Raysoft Video Cam Server
CAN-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...)
- NOTE: not-for-us (Ocean12 Mailing list manager)
+ NOT-FOR-US: Ocean12 Mailing list manager
CAN-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...)
- NOTE: not-for-us (Netleaf)
+ NOT-FOR-US: Netleaf
CAN-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...)
- NOTE: not-for-us (04WebServer)
+ NOT-FOR-US: 04WebServer
CAN-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...)
- NOTE: not-for-us (GlobalSCAPE Secure FTP Server)
+ NOT-FOR-US: GlobalSCAPE Secure FTP Server
CAN-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...)
- NOTE: not-for-us (FilePocket)
+ NOT-FOR-US: FilePocket
CAN-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...)
- NOTE: not-for-us (enVivo)
+ NOT-FOR-US: enVivo
CAN-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...)
- NOTE: not-for-us (ECommPro)
+ NOT-FOR-US: ECommPro
CAN-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...)
- NOTE: not-for-us (ICUII)
+ NOT-FOR-US: ICUII
CAN-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...)
- postgresql 7.4.7-6
CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...)
- postgresql 7.4.7-6
CAN-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
- NOTE: not-for-us (Skype)
+ NOT-FOR-US: Skype
CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...)
- kfreebsd5-source 5.3-10
CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...)
- NOTE: not-for-us (MyPHP Forum)
+ NOT-FOR-US: MyPHP Forum
CAN-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...)
- NOTE: not-for-us (JW Amazon Web Store)
+ NOT-FOR-US: JW Amazon Web Store
CAN-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...)
- NOTE: not-for-us (NeL libarary)
+ NOT-FOR-US: NeL libarary
CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...)
- NOTE: not-for-us (Mtp-Target)
+ NOT-FOR-US: Mtp-Target
CAN-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...)
- kfreebsd5-source 5.3-10
CAN-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...)
- kfreebsd5-source 5.3-10
CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...)
- NOTE: not-for-us (Skype)
+ NOT-FOR-US: Skype
CAN-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...)
- NOTE: not-for-us (Skype)
+ NOT-FOR-US: Skype
CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...)
- NOTE: not-for-us (PHPCart)
+ NOT-FOR-US: PHPCart
CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...)
- NOTE: not-for-us (PHPCalender)
+ NOT-FOR-US: PHPCalender
CAN-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...)
- NOTE: not-for-us (ARPUS Ceterm)
+ NOT-FOR-US: ARPUS Ceterm
CAN-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...)
- NOTE: not-for-us (ARPUS Ceterm)
+ NOT-FOR-US: ARPUS Ceterm
CAN-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
- NOTE: not-for-us (ArcGIS)
+ NOT-FOR-US: ArcGIS
CAN-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
- NOTE: not-for-us (ArcGIS)
+ NOT-FOR-US: ArcGIS
CAN-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
NOTE: In Debian this is only part of the examples in share/doc, any admin will
NOTE: have to modify it for his purposes anyway, so there's no security problem
@@ -6664,43 +6664,43 @@
CAN-2005-1389
NOTE: rejected
CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...)
- NOTE: not-for-us (SURVIVOR)
+ NOT-FOR-US: SURVIVOR
CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...)
- NOTE: not-for-us (phpCoin)
+ NOT-FOR-US: phpCoin
CAN-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...)
- NOTE: not-for-us (Mandrake specific packaging flaw)
+ NOT-FOR-US: Mandrake specific packaging flaw
CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...)
- NOTE: not-for-us (phpbb mod)
+ NOT-FOR-US: phpbb mod
CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline (aka ...)
- NOTE: not-for-us (Claroline)
+ NOT-FOR-US: Claroline
CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...)
- NOTE: not-for-us (Claroline)
+ NOT-FOR-US: Claroline
CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos) 1.5.3 ...)
- NOTE: not-for-us (Claroline)
+ NOT-FOR-US: Claroline
CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline (aka ...)
- NOTE: not-for-us (Claroline)
+ NOT-FOR-US: Claroline
CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...)
- NOTE: not-for-us (Koobi CMS)
+ NOT-FOR-US: Koobi CMS
CAN-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...)
- NOTE: not-for-us (NetVault)
+ NOT-FOR-US: NetVault
CAN-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...)
- NOTE: not-for-us (NetVault)
+ NOT-FOR-US: NetVault
CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...)
- NOTE: not-for-us (HP OpenView)
+ NOT-FOR-US: HP OpenView
CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...)
NOTE: does not affect 2.4.27 per horms
- kernel-source-2.6.8 2.6.8-16
@@ -6709,103 +6709,103 @@
NOTE: does not affect 2.6.8, 2.4.27 per horms
- kernel-source-2.6.11 2.6.11-4
CAN-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...)
- NOTE: not-for-us (pServ)
+ NOT-FOR-US: pServ
CAN-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...)
- NOTE: not-for-us (pServ)
+ NOT-FOR-US: pServ
CAN-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...)
- NOTE: not-for-us (pServ)
+ NOT-FOR-US: pServ
CAN-2005-XXXX [Insecure mailbox generation in passwd's useradd]
NOTE: Incorrect open() call was introduced after 4.0.3 (the version in Sarge, fixed in 4.0.8)
CAN-2005-XXXX [Insecure tempfile generation in shadow's vipw]
NOTE: Fixed in 4.0.3-33 for sid, Sarge would need an update through t-p-u
- shadow 4.0.3-33
CAN-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...)
- NOTE: not-for-us (MetaBid Auctions)
+ NOT-FOR-US: MetaBid Auctions
CAN-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...)
- NOTE: not-for-us (MetaCart)
+ NOT-FOR-US: MetaCart
CAN-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...)
- NOTE: not-for-us (MetaCart)
+ NOT-FOR-US: MetaCart
CAN-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...)
- NOTE: not-for-us (MetaCart)
+ NOT-FOR-US: MetaCart
CAN-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS 1.1 ...)
- NOTE: not-for-us (GrayCMS)
+ NOT-FOR-US: GrayCMS
CAN-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...)
- NOTE: not-for-us (text.cgi)
+ NOT-FOR-US: text.cgi
CAN-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...)
- NOTE: not-for-us (text.cgi)
+ NOT-FOR-US: text.cgi
CAN-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...)
- NOTE: not-for-us (text.cgi)
+ NOT-FOR-US: text.cgi
CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...)
- NOTE: not-for-us (includer.cgi)
+ NOT-FOR-US: includer.cgi
CAN-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...)
- NOTE: not-for-us (includer.cgi)
+ NOT-FOR-US: includer.cgi
CAN-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (forum.pl)
+ NOT-FOR-US: forum.pl
CAN-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...)
- NOTE: not-for-us (forum.pl)
+ NOT-FOR-US: forum.pl
CAN-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...)
- NOTE: not-for-us (ad.cgi)
+ NOT-FOR-US: ad.cgi
CAN-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (ad.cgi)
+ NOT-FOR-US: ad.cgi
CAN-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...)
- NOTE: not-for-us (ad.cgi)
+ NOT-FOR-US: ad.cgi
CAN-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...)
{DSA-727-1}
- libconvert-uulib-perl 1.0.5.1
CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-1347 (** UNVERIFIABLE ** ...)
- NOTE: not-for-us (acrobat)
+ NOT-FOR-US: acrobat
CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...)
{DSA-721-1}
- squid 2.5.9-7
CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
- apache2 2.0.54-3
CAN-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...)
- NOTE: not-for-us (vpnd for Mac OS X)
+ NOT-FOR-US: vpnd for Mac OS X
CAN-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...)
- NOTE: not-for-us (Apple Terminal)
+ NOT-FOR-US: Apple Terminal
CAN-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...)
- NOTE: not-for-us (Apple Terminal)
+ NOT-FOR-US: Apple Terminal
CAN-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...)
NOTE: verified that our lukemftpd uses pw->pw_name when
NOTE: checking /etc/ftpchroot.
CAN-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1334
NOTE: rejected
CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...)
- NOTE: not-for-us (OneWorldStore)
+ NOT-FOR-US: OneWorldStore
CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (OneWorldStore)
+ NOT-FOR-US: OneWorldStore
CAN-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...)
- NOTE: not-for-us (Woltlab Burning Board)
+ NOT-FOR-US: Woltlab Burning Board
CAN-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...)
- NOTE: not-for-us (VooDoo cIRCle BOTNET)
+ NOT-FOR-US: VooDoo cIRCle BOTNET
CAN-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...)
- NOTE: not-for-us (phpMyVisites)
+ NOT-FOR-US: phpMyVisites
CAN-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
- NOTE: not-for-us (phpMyVisites)
+ NOT-FOR-US: phpMyVisites
CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
- NOTE: not-for-us (NetTerm)
+ NOT-FOR-US: NetTerm
CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...)
- nag 1.1-3.1
CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...)
@@ -6819,7 +6819,7 @@
CAN-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...)
- sork-forwards 2.2.2-1
CAN-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...)
- NOTE: not-for-us (Hord Chora module)
+ NOT-FOR-US: Hord Chora module
CAN-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...)
- sork-accounts 2.1.2-1
CAN-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...)
@@ -6830,67 +6830,67 @@
CAN-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...)
- sork-passwd 2.2.2-1
CAN-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2 ...)
- NOTE: not-for-us (Yappa-NG)
+ NOT-FOR-US: Yappa-NG
CAN-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...)
- NOTE: not-for-us (Yappa-NG)
+ NOT-FOR-US: Yappa-NG
CAN-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...)
- NOTE: not-for-us (bBlog)
+ NOT-FOR-US: bBlog
CAN-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...)
- NOTE: not-for-us (bBlog)
+ NOT-FOR-US: bBlog
CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
NOTE: upstream says attack won't work, see bug 307575
CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...)
- NOTE: not-for-us (Adobe Version Cue)
+ NOT-FOR-US: Adobe Version Cue
CAN-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
- NOTE: not-for-us (Adobe Reader 7)
+ NOT-FOR-US: Adobe Reader 7
CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...)
- NOTE: not-for-us (hyper.cgi)
+ NOT-FOR-US: hyper.cgi
CAN-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...)
- NOTE: not-for-us (citat.pl)
+ NOT-FOR-US: citat.pl
CAN-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...)
- NOTE: not-for-us (citat.pl)
+ NOT-FOR-US: citat.pl
CAN-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...)
- NOTE: not-for-us (Confixx)
+ NOT-FOR-US: Confixx
CAN-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...)
- NOTE: not-for-us (nProtect:Netizen)
+ NOT-FOR-US: nProtect:Netizen
CAN-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...)
- NOTE: not-for-us (inserter.cgi)
+ NOT-FOR-US: inserter.cgi
CAN-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (inserter.cgi)
+ NOT-FOR-US: inserter.cgi
CAN-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...)
- NOTE: not-for-us (inserter.cgi)
+ NOT-FOR-US: inserter.cgi
CAN-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...)
- NOTE: not-for-us (include.cgi)
+ NOT-FOR-US: include.cgi
CAN-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (include.cgi)
+ NOT-FOR-US: include.cgi
CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
- NOTE: not-for-us (include.cgi)
+ NOT-FOR-US: include.cgi
CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...)
- affix-kernel 2.1.1-1.1
CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...)
- NOTE: not-for-us (StorePortal)
+ NOT-FOR-US: StorePortal
CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...)
- NOTE: not-for-us (CartWIZ ASP Cart)
+ NOT-FOR-US: CartWIZ ASP Cart
CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...)
- NOTE: not-for-us (CartWIZ ASP Cart)
+ NOT-FOR-US: CartWIZ ASP Cart
CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...)
- phpbb2 2.0.13-6sarge1 (low)
CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...)
- NOTE: not-for-us (E-Cart)
+ NOT-FOR-US: E-Cart
CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...)
- NOTE: not-for-us (ACS Blog)
+ NOT-FOR-US: ACS Blog
CAN-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...)
- NOTE: not-for-us (BK Forum)
+ NOT-FOR-US: BK Forum
CAN-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from starting ...)
- NOTE: not-for-us (Bitdefender)
+ NOT-FOR-US: Bitdefender
CAN-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...)
- NOTE: not-for-us (Woltlab Burning Board)
+ NOT-FOR-US: Woltlab Burning Board
CAN-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...)
- NOTE: not-for-us (Argosoft Mail Server Pro)
+ NOT-FOR-US: Argosoft Mail Server Pro
CAN-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...)
- NOTE: not-for-us (Argosoft Mail Server Pro)
+ NOT-FOR-US: Argosoft Mail Server Pro
CAN-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...)
- NOTE: not-for-us (Argosoft Mail Server Pro)
+ NOT-FOR-US: Argosoft Mail Server Pro
CAN-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...)
- ethereal 0.10.10-2
CAN-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...)
@@ -6912,11 +6912,11 @@
CAN-2005-1273
NOTE: reserved
CAN-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...)
- NOTE: not-for-us (Backup Agent for Microsoft SQL)
+ NOT-FOR-US: Backup Agent for Microsoft SQL
CAN-2005-1271
NOTE: rejected
CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...)
- NOTE: not-for-us (Rootkit Hunter)
+ NOT-FOR-US: Rootkit Hunter
CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...)
- apache 1.3.31-1
CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
@@ -6961,27 +6961,27 @@
CAN-2005-1257
NOTE: reserved
CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-1253
NOTE: reserved
CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-1251
NOTE: reserved
CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...)
- NOTE: not-for-us (IpSwitch)
+ NOT-FOR-US: IpSwitch
CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...)
- NOTE: not-for-us (Apple iTunes)
+ NOT-FOR-US: Apple iTunes
CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...)
- NOTE: not-for-us (Novell Nsure Audit)
+ NOT-FOR-US: Novell Nsure Audit
CAN-2005-1246 (Format string vulnerability in the snmppd_log function in ...)
- NOTE: not-for-us (snmppd)
+ NOT-FOR-US: snmppd
CAN-2005-XXXX [Multiple security problems in Quake 2]
NOTE: this release added lots of warnings about the security problems
- quake2 1:0.3-1.1
@@ -6990,86 +6990,86 @@
CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...)
- mediawiki <itp> (bug #276057)
CAN-2005-1244 (Directory traversal vulnerability in the third party tool from NetIQ, ...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1243 (Directory traversal vulnerability in the third party tool from ...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1241 (Directory traversal vulnerability in the third party tool from ...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1240 (Directory traversal vulnerability in the third party tool from ...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1239 (Directory traversal vulnerability in the third party tool from ...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...)
- NOTE: not-for-us (AS/400 FTP server)
+ NOT-FOR-US: AS/400 FTP server
CAN-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...)
- NOTE: not-for-us (FlexPHPNews)
+ NOT-FOR-US: FlexPHPNews
CAN-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...)
- NOTE: not-for-us (DUPortal)
+ NOT-FOR-US: DUPortal
CAN-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...)
- NOTE: not-for-us (phpbb-Auction)
+ NOT-FOR-US: phpbb-Auction
CAN-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
- NOTE: not-for-us (phpbb-Auction)
+ NOT-FOR-US: phpbb-Auction
CAN-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...)
- NOTE: not-for-us (PHP Labs proFile)
+ NOT-FOR-US: PHP Labs proFile
CAN-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...)
- NOTE: not-for-us (Sun ONE Proxy Server)
+ NOT-FOR-US: Sun ONE Proxy Server
CAN-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...)
- NOTE: not-for-us (JAWS)
+ NOT-FOR-US: JAWS
CAN-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...)
- NOTE: not-for-us (Yawcan)
+ NOT-FOR-US: Yawcan
CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...)
- cpio <unfixed> (bug #306693; medium)
CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...)
{DSA-752-1}
- gzip 1.3.5-10
CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...)
- NOTE: not-for-us (PHPProjekt)
+ NOT-FOR-US: PHPProjekt
CAN-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...)
- NOTE: not-for-us (Coppermine Photo Gallery)
+ NOT-FOR-US: Coppermine Photo Gallery
CAN-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...)
- NOTE: not-for-us (Coppermine Photo Gallery)
+ NOT-FOR-US: Coppermine Photo Gallery
CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...)
- NOTE: not-for-us (DUPortal)
+ NOT-FOR-US: DUPortal
CAN-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...)
- NOTE: not-for-us (Ocean12 Calender manager)
+ NOT-FOR-US: Ocean12 Calender manager
CAN-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...)
- NOTE: not-for-us (Annuaire Netref)
+ NOT-FOR-US: Annuaire Netref
CAN-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...)
- NOTE: not-for-us (ECommPro)
+ NOT-FOR-US: ECommPro
CAN-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...)
- NOTE: not-for-us (Shoutbox)
+ NOT-FOR-US: Shoutbox
CAN-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...)
- NOTE: not-for-us (Microsoft Color Management Module)
+ NOT-FOR-US: Microsoft Color Management Module
CAN-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...)
- NOTE: not-for-us (Microsoft Color Management Module)
+ NOT-FOR-US: Microsoft Color Management Module
CAN-2005-1217
NOTE: reserved
CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1210
NOTE: reserved
CAN-2005-1209
NOTE: reserved
CAN-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...)
NOTE: This is not a real world problem; it's only applicable in rare circurstances
NOTE: like someone analysing stolen user database information and even then the gain
@@ -7077,23 +7077,23 @@
CAN-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
- libpam-ssh 1.91.0-9
CAN-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...)
- NOTE: not-for-us (Desktop Rover)
+ NOT-FOR-US: Desktop Rover
CAN-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...)
- egroupware 1.0.0.007-2.dfsg-1
CAN-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...)
- egroupware 1.0.0.007-2.dfsg-1
CAN-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...)
- NOTE: not-for-us (AZbb)
+ NOT-FOR-US: AZbb
CAN-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ ...)
- NOTE: not-for-us (AZbb)
+ NOT-FOR-US: AZbb
CAN-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...)
- NOTE: not-for-us (UBB.threads)
+ NOT-FOR-US: UBB.threads
CAN-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...)
- NOTE: not-for-us (Anaconda Foundation Directory)
+ NOT-FOR-US: Anaconda Foundation Directory
CAN-2005-1197 (SQL injection vulnerability in the ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...)
- NOTE: not-for-us (PHPBB Knowledgebase Mod)
+ NOT-FOR-US: PHPBB Knowledgebase Mod
CAN-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...)
NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in Debian
- xine-lib 1.0.1-1
@@ -7102,19 +7102,19 @@
CAN-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...)
- phpbb2 2.0.13-6sarge1 (medium)
CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2001-1476 (SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" ...)
- NOTE: not-for-us (Commercial SSH)
+ NOT-FOR-US: Commercial SSH
CAN-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...)
- NOTE: not-for-us (Commercial SSH)
+ NOT-FOR-US: Commercial SSH
CAN-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...)
- NOTE: not-for-us (Commercial SSH)
+ NOT-FOR-US: Commercial SSH
CAN-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...)
NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CAN-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...)
@@ -7126,55 +7126,55 @@
CAN-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...)
NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CAN-2001-1468 (PHP remote code injection vulnerability in checklogin.php in ...)
- NOTE: not-for-us (phpSecurePages)
+ NOT-FOR-US: phpSecurePages
CAN-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...)
NOTE: in expect 5.42.1, mkpasswd does not seed by pid; doesn't seem
NOTE: to seed at all; my tests indicate it generates no dups in
NOTE: some 100000 passwords.
CAN-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...)
- NOTE: not-for-us (VanDyke SecureCRT)
+ NOT-FOR-US: VanDyke SecureCRT
CAN-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...)
- NOTE: not-for-us (SurfControl SuperScout)
+ NOT-FOR-US: SurfControl SuperScout
CAN-2001-1464 (Crystal Reports, when displaying data for a password protected ...)
- NOTE: not-for-us (Crystal Reports)
+ NOT-FOR-US: Crystal Reports
CAN-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...)
- NOTE: not-for-us (RhinoSoft Serv-U)
+ NOT-FOR-US: RhinoSoft Serv-U
CAN-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...)
- NOTE: not-for-us (RSA Security SecurID)
+ NOT-FOR-US: RSA Security SecurID
CAN-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...)
- NOTE: not-for-us (RSA Security SecurID)
+ NOT-FOR-US: RSA Security SecurID
CAN-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...)
- openssh 3.0.1p1-1
CAN-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...)
- NOTE: not-for-us (Novell Groupwise)
+ NOT-FOR-US: Novell Groupwise
CAN-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...)
- NOTE: not-for-us (CrazyWWWBoard)
+ NOT-FOR-US: CrazyWWWBoard
CAN-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...)
- NOTE: not-for-us (Gauntlet Firewall)
+ NOT-FOR-US: Gauntlet Firewall
CAN-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...)
- NOTE: not-for-us (Netegrity SiteMinder)
+ NOT-FOR-US: Netegrity SiteMinder
CAN-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...)
- mysql-dfsg 3.23.33-1
CAN-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...)
- mysql-dfsg 3.23.33-1
CAN-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...)
- NOTE: not-for-us (Mandrake specific packaging flaw)
+ NOT-FOR-US: Mandrake specific packaging flaw
CAN-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...)
- NOTE: not-for-us (Magic eDeveloper)
+ NOT-FOR-US: Magic eDeveloper
CAN-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...)
- NOTE: not-for-us (MacOS X)
+ NOT-FOR-US: MacOS X
CAN-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...)
NOTE: Generic protocol flaw
CAN-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...)
@@ -7183,25 +7183,25 @@
- inn2 2.3.3+20020922-1
- innfeed 0.10.1.7-7
CAN-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...)
- NOTE: not-for-us (VisualAge for Java)
+ NOT-FOR-US: VisualAge for Java
CAN-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...)
- NOTE: not-for-us (Handspring Visor)
+ NOT-FOR-US: Handspring Visor
CAN-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...)
- NOTE: not-for-us (easyScripts easyNews)
+ NOT-FOR-US: easyScripts easyNews
CAN-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...)
- NOTE: not-for-us (Dallas Semiconductor iButton DS1991)
+ NOT-FOR-US: Dallas Semiconductor iButton DS1991
CAN-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...)
- NOTE: not-for-us (Tru64 UNIX)
+ NOT-FOR-US: Tru64 UNIX
CAN-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...)
- NOTE: not-for-us (Quikstore Shopping Cart)
+ NOT-FOR-US: Quikstore Shopping Cart
CAN-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
- lpr 0.48-1
CAN-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
@@ -7209,69 +7209,69 @@
CAN-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...)
- gcc-3.3 3.3.4-1
CAN-2000-1218 (The default configuration for the domain name resolver for Microsoft ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-1999-1582 (By design, the "established" command on the Cisco PIX firewall allows ...)
- NOTE: not-for-us (Cisco PIX)
+ NOT-FOR-US: Cisco PIX
CAN-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...)
- NOTE: not-for-us (Sun's sendmail)
+ NOT-FOR-US: Sun's sendmail
CAN-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...)
- NOTE: not-for-us (Acrobat Reader)
+ NOT-FOR-US: Acrobat Reader
CAN-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...)
- NOTE: not-for-us (Kodak/Wang tools for IE)
+ NOT-FOR-US: Kodak/Wang tools for IE
CAN-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-1999-1573 (Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (WebcamXP)
+ NOT-FOR-US: WebcamXP
CAN-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...)
- NOTE: not-for-us (WebcamXP)
+ NOT-FOR-US: WebcamXP
CAN-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...)
- NOTE: not-for-us (ComersusCart)
+ NOT-FOR-US: ComersusCart
CAN-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...)
- NOTE: not-for-us (WinHex)
+ NOT-FOR-US: WinHex
CAN-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...)
- NOTE: not-for-us (Musicmatch)
+ NOT-FOR-US: Musicmatch
CAN-2005-1185 (MMFWLaunch.exe in Musicmatch Jukebox 10.00.2047 and earlier does not ...)
- NOTE: not-for-us (Musicmatch)
+ NOT-FOR-US: Musicmatch
CAN-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...)
NOTE: This looks rather obscure -jmm
TODO: check
CAN-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...)
- NOTE: not-for-us (mvnForum)
+ NOT-FOR-US: mvnForum
CAN-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...)
- NOTE: not-for-us (iSeries OS)
+ NOT-FOR-US: iSeries OS
CAN-2005-1181 (** DISPUTED ** ...)
- NOTE: not-for-us (Ariadne CMS)
+ NOT-FOR-US: Ariadne CMS
CAN-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...)
- NOTE: not-for-us (Xerox)
+ NOT-FOR-US: Xerox
CAN-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...)
NOTE: According to maintainer posting in debian-release this does only affect 1.190
NOTE: and not the version in Sarge
CAN-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)
{DSA-757-1}
TODO: check krb4
@@ -7281,33 +7281,33 @@
TODO: check krb4
- krb5 1.3.6-4 (medium)
CAN-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...)
- NOTE: not-for-us (PMSoftware Simple Web Server)
+ NOT-FOR-US: PMSoftware Simple Web Server
CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)
- NOTE: not-for-us (Coppermine Photo Gallery)
+ NOT-FOR-US: Coppermine Photo Gallery
CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...)
- NOTE: not-for-us (moddb phpbb2 add-on)
+ NOT-FOR-US: moddb phpbb2 add-on
CAN-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...)
- NOTE: not-for-us (moddb phpbb2 add-on)
+ NOT-FOR-US: moddb phpbb2 add-on
CAN-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...)
- NOTE: not-for-us (Mafia Blog)
+ NOT-FOR-US: Mafia Blog
CAN-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...)
- NOTE: not-for-us (Musicmatch)
+ NOT-FOR-US: Musicmatch
CAN-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...)
- NOTE: not-for-us (Musicmatch)
+ NOT-FOR-US: Musicmatch
CAN-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...)
- NOTE: not-for-us (Dameware)
+ NOT-FOR-US: Dameware
CAN-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Yager game)
+ NOT-FOR-US: Yager game
CAN-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Yager game)
+ NOT-FOR-US: Yager game
CAN-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...)
- NOTE: not-for-us (Yager game)
+ NOT-FOR-US: Yager game
CAN-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...)
- NOTE: not-for-us (OneWorldStore)
+ NOT-FOR-US: OneWorldStore
CAN-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...)
- NOTE: not-for-us (OneWorldStore)
+ NOT-FOR-US: OneWorldStore
CAN-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla ...)
{DSA-781-1}
- mozilla-firefox 1.0.3-1
@@ -7342,64 +7342,64 @@
{DSA-728-1}
- qpopper 4.0.5-4sarge1
CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...)
- NOTE: not-for-us (ACNews)
+ NOT-FOR-US: ACNews
CAN-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...)
- NOTE: not-for-us (CalenderScript)
+ NOT-FOR-US: CalenderScript
CAN-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...)
- NOTE: not-for-us (CalenderScript)
+ NOT-FOR-US: CalenderScript
CAN-2005-1146 (** DISPUTED ** ...)
- NOTE: not-for-us (CalenderScript)
+ NOT-FOR-US: CalenderScript
CAN-2005-1145 (** DISPUTED ** ...)
- NOTE: not-for-us (CalenderScript)
+ NOT-FOR-US: CalenderScript
CAN-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to ...)
- NOTE: not-for-us (EasyPHPCalender)
+ NOT-FOR-US: EasyPHPCalender
CAN-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...)
- NOTE: not-for-us (EasyPHPCalender)
+ NOT-FOR-US: EasyPHPCalender
CAN-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...)
- gocr 0.39-5
CAN-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...)
- gocr 0.39-5
CAN-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...)
- NOTE: not-for-us (MyBloggie)
+ NOT-FOR-US: MyBloggie
CAN-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...)
- NOTE: not-for-us (sphpBlog)
+ NOT-FOR-US: sphpBlog
CAN-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...)
- NOTE: not-for-us (sphpBlog)
+ NOT-FOR-US: sphpBlog
CAN-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...)
- NOTE: not-for-us (sphpBlog)
+ NOT-FOR-US: sphpBlog
CAN-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
- NOTE: not-for-us (AS/400 system software)
+ NOT-FOR-US: AS/400 system software
CAN-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (LG mobile phone)
+ NOT-FOR-US: LG mobile phone
CAN-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...)
- NOTE: not-for-us (Veritas Focalpoint Server)
+ NOT-FOR-US: Veritas Focalpoint Server
CAN-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
- NOTE: not-for-us (PinnacleCart)
+ NOT-FOR-US: PinnacleCart
CAN-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...)
- egroupware 1.0.0.007-2.dfsg-1
CAN-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...)
- NOTE: not-for-us (VHCS)
+ NOT-FOR-US: VHCS
CAN-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...)
- NOTE: not-for-us (Free BSD)
+ NOT-FOR-US: Free BSD
CAN-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...)
- NOTE: not-for-us (Free BSD)
+ NOT-FOR-US: Free BSD
CAN-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)
NOTE: Has been removed from Sarge
- libsafe <unfixed> (bug #305070; medium)
CAN-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...)
- NOTE: not-for-us (monkeyd)
+ NOT-FOR-US: monkeyd
CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...)
- NOTE: not-for-us (monkeyd)
+ NOT-FOR-US: monkeyd
CAN-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
{DSA-726-1}
NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
@@ -7409,119 +7409,119 @@
CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...)
- sudo <unfixed> (bug #283161; low)
CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...)
- NOTE: not-for-us (RSA authentication agent)
+ NOT-FOR-US: RSA authentication agent
CAN-2005-1117 (PHP remote code injection vulnerability in index.php in ...)
- NOTE: not-for-us (All4WWW Homepage creator)
+ NOT-FOR-US: All4WWW Homepage creator
CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...)
- NOTE: not-for-us (phpbb2 calendar addon)
+ NOT-FOR-US: phpbb2 calendar addon
CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...)
- NOTE: not-for-us (Photo Album)
+ NOT-FOR-US: Photo Album
CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...)
- NOTE: not-for-us (Photo Album)
+ NOT-FOR-US: Photo Album
CAN-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...)
- NOTE: not-for-us (PhpBB Plus)
+ NOT-FOR-US: PhpBB Plus
CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...)
- NOTE: not-for-us (IBM Websphere)
+ NOT-FOR-US: IBM Websphere
CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...)
- cpio <unfixed> (bug #305372; low)
CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...)
- NOTE: not-for-us (Sumus web server)
+ NOT-FOR-US: Sumus web server
CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
{DSA-713-1}
NOTE: only part of Woody, has been removed from Sarge and sid
- NOTE: not-for-us (Junkbuster)
+ NOT-FOR-US: Junkbuster
NOTE: checked privoxy, is not vulnerable
CAN-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
{DSA-713-1}
NOTE: only part of Woody, has been removed from Sarge and sid
- NOTE: not-for-us (Junkbuster)
+ NOT-FOR-US: Junkbuster
NOTE: checked privoxy, is not vulnerable
CAN-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2005-XXXX [Remote DoS vulnerabilities in postgrey]
- postgrey 1.21-1
CAN-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...)
NOTE: api vulnerablity
- libgnumail-java <unfixed> (bug #304712; low)
CAN-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...)
- NOTE: not-for-us (Centra)
+ NOT-FOR-US: Centra
CAN-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)
- NOTE: not-for-us (Sygate Secure Enterprise)
+ NOT-FOR-US: Sygate Secure Enterprise
CAN-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOTE: Upstream developers don't consider this an issue, see bug #304468
CAN-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...)
- NOTE: not-for-us (Lotus Domino Server)
+ NOT-FOR-US: Lotus Domino Server
CAN-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...)
- postfix-gld 1.5-1
CAN-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...)
- postfix-gld 1.5-1
CAN-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...)
- NOTE: not-for-us (GetDataBack for NTFS (Windows))
+ NOT-FOR-US: GetDataBack for NTFS (Windows)
CAN-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
- NOTE: not-for-us (Rebrand P2P Share Spy)
+ NOT-FOR-US: Rebrand P2P Share Spy
CAN-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...)
- NOTE: not-for-us (Ocean12 Membership Manager Pro)
+ NOT-FOR-US: Ocean12 Membership Manager Pro
CAN-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...)
- NOTE: not-for-us (Ocean12 Membership Manager Pro)
+ NOT-FOR-US: Ocean12 Membership Manager Pro
CAN-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...)
- NOTE: not-for-us (FTP Now)
+ NOT-FOR-US: FTP Now
CAN-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...)
- NOTE: not-for-us (Miranda IM)
+ NOT-FOR-US: Miranda IM
CAN-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...)
- NOTE: not-for-us (DeluxeFTP)
+ NOT-FOR-US: DeluxeFTP
CAN-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...)
- NOTE: not-for-us (Maxthon)
+ NOT-FOR-US: Maxthon
CAN-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...)
- NOTE: not-for-us (Maxthon)
+ NOT-FOR-US: Maxthon
CAN-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...)
- NOTE: not-for-us (DC++)
+ NOT-FOR-US: DC++
CAN-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...)
- NOTE: not-for-us (DameWare NT Utilities and Mini Remote Control)
+ NOT-FOR-US: DameWare NT Utilities and Mini Remote Control
CAN-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...)
- NOTE: not-for-us (AN HTTPD)
+ NOT-FOR-US: AN HTTPD
CAN-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...)
- NOTE: not-for-us (AN HTTPD)
+ NOT-FOR-US: AN HTTPD
CAN-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...)
- NOTE: not-for-us (aeDating)
+ NOT-FOR-US: aeDating
CAN-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...)
- NOTE: not-for-us (aeDating)
+ NOT-FOR-US: aeDating
CAN-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...)
- NOTE: not-for-us (aeDating)
+ NOT-FOR-US: aeDating
CAN-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...)
- NOTE: not-for-us (AtDGDatingPlatinum)
+ NOT-FOR-US: AtDGDatingPlatinum
CAN-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...)
- NOTE: not-for-us (AtDGDatingPlatinum)
+ NOT-FOR-US: AtDGDatingPlatinum
CAN-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...)
- NOTE: not-for-us (JAR in J2SE SDK)
+ NOT-FOR-US: JAR in J2SE SDK
TODO: check jar extractors in Debian just to be safe
CAN-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...)
- NOTE: not-for-us (zOOm Media Gallery)
+ NOT-FOR-US: zOOm Media Gallery
CAN-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...)
- NOTE: not-for-us (XAMPP Apache distribution specific issue)
+ NOT-FOR-US: XAMPP Apache distribution specific issue
CAN-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...)
- NOTE: not-for-us (XAMPP Apache distribution specific issue)
+ NOT-FOR-US: XAMPP Apache distribution specific issue
CAN-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...)
- NOTE: not-for-us (WebCT)
+ NOT-FOR-US: WebCT
CAN-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...)
- NOTE: not-for-us (RadScripts RadBids Gold)
+ NOT-FOR-US: RadScripts RadBids Gold
CAN-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...)
- NOTE: not-for-us (RadScripts RadBids Gold)
+ NOT-FOR-US: RadScripts RadBids Gold
CAN-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...)
- NOTE: not-for-us (RadScripts RadBids Gold)
+ NOT-FOR-US: RadScripts RadBids Gold
CAN-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...)
- NOTE: not-for-us (JPortal)
+ NOT-FOR-US: JPortal
CAN-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...)
- NOTE: not-for-us (sCssBoard)
+ NOT-FOR-US: sCssBoard
CAN-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...)
- NOTE: not-for-us (sCssBoard)
+ NOT-FOR-US: sCssBoard
CAN-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...)
- NOTE: not-for-us (Access_user class)
+ NOT-FOR-US: Access_user class
CAN-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...)
NOTE: the affected binary is not included in pine binary packages
NOTE: and the maintainer refuses to maintain code that is not
@@ -7532,44 +7532,44 @@
CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
- rsnapshot 1.2.1-1
CAN-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...)
- logwatch 5.0-1
CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...)
- NOTE: not-for-us (Linksys WET11)
+ NOT-FOR-US: Linksys WET11
CAN-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...)
- NOTE: not-for-us (HP OpenView Network Node Manager)
+ NOT-FOR-US: HP OpenView Network Node Manager
CAN-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...)
- NOTE: not-for-us (TowerBlog)
+ NOT-FOR-US: TowerBlog
CAN-2005-1054 (PHP remote code injection vulnerability in news.php in ModernBill ...)
- NOTE: not-for-us (ModernBill)
+ NOT-FOR-US: ModernBill
CAN-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...)
- NOTE: not-for-us (ModernBill)
+ NOT-FOR-US: ModernBill
CAN-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...)
{DSA-714-1}
- kdelibs 3.3.2-6
CAN-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...)
- NOTE: not-for-us (OpenText)
+ NOT-FOR-US: OpenText
CAN-2005-1044
NOTE: rejected
CAN-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...)
@@ -7587,45 +7587,45 @@
CAN-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
NOTE: long fixed in Debian's cron
CAN-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...)
- pavuk 0.9.32-1
CAN-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (SurgeFTP)
+ NOT-FOR-US: SurgeFTP
CAN-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (CubeCart)
+ NOT-FOR-US: CubeCart
CAN-2005-1032 (SQL injection vulnerability in cart.php in LiteCommerce allows remote ...)
- NOTE: not-for-us (LiteCommerce)
+ NOT-FOR-US: LiteCommerce
CAN-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
- NOTE: not-for-us (exoops)
+ NOT-FOR-US: exoops
CAN-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...)
- NOTE: not-for-us (Active Auction House)
+ NOT-FOR-US: Active Auction House
CAN-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...)
- NOTE: not-for-us (Active Auction House)
+ NOT-FOR-US: Active Auction House
CAN-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...)
- NOTE: not-for-us (SnailSource phpBB mod)
+ NOT-FOR-US: SnailSource phpBB mod
CAN-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...)
- NOTE: not-for-us (IBM)
+ NOT-FOR-US: IBM
CAN-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...)
- NOTE: not-for-us (Aeon)
+ NOT-FOR-US: Aeon
CAN-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...)
- NOTE: not-for-us (CA ArcServe Backup)
+ NOT-FOR-US: CA ArcServe Backup
CAN-2005-XXXX [Some security issues in mod_security]
NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
NOTE: the changelog entries matches the security criteria, but the changelog
@@ -7643,59 +7643,59 @@
CAN-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
- obexftp 0.10.7-3
CAN-2005-1017 (SQL injection vulnerability in the Update_Events function in ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...)
- NOTE: not-for-us (SiteEnable)
+ NOT-FOR-US: SiteEnable
CAN-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...)
- NOTE: not-for-us (SiteEnable)
+ NOT-FOR-US: SiteEnable
CAN-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...)
- NOTE: not-for-us (ComersusCart)
+ NOT-FOR-US: ComersusCart
CAN-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...)
- NOTE: not-for-us (NetVault)
+ NOT-FOR-US: NetVault
CAN-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...)
- NOTE: not-for-us (XM Forum)
+ NOT-FOR-US: XM Forum
CAN-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...)
- NOTE: not-for-us (CommuniGate Pro)
+ NOT-FOR-US: CommuniGate Pro
CAN-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...)
- NOTE: not-for-us (SonicWALL)
+ NOT-FOR-US: SonicWALL
CAN-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...)
- NOTE: not-for-us (PayProCart)
+ NOT-FOR-US: PayProCart
CAN-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...)
- NOTE: not-for-us (PayProCart)
+ NOT-FOR-US: PayProCart
CAN-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...)
- NOTE: not-for-us (PayProCart)
+ NOT-FOR-US: PayProCart
CAN-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...)
- NOTE: not-for-us (LOG-FT File Transfer)
+ NOT-FOR-US: LOG-FT File Transfer
CAN-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...)
- NOTE: not-for-us (ProductCart)
+ NOT-FOR-US: ProductCart
CAN-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...)
- NOTE: not-for-us (ProductCart)
+ NOT-FOR-US: ProductCart
CAN-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
- phpmyadmin 3:2.6.2-rc1-1
CAN-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...)
- sharutils 4.2.1-13
CAN-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...)
@@ -7708,45 +7708,45 @@
- gzip 1.3.5-10
NOTE: Essentially the same as CAN-2005-0953
CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
- NOTE: not-for-us (IRC Services NickServ)
+ NOT-FOR-US: IRC Services NickServ
CAN-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-0985
NOTE: reserved
CAN-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...)
- NOTE: not-for-us (Star Wars game)
+ NOT-FOR-US: Star Wars game
CAN-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...)
- NOTE: not-for-us (Quake 3 based games)
+ NOT-FOR-US: Quake 3 based games
CAN-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...)
- NOTE: not-for-us (Yet Another Forum.net)
+ NOT-FOR-US: Yet Another Forum.net
CAN-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
- NOTE: not-for-us (Alstrasoft EPay)
+ NOT-FOR-US: Alstrasoft EPay
CAN-2005-0980 (PHP remote code injection vulnerability in index.php in AlstraSoft ...)
- NOTE: not-for-us (Alstrasoft EPay)
+ NOT-FOR-US: Alstrasoft EPay
CAN-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...)
- NOTE: not-for-us (Rumba)
+ NOT-FOR-US: Rumba
CAN-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...)
- NOTE: not-for-us (IVT BlueSoleil)
+ NOT-FOR-US: IVT BlueSoleil
CAN-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...)
- kernel-source-2.6.8 2.6.8-16
CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...)
- NOTE: not-for-us (CA eTrust IDS)
+ NOT-FOR-US: CA eTrust IDS
CAN-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...)
- gaim 1.2.1-1
CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
@@ -7756,28 +7756,28 @@
CAN-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...)
- gaim 1:1.2.1-1
CAN-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...)
- NOTE: not-for-us (Kerio firewall)
+ NOT-FOR-US: Kerio firewall
CAN-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...)
- NOTE: not-for-us (ACPI BIOS hardware issue)
+ NOT-FOR-US: ACPI BIOS hardware issue
CAN-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...)
- NOTE: not-for-us (SquirrelCart)
+ NOT-FOR-US: SquirrelCart
CAN-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...)
- horde3 3.0.4-1
- horde2 2.2.8-1
CAN-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...)
- NOTE: not-for-us (YepYep mtftpd)
+ NOT-FOR-US: YepYep mtftpd
CAN-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...)
- NOTE: not-for-us (YepYep mtftpd)
+ NOT-FOR-US: YepYep mtftpd
CAN-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...)
- NOTE: not-for-us (BayTech RPC)
+ NOT-FOR-US: BayTech RPC
CAN-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...)
- NOTE: not-for-us (InterAKT MX Kart)
+ NOT-FOR-US: InterAKT MX Kart
CAN-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...)
- NOTE: not-for-us (InterAKT MX Shop)
+ NOT-FOR-US: InterAKT MX Shop
CAN-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
{DSA-730-1}
- bzip2 1.0.2-6
@@ -7787,33 +7787,33 @@
NOTE: file of the "attacked" user. Additionally the attacker needs write permissions
NOTE: to the directory where the file is being uncompressed, ruling out /~ etc.
CAN-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...)
- NOTE: not-for-us (PafileDB)
+ NOT-FOR-US: PafileDB
CAN-2005-0951
NOTE: rejected
CAN-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...)
- NOTE: not-for-us (FastStone 4in1 Browser)
+ NOT-FOR-US: FastStone 4in1 Browser
CAN-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...)
- NOTE: not-for-us (PortalApp)
+ NOT-FOR-US: PortalApp
CAN-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...)
- NOTE: not-for-us (PortalApp)
+ NOT-FOR-US: PortalApp
CAN-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...)
- NOTE: not-for-us (phpCoin)
+ NOT-FOR-US: phpCoin
CAN-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...)
- NOTE: not-for-us (phpCoin)
+ NOT-FOR-US: phpCoin
CAN-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...)
- NOTE: not-for-us (ACS Blog)
+ NOT-FOR-US: ACS Blog
CAN-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll), ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...)
- NOTE: not-for-us (Cisco Hardware issue)
+ NOT-FOR-US: Cisco Hardware issue
CAN-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...)
- NOTE: not-for-us (Sybase ASE)
+ NOT-FOR-US: Sybase ASE
CAN-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
- openoffice.org 1.1.3-9
CAN-2005-0939
NOTE: reserved
CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...)
- NOTE: not-for-us (UBlog)
+ NOT-FOR-US: UBlog
CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...)
- kernel-source-2.6.8 2.6.8-16
CAN-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
@@ -7823,91 +7823,91 @@
CAN-2005-XXXX [KDE Kopete ICQ remote DoS]
- kdenetwork 4:3.3.2-2
CAN-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...)
- NOTE: not-for-us (ESMI PayPal Storefront)
+ NOT-FOR-US: ESMI PayPal Storefront
CAN-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...)
- NOTE: not-for-us (ESMI PayPal Storefront)
+ NOT-FOR-US: ESMI PayPal Storefront
CAN-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...)
- NOTE: not-for-us (WackoWiki)
+ NOT-FOR-US: WackoWiki
CAN-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...)
- NOTE: not-for-us (phpCOIN)
+ NOT-FOR-US: phpCOIN
CAN-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...)
- NOTE: not-for-us (phpCOIN)
+ NOT-FOR-US: phpCOIN
CAN-2005-0931 (PHP remote code injection vulnerability in The Includer 1.0 and 1.1 ...)
- NOTE: not-for-us (The Includer)
+ NOT-FOR-US: The Includer
CAN-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...)
- NOTE: not-for-us (Chatness)
+ NOT-FOR-US: Chatness
CAN-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...)
- NOTE: not-for-us (PhotoPost PHP Pro)
+ NOT-FOR-US: PhotoPost PHP Pro
CAN-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
- NOTE: not-for-us (PhotoPost PHP Pro)
+ NOT-FOR-US: PhotoPost PHP Pro
CAN-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...)
- NOTE: not-for-us (WebAPP)
+ NOT-FOR-US: WebAPP
CAN-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...)
- sylpheed 1.0.4-1
- sylpheed-claws 1.0.4-1
CAN-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...)
- NOTE: not-for-us (Uapplication Ublog)
+ NOT-FOR-US: Uapplication Ublog
CAN-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...)
- NOTE: not-for-us (Adventia E-Data)
+ NOT-FOR-US: Adventia E-Data
CAN-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...)
- NOTE: not-for-us (Norton AntiVirus)
+ NOT-FOR-US: Norton AntiVirus
CAN-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...)
- NOTE: not-for-us (Norton AntiVirus)
+ NOT-FOR-US: Norton AntiVirus
CAN-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...)
- NOTE: not-for-us (Lotus)
+ NOT-FOR-US: Lotus
CAN-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...)
- NOTE: not-for-us (Bugtracker.NET)
+ NOT-FOR-US: Bugtracker.NET
CAN-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...)
- NOTE: not-for-us (Adventia E-Data)
+ NOT-FOR-US: Adventia E-Data
CAN-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...)
- NOTE: not-for-us (Adobe SVG Viewer)
+ NOT-FOR-US: Adobe SVG Viewer
CAN-2005-0917 (PHP remote code injection vulnerability in index_header.php for ...)
- NOTE: not-for-us (EncapsBB not in Debian)
+ NOT-FOR-US: EncapsBB
CAN-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
- kernel-source-2.6.8 2.6.8-16
NOTE: 2.4 doesn't seem to be vulnerable
CAN-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...)
- NOTE: not-for-us (Webmasters-Debutants WD Guestbook)
+ NOT-FOR-US: Webmasters-Debutants WD Guestbook
CAN-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...)
- NOTE: not-for-us (CPG Dragonfly)
+ NOT-FOR-US: CPG Dragonfly
CAN-2005-0913 (Unknown vulnerability in the regex_replace modifier ...)
- smarty 2.6.8-1
CAN-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...)
- NOTE: not-for-us (deplate)
+ NOT-FOR-US: deplate
CAN-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...)
- NOTE: not-for-us (exoops)
+ NOT-FOR-US: exoops
CAN-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...)
- NOTE: not-for-us (exoops)
+ NOT-FOR-US: exoops
CAN-2005-0909 (PHP remote code injection vulnerability in shoutact.php for TKai's ...)
- NOTE: not-for-us (THai's Shoutbox)
+ NOT-FOR-US: THai's Shoutbox
CAN-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...)
- NOTE: not-for-us (Valdersoft Shopping Cart)
+ NOT-FOR-US: Valdersoft Shopping Cart
CAN-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...)
- NOTE: not-for-us (Valdersoft Shopping Cart)
+ NOT-FOR-US: Valdersoft Shopping Cart
CAN-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...)
- NOTE: not-for-us (Tincat network library)
+ NOT-FOR-US: Tincat network library
CAN-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...)
- NOTE: not-for-us (Maxthon)
+ NOT-FOR-US: Maxthon
CAN-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the "Force shutdown ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...)
- NOTE: not-for-us (QuickTime PictureViewer)
+ NOT-FOR-US: QuickTime PictureViewer
CAN-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...)
- NOTE: not-for-us (NukeBookmarks for php-nuke)
+ NOT-FOR-US: NukeBookmarks for php-nuke
CAN-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...)
- NOTE: not-for-us (NukeBookmarks for php-nuke)
+ NOT-FOR-US: NukeBookmarks for php-nuke
CAN-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...)
- NOTE: not-for-us (NukeBookmarks for php-nuke)
+ NOT-FOR-US: NukeBookmarks for php-nuke
CAN-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...)
- NOTE: not-for-us (AS/400 running OS400)
+ NOT-FOR-US: AS/400 running OS400
CAN-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...)
- NOTE: not-for-us (E-Store Kit-2 PayPal Edition)
+ NOT-FOR-US: E-Store Kit-2 PayPal Edition
CAN-2005-0897 (PHP remote code injection vulnerability in catalog.php in E-Store ...)
- NOTE: not-for-us (E-Store Kit-2 PayPal Edition)
+ NOT-FOR-US: E-Store Kit-2 PayPal Edition
CAN-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...)
- NOTE: not-for-us (phpMyDirectory)
+ NOT-FOR-US: phpMyDirectory
CAN-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Netcomm 1300NB DSL Modem)
+ NOT-FOR-US: Netcomm 1300NB DSL Modem
CAN-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...)
- openmosixview 1.5-7
CAN-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...)
@@ -7925,18 +7925,18 @@
CAN-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...)
- sharutils 1:4.2.1-11
CAN-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...)
- NOTE: not-for-us (X-News)
+ NOT-FOR-US: X-News
CAN-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...)
- NOTE: not-for-us (Netscape Enterprise Server)
+ NOT-FOR-US: Netscape Enterprise Server
CAN-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...)
- NOTE: not-for-us (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server)
+ NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server
CAN-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...)
- cryptcat 20031202-2
NOTE: don't know when it was fixed, verified above version is ok
CAN-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...)
- cgiemail 1.6-14
CAN-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...)
- NOTE: not-for-us (Verity Search97)
+ NOT-FOR-US: Verity Search97
CAN-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...)
- squirrelmail 1:1.2.3
CAN-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...)
@@ -7946,45 +7946,45 @@
CAN-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...)
- slash <unfixed> (bug #160579; low)
CAN-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...)
- NOTE: not-for-us (commercial ssh)
+ NOT-FOR-US: commercial ssh
CAN-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...)
- NOTE: not-for-us (commercial ssh)
+ NOT-FOR-US: commercial ssh
CAN-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...)
- NOTE: not-for-us (commercial ssh)
+ NOT-FOR-US: commercial ssh
CAN-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...)
- NOTE: not-for-us (RealNetworks Helix Universal Server)
+ NOT-FOR-US: RealNetworks Helix Universal Server
CAN-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...)
- postgresql 7.2.3
CAN-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...)
- NOTE: not-for-us (NetWare)
+ NOT-FOR-US: NetWare
CAN-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...)
- NOTE: not-for-us (Multi-Tech ProxyServer)
+ NOT-FOR-US: Multi-Tech ProxyServer
CAN-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...)
- NOTE: not-for-us (Dream4 Koobi CMS)
+ NOT-FOR-US: Dream4 Koobi CMS
CAN-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)
- NOTE: not-for-us (Dream4 Koobi CMS)
+ NOT-FOR-US: Dream4 Koobi CMS
CAN-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOTE: the hole was introduced in 0.9.4.3; I suppose that having
NOTE: this package be orphaned and not get updated for years from 0.9.2
@@ -7992,37 +7992,37 @@
CAN-2005-0887 (Code injection vulnerability in Double Choco Latte before 0.9.4.3 ...)
- dcl 1:0.9.4.4-1
CAN-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...)
- NOTE: not-for-us (XMB Forum)
+ NOT-FOR-US: XMB Forum
CAN-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...)
- NOTE: not-for-us (DigitalHive)
+ NOT-FOR-US: DigitalHive
CAN-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...)
- NOTE: not-for-us (DigitalHive)
+ NOT-FOR-US: DigitalHive
CAN-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...)
- NOTE: not-for-us (BirdBlog)
+ NOT-FOR-US: BirdBlog
CAN-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...)
- NOTE: not-for-us (Interspire ArticleLive)
+ NOT-FOR-US: Interspire ArticleLive
CAN-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...)
- NOTE: not-for-us (Vortex Portal)
+ NOT-FOR-US: Vortex Portal
CAN-2005-0879 (PHP remote code injection vulnerability in (1) content.php and (2) ...)
- NOTE: not-for-us (Vortex Portal)
+ NOT-FOR-US: Vortex Portal
CAN-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...)
- dnsmasq 2.21
CAN-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...)
- dnsmasq 2.21
CAN-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...)
- NOTE: not-for-us (Trillian plugin)
+ NOT-FOR-US: Trillian plugin
CAN-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...)
- NOTE: not-for-us (Trillian plugin)
+ NOT-FOR-US: Trillian plugin
CAN-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...)
- NOTE: not-for-us (Topic Calendar phpbb2 plugin)
+ NOT-FOR-US: Topic Calendar phpbb2 plugin
CAN-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...)
- NOTE: not-for-us (Topic Calendar phpbb2 plugin)
+ NOT-FOR-US: Topic Calendar phpbb2 plugin
CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
{DSA-724-1}
- phpsysinfo 2.3-3
@@ -8038,112 +8038,112 @@
CAN-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...)
- cdrtools 2.01+01a01-4
CAN-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...)
- NOTE: not-for-us (Scalable OGo (SOGo))
+ NOT-FOR-US: Scalable OGo (SOGo)
CAN-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...)
- NOTE: not-for-us (Mike Spice Mike's Vote CGI)
+ NOT-FOR-US: Mike Spice Mike's Vote CGI
CAN-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...)
- NOTE: not-for-us (Mike Spice Quiz CGI)
+ NOT-FOR-US: Mike Spice Quiz CGI
CAN-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...)
- NOTE: not-for-us (Mike Spice My Calendar)
+ NOT-FOR-US: Mike Spice My Calendar
CAN-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...)
NOTE: fixed in macromedia flash shortly after discovery 3 years ago
NOTE: did not check the other flash players in debian for this
CAN-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...)
- NOTE: not-for-us (General protocol flaw, cannot be fixed)
+ NOT-FOR-US: General protocol flaw, cannot be fixed
CAN-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...)
- NOTE: not-for-us (Samsung ADSL modems)
+ NOT-FOR-US: Samsung ADSL modems
CAN-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...)
- NOTE: not-for-us (Samsung ASDL modems, Debian's boa has been fixed years ago)
+ NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago
CAN-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...)
- NOTE: not-for-us (PHPOpenChat)
+ NOT-FOR-US: PHPOpenChat
CAN-2005-0862 (Multiple PHP remote code injection vulnerabilities in PHPOpenChat ...)
- NOTE: not-for-us (PHPOpenChat)
+ NOT-FOR-US: PHPOpenChat
CAN-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...)
- NOTE: not-for-us (Delegate not in Debian)
+ NOT-FOR-US: Delegate
CAN-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0 allows ...)
- NOTE: not-for-us (TRG News Script)
+ NOT-FOR-US: TRG News Script
CAN-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b allows ...)
- NOTE: not-for-us (CzarNews)
+ NOT-FOR-US: CzarNews
CAN-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...)
- NOTE: not-for-us (CoolForum)
+ NOT-FOR-US: CoolForum
CAN-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...)
- NOTE: not-for-us (CoolForum)
+ NOT-FOR-US: CoolForum
CAN-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...)
- NOTE: not-for-us (CoolForum)
+ NOT-FOR-US: CoolForum
CAN-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...)
- NOTE: not-for-us (CoolForum)
+ NOT-FOR-US: CoolForum
CAN-2005-0854 (betaparticle blog (bp blog) allows remote attackers to bypass ...)
- NOTE: not-for-us (betaparticle blog)
+ NOT-FOR-US: betaparticle blog
CAN-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...)
- NOTE: not-for-us (betaparticle blog)
+ NOT-FOR-US: betaparticle blog
CAN-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...)
- NOTE: not-for-us (Microsoft Windows)
+ NOT-FOR-US: Microsoft Windows
CAN-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...)
- NOTE: not-for-us (FileZilla FTP server)
+ NOT-FOR-US: FileZilla FTP server
CAN-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...)
- NOTE: not-for-us (FileZilla FTP server)
+ NOT-FOR-US: FileZilla FTP server
CAN-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
- NOTE: not-for-us (Multiple commercial games by FUN Labs)
+ NOT-FOR-US: Multiple commercial games by FUN Labs
CAN-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
- NOTE: not-for-us (Multiple commercial games by FUN Labs)
+ NOT-FOR-US: Multiple commercial games by FUN Labs
CAN-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Code Ocean FTP Server)
+ NOT-FOR-US: Code Ocean FTP Server
CAN-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...)
- NOTE: not-for-us (GoAhead Web Server)
+ NOT-FOR-US: GoAhead Web Server
CAN-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...)
NOTE: HAVE_BRAILLE not set in binary build
CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...)
- NOTE: not-for-us (SurgeMail)
+ NOT-FOR-US: SurgeMail
CAN-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...)
- NOTE: not-for-us (SurgeMail)
+ NOT-FOR-US: SurgeMail
CAN-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...)
- NOTE: not-for-us (Nortel Contivity)
+ NOT-FOR-US: Nortel Contivity
CAN-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
- NOTE: not-for-us (Kayako eSupport)
+ NOT-FOR-US: Kayako eSupport
CAN-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...)
- NOTE: not-for-us (phpmyfamily)
+ NOT-FOR-US: phpmyfamily
CAN-2005-0840
NOTE: rejected
CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
@@ -8153,39 +8153,39 @@
CAN-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...)
- icecast2 <unfixed> (bug #301368; low)
CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
- NOTE: not-for-us (Java Web Start for proprietary Sun Java)
+ NOT-FOR-US: Java Web Start for proprietary Sun Java
CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...)
- NOTE: not-for-us (Belkin 54G router)
+ NOT-FOR-US: Belkin 54G router
CAN-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...)
- NOTE: not-for-us (Belkin 54G router)
+ NOT-FOR-US: Belkin 54G router
CAN-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...)
- NOTE: not-for-us (Belkin 54G router)
+ NOT-FOR-US: Belkin 54G router
CAN-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...)
- NOTE: not-for-us (PHP-Post)
+ NOT-FOR-US: PHP-Post
CAN-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...)
- NOTE: not-for-us (PHP-Post)
+ NOT-FOR-US: PHP-Post
CAN-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...)
- NOTE: not-for-us (Xzabite DynDNS Updater)
+ NOT-FOR-US: Xzabite DynDNS Updater
CAN-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...)
- NOTE: not-for-us (PHP-Fusion Addon)
+ NOT-FOR-US: PHP-Fusion Addon
CAN-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...)
- NOTE: not-for-us (e-Xoops based products)
+ NOT-FOR-US: e-Xoops based products
CAN-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...)
- NOTE: not-for-us (e-Xoops based products)
+ NOT-FOR-US: e-Xoops based products
CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (OllyDbg MS Windows debugger)
+ NOT-FOR-US: OllyDbg MS Windows debugger
CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...)
- ltris 1.0.6-1.1 (bug #291620)
CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
- mathopd 1.5p5-1
CAN-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...)
- NOTE: not-for-us (Cherokee not in Debian)
+ NOT-FOR-US: Cherokee
CAN-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
- NOTE: not-for-us (Cherokee not in Debian)
+ NOT-FOR-US: Cherokee
CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...)
- NOTE: not-for-us (Nokia Firewall appliances)
+ NOT-FOR-US: Nokia Firewall appliances
CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
- NOTE: not-for-us (Cayman DSL router)
+ NOT-FOR-US: Cayman DSL router
CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...)
NOTE: I could track this down to this posting
NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html
@@ -8193,33 +8193,33 @@
NOTE: was triggered and even then it's not a problem, as mcedit usage does not
NOTE: have a remote impact and is not suid
CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC at Chip are shipped ...)
- NOTE: not-for-us (IPC at CHIP Embedded web server)
+ NOT-FOR-US: IPC at CHIP Embedded web server
CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...)
- NOTE: not-for-us (Alcatel Speed Touch)
+ NOT-FOR-US: Alcatel Speed Touch
CAN-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...)
- NOTE: not-for-us (Alcatel Speed Touch)
+ NOT-FOR-US: Alcatel Speed Touch
CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...)
- NOTE: not-for-us (Alcatel Speed Touch)
+ NOT-FOR-US: Alcatel Speed Touch
CAN-2005-XXXX [Various /tmp related security issues in cernlib]
- cernlib 2004.11.04-3
CAN-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...)
- NOTE: not-for-us (iSnooker)
+ NOT-FOR-US: iSnooker
CAN-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)
- NOTE: not-for-us (Citrix)
+ NOT-FOR-US: Citrix
CAN-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...)
- NOTE: not-for-us (Citrix)
+ NOT-FOR-US: Citrix
CAN-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...)
- NOTE: not-for-us (MS Office)
+ NOT-FOR-US: MS Office
CAN-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...)
- NOTE: not-for-us (Pun BB)
+ NOT-FOR-US: Pun BB
CAN-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...)
- NOTE: not-for-us (Symantec Gateway)
+ NOT-FOR-US: Symantec Gateway
CAN-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in ...)
- kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 2.4.27-10
@@ -8227,90 +8227,90 @@
{DSA-717-1}
- lsh-utils 2.0.1-1
CAN-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...)
- NOTE: not-for-us (ir)
+ NOT-FOR-US: ir
CAN-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...)
- NOTE: not-for-us (NotifyLink)
+ NOT-FOR-US: NotifyLink
CAN-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...)
- NOTE: not-for-us (NotifyLink)
+ NOT-FOR-US: NotifyLink
CAN-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...)
- NOTE: not-for-us (NotifyLink)
+ NOT-FOR-US: NotifyLink
CAN-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...)
- NOTE: not-for-us (NotifyLink)
+ NOT-FOR-US: NotifyLink
CAN-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/)
+ NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/
CAN-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67 allow remote ...)
- NOTE: not-for-us (Cain & Abel)
+ NOT-FOR-US: Cain & Abel
CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...)
- evolution 2.0.4-2
- evolution-data-server 1.2.2-1
CAN-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...)
- NOTE: not-for-us (Subdreamer)
+ NOT-FOR-US: Subdreamer
CAN-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...)
- NOTE: not-for-us (ACS Blog)
+ NOT-FOR-US: ACS Blog
CAN-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...)
- NOTE: not-for-us (The Includer)
+ NOT-FOR-US: The Includer
CAN-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews 1.3 ...)
- NOTE: not-for-us (mcNews)
+ NOT-FOR-US: mcNews
CAN-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...)
- NOTE: not-for-us (MySQL on Windows)
+ NOT-FOR-US: MySQL on Windows
CAN-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...)
- NOTE: not-for-us (Novell iChain)
+ NOT-FOR-US: Novell iChain
CAN-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...)
- NOTE: not-for-us (Novell iChain)
+ NOT-FOR-US: Novell iChain
CAN-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...)
- NOTE: not-for-us (Hola CMS)
+ NOT-FOR-US: Hola CMS
CAN-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...)
- NOTE: not-for-us (Hola CMS)
+ NOT-FOR-US: Hola CMS
CAN-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)
- NOTE: not-for-us (ZPanel not in Debian)
+ NOT-FOR-US: ZPanel
CAN-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel allows ...)
- NOTE: not-for-us (ZPanel not in Debian)
+ NOT-FOR-US: ZPanel
CAN-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...)
- NOTE: not-for-us (ZPanel not in Debian)
+ NOT-FOR-US: ZPanel
CAN-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...)
- NOTE: not-for-us (phpAdsNew not in Debian)
+ NOT-FOR-US: phpAdsNew
CAN-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (phpAdsNew not in Debian)
+ NOT-FOR-US: phpAdsNew
CAN-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...)
- NOTE: not-for-us (SimpGB not in Debian)
+ NOT-FOR-US: SimpGB
CAN-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...)
- NOTE: not-for-us (YaBB not in Debian)
+ NOT-FOR-US: YaBB
CAN-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...)
- NOTE: not-for-us (Phorum not in Debian)
+ NOT-FOR-US: Phorum
CAN-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...)
- NOTE: not-for-us (Phorum not in Debian)
+ NOT-FOR-US: Phorum
CAN-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...)
- NOTE: not-for-us (paFileDB not in Debian)
+ NOT-FOR-US: paFileDB
CAN-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
- NOTE: not-for-us (paFileDB not in Debian)
+ NOT-FOR-US: paFileDB
CAN-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (paFileDB not in Debian)
+ NOT-FOR-US: paFileDB
CAN-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...)
- NOTE: not-for-us (PlatinumFTP not in Debian)
+ NOT-FOR-US: PlatinumFTP
CAN-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...)
- NOTE: not-for-us (VERITAS Backup Exec)
+ NOT-FOR-US: VERITAS Backup Exec
CAN-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...)
- NOTE: not-for-us (VERITAS Backup Exec)
+ NOT-FOR-US: VERITAS Backup Exec
CAN-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...)
- NOTE: not-for-us (VERITAS Backup Exec)
+ NOT-FOR-US: VERITAS Backup Exec
CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
- NOTE: not-for-us (IDA Pro)
+ NOT-FOR-US: IDA Pro
CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...)
- NOTE: not-for-us (GoodTech Telnet Server)
+ NOT-FOR-US: GoodTech Telnet Server
CAN-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...)
- kernel-source-2.6.8 2.6.8-15
CAN-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...)
@@ -8367,115 +8367,115 @@
- kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 2.4.27-10
CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
- NOTE: not-for-us (ActiveCampaign KnowledgeBuilder)
+ NOT-FOR-US: ActiveCampaign KnowledgeBuilder
CAN-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...)
- NOTE: not-for-us (Adobe PhotoDeluxe)
+ NOT-FOR-US: Adobe PhotoDeluxe
CAN-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...)
- NOTE: not-for-us (Advanced Poll not in Debian)
+ NOT-FOR-US: Advanced Poll
CAN-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...)
- NOTE: not-for-us (WinVNC)
+ NOT-FOR-US: WinVNC
CAN-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
NOTE: Debian's nvi recover script is very different
CAN-2005-XXXX [Connection related DoS possibility in OmniORB 4]
- omniorb4 4.0.5-2
CAN-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...)
- NOTE: not-for-us (not part of Woody, has been removed from sarge/sid)
+ NOT-FOR-US: not part of Woody, has been removed from sarge/sid
CAN-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...)
- NOTE: not-for-us (Limewire has been removed from Sarge and sid, was never part of stable)
+ NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable
CAN-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...)
- wine 0.0.20050310-1.1
CAN-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...)
- openslp 1.0.11a-2
CAN-2005-0748 (PHP remote code injection vulnerability in initdb.php for WEBInsta ...)
- NOTE: not-for-us (WEBInsta)
+ NOT-FOR-US: WEBInsta
CAN-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (ApplyYourself)
+ NOT-FOR-US: ApplyYourself
CAN-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...)
- NOTE: not-for-us (Novell iChain)
+ NOT-FOR-US: Novell iChain
CAN-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...)
- NOTE: not-for-us (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor)
+ NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor
CAN-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...)
- NOTE: not-for-us (Novell iChain)
+ NOT-FOR-US: Novell iChain
CAN-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...)
- NOTE: not-for-us (XOOPS)
+ NOT-FOR-US: XOOPS
CAN-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
- NOTE: not-for-us (Sun Java System Application Server)
+ NOT-FOR-US: Sun Java System Application Server
CAN-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...)
{DSA-718-1}
- ethereal 0.9.10
CAN-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows users to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...)
- NOTE: not-for-us (Yahoo Messenger)
+ NOT-FOR-US: Yahoo Messenger
CAN-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...)
NOTE: 2.6 through .11
NOTE: There is no epoll in 2.4
- kernel-source-2.6.8 2.6.8-14
CAN-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain ...)
- NOTE: not-for-us (newsscript)
+ NOT-FOR-US: newsscript
CAN-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
- NOTE: not-for-us (PY Software Active Webcam WebServer)
+ NOT-FOR-US: PY Software Active Webcam WebServer
CAN-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
- NOTE: not-for-us (PY Software Active Webcam WebServer)
+ NOT-FOR-US: PY Software Active Webcam WebServer
CAN-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
- NOTE: not-for-us (PY Software Active Webcam WebServer)
+ NOT-FOR-US: PY Software Active Webcam WebServer
CAN-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
- NOTE: not-for-us (PY Software Active Webcam WebServer)
+ NOT-FOR-US: PY Software Active Webcam WebServer
CAN-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
- NOTE: not-for-us (PY Software Active Webcam WebServer)
+ NOT-FOR-US: PY Software Active Webcam WebServer
CAN-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...)
- NOTE: not-for-us (Xpand Rally)
+ NOT-FOR-US: Xpand Rally
CAN-2005-0728
NOTE: rejected
CAN-2005-0727
NOTE: rejected
CAN-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...)
- NOTE: not-for-us (UBB.threads)
+ NOT-FOR-US: UBB.threads
CAN-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...)
- NOTE: not-for-us (wfsections)
+ NOT-FOR-US: wfsections
CAN-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...)
- NOTE: not-for-us (eXPerience2)
+ NOT-FOR-US: eXPerience2
CAN-2005-0721 (PHP remote code injection vulnerability in modules.php in eXPerience2 ...)
- NOTE: not-for-us (eXPerience2)
+ NOT-FOR-US: eXPerience2
CAN-2005-0720 (PHP remote code injection vulnerability in header.php in PHP mcNews ...)
- NOTE: not-for-us (mcNews)
+ NOT-FOR-US: mcNews
CAN-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...)
- NOTE: not-for-us (Tru64)
+ NOT-FOR-US: Tru64
CAN-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...)
- squid 2.5.8
CAN-2005-0717
NOTE: reserved
CAN-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
- NOTE: not-for-us (Mac OS)
+ NOT-FOR-US: Mac OS
CAN-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...)
- NOTE: not-for-us (Mac OS)
+ NOT-FOR-US: Mac OS
CAN-2005-0714
NOTE: rejected
CAN-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...)
- NOTE: not-for-us (Mac OS)
+ NOT-FOR-US: Mac OS
CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...)
- NOTE: not-for-us (Mac OS)
+ NOT-FOR-US: Mac OS
CAN-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...)
{DSA-707-1}
- mysql-dfsg 4.0.24
@@ -8489,87 +8489,87 @@
- mysql-dfsg 4.0.24
- mysql-dfsg-4.1 4.1.10a
CAN-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2003-1130
NOTE: rejected
CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...)
- NOTE: not-for-us (Yahoo Audio Conferencing ActiveX control)
+ NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...)
- NOTE: not-for-us (X2 XMMS Remote)
+ NOT-FOR-US: X2 XMMS Remote
CAN-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...)
- NOTE: not-for-us (e-Gap)
+ NOT-FOR-US: e-Gap
CAN-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...)
- NOTE: not-for-us (SunOne/iPlanet)
+ NOT-FOR-US: SunOne/iPlanet
CAN-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...)
- NOTE: not-for-us (SunOne)
+ NOT-FOR-US: SunOne
CAN-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...)
- NOTE: not-for-us (Sun Management Center)
+ NOT-FOR-US: Sun Management Center
CAN-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...)
- NOTE: not-for-us (Sun JRE)
+ NOT-FOR-US: Sun JRE
CAN-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...)
- NOTE: not-for-us (ScriptLogic)
+ NOT-FOR-US: ScriptLogic
CAN-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...)
- NOTE: not-for-us (ScriptLogic)
+ NOT-FOR-US: ScriptLogic
CAN-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...)
- NOTE: not-for-us (SSH Tectia Server)
+ NOT-FOR-US: SSH Tectia Server
CAN-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...)
NOTE: does not affect openssh
CAN-2003-1118 (Buffer overflow in the SETI at home client 3.03 and other versions allows ...)
- setiathome 3.04
CAN-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...)
- NOTE: not-for-us (RealSystem Server)
+ NOT-FOR-US: RealSystem Server
CAN-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...)
- NOTE: not-for-us (Oracle E-Business Suite)
+ NOT-FOR-US: Oracle E-Business Suite
CAN-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...)
- NOTE: not-for-us (Nortel Networks Succession Communication Server)
+ NOT-FOR-US: Nortel Networks Succession Communication Server
CAN-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...)
- NOTE: not-for-us (Mediatrix Telecom VoIP Access Devices and Gateways)
+ NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways
CAN-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...)
- NOTE: not-for-us (IPTel SIP Express Router)
+ NOT-FOR-US: IPTel SIP Express Router
CAN-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...)
- NOTE: not-for-us (Ingate Firewall and Ingate SIParator)
+ NOT-FOR-US: Ingate Firewall and Ingate SIParator
CAN-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...)
- NOTE: not-for-us (dynamicsoft)
+ NOT-FOR-US: dynamicsoft
CAN-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...)
- NOTE: not-for-us (Columbia SIP User Agent)
+ NOT-FOR-US: Columbia SIP User Agent
CAN-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...)
- NOTE: not-for-us (Alcatel)
+ NOT-FOR-US: Alcatel
CAN-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...)
- NOTE: not-for-us (IBM Tivoli Firewall Toolbox)
+ NOT-FOR-US: IBM Tivoli Firewall Toolbox
CAN-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...)
- NOTE: not-for-us (Hummingbird CyberDOCS)
+ NOT-FOR-US: Hummingbird CyberDOCS
CAN-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...)
- NOTE: not-for-us (Hummingbird CyberDOCS)
+ NOT-FOR-US: Hummingbird CyberDOCS
CAN-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...)
- NOTE: not-for-us (Hummingbird CyberDOCS)
+ NOT-FOR-US: Hummingbird CyberDOCS
CAN-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...)
- NOTE: not-for-us (Hummingbird CyberDOCS)
+ NOT-FOR-US: Hummingbird CyberDOCS
CAN-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...)
- NOTE: not-for-us (shar on HP-UX)
+ NOT-FOR-US: shar on HP-UX
CAN-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...)
- NOTE: not-for-us (HP-UX))
+ NOT-FOR-US: HP-UX)
CAN-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...)
- NOTE: not-for-us (HP-UX))
+ NOT-FOR-US: HP-UX)
CAN-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...)
- NOTE: not-for-us (Mike Spice's My Classifieds)
+ NOT-FOR-US: Mike Spice's My Classifieds
CAN-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...)
- dansguardian 2.4.5-1
CAN-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...)
- NOTE: not-for-us (Computer Associates MLink)
+ NOT-FOR-US: Computer Associates MLink
CAN-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...)
NOTE: our pwck and grpck do not overflow and are not suid
CAN-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...)
@@ -8577,9 +8577,9 @@
CAN-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...)
- apache2 2.0.36
CAN-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...)
- NOTE: not-for-us (AIM in MSIE)
+ NOT-FOR-US: AIM in MSIE
CAN-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...)
- NOTE: not-for-us (Ipswitch Collaboration Suite)
+ NOT-FOR-US: Ipswitch Collaboration Suite
CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...)
NOTE: Sarge version of gnome-vfs2 does not install the module with the vulnerable code
NOTE: fixed in gnome-vfs2 2.10 long ago too.
@@ -8591,83 +8591,83 @@
CAN-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...)
- ethereal 0.10.10-1
CAN-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...)
- NOTE: not-for-us (not our cpanel)
+ NOT-FOR-US: not our cpanel
CAN-2004-1769 (The "Allow cPanel users to reset their password via email" feature in ...)
- NOTE: not-for-us (not our cpanel)
+ NOT-FOR-US: not our cpanel
CAN-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...)
- NOTE: not-for-us (Symantec Brightmail AntiSpam)
+ NOT-FOR-US: Symantec Brightmail AntiSpam
CAN-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...)
- NOTE: not-for-us (NetScreen-Security Manager)
+ NOT-FOR-US: NetScreen-Security Manager
CAN-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...)
NOTE: only seems to affect 1.7.4, not the newer branch in debian
CAN-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...)
- NOTE: not-for-us (hsrun.exe)
+ NOT-FOR-US: hsrun.exe
CAN-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...)
- ethereal 0.10.3
CAN-2004-1760 (The default installation of Cisco IBM Director agent does not require ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1759 (The Cisco IBM Director agent allows remote attackers to cause a denial ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2003-1092 (Unknown vulnerability in the "Automatic File Content Type Recognition ...)
- file 3.4.1
CAN-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...)
- NOTE: not-for-us (Apple QuickTime/Darwin Streaming Server)
+ NOT-FOR-US: Apple QuickTime/Darwin Streaming Server
CAN-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...)
- NOTE: not-for-us (AbsoluteTelnet)
+ NOT-FOR-US: AbsoluteTelnet
CAN-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...)
- NOTE: not-for-us (Xerox MicroServer Web Server)
+ NOT-FOR-US: Xerox MicroServer Web Server
CAN-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...)
- NOTE: not-for-us (phpMyFAQ)
+ NOT-FOR-US: phpMyFAQ
CAN-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...)
- NOTE: not-for-us (Aztek)
+ NOT-FOR-US: Aztek
CAN-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...)
- ethereal 0.10.9-2
CAN-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and earlier ...)
- NOTE: not-for-us (PHPWebLog)
+ NOT-FOR-US: PHPWebLog
CAN-2005-0697 (SQL injection vulnerability in the process_picture function ...)
- NOTE: not-for-us (CopperExport)
+ NOT-FOR-US: CopperExport
CAN-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...)
- NOTE: not-for-us (ArGoSoft)
+ NOT-FOR-US: ArGoSoft
CAN-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...)
- NOTE: not-for-us (JoWood Chaser (for Windows))
+ NOT-FOR-US: JoWood Chaser (for Windows)
CAN-2005-0692 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 5.x allows ...)
- NOTE: not-for-us (PHP-Fusion not in Debian)
+ NOT-FOR-US: PHP-Fusion
CAN-2005-0691 (PHP remote code injection vulnerability in article mode for ...)
- NOTE: not-for-us (SocialMPN not in Debian)
+ NOT-FOR-US: SocialMPN
CAN-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...)
- NOTE: not-for-us (Gene6 FTP Server for Win)
+ NOT-FOR-US: Gene6 FTP Server for Win
CAN-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...)
- NOTE: not-for-us (The Includer not in Debian)
+ NOT-FOR-US: The Includer
CAN-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...)
NOTE: hashcash 1.13 (which is in Debian) is not vulnerable
NOTE: hashcash 1.17 is also ok
@@ -8675,7 +8675,7 @@
- mlterm 2.9.2
NOTE: see bug #298621, was stalled in NEW, now accepted
CAN-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...)
- NOTE: not-for-us (OutStart Participate Enterprise)
+ NOT-FOR-US: OutStart Participate Enterprise
CAN-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...)
- maxdb-7.5.00 7.5.00.24-3
CAN-2005-0683
@@ -8683,91 +8683,91 @@
CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
- drupal 4.5.2
CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Nokia)
+ NOT-FOR-US: Nokia
CAN-2005-0680 (PHP remote code injection vulnerability in ...)
- NOTE: not-for-us (Download Center Lite not in Debian)
+ NOT-FOR-US: Download Center Lite
CAN-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php for ...)
- NOTE: not-for-us (Tell A Friend Script not in Debian)
+ NOT-FOR-US: Tell A Friend Script
CAN-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for Form ...)
- NOTE: not-for-us (Form Mail Script not in Debian)
+ NOT-FOR-US: Form Mail Script
CAN-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...)
- NOTE: not-for-us (Zorum not in Debian)
+ NOT-FOR-US: Zorum
CAN-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...)
- NOTE: not-for-us (Zorum not in Debian)
+ NOT-FOR-US: Zorum
CAN-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...)
- NOTE: not-for-us (Zorum not in Debian)
+ NOT-FOR-US: Zorum
CAN-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...)
- NOTE: not-for-us (Pabox for PHPNuke not in Debian)
+ NOT-FOR-US: Pabox for PHPNuke
CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
- phpbb2 2.0.13-2
CAN-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
- NOTE: not-for-us (Ca3DE)
+ NOT-FOR-US: Ca3DE
CAN-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
- NOTE: not-for-us (Ca3DE)
+ NOT-FOR-US: Ca3DE
CAN-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...)
- NOTE: not-for-us (phpCOIN)
+ NOT-FOR-US: phpCOIN
CAN-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...)
- NOTE: not-for-us (phpCOIN)
+ NOT-FOR-US: phpCOIN
CAN-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...)
- NOTE: not-for-us (HAVP)
+ NOT-FOR-US: HAVP
CAN-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...)
- sylpheed 1.0.3-1
- sylpheed-claws 1.0.3-1
CAN-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...)
- kernel-patch-adamantix 1.7
CAN-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
- NOTE: not-for-us (XV)
+ NOT-FOR-US: XV
CAN-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...)
{DSA-709-1}
- libexif 0.6.9-5
CAN-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
- NOTE: not-for-us (Mercury Board)
+ NOT-FOR-US: Mercury Board
CAN-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...)
- NOTE: not-for-us (Mercury Board)
+ NOT-FOR-US: Mercury Board
CAN-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...)
- NOTE: not-for-us (Woltlab Burning Board)
+ NOT-FOR-US: Woltlab Burning Board
CAN-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...)
- NOTE: not-for-us (D-Forum)
+ NOT-FOR-US: D-Forum
CAN-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...)
NOTE: This is not a security issue as the installation path is known.
CAN-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
- NOTE: not-for-us (Typo3)
+ NOT-FOR-US: Typo3
CAN-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...)
- NOTE: not-for-us (Computalynx CProxy)
+ NOT-FOR-US: Computalynx CProxy
CAN-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...)
- NOTE: not-for-us (auraCMS)
+ NOT-FOR-US: auraCMS
CAN-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (auraCMS)
+ NOT-FOR-US: auraCMS
CAN-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...)
NOTE: this is not a security issue according to maintainer
CAN-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...)
- phpmyadmin 3:2.6.1-pl3-1
CAN-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...)
- NOTE: not-for-us (OpenVMS)
+ NOT-FOR-US: OpenVMS
CAN-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...)
- NOTE: not-for-us (ProjectBB)
+ NOT-FOR-US: ProjectBB
CAN-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...)
- NOTE: not-for-us (ProjectBB)
+ NOT-FOR-US: ProjectBB
CAN-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...)
- NOTE: not-for-us (Pixel-Apes SafeHTML)
+ NOT-FOR-US: Pixel-Apes SafeHTML
CAN-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...)
- NOTE: not-for-us (Pixel-Apes SafeHTML)
+ NOT-FOR-US: Pixel-Apes SafeHTML
CAN-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...)
- NOTE: not-for-us (paNews)
+ NOT-FOR-US: paNews
CAN-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...)
- NOTE: not-for-us (paNews)
+ NOT-FOR-US: paNews
CAN-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
- NOTE: not-for-us (McAfee Virus Scanners)
+ NOT-FOR-US: McAfee Virus Scanners
CAN-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
- NOTE: not-for-us (McAfee Virus Scanners)
+ NOT-FOR-US: McAfee Virus Scanners
CAN-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...)
- NOTE: not-for-us (Computer Associates UAM)
+ NOT-FOR-US: Computer Associates UAM
CAN-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...)
- NOTE: not-for-us (Computer Associates UAM)
+ NOT-FOR-US: Computer Associates UAM
CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
- NOTE: not-for-us (Computer Associates UAM)
+ NOT-FOR-US: Computer Associates UAM
CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
{DSA-695-1 DSA-694-1}
- xloadimage 4.1-14.2
@@ -8777,34 +8777,34 @@
- xli 1.17.0-18
- xloadimage 4.1-14.1
CAN-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
- NOTE: not-for-us (Foxmail)
+ NOT-FOR-US: Foxmail
CAN-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...)
- NOTE: not-for-us (Foxmail)
+ NOT-FOR-US: Foxmail
CAN-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...)
- NOTE: not-for-us (Golden FTP Server)
+ NOT-FOR-US: Golden FTP Server
CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...)
- NOTE: not-for-us (PHPNews)
+ NOT-FOR-US: PHPNews
CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
- NOTE: not-for-us (427BB)
+ NOT-FOR-US: 427BB
CAN-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...)
- NOTE: not-for-us (Forumwa)
+ NOT-FOR-US: Forumwa
CAN-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...)
NOTE: We are not vulnerable to this since RPATH has been disable in QT3 ever since
NOTE: Martin Loschwitz maintain it.
CAN-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...)
- NOTE: not-for-us (Symantec DNSd)
+ NOT-FOR-US: Symantec DNSd
CAN-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...)
- NOTE: not-for-us (Zorum not in Debian)
+ NOT-FOR-US: Zorum
CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...)
- NOTE: not-for-us (Zorum not in Debian)
+ NOT-FOR-US: Zorum
CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
- squid 2.5.9-2
CAN-2005-0940
@@ -8814,41 +8814,41 @@
CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
- reportbug 3.8
CAN-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...)
- NOTE: not-for-us (RaidenHTTPD)
+ NOT-FOR-US: RaidenHTTPD
CAN-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...)
- NOTE: not-for-us (RaidenHTTPD)
+ NOT-FOR-US: RaidenHTTPD
CAN-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Scrapland)
+ NOT-FOR-US: Scrapland
CAN-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...)
- NOTE: not-for-us (Einstein)
+ NOT-FOR-US: Einstein
CAN-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...)
- NOTE: not-for-us (Einstein)
+ NOT-FOR-US: Einstein
CAN-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...)
- NOTE: not-for-us (Symantec Firewall/VPN Appliance 200/200R firmware)
+ NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware
CAN-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
- phpbb2 2.0.13-1
CAN-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...)
- NOTE: not-for-us (FCKeditor)
+ NOT-FOR-US: FCKeditor
CAN-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CAN-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...)
- NOTE: not-for-us (FreeBSD portupgrade)
+ NOT-FOR-US: FreeBSD portupgrade
CAN-2005-0609
NOTE: reserved
CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
- NOTE: not-for-us (Half Life WebMod)
+ NOT-FOR-US: Half Life WebMod
CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...)
- NOTE: not-for-us (CubeCert)
+ NOT-FOR-US: CubeCert
CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...)
- NOTE: not-for-us (CubeCert)
+ NOT-FOR-US: CubeCert
CAN-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...)
{DSA-723-1}
NOTE: lesstif2
@@ -8862,29 +8862,29 @@
NOTE: openmotif is non-free
- openmotif 2.2.3-1.1 (medium)
CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...)
- NOTE: not-for-us (GFI Languard Network Security Scanner)
+ NOT-FOR-US: GFI Languard Network Security Scanner
CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
- phpbb2 2.0.13-1
CAN-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...)
- unzip 5.52-1
NOTE: um, tar does this too, not really considered a security hole
CAN-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CAN-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...)
NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037
- php4 4.3.8-1
CAN-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...)
- NOTE: not-for-us (BadBlue)
+ NOT-FOR-US: BadBlue
CAN-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...)
- mozilla-firefox 1.0.1
- mozilla 2:1.7.6-1
@@ -8914,110 +8914,110 @@
- mozilla-firefox 1.0.1
- mozilla 2:1.7.6-1
CAN-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...)
- NOTE: not-for-us (Computer Associates (CA) License Client)
+ NOT-FOR-US: Computer Associates (CA) License Client
CAN-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...)
- NOTE: not-for-us (Computer Associates (CA) License Client)
+ NOT-FOR-US: Computer Associates (CA) License Client
CAN-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...)
- NOTE: not-for-us (Computer Associates (CA) License Client)
+ NOT-FOR-US: Computer Associates (CA) License Client
CAN-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...)
- NOTE: not-for-us (cmd5checkpw)
+ NOT-FOR-US: cmd5checkpw
CAN-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...)
- NOTE: not-for-us (FreeNX)
+ NOT-FOR-US: FreeNX
CAN-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...)
- mozilla-firefox 1.0.1-1
CAN-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...)
- NOTE: not-for-us (MKBold-MKItalic)
+ NOT-FOR-US: MKBold-MKItalic
CAN-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...)
- NOTE: not-for-us (STSF in Solaris)
+ NOT-FOR-US: STSF in Solaris
CAN-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...)
- NOTE: not-for-us (Stormy Studios Knet)
+ NOT-FOR-US: Stormy Studios Knet
CAN-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...)
- NOTE: not-for-us (CIS Webserver)
+ NOT-FOR-US: CIS Webserver
CAN-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...)
NOTE: don't know if we are vulnerable, I've mailed maintainers -- Djoume
TODO: check
CAN-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CAN-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...)
- NOTE: not-for-us (Soldier of Fortune II)
+ NOT-FOR-US: Soldier of Fortune II
CAN-2005-0567 (Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1 ...)
- phpmyadmin 3:2.6.1-pl2-1
CAN-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote attackers ...)
- NOTE: not-for-us (Golden FTP Server)
+ NOT-FOR-US: Golden FTP Server
CAN-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CAN-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...)
- NOTE: not-for-us (Microsoft Word)
+ NOT-FOR-US: Microsoft Word
CAN-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
- NOTE: not-for-us (MSN Messenger)
+ NOT-FOR-US: MSN Messenger
CAN-2005-0561
NOTE: reserved
CAN-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...)
- NOTE: not-for-us (Exchange server)
+ NOT-FOR-US: Exchange server
CAN-2005-0559
NOTE: reserved
CAN-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...)
- NOTE: not-for-us (Microsoft Word)
+ NOT-FOR-US: Microsoft Word
CAN-2005-0557
NOTE: reserved
CAN-2005-0556
NOTE: reserved
CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-0553 (Race condition in the memory management routines in the DHTML object ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-0552
NOTE: reserved
CAN-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...)
- NOTE: not-for-us (Apple Java plugin)
+ NOT-FOR-US: Apple Java plugin
CAN-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...)
- NOTE: not-for-us (Gaucho)
+ NOT-FOR-US: Gaucho
CAN-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...)
- NOTE: not-for-us (Ground Control II)
+ NOT-FOR-US: Ground Control II
CAN-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (RealVNC)
+ NOT-FOR-US: RealVNC
CAN-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...)
- NOTE: not-for-us (Attack Mitigator IPS 5500)
+ NOT-FOR-US: Attack Mitigator IPS 5500
CAN-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...)
- NOTE: not-for-us (NtRegmon)
+ NOT-FOR-US: NtRegmon
CAN-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...)
- NOTE: not-for-us (NetworkEverywhere NR041)
+ NOT-FOR-US: NetworkEverywhere NR041
CAN-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...)
- NOTE: not-for-us (PHP Code Snippet Library)
+ NOT-FOR-US: PHP Code Snippet Library
CAN-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...)
- NOTE: not-for-us (Painkiller)
+ NOT-FOR-US: Painkiller
CAN-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...)
- NOTE: not-for-us (ESF Webserver)
+ NOT-FOR-US: ESF Webserver
CAN-2004-1743 (Easy File Sharing (ESF) Webserver 1.25 allows remote attackers to view ...)
- NOTE: not-for-us (ESF Webserver)
+ NOT-FOR-US: ESF Webserver
CAN-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...)
- NOTE: not-for-us (WebAPP)
+ NOT-FOR-US: WebAPP
CAN-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
- NOTE: not-for-us (musicd)
+ NOT-FOR-US: musicd
CAN-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
- NOTE: not-for-us (musicd)
+ NOT-FOR-US: musicd
CAN-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Bird Chat)
+ NOT-FOR-US: Bird Chat
CAN-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...)
- NOTE: not-for-us (JShop)
+ NOT-FOR-US: JShop
CAN-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...)
- cacti 0.8.5a-5
CAN-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...)
@@ -9027,93 +9027,93 @@
CAN-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows ...)
- mantis 0.19.2-1
CAN-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...)
- NOTE: not-for-us (MyDMS)
+ NOT-FOR-US: MyDMS
CAN-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...)
- NOTE: not-for-us (MyDMS)
+ NOT-FOR-US: MyDMS
CAN-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...)
- mantis 0.19.0-1
CAN-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...)
- mantis 0.19.0-1
CAN-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...)
- NOTE: not-for-us (Nihuo Web Log Analyzer)
+ NOT-FOR-US: Nihuo Web Log Analyzer
CAN-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...)
- NOTE: not-for-us (sarad)
+ NOT-FOR-US: sarad
CAN-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (BadBlue)
+ NOT-FOR-US: BadBlue
CAN-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...)
- NOTE: not-for-us (XV)
+ NOT-FOR-US: XV
CAN-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...)
- NOTE: not-for-us (XV)
+ NOT-FOR-US: XV
CAN-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...)
- NOTE: not-for-us (Merak Webmail Server)
+ NOT-FOR-US: Merak Webmail Server
CAN-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...)
- NOTE: not-for-us (IPD)
+ NOT-FOR-US: IPD
CAN-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...)
- gv 1:3.6.1-1
CAN-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...)
- NOTE: not-for-us (PForum)
+ NOT-FOR-US: PForum
CAN-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...)
- NOTE: not-for-us (MIMEsweeper)
+ NOT-FOR-US: MIMEsweeper
CAN-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...)
- NOTE: not-for-us (BlackICE PC Protection)
+ NOT-FOR-US: BlackICE PC Protection
CAN-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...)
- NOTE: not-for-us (PRM on HP-UX)
+ NOT-FOR-US: PRM on HP-UX
CAN-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...)
- NOTE: not-for-us (TypePad)
+ NOT-FOR-US: TypePad
CAN-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...)
- moodle 1.4-1
CAN-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...)
- NOTE: not-for-us (page.cgi)
+ NOT-FOR-US: page.cgi
CAN-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...)
- NOTE: not-for-us (Datakey Rainbow iKey2032 USB token)
+ NOT-FOR-US: Datakey Rainbow iKey2032 USB token
CAN-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Webbsyte)
+ NOT-FOR-US: Webbsyte
CAN-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...)
- NOTE: not-for-us (U.S. Robotics wireless access point)
+ NOT-FOR-US: U.S. Robotics wireless access point
CAN-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...)
- NOTE: not-for-us (Citadel/UX)
+ NOT-FOR-US: Citadel/UX
CAN-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...)
- NOTE: not-for-us (WpQuiz)
+ NOT-FOR-US: WpQuiz
CAN-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...)
- NOTE: not-for-us (Fusion News)
+ NOT-FOR-US: Fusion News
CAN-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...)
- NOTE: not-for-us (Lexar Safe Guard)
+ NOT-FOR-US: Lexar Safe Guard
CAN-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...)
- NOTE: not-for-us (diagmond on HP-UX)
+ NOT-FOR-US: diagmond on HP-UX
CAN-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...)
- NOTE: not-for-us (ftpd on HP-UX)
+ NOT-FOR-US: ftpd on HP-UX
CAN-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...)
- cyrus21-imapd 2.1.18-1
CAN-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...)
- NOTE: not-for-us (MS Office)
+ NOT-FOR-US: MS Office
CAN-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...)
- phpmyadmin 3:2.6.1-pl2-1
CAN-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...)
- phpmyadmin 3:2.6.1-pl2-1
CAN-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...)
- NOTE: not-for-us (Cyclades AlterPath Manager)
+ NOT-FOR-US: Cyclades AlterPath Manager
CAN-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...)
- NOTE: not-for-us (Cyclades AlterPath Manager)
+ NOT-FOR-US: Cyclades AlterPath Manager
CAN-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...)
- NOTE: not-for-us (Cyclades AlterPath Manager)
+ NOT-FOR-US: Cyclades AlterPath Manager
CAN-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...)
- NOTE: not-for-us (IBM)
+ NOT-FOR-US: IBM
CAN-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...)
- NOTE: not-for-us (ginp)
+ NOT-FOR-US: ginp
CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...)
- NOTE: not-for-us (iGeneric (iG) Shop)
+ NOT-FOR-US: iGeneric (iG) Shop
CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
- mediawiki <itp> (bug #276057)
CAN-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...)
@@ -9121,7 +9121,7 @@
CAN-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...)
- mediawiki <itp> (bug #276057)
CAN-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...)
- NOTE: not-for-us (Trend Micro AntiVirus)
+ NOT-FOR-US: Trend Micro AntiVirus
CAN-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...)
- kernel-source-2.6.8 2.6.8-14
NOTE: 2.4.27 seems to be unaffected
@@ -9141,7 +9141,7 @@
NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
- mozilla 2:1.7.6
CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
{DSA-729-1 DSA-708-1}
- php4 4:4.3.10-10
@@ -9153,42 +9153,42 @@
{DSA-719-1}
- prozilla 1:1.3.7.4-1
CAN-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...)
- NOTE: not-for-us (Chat Anywhere)
+ NOT-FOR-US: Chat Anywhere
CAN-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...)
- NOTE: not-for-us (SendLink)
+ NOT-FOR-US: SendLink
CAN-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read arbitrary ...)
- NOTE: not-for-us (ArGoSoft)
+ NOT-FOR-US: ArGoSoft
CAN-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read arbitrary ...)
- NOTE: not-for-us (ArGoSoft)
+ NOT-FOR-US: ArGoSoft
CAN-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...)
- NOTE: not-for-us (eXeem)
+ NOT-FOR-US: eXeem
CAN-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...)
- NOTE: not-for-us (PeerFTP)
+ NOT-FOR-US: PeerFTP
CAN-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...)
- NOTE: not-for-us (ImageGalleryPlugin for Twiki)
+ NOT-FOR-US: ImageGalleryPlugin for Twiki
CAN-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...)
- NOTE: not-for-us (My Firewall Plus)
+ NOT-FOR-US: My Firewall Plus
CAN-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...)
- NOTE: not-for-us (Verity Ultraseek)
+ NOT-FOR-US: Verity Ultraseek
CAN-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in ...)
- NOTE: not-for-us (pMachine)
+ NOT-FOR-US: pMachine
CAN-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo 4.5.2 ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin 3.0.6 ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in pMachine ...)
- NOTE: not-for-us (pMachine)
+ NOT-FOR-US: pMachine
CAN-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...)
- NOTE: not-for-us (fallback-reboot)
+ NOT-FOR-US: fallback-reboot
CAN-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...)
NOTE: default config of Mono not vulnerable
- mono 1.1.6-4 (medium)
CAN-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...)
- batik 1.5.1-1
CAN-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...)
- NOTE: not-for-us (SD Server)
+ NOT-FOR-US: SD Server
CAN-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...)
- NOTE: not-for-us (Avaya IP Office Phone Manager)
+ NOT-FOR-US: Avaya IP Office Phone Manager
CAN-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...)
- irm 1.5.3.1-1
CAN-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...)
@@ -9199,29 +9199,29 @@
CAN-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...)
- uim 1:0.4.6beta2-1
CAN-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...)
- NOTE: not-for-us (Xinkaa)
+ NOT-FOR-US: Xinkaa
CAN-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...)
- NOTE: not-for-us (Bontago)
+ NOT-FOR-US: Bontago
CAN-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
- NOTE: not-for-us (MSIE6)
+ NOT-FOR-US: MSIE6
CAN-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...)
- NOTE: not-for-us (Gigafast router)
+ NOT-FOR-US: Gigafast router
CAN-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...)
- NOTE: not-for-us (Gigafast router)
+ NOT-FOR-US: Gigafast router
CAN-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...)
- NOTE: not-for-us (ADP Elite System)
+ NOT-FOR-US: ADP Elite System
CAN-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...)
- NOTE: not-for-us (Arkeia Network Backup)
+ NOT-FOR-US: Arkeia Network Backup
CAN-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...)
- NOTE: not-for-us (ZeroBoard)
+ NOT-FOR-US: ZeroBoard
CAN-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...)
- NOTE: not-for-us (Thomson TCW690 cable modem)
+ NOT-FOR-US: Thomson TCW690 cable modem
CAN-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...)
- NOTE: not-for-us (Biz Mail From)
+ NOT-FOR-US: Biz Mail From
CAN-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...)
- NOTE: not-for-us (Acrobat Reader)
+ NOT-FOR-US: Acrobat Reader
CAN-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...)
- NOTE: not-for-us (Arkeia Server Backup)
+ NOT-FOR-US: Arkeia Server Backup
CAN-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...)
- curl 7.13.0-2
CAN-2005-0489
@@ -9231,130 +9231,130 @@
CAN-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...)
- cfengine2 2.1.8-1
CAN-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...)
- NOTE: not-for-us (Pinnacle ShowCenter)
+ NOT-FOR-US: Pinnacle ShowCenter
CAN-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...)
- NOTE: not-for-us (Pinnacle ShowCenter)
+ NOT-FOR-US: Pinnacle ShowCenter
CAN-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...)
- NOTE: not-for-us (PopMessenger)
+ NOT-FOR-US: PopMessenger
CAN-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter ...)
- NOTE: not-for-us (Computer Associates Unicenter Management Portal)
+ NOT-FOR-US: Computer Associates Unicenter Management Portal
CAN-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
- NOTE: not-for-us (EmuLive Server4)
+ NOT-FOR-US: EmuLive Server4
CAN-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
- NOTE: not-for-us (EmuLive Server4)
+ NOT-FOR-US: EmuLive Server4
CAN-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo 4.5 ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...)
- NOTE: not-for-us (DNS4Me)
+ NOT-FOR-US: DNS4Me
CAN-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...)
- NOTE: not-for-us (DNS4Me)
+ NOT-FOR-US: DNS4Me
CAN-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...)
- sudo 1.6.8p3-1
CAN-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (Pigeon Server)
+ NOT-FOR-US: Pigeon Server
CAN-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...)
- NOTE: not-for-us (Snitz Forums)
+ NOT-FOR-US: Snitz Forums
CAN-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...)
- NOTE: not-for-us (SMC router)
+ NOT-FOR-US: SMC router
CAN-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...)
- NOTE: not-for-us (Zyxel)
+ NOT-FOR-US: Zyxel
CAN-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...)
- NOTE: not-for-us (crrtrap)
+ NOT-FOR-US: crrtrap
CAN-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...)
- NOTE: not-for-us (QNX FTP)
+ NOT-FOR-US: QNX FTP
CAN-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...)
- NOTE: not-for-us (Pingtel Xpressa)
+ NOT-FOR-US: Pingtel Xpressa
CAN-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...)
- NOTE: not-for-us (TwinFTP)
+ NOT-FOR-US: TwinFTP
CAN-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...)
- NOTE: not-for-us (PerlDesk)
+ NOT-FOR-US: PerlDesk
CAN-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...)
- NOTE: not-for-us (PerlDesk)
+ NOT-FOR-US: PerlDesk
CAN-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...)
- NOTE: not-for-us (Serv-U FTP)
+ NOT-FOR-US: Serv-U FTP
CAN-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...)
- NOTE: not-for-us (Subjects)
+ NOT-FOR-US: Subjects
CAN-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...)
- NOTE: not-for-us (Halo Combat Evolved)
+ NOT-FOR-US: Halo Combat Evolved
CAN-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...)
- NOTE: not-for-us (PsNews)
+ NOT-FOR-US: PsNews
CAN-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...)
- NOTE: not-for-us (Call of Duty)
+ NOT-FOR-US: Call of Duty
CAN-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...)
- NOTE: not-for-us (Engenio/LSI Logic storage controllers)
+ NOT-FOR-US: Engenio/LSI Logic storage controllers
CAN-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
- NOTE: not-for-us (MailWorks)
+ NOT-FOR-US: MailWorks
CAN-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and earlier ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...)
- NOTE: not-for-us (Kerio Personal Firewall)
+ NOT-FOR-US: Kerio Personal Firewall
CAN-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...)
- NOTE: not-for-us (DasBlog)
+ NOT-FOR-US: DasBlog
CAN-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...)
- NOTE: not-for-us (Comersus Shopping Cart)
+ NOT-FOR-US: Comersus Shopping Cart
CAN-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...)
- NOTE: not-for-us (phpWebsite)
+ NOT-FOR-US: phpWebsite
CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...)
- NOTE: not-for-us (phpWebsite)
+ NOT-FOR-US: phpWebsite
CAN-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...)
- NOTE: not-for-us (Documented SSH protocol behaviour, cannot be fixed)
+ NOT-FOR-US: Documented SSH protocol behaviour, cannot be fixed
NOTE: See bug #296547 for details
CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
- NOTE: not-for-us (phpScheduleIt)
+ NOT-FOR-US: phpScheduleIt
CAN-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- NOTE: not-for-us (phpScheduleIt)
+ NOT-FOR-US: phpScheduleIt
CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...)
- NOTE: not-for-us (D-Link DCS-900)
+ NOT-FOR-US: D-Link DCS-900
CAN-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...)
- NOTE: not-for-us (Msinfo32.exe)
+ NOT-FOR-US: Msinfo32.exe
CAN-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...)
- NOTE: not-for-us (Password Protect)
+ NOT-FOR-US: Password Protect
CAN-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...)
- NOTE: not-for-us (Password Protect)
+ NOT-FOR-US: Password Protect
CAN-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...)
- NOTE: not-for-us (Xedus)
+ NOT-FOR-US: Xedus
CAN-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...)
- NOTE: not-for-us (Xedus)
+ NOT-FOR-US: Xedus
CAN-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...)
- NOTE: not-for-us (Xedus)
+ NOT-FOR-US: Xedus
CAN-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...)
- NOTE: not-for-us (WS_FTP)
+ NOT-FOR-US: WS_FTP
CAN-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...)
- NOTE: not-for-us (WS_FTP)
+ NOT-FOR-US: WS_FTP
CAN-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...)
- NOTE: not-for-us (Titan)
+ NOT-FOR-US: Titan
CAN-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...)
- NOTE: not-for-us (XOOPS)
+ NOT-FOR-US: XOOPS
CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...)
- NOTE: not-for-us (Thomson cable modem)
+ NOT-FOR-US: Thomson cable modem
CAN-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...)
TODO: check heimdal, netkit-telnet-ssl
- krb4 <unfixed> (low)
@@ -9371,11 +9371,11 @@
TODO: This is still a bug (maybe not a security one)
TODO: and needs fixing. (IMHO, fw)
CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
- NOTE: not-for-us (mailcarrier)
+ NOT-FOR-US: mailcarrier
CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...)
- NOTE: not-for-us (Hawking Technologies HAR11A modem/router)
+ NOT-FOR-US: Hawking Technologies HAR11A modem/router
CAN-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...)
- NOTE: not-for-us (WvTftp)
+ NOT-FOR-US: WvTftp
CAN-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...)
NOTE: does not affect older 2.16.7 in sid.
CAN-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...)
@@ -9385,40 +9385,40 @@
CAN-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...)
- moniwiki 1.0.9
CAN-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...)
- NOTE: not-for-us (Open WorkFlow Engine)
+ NOT-FOR-US: Open WorkFlow Engine
CAN-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...)
- NOTE: not-for-us (Open WorkFlow Engine)
+ NOT-FOR-US: Open WorkFlow Engine
CAN-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...)
- NOTE: not-for-us (Dwc_articles)
+ NOT-FOR-US: Dwc_articles
CAN-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...)
- rssh 2.2.2
CAN-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...)
- NOTE: not-for-us (ability server)
+ NOT-FOR-US: ability server
CAN-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...)
- NOTE: not-for-us (ability server)
+ NOT-FOR-US: ability server
CAN-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...)
- NOTE: not-for-us (pGina)
+ NOT-FOR-US: pGina
CAN-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...)
- NOTE: not-for-us (Carbon Copy)
+ NOT-FOR-US: Carbon Copy
CAN-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...)
- NOTE: not-for-us (UBB.threads)
+ NOT-FOR-US: UBB.threads
CAN-2004-1621 (** DISPUTED ** ...)
- NOTE: not-for-us (Lotus Notes)
+ NOT-FOR-US: Lotus Notes
CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...)
- NOTE: not-for-us (Privateer's Bounty: Age of Sail II)
+ NOT-FOR-US: Privateer's Bounty: Age of Sail II
CAN-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (Tonecast)
+ NOT-FOR-US: Tonecast
CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...)
NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there
- lynx <unfixed> (bug #296340; low)
CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
- links 0.99+1.00pre12-1
CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...)
NOTE: assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6
NOTE: mozilla-browser 1.7.5-1 also ok
@@ -9426,170 +9426,170 @@
NOTE: example page did not bother firefox 1.0+dfsg.1-6
NOTE: mozilla-browser 1.7.5-1 also ok
CAN-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...)
- NOTE: not-for-us (not our cpanel)
+ NOT-FOR-US: not our cpanel
CAN-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...)
- NOTE: not-for-us (not our cpanel)
+ NOT-FOR-US: not our cpanel
CAN-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...)
- proftpd 1.2.10-4
CAN-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...)
- NOTE: not-for-us (coolphp)
+ NOT-FOR-US: coolphp
CAN-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...)
- NOTE: not-for-us (CoolPHP)
+ NOT-FOR-US: CoolPHP
CAN-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...)
- NOTE: not-for-us (CoolPHP)
+ NOT-FOR-US: CoolPHP
CAN-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...)
- NOTE: not-for-us (Acrobat)
+ NOT-FOR-US: Acrobat
CAN-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...)
- NOTE: not-for-us (RIM Blackberry)
+ NOT-FOR-US: RIM Blackberry
CAN-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...)
- NOTE: not-for-us (3COM router)
+ NOT-FOR-US: 3COM router
CAN-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...)
- NOTE: not-for-us (ShixxNote)
+ NOT-FOR-US: ShixxNote
CAN-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...)
- NOTE: not-for-us (FuseTalk)
+ NOT-FOR-US: FuseTalk
CAN-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
- NOTE: not-for-us (SCT email client)
+ NOT-FOR-US: SCT email client
CAN-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal 1.0.3 ...)
- NOTE: not-for-us (ocPortal)
+ NOT-FOR-US: ocPortal
CAN-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...)
- NOTE: not-for-us (Micronet Wireless Router)
+ NOT-FOR-US: Micronet Wireless Router
CAN-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...)
- NOTE: not-for-us (clientexec)
+ NOT-FOR-US: clientexec
CAN-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...)
- NOTE: not-for-us (GoSmart)
+ NOT-FOR-US: GoSmart
CAN-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...)
- NOTE: not-for-us (GoSmart)
+ NOT-FOR-US: GoSmart
CAN-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...)
- NOTE: not-for-us (Monolith Games)
+ NOT-FOR-US: Monolith Games
CAN-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...)
- NOTE: not-for-us (Flash Messaging)
+ NOT-FOR-US: Flash Messaging
CAN-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...)
- NOTE: not-for-us (Flash Messaging)
+ NOT-FOR-US: Flash Messaging
CAN-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...)
- wordpress 1.2.1-1.1
CAN-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...)
- NOTE: not-for-us (FTP server in TriDComm)
+ NOT-FOR-US: FTP server in TriDComm
CAN-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1 allows ...)
- NOTE: not-for-us (BlackBoard)
+ NOT-FOR-US: BlackBoard
CAN-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
- NOTE: not-for-us (BlackBoard)
+ NOT-FOR-US: BlackBoard
CAN-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...)
- NOTE: not-for-us (CubeCart)
+ NOT-FOR-US: CubeCart
CAN-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...)
- NOTE: not-for-us (CubeCart)
+ NOT-FOR-US: CubeCart
CAN-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...)
- NOTE: not-for-us (phplinks)
+ NOT-FOR-US: phplinks
CAN-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...)
- NOTE: not-for-us (Judge Dredd)
+ NOT-FOR-US: Judge Dredd
CAN-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...)
- xerces25 2.5.0-4
- xerces24 2.4.0-4
NOTE: maintainer believe that this CAN doesn't apply to xerces23 (see bug #296432)
NOTE: maintainer believe that this CAN doesn't apply to xerces21 (see bug #296466)
CAN-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...)
- NOTE: not-for-us (Vypress)
+ NOT-FOR-US: Vypress
CAN-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...)
- NOTE: not-for-us (AJ-Fork)
+ NOT-FOR-US: AJ-Fork
CAN-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...)
- NOTE: not-for-us (AJ-Fork)
+ NOT-FOR-US: AJ-Fork
CAN-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...)
- NOTE: not-for-us (AJ-Fork)
+ NOT-FOR-US: AJ-Fork
CAN-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...)
- NOTE: not-for-us (bBlog)
+ NOT-FOR-US: bBlog
CAN-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...)
- NOTE: not-for-us (dbPowerAmp)
+ NOT-FOR-US: dbPowerAmp
CAN-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...)
- NOTE: not-for-us (Parachat)
+ NOT-FOR-US: Parachat
CAN-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...)
- NOTE: not-for-us (Silent Storm Portal)
+ NOT-FOR-US: Silent Storm Portal
CAN-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...)
- NOTE: not-for-us (Silent Storm Portal)
+ NOT-FOR-US: Silent Storm Portal
CAN-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...)
- NOTE: not-for-us (w-Agora)
+ NOT-FOR-US: w-Agora
CAN-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...)
- NOTE: not-for-us (w-Agora)
+ NOT-FOR-US: w-Agora
CAN-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...)
- NOTE: not-for-us (w-Agora)
+ NOT-FOR-US: w-Agora
CAN-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...)
- NOTE: not-for-us (w-Agora)
+ NOT-FOR-US: w-Agora
CAN-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...)
- icecast2 2.0.2.debian-1
CAN-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Microsoft SQL Server)
+ NOT-FOR-US: Microsoft SQL Server
CAN-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...)
- wordpress 1.2.2-1.1
CAN-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through 0.6 ...)
- NOTE: not-for-us (YahooPOPS)
+ NOT-FOR-US: YahooPOPS
CAN-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...)
- NOTE: not-for-us (MyWebServer)
+ NOT-FOR-US: MyWebServer
CAN-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (MyWebServer)
+ NOT-FOR-US: MyWebServer
CAN-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...)
- NOTE: not-for-us (BroadBoard Instant ASP Message Board)
+ NOT-FOR-US: BroadBoard Instant ASP Message Board
CAN-2004-1554 (PHP remote code injection vulnerability in livre_include.php in @lex ...)
- NOTE: not-for-us (@lex GuestBook)
+ NOT-FOR-US: @lex GuestBook
CAN-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...)
- NOTE: not-for-us (aspWebAlbum)
+ NOT-FOR-US: aspWebAlbum
CAN-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...)
- NOTE: not-for-us (aspWebCalendar)
+ NOT-FOR-US: aspWebCalendar
CAN-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...)
- NOTE: not-for-us (PafileDB)
+ NOT-FOR-US: PafileDB
CAN-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...)
- NOTE: not-for-us (Motorola Router)
+ NOT-FOR-US: Motorola Router
CAN-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...)
- NOTE: not-for-us (ActivePost)
+ NOT-FOR-US: ActivePost
CAN-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...)
- NOTE: not-for-us (ActivePost)
+ NOT-FOR-US: ActivePost
CAN-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
- NOTE: not-for-us (ActivePost)
+ NOT-FOR-US: ActivePost
CAN-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...)
- NOTE: not-for-us (MDaemon)
+ NOT-FOR-US: MDaemon
CAN-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...)
- moniwiki 1.0.9-4
CAN-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...)
- NOTE: not-for-us (Kyako ESupport)
+ NOT-FOR-US: Kyako ESupport
CAN-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...)
- NOTE: not-for-us (Tarantella Secure Global Desktop)
+ NOT-FOR-US: Tarantella Secure Global Desktop
CAN-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...)
- NOTE: not-for-us (paNews)
+ NOT-FOR-US: paNews
CAN-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...)
- NOTE: not-for-us (GProFTPD)
+ NOT-FOR-US: GProFTPD
CAN-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...)
- NOTE: not-for-us (Glftpd)
+ NOT-FOR-US: Glftpd
CAN-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...)
- NOTE: not-for-us (TrackerCam)
+ NOT-FOR-US: TrackerCam
CAN-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...)
- NOTE: not-for-us (TrackerCam)
+ NOT-FOR-US: TrackerCam
CAN-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...)
- NOTE: not-for-us (TrackerCam)
+ NOT-FOR-US: TrackerCam
CAN-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...)
- NOTE: not-for-us (TrackerCam)
+ NOT-FOR-US: TrackerCam
CAN-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...)
- NOTE: not-for-us (TrackerCam)
+ NOT-FOR-US: TrackerCam
CAN-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...)
- NOTE: not-for-us (hpm_guestbook.cgi)
+ NOT-FOR-US: hpm_guestbook.cgi
CAN-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...)
- NOTE: not-for-us (paFAQ)
+ NOT-FOR-US: paFAQ
CAN-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...)
- webcalendar 0.9.45-3
CAN-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...)
@@ -9598,7 +9598,7 @@
{DSA-716-1}
- gaim 1:1.1.3-1
CAN-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...)
- NOTE: not-for-us (SUN JRE)
+ NOT-FOR-US: SUN JRE
CAN-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...)
- wpasupplicant 0.3.8-1
CAN-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...)
@@ -9616,77 +9616,77 @@
CAN-2005-0466
NOTE: reserved
CAN-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...)
- jspwiki 2.0.52-8
CAN-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...)
- NOTE: not-for-us (KorWeblog)
+ NOT-FOR-US: KorWeblog
CAN-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...)
- NOTE: not-for-us (Soldier of Fortune)
+ NOT-FOR-US: Soldier of Fortune
CAN-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...)
- NOTE: not-for-us (SecureCRT)
+ NOT-FOR-US: SecureCRT
CAN-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...)
- NOTE: not-for-us (ZyXEL Routers)
+ NOT-FOR-US: ZyXEL Routers
CAN-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...)
- NOTE: not-for-us (Halo: Combat Evolved)
+ NOT-FOR-US: Halo: Combat Evolved
CAN-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...)
- NOTE: not-for-us (PHPKIT)
+ NOT-FOR-US: PHPKIT
CAN-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...)
- NOTE: not-for-us (PHPKIT)
+ NOT-FOR-US: PHPKIT
CAN-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for the Cash ...)
- NOTE: not-for-us (Cash Mod module of phpbb2 not in Debian)
+ NOT-FOR-US: Cash Mod module of phpbb2
CAN-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...)
- NOTE: not-for-us (ZoneAlarm)
+ NOT-FOR-US: ZoneAlarm
CAN-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...)
- NOTE: not-for-us (DMS POP3)
+ NOT-FOR-US: DMS POP3
CAN-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...)
- NOTE: not-for-us (AppServ)
+ NOT-FOR-US: AppServ
CAN-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...)
- NOTE: not-for-us (Hired Team)
+ NOT-FOR-US: Hired Team
CAN-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...)
- NOTE: not-for-us (Hired Team)
+ NOT-FOR-US: Hired Team
CAN-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...)
- NOTE: not-for-us (Hired Team)
+ NOT-FOR-US: Hired Team
CAN-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...)
- NOTE: not-for-us (Hired Team)
+ NOT-FOR-US: Hired Team
CAN-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...)
- NOTE: not-for-us (Army Men RTS)
+ NOT-FOR-US: Army Men RTS
CAN-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...)
- NOTE: not-for-us (IPSwitch IMail)
+ NOT-FOR-US: IPSwitch IMail
CAN-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...)
- NOTE: not-for-us (phpBugTracker)
+ NOT-FOR-US: phpBugTracker
CAN-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...)
- NOTE: not-for-us (Zone Labs IMsecure)
+ NOT-FOR-US: Zone Labs IMsecure
CAN-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CAN-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (04Webserver)
+ NOT-FOR-US: 04Webserver
CAN-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...)
- NOTE: not-for-us (04Webserver)
+ NOT-FOR-US: 04Webserver
CAN-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...)
- NOTE: not-for-us (04Webserver)
+ NOT-FOR-US: 04Webserver
CAN-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...)
- NOTE: not-for-us (Hotfoon)
+ NOT-FOR-US: Hotfoon
CAN-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...)
- webcalendar 0.9.45-1
CAN-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...)
@@ -9698,69 +9698,69 @@
CAN-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
- webcalendar 0.9.45-1
CAN-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...)
- NOTE: not-for-us (JAF)
+ NOT-FOR-US: JAF
CAN-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...)
- NOTE: not-for-us (JAF)
+ NOT-FOR-US: JAF
CAN-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...)
- NOTE: not-for-us (Sun JRE)
+ NOT-FOR-US: Sun JRE
CAN-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
- NOTE: not-for-us (602 Lan Suite)
+ NOT-FOR-US: 602 Lan Suite
CAN-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
- NOTE: not-for-us (602 Lan Suite)
+ NOT-FOR-US: 602 Lan Suite
CAN-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...)
- NOTE: not-for-us (Lithtech)
+ NOT-FOR-US: Lithtech
CAN-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...)
- NOTE: not-for-us (HELM)
+ NOT-FOR-US: HELM
CAN-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...)
- NOTE: not-for-us (HELM)
+ NOT-FOR-US: HELM
CAN-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...)
- NOTE: not-for-us (Web Forums Server)
+ NOT-FOR-US: Web Forums Server
CAN-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...)
- NOTE: not-for-us (Web Forums Server)
+ NOT-FOR-US: Web Forums Server
CAN-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...)
- NOTE: not-for-us (WinRAR)
+ NOT-FOR-US: WinRAR
CAN-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...)
- NOTE: not-for-us (XDICT)
+ NOT-FOR-US: XDICT
CAN-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
- NOTE: not-for-us (Master of Orion)
+ NOT-FOR-US: Master of Orion
CAN-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
- NOTE: not-for-us (Master of Orion)
+ NOT-FOR-US: Master of Orion
CAN-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...)
- NOTE: not-for-us (ulog-php)
+ NOT-FOR-US: ulog-php
CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...)
- NOTE: not-for-us (NewsBruiser)
+ NOT-FOR-US: NewsBruiser
CAN-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...)
NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki at netia.net.pl> :
NOTE: I think it is not a problem on Debian as far as everybody knows the full
NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
CAN-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...)
- NOTE: not-for-us (oscommerce)
+ NOT-FOR-US: oscommerce
CAN-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...)
- NOTE: not-for-us (DCP-Portal)
+ NOT-FOR-US: DCP-Portal
CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...)
- NOTE: not-for-us (Lighttpd)
+ NOT-FOR-US: Lighttpd
CAN-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Sami HTTP Server)
+ NOT-FOR-US: Sami HTTP Server
CAN-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...)
- NOTE: not-for-us (Sami HTTP Server)
+ NOT-FOR-US: Sami HTTP Server
CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
NOTE: The vulnerable code has been removed from the kernel in favor of a better
@@ -9772,9 +9772,9 @@
{DSA-696-1}
- perl 5.8.4-7
CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...)
- NOTE: not-for-us (Quake3)
+ NOT-FOR-US: Quake3
CAN-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...)
{DSA-688-1}
- squid 2.5.8-3
@@ -9782,13 +9782,13 @@
NOTE: Not in testing, only sid
NOTE: Was once part of Debian, but has been removed
CAN-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...)
- NOTE: not-for-us (VMware)
+ NOT-FOR-US: VMware
CAN-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...)
- NOTE: not-for-us (CubeCart)
+ NOT-FOR-US: CubeCart
CAN-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...)
- NOTE: not-for-us (CubeCart)
+ NOT-FOR-US: CubeCart
CAN-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...)
- NOTE: not-for-us (Sybase)
+ NOT-FOR-US: Sybase
CAN-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...)
- elog 2.5.7+r1558-1
CAN-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...)
@@ -9802,59 +9802,59 @@
CAN-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...)
- awstats 6.3-1
CAN-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...)
- NOTE: not-for-us (Barracuda Spam Firewall)
+ NOT-FOR-US: Barracuda Spam Firewall
CAN-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...)
- pdns 2.9.16-6
CAN-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in the ...)
- webmin 1.180-1
CAN-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...)
- NOTE: not-for-us (Websphere)
+ NOT-FOR-US: Websphere
CAN-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...)
- NOTE: not-for-us (ASPjar Guestbook)
+ NOT-FOR-US: ASPjar Guestbook
CAN-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...)
- NOTE: not-for-us (ASPjar Guestbook)
+ NOT-FOR-US: ASPjar Guestbook
CAN-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...)
- NOTE: not-for-us (DelphiTurk)
+ NOT-FOR-US: DelphiTurk
CAN-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...)
- NOTE: not-for-us (DelphiTurk)
+ NOT-FOR-US: DelphiTurk
CAN-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...)
- NOTE: not-for-us (3com)
+ NOT-FOR-US: 3com
CAN-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2005-0417 (Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...)
- NOTE: not-for-us (Emdros)
+ NOT-FOR-US: Emdros
CAN-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...)
- NOTE: not-for-us (MyPHP Forum)
+ NOT-FOR-US: MyPHP Forum
CAN-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...)
- NOTE: not-for-us (Spidean PostWrap)
+ NOT-FOR-US: Spidean PostWrap
CAN-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...)
- NOTE: not-for-us (CitrusDB)
+ NOT-FOR-US: CitrusDB
CAN-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...)
- NOTE: not-for-us (CitrusDB)
+ NOT-FOR-US: CitrusDB
CAN-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...)
- NOTE: not-for-us (CitrusDB)
+ NOT-FOR-US: CitrusDB
CAN-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...)
- NOTE: not-for-us (CitrusDB)
+ NOT-FOR-US: CitrusDB
CAN-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...)
- NOTE: not-for-us (Openconf)
+ NOT-FOR-US: Openconf
CAN-2005-0406 (A design flaw in image processing software that modifies JPEG images ...)
TODO: check all softwares that modifies JPEG images in Debian...
- imagemagick <unfixed> (bug #298051; low)
@@ -9923,25 +9923,25 @@
CAN-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...)
- wget 1.9.1-11
CAN-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...)
- NOTE: not-for-us (Trend Micro Control Manager)
+ NOT-FOR-US: Trend Micro Control Manager
CAN-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Breed game)
+ NOT-FOR-US: Breed game
CAN-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...)
- NOTE: not-for-us (forumKIT)
+ NOT-FOR-US: forumKIT
CAN-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...)
- NOTE: not-for-us (ZeroBoard)
+ NOT-FOR-US: ZeroBoard
CAN-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...)
- NOTE: not-for-us (ZeroBoard)
+ NOT-FOR-US: ZeroBoard
CAN-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...)
NOTE: horde 2.0 not vulnerable
CAN-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...)
- NOTE: not-for-us (sgallery)
+ NOT-FOR-US: sgallery
CAN-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows local ...)
- NOTE: not-for-us (sgallery)
+ NOT-FOR-US: sgallery
CAN-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...)
- NOTE: not-for-us (sgallery)
+ NOT-FOR-US: sgallery
CAN-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...)
- NOTE: not-for-us (bitboard)
+ NOT-FOR-US: bitboard
CAN-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...)
NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
@@ -9956,23 +9956,23 @@
CAN-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...)
- armagetron 0.2.7.0-1
CAN-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...)
- NOTE: not-for-us (CMScore)
+ NOT-FOR-US: CMScore
CAN-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...)
- NOTE: not-for-us (ArGoSoft Mail Server)
+ NOT-FOR-US: ArGoSoft Mail Server
CAN-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...)
- gnupg 1.4.1-1
CAN-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...)
- NOTE: not-for-us (bind on hp-ux)
+ NOT-FOR-US: bind on hp-ux
CAN-2005-0361
NOTE: reserved
CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
- NOTE: not-for-us (EMC Legato)
+ NOT-FOR-US: EMC Legato
CAN-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...)
- NOTE: not-for-us (EMC Legato)
+ NOT-FOR-US: EMC Legato
CAN-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...)
- NOTE: not-for-us (EMC Legato)
+ NOT-FOR-US: EMC Legato
CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...)
NOTE: linux is not vulnerable, see #310804
- kfreebsd5-source 5.3-15 (medium)
@@ -9981,21 +9981,21 @@
CAN-2005-0354
NOTE: reserved
CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...)
- NOTE: not-for-us (Sentinel License Manager)
+ NOT-FOR-US: Sentinel License Manager
CAN-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...)
- NOTE: not-for-us (Servers Alive)
+ NOT-FOR-US: Servers Alive
CAN-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...)
- NOTE: not-for-us (SCO OpenServer)
+ NOT-FOR-US: SCO OpenServer
CAN-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...)
- NOTE: not-for-us (BrightStor ARCserve Backup)
+ NOT-FOR-US: BrightStor ARCserve Backup
CAN-2004-9999
NOTE: rejected
CAN-2004-9998
NOTE: rejected
CAN-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...)
- NOTE: not-for-us (Serviceguard and Cluster Object Manager on HP-UX, HP Linux)
+ NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
CAN-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...)
NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped
NOTE: atftp checks h_length
@@ -10005,36 +10005,36 @@
CAN-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...)
- socat 1.4.0.3-1
CAN-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...)
- NOTE: not-for-us (Symantec Clientless VPN Gateway 4400 Series)
+ NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series
CAN-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...)
- NOTE: not-for-us (BNC irc proxy)
+ NOT-FOR-US: BNC irc proxy
CAN-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CAN-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...)
- NOTE: not-for-us (HP StorageWorks Command View XP)
+ NOT-FOR-US: HP StorageWorks Command View XP
CAN-2004-1479
NOTE: rejected
CAN-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...)
- xine-lib 1-rc6
- libcdio 0.69
CAN-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...)
- xine-lib 1-rc6
CAN-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
- NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances)
+ NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CAN-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
- NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances)
+ NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CAN-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
- NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances)
+ NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CAN-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...)
- cvs 1.12.9
CAN-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...)
- NOTE: not-for-us (snipsnap)
+ NOT-FOR-US: snipsnap
CAN-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...)
- NOTE: not-for-us (SUS)
+ NOT-FOR-US: SUS
CAN-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...)
- webmin 1.160
- usermin 1.090
@@ -10043,34 +10043,34 @@
CAN-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...)
- gallery 1.4.4-pl2
CAN-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...)
- NOTE: not-for-us (WinZip)
+ NOT-FOR-US: WinZip
CAN-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...)
- moin 1.2.3-1
CAN-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...)
- moin 1.2.3-1
CAN-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...)
- cvstrac 1.1.4-1
CAN-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...)
- xine-lib 1-rc5-1.1
CAN-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...)
NOTE: according to GOTO Masanori this is not a security problem
NOTE: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272210
CAN-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...)
- NOTE: not-for-us (Gentoo specific)
+ NOT-FOR-US: Gentoo specific
CAN-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...)
NOTE: mozilla 2:1.6-1
CAN-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...)
@@ -10078,11 +10078,11 @@
CAN-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...)
- mozilla 2:1.7-1
CAN-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...)
- NOTE: not-for-us (Jetbox One)
+ NOT-FOR-US: Jetbox One
CAN-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...)
- NOTE: not-for-us (Jetbox One)
+ NOT-FOR-US: Jetbox One
CAN-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...)
- NOTE: not-for-us (ScreenOS)
+ NOT-FOR-US: ScreenOS
CAN-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...)
- nessus-core 2.0.12-1
CAN-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...)
@@ -10090,101 +10090,101 @@
CAN-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...)
- imp3 3.2.5-1
CAN-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...)
- NOTE: not-for-us (db2www not in Debian)
+ NOT-FOR-US: db2www
CAN-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...)
- NOTE: not-for-us (Board Power)
+ NOT-FOR-US: Board Power
CAN-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...)
- putty 0.56-1
CAN-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...)
- NOTE: not-for-us (BlackJumboDog)
+ NOT-FOR-US: BlackJumboDog
CAN-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...)
- subversion 1.0.6-1
CAN-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...)
- pavuk 0.9pl28-3.1
CAN-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...)
- NOTE: not-for-us (FormMail.php != nms-formmail)
+ NOT-FOR-US: FormMail.php != nms-formmail
CAN-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows remote ...)
- NOTE: not-for-us (Arcade.php)
+ NOT-FOR-US: Arcade.php
CAN-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...)
- NOTE: not-for-us (ArGoSoft)
+ NOT-FOR-US: ArGoSoft
CAN-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...)
- NOTE: not-for-us (ArGoSoft)
+ NOT-FOR-US: ArGoSoft
CAN-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog ...)
- NOTE: not-for-us (KorWeblog)
+ NOT-FOR-US: KorWeblog
CAN-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...)
- NOTE: not-for-us (KorWeblog)
+ NOT-FOR-US: KorWeblog
CAN-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...)
- moodle 1.4.3-1
CAN-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...)
- moodle 1.4.3-1
CAN-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1) calendar.php ...)
- NOTE: not-for-us (PHP-Calendar)
+ NOT-FOR-US: PHP-Calendar
CAN-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...)
- NOTE: not-for-us (WHM AutoPilot)
+ NOT-FOR-US: WHM AutoPilot
CAN-2004-1421 (Multiple PHP remote code injection vulnerabilities (1) step_one.php, ...)
- NOTE: not-for-us (WHM AutoPilot)
+ NOT-FOR-US: WHM AutoPilot
CAN-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...)
- NOTE: not-for-us (WHM AutoPilot)
+ NOT-FOR-US: WHM AutoPilot
CAN-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and ...)
- NOTE: not-for-us (ZeroBoard)
+ NOT-FOR-US: ZeroBoard
CAN-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...)
- NOTE: not-for-us (WPKontakt)
+ NOT-FOR-US: WPKontakt
CAN-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...)
- NOTE: not-for-us (PsychoStats)
+ NOT-FOR-US: PsychoStats
CAN-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...)
- NOTE: not-for-us (RealOne IE plugin)
+ NOT-FOR-US: RealOne IE plugin
CAN-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...)
- NOTE: not-for-us (2Bgal)
+ NOT-FOR-US: 2Bgal
CAN-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...)
- NOTE: not-for-us (Kayako)
+ NOT-FOR-US: Kayako
CAN-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
- NOTE: not-for-us (Kayako)
+ NOT-FOR-US: Kayako
CAN-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...)
- NOTE: not-for-us (Image Gallery Web Application)
+ NOT-FOR-US: Image Gallery Web Application
CAN-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...)
- NOTE: not-for-us (Image Gallery Web Application)
+ NOT-FOR-US: Image Gallery Web Application
CAN-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...)
- NOTE: not-for-us (Image Gallery Web Application)
+ NOT-FOR-US: Image Gallery Web Application
CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...)
- NOTE: not-for-us (Ikonboard)
+ NOT-FOR-US: Ikonboard
CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...)
- mediawiki <itp> (bug #276057)
CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...)
- NOTE: not-for-us (Attachment Mod for phpBB)
+ NOT-FOR-US: Attachment Mod for phpBB
CAN-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...)
- NOTE: not-for-us (GNUBoard)
+ NOT-FOR-US: GNUBoard
CAN-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...)
- NOTE: not-for-us (iWebNegar)
+ NOT-FOR-US: iWebNegar
CAN-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...)
- NOTE: not-for-us (Asp-rider)
+ NOT-FOR-US: Asp-rider
CAN-2004-1400 (The control panel in ASP Calendar does not require authentication to ...)
- NOTE: not-for-us (ASP Calendar)
+ NOT-FOR-US: ASP Calendar
CAN-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...)
- NOTE: not-for-us (Attachment Mod for phpBB)
+ NOT-FOR-US: Attachment Mod for phpBB
CAN-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac OS X ...)
- NOTE: not-for-us (MacOSX)
+ NOT-FOR-US: MacOSX
CAN-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...)
- usemod-wiki 1.0-6
CAN-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...)
- NOTE: not-for-us (Lithtech engine)
+ NOT-FOR-US: Lithtech engine
CAN-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...)
- monit 1:4.2.1-1
CAN-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...)
@@ -10199,183 +10199,183 @@
NOTE: http://patches.ubuntu.com/patches/awstats.more-CAN-2005-0016.diff
NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
CAN-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...)
- NOTE: not-for-us (Woltlab Burning Book)
+ NOT-FOR-US: Woltlab Burning Book
CAN-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...)
- NOTE: not-for-us (RealArcade)
+ NOT-FOR-US: RealArcade
CAN-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...)
- NOTE: not-for-us (RealArcade)
+ NOT-FOR-US: RealArcade
CAN-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...)
- NOTE: not-for-us (SafeNet)
+ NOT-FOR-US: SafeNet
CAN-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...)
- NOTE: not-for-us (php-fusion)
+ NOT-FOR-US: php-fusion
CAN-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...)
- NOTE: not-for-us (602LAN SUITE)
+ NOT-FOR-US: 602LAN SUITE
CAN-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...)
- NOTE: not-for-us (PerlDesk)
+ NOT-FOR-US: PerlDesk
CAN-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...)
- NOTE: not-for-us (Foxmail)
+ NOT-FOR-US: Foxmail
CAN-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...)
- NOTE: not-for-us (Savant Web Server)
+ NOT-FOR-US: Savant Web Server
CAN-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...)
- postfix 2.1.4-5
CAN-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...)
- NOTE: not-for-us (eMotion MediaPartner)
+ NOT-FOR-US: eMotion MediaPartner
CAN-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...)
- NOTE: not-for-us (eMotion MediaPartner)
+ NOT-FOR-US: eMotion MediaPartner
CAN-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...)
- NOTE: not-for-us (Linksys)
+ NOT-FOR-US: Linksys
CAN-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...)
- NOTE: not-for-us (LanChat)
+ NOT-FOR-US: LanChat
CAN-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...)
- NOTE: not-for-us (DeskNow Mail server)
+ NOT-FOR-US: DeskNow Mail server
CAN-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...)
- NOTE: not-for-us (Winrar)
+ NOT-FOR-US: Winrar
CAN-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...)
- NOTE: not-for-us (Painkiller)
+ NOT-FOR-US: Painkiller
CAN-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...)
- NOTE: not-for-us (ZipGenius)
+ NOT-FOR-US: ZipGenius
CAN-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...)
- NOTE: not-for-us (Netgear)
+ NOT-FOR-US: Netgear
CAN-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...)
- NOTE: not-for-us (PafileDB)
+ NOT-FOR-US: PafileDB
CAN-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...)
- NOTE: not-for-us (PafileDB)
+ NOT-FOR-US: PafileDB
CAN-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...)
- NOTE: not-for-us (Xpand Rally)
+ NOT-FOR-US: Xpand Rally
CAN-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...)
- NOTE: not-for-us (Infinite Mobile Delivery Webmail)
+ NOT-FOR-US: Infinite Mobile Delivery Webmail
CAN-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...)
- NOTE: not-for-us (Infinite Mobile Delivery Webmail)
+ NOT-FOR-US: Infinite Mobile Delivery Webmail
CAN-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...)
- NOTE: not-for-us (Merak Mail server)
+ NOT-FOR-US: Merak Mail server
CAN-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...)
- NOTE: not-for-us (Merak Mail server)
+ NOT-FOR-US: Merak Mail server
CAN-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...)
- NOTE: not-for-us (Merak Mail server)
+ NOT-FOR-US: Merak Mail server
CAN-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...)
- NOTE: not-for-us (Webadmin)
+ NOT-FOR-US: Webadmin
CAN-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...)
- NOTE: not-for-us (Webadmin)
+ NOT-FOR-US: Webadmin
CAN-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...)
- NOTE: not-for-us (Webadmin)
+ NOT-FOR-US: Webadmin
CAN-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...)
- NOTE: not-for-us (WebWasher)
+ NOT-FOR-US: WebWasher
CAN-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...)
- NOTE: not-for-us (Magic Winmail)
+ NOT-FOR-US: Magic Winmail
CAN-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...)
- NOTE: not-for-us (Magic Winmail)
+ NOT-FOR-US: Magic Winmail
CAN-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...)
- NOTE: not-for-us (Magic Winmail)
+ NOT-FOR-US: Magic Winmail
CAN-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...)
- NOTE: not-for-us (WarFTPD under NT)
+ NOT-FOR-US: WarFTPD under NT
CAN-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...)
- NOTE: not-for-us (Ingate)
+ NOT-FOR-US: Ingate
CAN-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...)
- NOTE: not-for-us (Exponent)
+ NOT-FOR-US: Exponent
CAN-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
- NOTE: not-for-us (Exponent)
+ NOT-FOR-US: Exponent
CAN-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...)
- NOTE: not-for-us (W32Dasm)
+ NOT-FOR-US: W32Dasm
CAN-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...)
- NOTE: not-for-us (Siteman)
+ NOT-FOR-US: Siteman
CAN-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...)
- NOTE: not-for-us (DivX Player)
+ NOT-FOR-US: DivX Player
CAN-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- NOTE: not-for-us (BackOffice Lite)
+ NOT-FOR-US: BackOffice Lite
CAN-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...)
- NOTE: not-for-us (BackOffice Lite)
+ NOT-FOR-US: BackOffice Lite
CAN-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...)
- NOTE: not-for-us (BackOffice Lite)
+ NOT-FOR-US: BackOffice Lite
CAN-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...)
- jsboard 2.0.10-1
CAN-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...)
- gforge 3.1-26
CAN-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-0296 (** DISPUTED ** ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...)
- NOTE: not-for-us (nProtect)
+ NOT-FOR-US: nProtect
CAN-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Minis)
+ NOT-FOR-US: Minis
CAN-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...)
- NOTE: not-for-us (Minis)
+ NOT-FOR-US: Minis
CAN-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...)
- NOTE: not-for-us (phpGiftReg)
+ NOT-FOR-US: phpGiftReg
CAN-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...)
- NOTE: not-for-us (NetGear)
+ NOT-FOR-US: NetGear
CAN-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...)
- NOTE: not-for-us (NetGear)
+ NOT-FOR-US: NetGear
CAN-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0288 (The change password functionality in Bottomline Webseries Payment ...)
- NOTE: not-for-us (BottomLine WebSeries)
+ NOT-FOR-US: BottomLine WebSeries
CAN-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...)
- NOTE: not-for-us (BottomLine WebSeries)
+ NOT-FOR-US: BottomLine WebSeries
CAN-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...)
- NOTE: not-for-us (eMotion MediaPartner)
+ NOT-FOR-US: eMotion MediaPartner
CAN-2005-0285 (Webseries Payment Application does not properly restrict privileged ...)
- NOTE: not-for-us (BottomLine WebSeries)
+ NOT-FOR-US: BottomLine WebSeries
CAN-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...)
- NOTE: not-for-us (QwikiWiki)
+ NOT-FOR-US: QwikiWiki
CAN-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
- NOTE: not-for-us (Soldner Secret)
+ NOT-FOR-US: Soldner Secret
CAN-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...)
- NOTE: not-for-us (Soldner Secret)
+ NOT-FOR-US: Soldner Secret
CAN-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...)
- NOTE: not-for-us (Soldner Secret)
+ NOT-FOR-US: Soldner Secret
CAN-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...)
- NOTE: not-for-us (3COM 3CDaemon)
+ NOT-FOR-US: 3COM 3CDaemon
CAN-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...)
- NOTE: not-for-us (3COM 3CDaemon)
+ NOT-FOR-US: 3COM 3CDaemon
CAN-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...)
- NOTE: not-for-us (3COM 3CDaemon)
+ NOT-FOR-US: 3COM 3CDaemon
CAN-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...)
- NOTE: not-for-us (3COM 3CDaemon)
+ NOT-FOR-US: 3COM 3CDaemon
CAN-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...)
- NOTE: not-for-us (ReviewPost)
+ NOT-FOR-US: ReviewPost
CAN-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...)
- NOTE: not-for-us (ReviewPost)
+ NOT-FOR-US: ReviewPost
CAN-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...)
- NOTE: not-for-us (ReviewPost)
+ NOT-FOR-US: ReviewPost
CAN-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only verifies ...)
- NOTE: not-for-us (GNUBoard)
+ NOT-FOR-US: GNUBoard
CAN-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...)
- NOTE: not-for-us (SugerCRM)
+ NOT-FOR-US: SugerCRM
CAN-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...)
- NOTE: not-for-us (OWL intranet)
+ NOT-FOR-US: OWL intranet
CAN-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...)
- NOTE: not-for-us (OWL intranet)
+ NOT-FOR-US: OWL intranet
CAN-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...)
- NOTE: not-for-us (ARCserve Backup)
+ NOT-FOR-US: ARCserve Backup
CAN-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...)
- phpbb2 2.0.12-1
CAN-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...)
@@ -10390,19 +10390,19 @@
NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
- mozilla 2:1.7.6
CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
- NOTE: not-for-us (BibORB)
+ NOT-FOR-US: BibORB
CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...)
- NOTE: not-for-us (BibORB)
+ NOT-FOR-US: BibORB
CAN-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...)
- NOTE: not-for-us (BibORB)
+ NOT-FOR-US: BibORB
CAN-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...)
- NOTE: not-for-us (BibORB)
+ NOT-FOR-US: BibORB
CAN-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...)
- NOTE: not-for-us (Symantec AntiVirus Library)
+ NOT-FOR-US: Symantec AntiVirus Library
CAN-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...)
{DSA-683-1}
- postgresql 7.4.7-2
@@ -10414,102 +10414,102 @@
CAN-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...)
- postgresql 7.4.7-1
CAN-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...)
- NOTE: not-for-us (Yahoo! Messenger)
+ NOT-FOR-US: Yahoo! Messenger
CAN-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...)
- NOTE: not-for-us (Yahoo! Messenger)
+ NOT-FOR-US: Yahoo! Messenger
CAN-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...)
- squid 2.5.7-7
CAN-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update 1/01 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...)
- NOTE: not-for-us (Mailtool for OpenWindows)
+ NOT-FOR-US: Mailtool for OpenWindows
CAN-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...)
- NOTE: not-for-us (S/MIME plugin not in Debian)
+ NOT-FOR-US: S/MIME plugin
CAN-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...)
NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
- epiphany-browser 1.4.8-2
CAN-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...)
- kdelibs 4:3.3.2-3
CAN-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...)
- NOTE: not-for-us (Omniweb)
+ NOT-FOR-US: Omniweb
CAN-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...)
NOTE: IDN is now disabled by default in firefox, but there may be a more elegant
NOTE: solution in the future
@@ -10525,21 +10525,21 @@
NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
- NOTE: not-for-us (Firefox on Windows)
+ NOT-FOR-US: Firefox on Windows
CAN-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...)
- NOTE: not-for-us (CitrusDB)
+ NOT-FOR-US: CitrusDB
CAN-2005-0228
NOTE: rejected
CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
{DSA-668-1}
CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
- NOTE: not-for-us (ngIRCd)
+ NOT-FOR-US: ngIRCd
CAN-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...)
- firehol 1.214-4
CAN-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...)
- NOTE: not-for-us (Java SDK and RTE for Tru64 UNIX)
+ NOT-FOR-US: Java SDK and RTE for Tru64 UNIX
CAN-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...)
- gallery 1.4.4-pl5-1
CAN-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...)
@@ -10549,17 +10549,17 @@
CAN-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...)
- gallery 1.4.4-pl5-1
CAN-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...)
- NOTE: not-for-us (Invision Community Blog )
+ NOT-FOR-US: Invision Community Blog
CAN-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...)
- NOTE: not-for-us (Woltlab Burning Board Lite)
+ NOT-FOR-US: Woltlab Burning Board Lite
CAN-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...)
- NOTE: not-for-us (Mozilla 1.6 for Windows)
+ NOT-FOR-US: Mozilla 1.6 for Windows
CAN-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...)
- NOTE: not-for-us (SPHPBlog)
+ NOT-FOR-US: SPHPBlog
CAN-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...)
- NOTE: not-for-us (WinHKI)
+ NOT-FOR-US: WinHKI
CAN-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...)
- NOTE: not-for-us (The Amp II engine as used by Gore: Ultimate Soldier)
+ NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
CAN-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...)
{DSA-667-1}
CAN-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...)
@@ -10602,41 +10602,41 @@
CAN-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...)
- dbus 0.22
CAN-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...)
- NOTE: not-for-us (TikiWiki)
+ NOT-FOR-US: TikiWiki
CAN-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...)
- NOTE: not-for-us (ngIRCd)
+ NOT-FOR-US: ngIRCd
CAN-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
{DSA-667-1}
CAN-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...)
- NOTE: not-for-us (mRouter in iSync in OS X)
+ NOT-FOR-US: mRouter in iSync in OS X
CAN-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...)
- NOTE: not-for-us (AtHoc toolbar)
+ NOT-FOR-US: AtHoc toolbar
CAN-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...)
- NOTE: not-for-us (AtHoc toolbar)
+ NOT-FOR-US: AtHoc toolbar
CAN-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...)
- NOTE: not-for-us (CIsco)
+ NOT-FOR-US: CIsco
CAN-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...)
- NOTE: not-for-us (NodeManager Professional)
+ NOT-FOR-US: NodeManager Professional
CAN-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...)
- NOTE: not-for-us (vacation plugin not in Debian)
+ NOT-FOR-US: vacation plugin
CAN-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...)
- NOTE: not-for-us (vacation plugin not in Debian)
+ NOT-FOR-US: vacation plugin
CAN-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
- NOTE: not-for-us (mod_dosevasive module for apache)
+ NOT-FOR-US: mod_dosevasive module for apache
CAN-2005-0181
NOTE: reserved
CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...)
@@ -10670,17 +10670,17 @@
CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...)
- php4 4:4.3.10-3
CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
- NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
+ NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CAN-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...)
- NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
+ NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CAN-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...)
- NOTE: not-for-us (Veritas NetBackup Administrative Assistant)
+ NOT-FOR-US: Veritas NetBackup Administrative Assistant
CAN-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...)
- gpsd 2.7-4
CAN-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...)
- apache 1.3.33-3
CAN-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...)
- NOTE: not-for-us (TikiWiki)
+ NOT-FOR-US: TikiWiki
CAN-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...)
- phpgroupware 0.9.16.005-1
CAN-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...)
@@ -10744,14 +10744,14 @@
CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...)
{DSA-662-1}
CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...)
- NOTE: not-for-us (Adobe License Management Software)
+ NOT-FOR-US: Adobe License Management Software
CAN-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...)
- mozilla-firefox 1.0
CAN-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...)
- mozilla-thunderbird 0.7
- mozilla 2:1.7.4
CAN-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...)
- NOTE: not-for-us (thunderbird on windows)
+ NOT-FOR-US: thunderbird on windows
CAN-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...)
- mozilla-firefox 1.0
- mozilla 2:1.7.5
@@ -10774,11 +10774,11 @@
- mozilla-firefox 1.0
- mozilla 2:1.7.5
CAN-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...)
- NOTE: not-for-us (PeID)
+ NOT-FOR-US: PeID
CAN-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...)
- NOTE: not-for-us (Irix)
+ NOT-FOR-US: Irix
CAN-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...)
- NOTE: not-for-us (Irix)
+ NOT-FOR-US: Irix
CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
NOTE: Does not affect 2.6 based kernels in Debian
- kernel-source-2.4.27 2.4.27-10
@@ -10788,7 +10788,7 @@
CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
- kernel-source-2.6.8 2.6.8-14
CAN-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
- NOTE: not-for-us (SCO UnixWare)
+ NOT-FOR-US: SCO UnixWare
CAN-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
- mozilla-firefox 1.0
- mozilla 2:1.7.5
@@ -10808,11 +10808,11 @@
CAN-2005-0128
NOTE: reserved
CAN-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
- kernel-source-2.4.27 2.4.27-8
NOTE: 2.6.8 apparently ok
@@ -10821,29 +10821,29 @@
CAN-2005-0122
NOTE: rejected
CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
- NOTE: not-for-us (golddig)
+ NOT-FOR-US: golddig
CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
- NOTE: not-for-us (helvis)
+ NOT-FOR-US: helvis
CAN-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...)
- NOTE: not-for-us (helvis)
+ NOT-FOR-US: helvis
CAN-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...)
- NOTE: not-for-us (helvis)
+ NOT-FOR-US: helvis
CAN-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...)
- xshisen 1.51-1-1.1
CAN-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
- awstats 6.2-1.1
CAN-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...)
- NOTE: not-for-us (DataRescue Interactive Disassembler)
+ NOT-FOR-US: DataRescue Interactive Disassembler
CAN-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...)
- NOTE: not-for-us (ZoneAlarm)
+ NOT-FOR-US: ZoneAlarm
CAN-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)
- NOTE: not-for-us (3Com OfficeConnect Wireless 11g Access Point)
+ NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
CAN-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...)
- maxdb-7.5.00 7.5.00.18
CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-0109 (Hyper-Threading technology, as used in FreeBSD other operating systems ...)
NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical
NOTE: attack, paranoid people should disable hyper threading
@@ -10902,7 +10902,7 @@
NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
- alsa-lib 1.0.9-1
CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...)
- NOTE: not-for-us (redhat specific less bug)
+ NOT-FOR-US: redhat specific less bug
CAN-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...)
{DSA-680-1}
- htdig 1:3.1.6-11
@@ -10924,7 +10924,7 @@
CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
- a2ps 1:4.13b-4.3
CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (mod_access_referer)
+ NOT-FOR-US: mod_access_referer
CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
- xshisen 1.51-1-1
CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
@@ -10969,53 +10969,53 @@
NOTE: only affects source package, not used in binary
- cupsys <unfixed> (bug #324459; unimportant)
CAN-2005-0063 (The document processing application used by the Windows Shell in ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0062
NOTE: reserved
CAN-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...)
- NOTE: not-for-us (TAPI for Windows)
+ NOT-FOR-US: TAPI for Windows
CAN-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0052
NOTE: reserved
CAN-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0046
NOTE: reserved
CAN-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...)
- NOTE: not-for-us (iTunes)
+ NOT-FOR-US: iTunes
CAN-2005-0042
NOTE: reserved
CAN-2005-0041
NOTE: reserved
CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...)
- NOTE: not-for-us (DotNetNuke)
+ NOT-FOR-US: DotNetNuke
CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...)
NOTE: These are known issues of IPSEC and basically every VPN system using
NOTE: encryption without authentication.
@@ -11027,76 +11027,76 @@
CAN-2005-0036
NOTE: reserved
CAN-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...)
- NOTE: not-for-us (Adobe)
+ NOT-FOR-US: Adobe
CAN-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...)
NOTE: only affects bind9 9.3.0, we have an earlier version
NOTE: fixed in 9.3.1
CAN-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...)
- bind 1:8.4.6-1
CAN-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...)
- NOTE: not-for-us (Shoutcast)
+ NOT-FOR-US: Shoutcast
CAN-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1367 (Oracle 10g Database Server, when installed with a password that ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...)
- NOTE: not-for-us (ssh on Solaris)
+ NOT-FOR-US: ssh on Solaris
CAN-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...)
- NOTE: not-for-us (Sun Java System Web Proxy Server )
+ NOT-FOR-US: Sun Java System Web Proxy Server
CAN-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...)
- NOTE: not-for-us (gzip on Solaris)
+ NOT-FOR-US: gzip on Solaris
CAN-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...)
- NOTE: not-for-us (xdm on Solaris)
+ NOT-FOR-US: xdm on Solaris
CAN-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
- NOTE: not-for-us (Sun StorEdge Enterprise Storage Manager)
+ NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
CAN-2004-1344
NOTE: reserved
CAN-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
@@ -11179,7 +11179,7 @@
- kernel-source-2.6.8 2.6.8-9
- kernel-source-2.6.9 2.6.9-3
CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
- NOTE: not-for-us (poppassd_pam)
+ NOT-FOR-US: poppassd_pam
CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
NOTE: i386 and smp specific
- kernel-source-2.6.8 2.6.8-13
@@ -11188,9 +11188,9 @@
- kernel-image-2.4.27-speakup 2.4.27-1.1
- kernel-patch-powerpc-2.6.8 2.6.8-10
CAN-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...)
- kernel-source-2.6.8 2.6.8-14
- kernel-source-2.6.9 2.6.9-6
@@ -11214,33 +11214,33 @@
- kernel-source-2.4.27 2.4.27-9
NOTE: will be fixed in 2.4.27-9
CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
- NOTE: not-for-us (hpux)
+ NOT-FOR-US: hpux
CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...)
- NOTE: not-for-us (hpux)
+ NOT-FOR-US: hpux
CAN-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...)
- NOTE: not-for-us (Crystal FTP client)
+ NOT-FOR-US: Crystal FTP client
CAN-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...)
- NOTE: not-for-us (Ultrix)
+ NOT-FOR-US: Ultrix
CAN-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...)
- NOTE: not-for-us (Netbsd)
+ NOT-FOR-US: Netbsd
CAN-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...)
- NOTE: not-for-us (Microsoft/Cisco)
+ NOT-FOR-US: Microsoft/Cisco
CAN-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...)
- NOTE: not-for-us (Asante FM2008)
+ NOT-FOR-US: Asante FM2008
CAN-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...)
- NOTE: not-for-us (Asante FM2008)
+ NOT-FOR-US: Asante FM2008
CAN-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...)
{DSA-627-1}
- namazu2 2.0.14
@@ -11251,17 +11251,17 @@
CAN-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...)
- phpbb2 2.0.10-3
CAN-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...)
- NOTE: not-for-us (My Firewall Plus)
+ NOT-FOR-US: My Firewall Plus
CAN-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
{DSA-617-1}
- libtiff4 3.6.1-4
@@ -11269,23 +11269,23 @@
CAN-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...)
- tiff 3.7.0 (low)
CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...)
- file 4.12
CAN-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...)
- NOTE: not-for-us (Yanf)
+ NOT-FOR-US: Yanf
CAN-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...)
- NOTE: not-for-us (YAMT)
+ NOT-FOR-US: YAMT
CAN-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...)
- NOTE: not-for-us (xlreader)
+ NOT-FOR-US: xlreader
CAN-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...)
- xine-lib 1-rc8-1
CAN-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...)
- NOTE: not-for-us (vilistextum)
+ NOT-FOR-US: vilistextum
CAN-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...)
- NOTE: not-for-us (vb2c)
+ NOT-FOR-US: vb2c
CAN-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...)
- unrtf 0.19.3-1.1
CAN-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...)
@@ -11296,58 +11296,58 @@
CAN-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...)
- tnftp <unfixed> (bug #285902; medium)
CAN-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
- NOTE: not-for-us (rtf2latex2e)
+ NOT-FOR-US: rtf2latex2e
CAN-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...)
- NOTE: not-for-us (ringtonetools)
+ NOT-FOR-US: ringtonetools
CAN-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...)
- NOTE: not-for-us (qwik-smtpd)
+ NOT-FOR-US: qwik-smtpd
CAN-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...)
- NOTE: not-for-us (pgn2web)
+ NOT-FOR-US: pgn2web
CAN-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...)
{DSA-625-1}
- pcal 4.8.0-1
CAN-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...)
- NOTE: not-for-us (o3read)
+ NOT-FOR-US: o3read
CAN-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...)
{DSA-623-1}
- nasm 0.98.38-1.1
CAN-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...)
- NOTE: not-for-us (NapShare)
+ NOT-FOR-US: NapShare
CAN-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...)
NOTE: non-free
NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions
- mpg123 0.59r-20
CAN-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...)
- NOTE: not-for-us (mview)
+ NOT-FOR-US: mview
CAN-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...)
{DSA-632-1}
- linpopup 1.2.0-7
CAN-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...)
- NOTE: not-for-us (junkie)
+ NOT-FOR-US: junkie
CAN-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...)
- NOTE: not-for-us (junkie)
+ NOT-FOR-US: junkie
CAN-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...)
- NOTE: not-for-us (jpegtoavi)
+ NOT-FOR-US: jpegtoavi
CAN-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...)
- NOTE: not-for-us (jcabc2ps)
+ NOT-FOR-US: jcabc2ps
CAN-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...)
- NOTE: not-for-us (IglooFTP)
+ NOT-FOR-US: IglooFTP
CAN-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...)
- NOTE: not-for-us (IglooFTP)
+ NOT-FOR-US: IglooFTP
CAN-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...)
- NOTE: not-for-us (html2hdml)
+ NOT-FOR-US: html2hdml
CAN-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...)
- NOTE: not-for-us (greed)
+ NOT-FOR-US: greed
NOTE: not the game in debian, the file download tool
CAN-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...)
- NOTE: not-for-us (greed)
+ NOT-FOR-US: greed
NOTE: not the game in debian, the file download tool
CAN-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...)
- filter 2.4.2-1.1
CAN-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...)
- NOTE: not-for-us (dxfscope)
+ NOT-FOR-US: dxfscope
CAN-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...)
- cupsys 1.1.22-2
CAN-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...)
@@ -11357,32 +11357,32 @@
CAN-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...)
- cupsys 1.1.22-2
CAN-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...)
- NOTE: not-for-us (csv2xml)
+ NOT-FOR-US: csv2xml
CAN-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...)
- NOTE: not-for-us (Convex)
+ NOT-FOR-US: Convex
CAN-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...)
{DSA-644-1}
- chbg 1.5-4
CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...)
- NOTE: not-for-us (ChangePassword)
+ NOT-FOR-US: ChangePassword
CAN-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...)
- NOTE: not-for-us (bsb2ppm)
+ NOT-FOR-US: bsb2ppm
CAN-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...)
- NOTE: not-for-us (asp2php)
+ NOT-FOR-US: asp2php
CAN-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...)
- NOTE: not-for-us (abctab2ps)
+ NOT-FOR-US: abctab2ps
CAN-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...)
- NOTE: not-for-us (abcpp)
+ NOT-FOR-US: abcpp
CAN-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...)
- abcm2ps 4.8.5-1
CAN-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...)
- NOTE: not-for-us (abc2mtex)
+ NOT-FOR-US: abc2mtex
CAN-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...)
- abcmidi 20050101-1
CAN-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...)
- NOTE: not-for-us (2fax)
+ NOT-FOR-US: 2fax
CAN-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...)
- NOTE: not-for-us (WinRAR)
+ NOT-FOR-US: WinRAR
CAN-2004-1253
NOTE: reserved
CAN-2004-1252
@@ -11402,7 +11402,7 @@
CAN-2004-1245
NOTE: reserved
CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1243
NOTE: rejected
CAN-2004-1242
@@ -11418,7 +11418,7 @@
CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
NOTE: apparently redhat specific
CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
- NOTE: not-for-us (Netscape Directory Server on HP-UX)
+ NOT-FOR-US: Netscape Directory Server on HP-UX
CAN-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
- kernel-source-2.6.8 2.6.8-12
- kernel-image-2.6.8-2-386 2.6.8-12
@@ -11444,92 +11444,92 @@
CAN-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
NOTE: fixed after 2.4.25
CAN-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
- NOTE: not-for-us (SugarCRM Sugar Sales)
+ NOT-FOR-US: SugarCRM Sugar Sales
CAN-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...)
- NOTE: not-for-us (SugarCRM Sugar Sales)
+ NOT-FOR-US: SugarCRM Sugar Sales
CAN-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...)
- NOTE: not-for-us (SugarCRM Sugar Sales)
+ NOT-FOR-US: SugarCRM Sugar Sales
CAN-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...)
- NOTE: not-for-us (SugarCRM Sugar Sales)
+ NOT-FOR-US: SugarCRM Sugar Sales
CAN-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...)
- mtr 0.67-1
CAN-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...)
- NOTE: not-for-us (F-Secure Policy Manager)
+ NOT-FOR-US: F-Secure Policy Manager
CAN-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (weblibs.pl)
+ NOT-FOR-US: weblibs.pl
CAN-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...)
- NOTE: not-for-us (weblibs.pl)
+ NOT-FOR-US: weblibs.pl
CAN-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...)
- NOTE: not-for-us (Battlefield 1942, Battlefield Vietnam)
+ NOT-FOR-US: Battlefield 1942, Battlefield Vietnam
CAN-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Remote Execute)
+ NOT-FOR-US: Remote Execute
CAN-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...)
- NOTE: not-for-us (Kreed)
+ NOT-FOR-US: Kreed
CAN-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Kreed)
+ NOT-FOR-US: Kreed
CAN-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...)
- NOTE: not-for-us (Kreed)
+ NOT-FOR-US: Kreed
CAN-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...)
- NOTE: not-for-us (Advanced Guestbook)
+ NOT-FOR-US: Advanced Guestbook
CAN-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...)
- NOTE: not-for-us (Blog Torrent)
+ NOT-FOR-US: Blog Torrent
CAN-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...)
- NOTE: not-for-us (Mercury Mail)
+ NOT-FOR-US: Mercury Mail
CAN-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...)
- NOTE: not-for-us (IpCop)
+ NOT-FOR-US: IpCop
CAN-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...)
- NOTE: not-for-us (Verisign Payflow Link)
+ NOT-FOR-US: Verisign Payflow Link
CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...)
- NOTE: not-for-us (Orbz)
+ NOT-FOR-US: Orbz
CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...)
- NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter)
+ NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter
CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
- NOTE: not-for-us (pnTresMailer)
+ NOT-FOR-US: pnTresMailer
CAN-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...)
- NOTE: not-for-us (pnTresMailer)
+ NOT-FOR-US: pnTresMailer
CAN-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...)
NOTE: at best a local DOS by the user running fluxbox.
NOTE: Where's the security hole?
- fluxbox 0.9.11-1
CAN-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...)
- NOTE: not-for-us (phpCMS)
+ NOT-FOR-US: phpCMS
CAN-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...)
- NOTE: not-for-us (phpCMS)
+ NOT-FOR-US: phpCMS
CAN-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...)
NOTE: memory leak, doubt it's usefully exploitable
NOTE: did not followup
CAN-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...)
- NOTE: not-for-us (inShop)
+ NOT-FOR-US: inShop
CAN-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...)
- NOTE: not-for-us (Insite Inmail)
+ NOT-FOR-US: Insite Inmail
CAN-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...)
- NOTE: not-for-us (Star Wars Battlefront)
+ NOT-FOR-US: Star Wars Battlefront
CAN-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...)
- NOTE: not-for-us (Star Wars Battlefront)
+ NOT-FOR-US: Star Wars Battlefront
CAN-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...)
- NOTE: not-for-us (Prevex Home)
+ NOT-FOR-US: Prevex Home
CAN-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
- NOTE: not-for-us (Citadel/UX)
+ NOT-FOR-US: Citadel/UX
CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...)
NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
- kernel-source-2.6.8 2.6.8-16
@@ -11579,9 +11579,9 @@
CAN-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...)
{DSA-639-1}
CAN-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...)
- NOTE: not-for-us (Veritas Backup Exec)
+ NOT-FOR-US: Veritas Backup Exec
CAN-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...)
- kdelibs 4:3.3.1-2
- kdebase 4:3.3.1-3
@@ -11593,48 +11593,48 @@
CAN-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...)
- maxdb-webtools 7.5.00.19-1
CAN-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...)
- NOTE: not-for-us (gentoo mirrorselect)
+ NOT-FOR-US: gentoo mirrorselect
CAN-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...)
{DSA-631-1}
CAN-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...)
- scponly 4.0-1
CAN-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...)
- rssh 2.2.3-1
CAN-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...)
- NOTE: not-for-us (Netscape)
+ NOT-FOR-US: Netscape
CAN-2004-1159
NOTE: rejected
CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...)
- kdelibs 4:3.3.1-3
- kdebase 4:3.3.1-4
CAN-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...)
- mozilla 2:1.7.6-1
- mozilla-firefox 1.0.1
CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...)
- NOTE: not-for-us (Microsoft MSIE)
+ NOT-FOR-US: Microsoft MSIE
CAN-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...)
{DSA-701-1}
- samba 3.0.10-1
CAN-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...)
- NOTE: not-for-us (Adobe Acrobat Reader)
+ NOT-FOR-US: Adobe Acrobat Reader
CAN-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...)
- NOTE: not-for-us (Adobe Acrobat Reader)
+ NOT-FOR-US: Adobe Acrobat Reader
CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...)
NOTE: Fixed in upstream 2.6.10
- kernel-source-2.6.8 2.6.8-11
- kernel-source-2.6.9 2.6.9-4
CAN-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...)
- NOTE: not-for-us (Computer Associates eTrust EZ Antivirus)
+ NOT-FOR-US: Computer Associates eTrust EZ Antivirus
CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
- phpmyadmin 2:2.6.1-rc1-1
CAN-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...)
@@ -11662,23 +11662,23 @@
CAN-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...)
- kernel-image-2.4.27-i386 2.4.27-7
CAN-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...)
- NOTE: not-for-us (CuteFTP)
+ NOT-FOR-US: CuteFTP
CAN-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...)
- NOTE: not-for-us (WS-Ftpd)
+ NOT-FOR-US: WS-Ftpd
CAN-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1132
NOTE: reserved
CAN-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...)
- NOTE: not-for-us (CMailServer)
+ NOT-FOR-US: CMailServer
CAN-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...)
- NOTE: not-for-us (CMailServer)
+ NOT-FOR-US: CMailServer
CAN-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...)
- NOTE: not-for-us (CMailServer)
+ NOT-FOR-US: CMailServer
CAN-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...)
- opendchub 0.7.14-1.1
CAN-2004-1126
@@ -11691,71 +11691,71 @@
- gpdf 2.8.2-1
- koffice 1:1.3.5-1
CAN-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...)
- NOTE: not-for-us (UnixWare)
+ NOT-FOR-US: UnixWare
CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...)
- NOTE: not-for-us (Darwin Streaming Server)
+ NOT-FOR-US: Darwin Streaming Server
CAN-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...)
{DSA-663-1}
- prozilla 1:1.3.7.3-1
CAN-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...)
- NOTE: not-for-us (WodFtpDLX.ocx ActiveX component)
+ NOT-FOR-US: WodFtpDLX.ocx ActiveX component
CAN-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...)
- NOTE: not-for-us (ChessBrain)
+ NOT-FOR-US: ChessBrain
CAN-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...)
- NOTE: not-for-us (GIMPS)
+ NOT-FOR-US: GIMPS
CAN-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...)
NOTE: gentoo-specific permissions problems in setaiathome
CAN-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...)
- NOTE: not-for-us (Skype)
+ NOT-FOR-US: Skype
CAN-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...)
- NOTE: not-for-us (SQLgrey Postfix greylisting serivce)
+ NOT-FOR-US: SQLgrey Postfix greylisting serivce
CAN-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...)
- mtink 1.0.5
NOTE: debian not vulnerable except in edge case
CAN-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...)
- NOTE: not-for-us (Kerio Personal Firewall)
+ NOT-FOR-US: Kerio Personal Firewall
CAN-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...)
- NOTE: not-for-us (Gentoolkit)
+ NOT-FOR-US: Gentoolkit
CAN-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...)
- NOTE: not-for-us (Portage)
+ NOT-FOR-US: Portage
CAN-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...)
{DSA-642-1}
- gallery 1.4.4-pl4-1
CAN-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...)
- NOTE: not-for-us (Nortel Networks Contivity VPN Client)
+ NOT-FOR-US: Nortel Networks Contivity VPN Client
CAN-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...)
- NOTE: not-for-us (MailPost)
+ NOT-FOR-US: MailPost
CAN-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...)
- NOTE: not-for-us (MailPost)
+ NOT-FOR-US: MailPost
CAN-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...)
- NOTE: not-for-us (MailPost)
+ NOT-FOR-US: MailPost
CAN-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...)
- NOTE: not-for-us (MailPost)
+ NOT-FOR-US: MailPost
CAN-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...)
- mime-tools 5.415-1
CAN-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...)
- NOTE: not-for-us (Cherokee)
+ NOT-FOR-US: Cherokee
CAN-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...)
- libarchive-zip-perl 1.14-1
CAN-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...)
{DSA-608-1}
- zgv 5.7-1.3
CAN-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
{DSA-639-1}
CAN-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
@@ -11765,31 +11765,31 @@
CAN-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
{DSA-639-1}
CAN-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
- ncpfs 2.2.5-2
CAN-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...)
- NOTE: not-for-us (Citrix)
+ NOT-FOR-US: Citrix
CAN-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...)
- NOTE: not-for-us (Citrix)
+ NOT-FOR-US: Citrix
CAN-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...)
{DSA-609-1}
- atari800 1.3.2-1
@@ -11819,7 +11819,7 @@
NOTE: to only affect 2.2 series.
NOTE: 1.5.19 also seems ok
CAN-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...)
- php4 4:4.3.10-1
CAN-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...)
@@ -11856,9 +11856,9 @@
CAN-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 2:2.6.0-pl3-1
CAN-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...)
- NOTE: not-for-us (fetch on FreeBSD)
+ NOT-FOR-US: fetch on FreeBSD
CAN-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...)
{DSA-595-1}
NOTE: bnc is not in sarge or unstable (is in woody)
@@ -11866,9 +11866,9 @@
{DSA-596-2 DSA-596-1}
- sudo 1.6.8p3-1
CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1048
NOTE: reserved
CAN-2004-1047
@@ -11880,7 +11880,7 @@
CAN-2004-1044
NOTE: reserved
CAN-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1042
NOTE: reserved
CAN-2004-1041
@@ -11888,9 +11888,9 @@
CAN-2004-1040
NOTE: reserved
CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
- NOTE: not-for-us (SCO UnixWare)
+ NOT-FOR-US: SCO UnixWare
CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
- NOTE: not-for-us (IEEE1394 specification bug, physical security)
+ NOT-FOR-US: IEEE1394 specification bug, physical security
CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...)
- twiki 20030201-6
CAN-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...)
@@ -11909,9 +11909,9 @@
CAN-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
- fcron 2.9.5.1-1
CAN-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...)
- NOTE: not-for-us (Sun JRE)
+ NOT-FOR-US: Sun JRE
CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...)
{DSA-652-1}
NOTE: sarge's unarj is from a different code base, probably not vulnerable
@@ -11926,11 +11926,11 @@
CAN-2004-1024
NOTE: reserved
CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-1020 (The addslashes function in PHP 4.3.6 through 4.3.9 and 5.0.0 through ...)
- php4 4:4.3.10-1
CAN-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...)
@@ -11976,7 +11976,7 @@
CAN-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
{DSA-639-1}
CAN-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
- NOTE: not-for-us (Trend ScanMail)
+ NOT-FOR-US: Trend ScanMail
CAN-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...)
- ppp 2.4.2+20040428-3
CAN-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...)
@@ -12007,7 +12007,7 @@
CAN-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
{DSA-604-1}
CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...)
- NOTE: not-for-us (Proxytunnel)
+ NOT-FOR-US: Proxytunnel
CAN-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...)
- mpg123 0.59r-19
CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...)
@@ -12017,7 +12017,7 @@
CAN-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...)
{DSA-582-1}
CAN-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...)
{DSA-598-1}
- yardradius 1.0.20-15
@@ -12025,7 +12025,7 @@
{DSA-580-1}
- iptables 1.2.11-4
CAN-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...)
- mailutils 1:0.5-4
CAN-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...)
@@ -12042,9 +12042,9 @@
{DSA-592-1}
- ez-ipupdate 3.0.11b8-8
CAN-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...)
{DSA-577-1}
- postgresql 7.4.6-1
@@ -12082,16 +12082,16 @@
CAN-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...)
- gettext 0.14.1-6
CAN-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...)
{DSA-587-1}
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
NOTE: DSA says zinf not vulnerable in sarge
- zinf 2.2.5
CAN-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...)
- NOTE: not-for-us (Apple Remote Desktop Client)
+ NOT-FOR-US: Apple Remote Desktop Client
CAN-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...)
- freeradius 1.0.1
CAN-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
@@ -12114,11 +12114,11 @@
CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
NOTE: jabber version 2 is vulnerable, we have an older version that seems not
CAN-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
- NOTE: not-for-us (NetOp Host)
+ NOT-FOR-US: NetOp Host
CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
NOTE: fixed in 2.4.28, 2.6.9
TODO: check with kernel people re 2.4.27
@@ -12131,9 +12131,9 @@
CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
NOTE: does not apply per maintainer
CAN-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...)
- NOTE: not-for-us (Mitel 3300 Integrated Communications Platform)
+ NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CAN-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...)
- NOTE: not-for-us (Mitel 3300 Integrated Communications Platform)
+ NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CAN-2004-0943
NOTE: reserved
CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
@@ -12146,22 +12146,22 @@
{DSA-594-1}
- apache 1.3.33-2
CAN-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...)
- NOTE: not-for-us (Neoteris Instant Virtual Extranet)
+ NOT-FOR-US: Neoteris Instant Virtual Extranet
CAN-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
- freeradius 1.0.1
CAN-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...)
- NOTE: not-for-us (Sophos Anti-Virus)
+ NOT-FOR-US: Sophos Anti-Virus
CAN-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...)
- NOTE: not-for-us (RAV antivirus)
+ NOT-FOR-US: RAV antivirus
CAN-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...)
- NOTE: not-for-us (Eset anti-virus)
+ NOT-FOR-US: Eset anti-virus
CAN-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...)
- NOTE: not-for-us (Kaspersky antivirus)
+ NOT-FOR-US: Kaspersky antivirus
NOTE: Kaspersky engine is supported by amavas-ng
CAN-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...)
- NOTE: not-for-us (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus)
+ NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus
CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
- NOTE: not-for-us (McAfee Anti-Virus Engine DATS drivers)
+ NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers
CAN-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
- maxdb-7.5.00 7.5.00.18
CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
@@ -12169,30 +12169,30 @@
CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)
NOTE: tiff3g was removed from debian
CAN-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...)
- NOTE: not-for-us (Macromedia)
+ NOT-FOR-US: Macromedia
CAN-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...)
{DSA-566-1}
CAN-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...)
- NOTE: not-for-us (norton)
+ NOT-FOR-US: norton
CAN-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...)
{DSA-576-1}
- squid 2.5.7
CAN-2004-0917 (The default installation of Vignette Application Portal installs the ...)
- NOTE: not-for-us (Vignette Application Portal)
+ NOT-FOR-US: Vignette Application Portal
CAN-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...)
{DSA-574-1}
- cabextract 1.1-1
@@ -12227,7 +12227,7 @@
- mozilla 2:1.7.3
- mozilla-thunderbird 0.8
CAN-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...)
- NOTE: not-for-us (non-debian package issue)
+ NOT-FOR-US: non-debian package issue
CAN-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 2:1.7.3
@@ -12249,25 +12249,25 @@
- mozilla 2:1.7.3
- mozilla-thunderbird 0.8
CAN-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0898
NOTE: reserved
CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0896
NOTE: reserved
CAN-2004-0895
NOTE: reserved
CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...)
- gaim 1.0.2
CAN-2004-0890
@@ -12315,9 +12315,9 @@
CAN-2004-0874
NOTE: rejected
CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
- NOTE: not-for-us (apple)
+ NOT-FOR-US: apple
CAN-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...)
NOTE: upstream knows about the problem, no fix expected
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
@@ -12331,13 +12331,13 @@
NOTE: fix doesn't look likely any time soon
TODO: followup
CAN-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-0868
NOTE: rejected
CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
- mozilla-firefox 0.9.3
CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-0865
NOTE: reserved
CAN-2004-0864
@@ -12374,25 +12374,25 @@
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
TODO: which radius daemon in debian is "GNU Radius" (if any)?
CAN-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...)
{DSA-562-2}
CAN-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
@@ -12406,9 +12406,9 @@
CAN-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...)
- squid 2.5.6-8
CAN-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...)
- samba 2.2.11
CAN-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...)
@@ -12417,21 +12417,21 @@
{DSA-547-1}
- imagemagick 5:6.0.7.1-1
CAN-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...)
- NOTE: not-for-us (netscape NSS)
+ NOT-FOR-US: netscape NSS
CAN-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0822 (Buffer overflow in The Core Foundation framework ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (winamp)
+ NOT-FOR-US: winamp
CAN-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...)
- NOTE: not-for-us (openbsd)
+ NOT-FOR-US: openbsd
CAN-2004-0818
NOTE: reserved
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
@@ -12455,7 +12455,7 @@
CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...)
- apache2 2.0.52
CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...)
- NOTE: not-for-us (Netopia Timbuktu)
+ NOT-FOR-US: Netopia Timbuktu
CAN-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...)
{DSA-558-1}
- apache2 2.0.51-1
@@ -12478,17 +12478,17 @@
CAN-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...)
- foomatic-filters 3.0.2
CAN-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...)
- NOTE: not-for-us (Ipswitch WhatsUp Gold)
+ NOT-FOR-US: Ipswitch WhatsUp Gold
CAN-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...)
- NOTE: not-for-us (Ipswitch WhatsUp Gold)
+ NOT-FOR-US: Ipswitch WhatsUp Gold
CAN-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...)
- zlib 1:1.2.1.1-6
CAN-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...)
- spamassassin 2.64
CAN-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...)
- NOTE: not-for-us (IBM DB2 DB2RCMD.EXE)
+ NOT-FOR-US: IBM DB2 DB2RCMD.EXE
CAN-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...)
{DSA-551-1}
CAN-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...)
@@ -12506,7 +12506,7 @@
CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
{DSA-549-1 DSA-546-1}
CAN-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
- NOTE: not-for-us (seems OpenCA is not in Debian)
+ NOT-FOR-US: seems OpenCA is
CAN-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...)
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
- apache2 2.0.51
@@ -12533,9 +12533,9 @@
CAN-2004-0776
NOTE: reserved
CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
- NOTE: not-for-us (Real Helix server not in Debian)
+ NOT-FOR-US: Real Helix server
CAN-2004-0773
NOTE: reserved
CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
@@ -12549,9 +12549,9 @@
CAN-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...)
{DSA-536}
CAN-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
- NOTE: not-for-us (NGSEC StackDefender)
+ NOT-FOR-US: NGSEC StackDefender
CAN-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...)
- NOTE: not-for-us (NGSEC StackDefender)
+ NOT-FOR-US: NGSEC StackDefender
CAN-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...)
- mozilla 2:1.7
- mozilla-firefox 0.9
@@ -12591,7 +12591,7 @@
CAN-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...)
- apache2 2.0.50-11
CAN-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...)
- NOTE: not-for-us (Red Hat specific)
+ NOT-FOR-US: Red Hat specific
CAN-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...)
- subversion 1.0.9-2
CAN-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...)
@@ -12605,49 +12605,49 @@
CAN-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...)
- lha 1.14i-10
CAN-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...)
- NOTE: not-for-us (Sun Java System Portal Server)
+ NOT-FOR-US: Sun Java System Portal Server
CAN-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...)
- NOTE: not-for-us (LionMax Software WWW File Share Pro)
+ NOT-FOR-US: LionMax Software WWW File Share Pro
CAN-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...)
- NOTE: not-for-us (Lexmark)
+ NOT-FOR-US: Lexmark
CAN-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...)
- NOTE: not-for-us (Whisper FTP Surfer)
+ NOT-FOR-US: Whisper FTP Surfer
CAN-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...)
- NOTE: not-for-us (various windows games)
+ NOT-FOR-US: various windows games
CAN-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...)
- NOTE: not-for-us (Web_Store.cgi)
+ NOT-FOR-US: Web_Store.cgi
CAN-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...)
- NOTE: not-for-us (OllyDbg)
+ NOT-FOR-US: OllyDbg
CAN-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...)
- phpbb2 2.0.10
CAN-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...)
- phpbb2 2.0.10
CAN-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...)
- moodle 1.4
CAN-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...)
- NOTE: not-for-us (Half Life)
+ NOT-FOR-US: Half Life
CAN-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...)
- mozilla 2:1.6
CAN-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...)
@@ -12655,7 +12655,7 @@
- kdelibs 4:3.2.3-3.sarge.1
NOTE: in t-p-u; also fixed in 4.3.3 in unstable
CAN-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...)
NOTE: not-fos-us (Microsoft)
CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...)
@@ -12667,23 +12667,23 @@
- mozilla 2:1.7.8-1sarge1 (medium)
- mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...)
- NOTE: not-for-us (opera 7.50)
+ NOT-FOR-US: opera 7.50
CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...)
- NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
+ NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CAN-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...)
- NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
+ NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CAN-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...)
- NOTE: not-for-us (HP OpenView Select Access)
+ NOT-FOR-US: HP OpenView Select Access
CAN-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...)
- moin 1.2.2
CAN-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...)
@@ -12699,19 +12699,19 @@
CAN-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...)
NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
CAN-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...)
{DSA-532}
CAN-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...)
- NOTE: not-for-us (Check Point VPN)
+ NOT-FOR-US: Check Point VPN
CAN-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...)
- NOTE: not-for-us (WebSTAR)
+ NOT-FOR-US: WebSTAR
CAN-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...)
- NOTE: not-for-us (WebSTAR)
+ NOT-FOR-US: WebSTAR
CAN-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...)
- NOTE: not-for-us (WebSTAR)
+ NOT-FOR-US: WebSTAR
CAN-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...)
- NOTE: not-for-us (WebSTAR)
+ NOT-FOR-US: WebSTAR
CAN-2004-0694
NOTE: reserved
- lha 1.14i-10
@@ -12743,58 +12743,58 @@
CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
NOTE: Fixed in upstream 2.4.27
CAN-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...)
- NOTE: not-for-us (WebSphere Edge Server)
+ NOT-FOR-US: WebSphere Edge Server
CAN-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...)
- NOTE: not-for-us (Comersus Cart)
+ NOT-FOR-US: Comersus Cart
CAN-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- NOTE: not-for-us (Comersus Cart)
+ NOT-FOR-US: Comersus Cart
CAN-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...)
- NOTE: not-for-us (Zoom DSL modem)
+ NOT-FOR-US: Zoom DSL modem
CAN-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...)
- NOTE: not-for-us (UnrealIRCd)
+ NOT-FOR-US: UnrealIRCd
CAN-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...)
- NOTE: not-for-us (12Planet Chat Server)
+ NOT-FOR-US: 12Planet Chat Server
CAN-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...)
- NOTE: not-for-us (Fastream NETFile FTP Server)
+ NOT-FOR-US: Fastream NETFile FTP Server
CAN-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...)
- NOTE: not-for-us (Fastream NETFile FTP Server)
+ NOT-FOR-US: Fastream NETFile FTP Server
CAN-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...)
- NOTE: not-for-us (c32web.exe)
+ NOT-FOR-US: c32web.exe
CAN-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...)
- NOTE: not-for-us (Enterasys XSR-1800 series Security Routers)
+ NOT-FOR-US: Enterasys XSR-1800 series Security Routers
CAN-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...)
- NOTE: not-for-us (SCI Photo Chat Server)
+ NOT-FOR-US: SCI Photo Chat Server
CAN-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...)
- NOTE: not-for-us (Netegrity IdentityMinder Web Edition)
+ NOT-FOR-US: Netegrity IdentityMinder Web Edition
CAN-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...)
- NOTE: not-for-us (Brightmail Spamfilter)
+ NOT-FOR-US: Brightmail Spamfilter
CAN-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...)
- NOTE: not-for-us (Rompager)
+ NOT-FOR-US: Rompager
CAN-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...)
- NOTE: not-for-us (Lotus)
+ NOT-FOR-US: Lotus
CAN-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...)
- NOTE: not-for-us (Lotus)
+ NOT-FOR-US: Lotus
CAN-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...)
NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
- kernel-patch-adamantix 1.6
CAN-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...)
- NOTE: not-for-us (popclient not in Debian)
+ NOT-FOR-US: popclient
CAN-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...)
- NOTE: not-for-us (csFAQ not in Debian)
+ NOT-FOR-US: csFAQ
CAN-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...)
- NOTE: not-for-us (PowerPortal)
+ NOT-FOR-US: PowerPortal
CAN-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
- NOTE: not-for-us (PowerPortal)
+ NOT-FOR-US: PowerPortal
CAN-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...)
- NOTE: not-for-us (PowerPortal)
+ NOT-FOR-US: PowerPortal
CAN-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...)
- NOTE: not-for-us (D-Link AirPlus DI-614+)
+ NOT-FOR-US: D-Link AirPlus DI-614+
CAN-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...)
NOTE: invalid according to www.osvdb.org/7253
CAN-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...)
@@ -12802,18 +12802,18 @@
CAN-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...)
- pure-ftpd 1.0.19-1
CAN-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...)
- NOTE: not-for-us (Gentoo specific)
+ NOT-FOR-US: Gentoo specific
CAN-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...)
- NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
+ NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CAN-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...)
NOTE: JRE is not in Debian, assuming the various wrappers handle
NOTE: the new version. Not worrying about upgrades.
CAN-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...)
{DSA-530}
CAN-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...)
@@ -12823,7 +12823,7 @@
CAN-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...)
- shorewall 2.0.3a
CAN-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...)
{DSA-579-1 DSA-550-1}
CAN-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...)
@@ -12833,17 +12833,17 @@
CAN-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...)
{DSA-543-1}
CAN-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...)
- NOTE: not-for-us (Thomson hardware ADSL router)
+ NOT-FOR-US: Thomson hardware ADSL router
CAN-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...)
{DSA-529}
CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
{DSA-535}
CAN-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...)
{DSA-528}
CAN-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...)
@@ -12851,13 +12851,13 @@
CAN-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...)
- ethereal 0.10.5
CAN-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...)
- NOTE: not-for-us (adobe reader)
+ NOT-FOR-US: adobe reader
CAN-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...)
- NOTE: not-for-us (adobe acrobat)
+ NOT-FOR-US: adobe acrobat
CAN-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...)
- NOTE: not-for-us (adobe acrobat)
+ NOT-FOR-US: adobe acrobat
CAN-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...)
- NOTE: not-for-us (adobe acrobat)
+ NOT-FOR-US: adobe acrobat
CAN-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...)
NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
@@ -12865,56 +12865,56 @@
CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)
NOTE: fixed after 2.6.6 kernel
CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...)
- NOTE: not-for-us (Infinity WEB)
+ NOT-FOR-US: Infinity WEB
CAN-2004-0624 (PHP remote code injection vulnerability in index.php for Artmedic ...)
- NOTE: not-for-us (Artmedic links)
+ NOT-FOR-US: Artmedic links
CAN-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...)
{DSA-590-1}
- gnats 4.0-6.1
CAN-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
- NOTE: not-for-us (Newsletter ZWS)
+ NOT-FOR-US: Newsletter ZWS
CAN-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...)
- NOTE: not-for-us (Linux Broadcom 5820 cryptonet driver)
+ NOT-FOR-US: Linux Broadcom 5820 cryptonet driver
NOTE: does not seem to be part of linux kernel or other package
CAN-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...)
- NOTE: not-for-us (freebsd)
+ NOT-FOR-US: freebsd
CAN-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...)
- NOTE: not-for-us (ArbitroWeb)
+ NOT-FOR-US: ArbitroWeb
CAN-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...)
- NOTE: not-for-us (BT Voyager 2000 Wireless ADSL Router)
+ NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router
CAN-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
- NOTE: not-for-us (D-Link DI-614+ SOHO router)
+ NOT-FOR-US: D-Link DI-614+ SOHO router
CAN-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...)
- NOTE: not-for-us (ZoneAlarm Pro)
+ NOT-FOR-US: ZoneAlarm Pro
CAN-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...)
- NOTE: not-for-us (Netgear FVS318 VPN Router)
+ NOT-FOR-US: Netgear FVS318 VPN Router
CAN-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...)
- NOTE: not-for-us (Microsoft MN-500 Wireless Router)
+ NOT-FOR-US: Microsoft MN-500 Wireless Router
CAN-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...)
- rssh 2.2.1
CAN-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...)
- NOTE: not-for-us (Unreal Engine)
+ NOT-FOR-US: Unreal Engine
CAN-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...)
- racoon 0.3.3-1
CAN-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...)
- NOTE: not-for-us (Infoblox DNS One)
+ NOT-FOR-US: Infoblox DNS One
CAN-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...)
NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
NOTE: Does not match posted patch. Mailed Debian maintainer.
CAN-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...)
- NOTE: not-for-us (giFT-FastTrack not in debian)
+ NOT-FOR-US: giFT-FastTrack not in debian
CAN-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...)
- NOTE: not-for-us (Gentoo-specific bug in gzip introduced by botched security fix)
+ NOT-FOR-US: Gentoo-specific bug in gzip introduced by botched security fix
CAN-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...)
- distcc 2.18.1-4
CAN-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...)
@@ -12932,7 +12932,7 @@
CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
{DSA-669-1 DSA-531}
CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
- NOTE: not-for-us (Sygate Enforcer)
+ NOT-FOR-US: Sygate Enforcer
CAN-2004-0592
NOTE: reserved
CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
@@ -12941,13 +12941,13 @@
- freeswan 2.04-10
- openswan 2.2.0
CAN-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...)
- usermin 1.090-1
CAN-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...)
- qla2x00-source 7.01.01-1
CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0585
NOTE: rejected
CAN-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...)
@@ -12960,37 +12960,37 @@
{DSA-526}
- usermin 1.090-1
CAN-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...)
- NOTE: not-for-us (Mandrake script)
+ NOT-FOR-US: Mandrake script
CAN-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
{DSA-522}
CAN-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
- NOTE: not-for-us (Wingate)
+ NOT-FOR-US: Wingate
CAN-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
- NOTE: not-for-us (Wingate)
+ NOT-FOR-US: Wingate
CAN-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
- NOTE: not-for-us (GNU radius not in Debian)
+ NOT-FOR-US: GNU radius
CAN-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0570
NOTE: reserved
CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...)
- NOTE: not-for-us (HyperTerminal)
+ NOT-FOR-US: HyperTerminal
CAN-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0565 (Floating point information leak in the context switch code for Linux ...)
NOTE: ia64 only
NOTE: appears fixed in 2.4.27/2.6.8
@@ -13019,13 +13019,13 @@
CAN-2004-0553
NOTE: reserved
CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
- NOTE: not-for-us (Sophos Small Business Suite)
+ NOT-FOR-US: Sophos Small Business Suite
CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...)
- NOTE: not-for-us (Real Player)
+ NOT-FOR-US: Real Player
CAN-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...)
- aspell 0.50.5-3
CAN-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...)
@@ -13033,50 +13033,50 @@
CAN-2004-0546
NOTE: reserved
CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...)
- NOTE: not-for-us (php4 bug only affects Windows)
+ NOT-FOR-US: php4 bug only affects Windows
CAN-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...)
- squid 2.5.5-5
CAN-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...)
- tripwire 2.3.1.2.0-2.1
CAN-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
NOTE: fixed in 2.4.27
CAN-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...)
- NOTE: not-for-us (Business Objects WebIntelligence)
+ NOT-FOR-US: Business Objects WebIntelligence
CAN-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...)
- NOTE: not-for-us (Business Objects WebIntelligence)
+ NOT-FOR-US: Business Objects WebIntelligence
CAN-2004-0532
NOTE: reserved
CAN-2004-0531
NOTE: reserved
CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...)
- NOTE: not-for-us (Slackware specific rpath issue)
+ NOT-FOR-US: Slackware specific rpath issue
CAN-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
- NOTE: not-for-us (cPanel is not our cpanel)
+ NOT-FOR-US: cPanel is not our cpanel
CAN-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...)
- NOTE: not-for-us (Netscape Navigator 7.1)
+ NOT-FOR-US: Netscape Navigator 7.1
CAN-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...)
NOTE: konquror 2.2.2 and earlier, later should not be vulnerale
NOTE: but did not check in detail
CAN-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...)
- NOTE: not-for-us (iLO)
+ NOT-FOR-US: iLO
CAN-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...)
- NOTE: not-for-us (Change_passwd SquirrelMail plugin not present in debian)
+ NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
CAN-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...)
{DSA-520}
CAN-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
@@ -13088,23 +13088,23 @@
CAN-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
{DSA-535}
CAN-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to "logging when ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
- NOTE: not-for-us (SCO MMDF)
+ NOT-FOR-US: SCO MMDF
CAN-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
- NOTE: not-for-us (SCO MMDF)
+ NOT-FOR-US: SCO MMDF
CAN-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...)
- NOTE: not-for-us (SCO MMDF)
+ NOT-FOR-US: SCO MMDF
CAN-2004-0509
NOTE: reserved
CAN-2004-0508
@@ -13118,17 +13118,17 @@
CAN-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...)
- ethereal 0.10.4
CAN-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
- gaim 1:0.81-3
CAN-2004-0499
NOTE: reserved
CAN-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...)
- NOTE: not-for-us (StoneSoft firewall engine)
+ NOT-FOR-US: StoneSoft firewall engine
CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
NOTE: linux kernel fchown hole, fixed in all current kernels
CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
@@ -13147,72 +13147,72 @@
CAN-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...)
NOTE: appears redhat specific
CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...)
- NOTE: not-for-us (cPanel is not our cpanel)
+ NOT-FOR-US: cPanel is not our cpanel
CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...)
{DSA-532}
- apache2 2.0.50-1
CAN-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...)
- NOTE: not-for-us (the KCMS on Solaris)
+ NOT-FOR-US: the KCMS on Solaris
CAN-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...)
- NOTE: not-for-us (Lotus Notes)
+ NOT-FOR-US: Lotus Notes
CAN-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...)
NOTE: only a Mozilla DOS
TODO: not even fixed upstream
CAN-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...)
- NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router)
+ NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CAN-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...)
- NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router)
+ NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CAN-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...)
- NOTE: not-for-us (Help Center (HelpCtr.exe))
+ NOT-FOR-US: Help Center (HelpCtr.exe)
CAN-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...)
- NOTE: not-for-us (opera)
+ NOT-FOR-US: opera
CAN-2004-0472
NOTE: rejected
CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...)
- NOTE: not-for-us (Check Point VPN)
+ NOT-FOR-US: Check Point VPN
CAN-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...)
- NOTE: not-for-us (Juniper JUNOS)
+ NOT-FOR-US: Juniper JUNOS
CAN-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...)
- NOTE: not-for-us (Juniper JUNOS)
+ NOT-FOR-US: Juniper JUNOS
CAN-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...)
- NOTE: not-for-us (WebConnect)
+ NOT-FOR-US: WebConnect
CAN-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...)
- NOTE: not-for-us (WebConnect)
+ NOT-FOR-US: WebConnect
CAN-2004-0464
NOTE: reserved
CAN-2004-0463
NOTE: reserved
CAN-2004-0462 (The built-in web servers for multiple networking devices do not set ...)
- NOTE: not-for-us (Multiple embedded hardware vendors)
+ NOT-FOR-US: Multiple embedded hardware vendors
CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
NOTE: debian probably not vulnerable
- dhcp3 3.0.1
CAN-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...)
- dhcp3 3.0.1
CAN-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...)
- NOTE: not-for-us (DOS in 802.11 protocol)
+ NOT-FOR-US: DOS in 802.11 protocol
CAN-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...)
{DSA-503}
- mah-jong 1.6.2-1
@@ -13242,9 +13242,9 @@
CAN-2004-0446
NOTE: reserved
CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2004-0443
NOTE: reserved
CAN-2004-0442
@@ -13258,11 +13258,11 @@
CAN-2004-0438
NOTE: reserved
CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...)
- NOTE: not-for-us (Titan FTP Server)
+ NOT-FOR-US: Titan FTP Server
CAN-2004-0436
NOTE: reserved
CAN-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
{DSA-504}
CAN-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...)
@@ -13271,19 +13271,19 @@
CAN-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...)
- proftpd 1.2.9-4
CAN-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...)
- NOTE: not-for-us (Apple QuickTime)
+ NOT-FOR-US: Apple QuickTime
CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0429 (Unknown vulnerability related to "the handling of large requests" in ...)
- NOTE: not-for-us (RAdmin for Mac OS X)
+ NOT-FOR-US: RAdmin for Mac OS X
CAN-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...)
- NOTE: not-for-us (Mac OS X))
+ NOT-FOR-US: Mac OS X)
CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
NOTE: fixed after 2.6.6/2.4.26 kernel
CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
{DSA-499}
CAN-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...)
NOTE: fixed after 2.6.4/2.4.26 kernel
CAN-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...)
@@ -13295,7 +13295,7 @@
CAN-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...)
{DSA-498}
CAN-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
NOTE: reserved (baruch)
CAN-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
@@ -13327,7 +13327,7 @@
CAN-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...)
{DSA-494}
CAN-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2004-0406
NOTE: reserved
CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
@@ -13367,39 +13367,39 @@
CAN-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...)
- apache 1.3.31-2
CAN-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
- NOTE: not-for-us (Cisco Wireless LAN Solution Engine)
+ NOT-FOR-US: Cisco Wireless LAN Solution Engine
CAN-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...)
- NOTE: not-for-us (SCO OpenServer)
+ NOT-FOR-US: SCO OpenServer
CAN-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...)
- NOTE: not-for-us (RealNetworks Helix Universal Server)
+ NOT-FOR-US: RealNetworks Helix Universal Server
CAN-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...)
{DSA-483}
CAN-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...)
- NOTE: not-for-us (RealPlayer plugin)
+ NOT-FOR-US: RealPlayer plugin
CAN-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...)
- NOTE: not-for-us (mplayer; not in the archive)
+ NOT-FOR-US: mplayer; not in the archive
CAN-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...)
- NOTE: not-for-us (Oracle 9i Application Server Web Cache)
+ NOT-FOR-US: Oracle 9i Application Server Web Cache
CAN-2004-0384
NOTE: reserved
CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...)
- NOTE: not-for-us (Mail for Mac OS X)
+ NOT-FOR-US: Mail for Mac OS X
CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...)
- NOTE: not-for-us (CUPS printing system in Mac OS X)
+ NOT-FOR-US: CUPS printing system in Mac OS X
CAN-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...)
{DSA-483}
CAN-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...)
- NOTE: not-for-us (Microsoft Outlook Express)
+ NOT-FOR-US: Microsoft Outlook Express
CAN-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
- NOTE: not-for-us (Microsoft SharePoint Portal Server 2001)
+ NOT-FOR-US: Microsoft SharePoint Portal Server 2001
CAN-2004-0378
NOTE: reserved
CAN-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...)
- NOTE: not-for-us (perl; Win32 is affected, UNIX systems not)
+ NOT-FOR-US: perl; Win32 is affected, UNIX systems not
CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
{DSA-473}
CAN-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
- NOTE: not-for-us (Symantec Norton Internet Security)
+ NOT-FOR-US: Symantec Norton Internet Security
CAN-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the ...)
{DSA-471}
CAN-2004-0373
@@ -13409,11 +13409,11 @@
CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
{DSA-476}
CAN-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...)
- NOTE: not-for-us (KAME)
+ NOT-FOR-US: KAME
CAN-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...)
- NOTE: not-for-us (Entrust LibKmp ISAKMP library)
+ NOT-FOR-US: Entrust LibKmp ISAKMP library
CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
- NOTE: not-for-us (CDE)
+ NOT-FOR-US: CDE
CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
- ethereal 0.10.3
CAN-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
@@ -13424,141 +13424,141 @@
CAN-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
- ethereal 0.10.3
CAN-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...)
- NOTE: not-for-us (WrapNISUM ActiveX)
+ NOT-FOR-US: WrapNISUM ActiveX
CAN-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...)
- NOTE: not-for-us (SymSpamHelper ActiveX)
+ NOT-FOR-US: SymSpamHelper ActiveX
CAN-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...)
- NOTE: not-for-us (ISS Protocol Analysis Module)
+ NOT-FOR-US: ISS Protocol Analysis Module
CAN-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...)
- NOTE: not-for-us (safari)
+ NOT-FOR-US: safari
CAN-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...)
- NOTE: not-for-us (solaris)
+ NOT-FOR-US: solaris
CAN-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...)
- NOTE: not-for-us (VirtuaNews Admin Panel)
+ NOT-FOR-US: VirtuaNews Admin Panel
CAN-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...)
- NOTE: not-for-us (SL Mail Pro)
+ NOT-FOR-US: SL Mail Pro
CAN-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...)
- NOTE: not-for-us (GNU Anubis)
+ NOT-FOR-US: GNU Anubis
CAN-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...)
- NOTE: not-for-us (GNU Anubis)
+ NOT-FOR-US: GNU Anubis
CAN-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...)
- NOTE: not-for-us (Spider Sales)
+ NOT-FOR-US: Spider Sales
CAN-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...)
- NOTE: not-for-us (Spider Sales)
+ NOT-FOR-US: Spider Sales
CAN-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...)
- NOTE: not-for-us (GWeb HTTP Server)
+ NOT-FOR-US: GWeb HTTP Server
CAN-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...)
- NOTE: not-for-us (SpiderSales)
+ NOT-FOR-US: SpiderSales
CAN-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...)
- proftpd 1.2.9
CAN-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...)
- NOTE: not-for-us (Red Faction)
+ NOT-FOR-US: Red Faction
CAN-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...)
- NOTE: not-for-us (YaBB SE)
+ NOT-FOR-US: YaBB SE
CAN-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...)
- NOTE: not-for-us (YaBB SE)
+ NOT-FOR-US: YaBB SE
CAN-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option ...)
- NOTE: not-for-us (WFPTD)
+ NOT-FOR-US: WFPTD
CAN-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...)
- NOTE: not-for-us (WFPTD)
+ NOT-FOR-US: WFPTD
CAN-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...)
- NOTE: not-for-us (WFPTD)
+ NOT-FOR-US: WFPTD
CAN-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...)
- phpbb2 2.0.6d
CAN-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...)
- NOTE: not-for-us (Invision Board Forum)
+ NOT-FOR-US: Invision Board Forum
CAN-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...)
- NOTE: not-for-us (602LAN SUITE)
+ NOT-FOR-US: 602LAN SUITE
CAN-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory ...)
- NOTE: not-for-us (602LAN SUITE)
+ NOT-FOR-US: 602LAN SUITE
CAN-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic ...)
- NOTE: not-for-us (AXIS 2100)
+ NOT-FOR-US: AXIS 2100
CAN-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...)
- uudeview 0.5.20 (medium)
CAN-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...)
- NOTE: not-for-us (extremail)
+ NOT-FOR-US: extremail
CAN-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...)
- NOTE: not-for-us (Dell OpenManage Web Server)
+ NOT-FOR-US: Dell OpenManage Web Server
CAN-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...)
- NOTE: not-for-us (Serv-U)
+ NOT-FOR-US: Serv-U
CAN-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (FreeChat)
+ NOT-FOR-US: FreeChat
CAN-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...)
- NOTE: not-for-us (Gigabyte Broadband Router)
+ NOT-FOR-US: Gigabyte Broadband Router
CAN-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...)
- NOTE: not-for-us (PhpNewsManager)
+ NOT-FOR-US: PhpNewsManager
CAN-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...)
- NOTE: not-for-us (GateKeeper Pro)
+ NOT-FOR-US: GateKeeper Pro
CAN-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
- NOTE: not-for-us (TypSoft)
+ NOT-FOR-US: TypSoft
CAN-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...)
- NOTE: not-for-us (confirm 0.70)
+ NOT-FOR-US: confirm 0.70
CAN-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...)
- NOTE: not-for-us (xmb 1.8 final sp2)
+ NOT-FOR-US: xmb 1.8 final sp2
CAN-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final ...)
- NOTE: not-for-us (xmb 1.8 final sp2)
+ NOT-FOR-US: xmb 1.8 final sp2
CAN-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...)
- NOTE: not-for-us (Team Factor)
+ NOT-FOR-US: Team Factor
CAN-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...)
- NOTE: not-for-us (ezBoard)
+ NOT-FOR-US: ezBoard
CAN-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...)
- NOTE: not-for-us (Load Sharing Facility)
+ NOT-FOR-US: Load Sharing Facility
CAN-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...)
- NOTE: not-for-us (Load Sharing Facility)
+ NOT-FOR-US: Load Sharing Facility
CAN-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...)
- NOTE: not-for-us (Avirt)
+ NOT-FOR-US: Avirt
CAN-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...)
- NOTE: not-for-us (Avirt)
+ NOT-FOR-US: Avirt
CAN-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...)
- NOTE: not-for-us (WebzEdit)
+ NOT-FOR-US: WebzEdit
CAN-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...)
- NOTE: not-for-us (PSOProxy)
+ NOT-FOR-US: PSOProxy
CAN-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...)
- NOTE: not-for-us (LINKSYS)
+ NOT-FOR-US: LINKSYS
CAN-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...)
- NOTE: not-for-us (APC)
+ NOT-FOR-US: APC
CAN-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...)
- NOTE: not-for-us (LiveJournal)
+ NOT-FOR-US: LiveJournal
CAN-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...)
- NOTE: not-for-us (WebCortex WebStores)
+ NOT-FOR-US: WebCortex WebStores
CAN-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...)
- NOTE: not-for-us (WebCortex WebStores)
+ NOT-FOR-US: WebCortex WebStores
CAN-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...)
- NOTE: not-for-us (OWLS 1.0)
+ NOT-FOR-US: OWLS 1.0
CAN-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...)
- NOTE: not-for-us (OWLS 1.0)
+ NOT-FOR-US: OWLS 1.0
CAN-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...)
- NOTE: not-for-us (Online Store Kit)
+ NOT-FOR-US: Online Store Kit
CAN-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...)
- NOTE: not-for-us (Online Store Kit)
+ NOT-FOR-US: Online Store Kit
CAN-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
- NOTE: not-for-us (smallftpd; not in Debian)
+ NOT-FOR-US: smallftpd;
CAN-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (CesarFTP; Win32)
+ NOT-FOR-US: CesarFTP; Win32
CAN-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
- NOTE: not-for-us (Broker FTP 6.1.0.0; Win32)
+ NOT-FOR-US: Broker FTP 6.1.0.0; Win32
CAN-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
- NOTE: not-for-us (Broker FTP 6.1.0.0 again; Win32)
+ NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
CAN-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...)
- NOTE: not-for-us (yabb; not in Debian)
+ NOT-FOR-US: yabb;
CAN-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...)
- NOTE: not-for-us (ShopCartCGI 2.3; not in Debian)
+ NOT-FOR-US: ShopCartCGI 2.3;
CAN-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...)
- NOTE: not-for-us (KarjaSoft Sami HTTP Server 1.0.4; Win32)
+ NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
CAN-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...)
- NOTE: not-for-us (YaBB; not in Debian)
+ NOT-FOR-US: YaBB;
CAN-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...)
- NOTE: not-for-us (Purge Jihad; not in Debian)
+ NOT-FOR-US: Purge Jihad;
CAN-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...)
- NOTE: not-for-us (SignatureDB; not in Debian)
+ NOT-FOR-US: SignatureDB;
CAN-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...)
- mnogosearch 3.2.18
NOTE: it's not quite clear which version exactly fixes the problem;
@@ -13567,111 +13567,111 @@
NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2)
NOTE: and I can confirm the buffer overflow is fixed there
CAN-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...)
- NOTE: not-for-us (Xlight FTP server 1.52; not in Debian)
+ NOT-FOR-US: Xlight FTP server 1.52;
CAN-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...)
- NOTE: not-for-us (RobotFTP; not in Debian)
+ NOT-FOR-US: RobotFTP;
CAN-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) ...)
- NOTE: not-for-us (PHP scripts not in Debian)
+ NOT-FOR-US: PHP scripts
CAN-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...)
- NOTE: not-for-us (MSIE bugs)
+ NOT-FOR-US: MSIE bugs
CAN-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...)
- NOTE: not-for-us (mailmgr; not in Debian)
+ NOT-FOR-US: mailmgr;
CAN-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Crob FTP; not in Debian)
+ NOT-FOR-US: Crob FTP;
CAN-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...)
- NOTE: not-for-us (Caucho Technology Resin; not in Debian)
+ NOT-FOR-US: Caucho Technology Resin;
CAN-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...)
- NOTE: not-for-us (Caucho Technology Resin; not in Debian)
+ NOT-FOR-US: Caucho Technology Resin;
CAN-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
- NOTE: not-for-us (AIMSniff; not in Debian)
+ NOT-FOR-US: AIMSniff;
CAN-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...)
- NOTE: not-for-us (Ratbag game engine; not in Debian)
+ NOT-FOR-US: Ratbag game engine;
CAN-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...)
- NOTE: not-for-us (Dream FTP; not in Debian)
+ NOT-FOR-US: Dream FTP;
CAN-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...)
- NOTE: not-for-us (BosDates; not in Debian)
+ NOT-FOR-US: BosDates;
CAN-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
- NOTE: not-for-us (MaxWebPortal; not in Debian)
+ NOT-FOR-US: MaxWebPortal;
CAN-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...)
- NOTE: not-for-us (MaxWebPortal; not in Debian)
+ NOT-FOR-US: MaxWebPortal;
CAN-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...)
- NOTE: not-for-us (PHP-Nuke; not in Debian)
+ NOT-FOR-US: PHP-Nuke;
CAN-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...)
- NOTE: not-for-us (EvolutionX; not in Debian)
+ NOT-FOR-US: EvolutionX;
CAN-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...)
- NOTE: not-for-us (eTrust InoculateIT; not in Debian)
+ NOT-FOR-US: eTrust InoculateIT;
CAN-2004-0266 (SQL injection vulnerability in the "public message" capability ...)
- NOTE: not-for-us (PHP-Nuke; not in Debian)
+ NOT-FOR-US: PHP-Nuke;
CAN-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...)
- NOTE: not-for-us (PHP-Nuke; not in Debian)
+ NOT-FOR-US: PHP-Nuke;
CAN-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (PalmOS)
+ NOT-FOR-US: PalmOS
CAN-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...)
- NOTE: not-for-us (The Palace; not in Debian)
+ NOT-FOR-US: The Palace;
CAN-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
- NOTE: not-for-us (CactuShop; not in Debian)
+ NOT-FOR-US: CactuShop;
CAN-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...)
- NOTE: not-for-us (formmail.php; not in Debian)
+ NOT-FOR-US: formmail.php;
CAN-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...)
- NOTE: not-for-us (Xlight; not in Debian)
+ NOT-FOR-US: Xlight;
CAN-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...)
- NOTE: not-for-us (Discuz; not in Debian)
+ NOT-FOR-US: Discuz;
CAN-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...)
- NOTE: not-for-us (IBM Cloudscape)
+ NOT-FOR-US: IBM Cloudscape
CAN-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (TYPSoft FTP Server)
+ NOT-FOR-US: TYPSoft FTP Server
CAN-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...)
- NOTE: not-for-us (rxgoogle.cgi)
+ NOT-FOR-US: rxgoogle.cgi
CAN-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...)
- NOTE: not-for-us (PhotoPost PHP Pro)
+ NOT-FOR-US: PhotoPost PHP Pro
CAN-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...)
- NOTE: not-for-us (PHPX)
+ NOT-FOR-US: PHPX
CAN-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...)
- NOTE: not-for-us (PHPX)
+ NOT-FOR-US: PHPX
CAN-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...)
- NOTE: not-for-us (Chaser)
+ NOT-FOR-US: Chaser
CAN-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
- NOTE: not-for-us (Les Commentaires)
+ NOT-FOR-US: Les Commentaires
CAN-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Web Crossing)
+ NOT-FOR-US: Web Crossing
CAN-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...)
- NOTE: not-for-us (Cisco Systems)
+ NOT-FOR-US: Cisco Systems
CAN-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
- NOTE: not-for-us (X-Cart 3.4.3)
+ NOT-FOR-US: X-Cart 3.4.3
CAN-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...)
- NOTE: not-for-us (X-Cart 3.4.3)
+ NOT-FOR-US: X-Cart 3.4.3
CAN-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...)
- NOTE: not-for-us (X-Cart 3.4.3)
+ NOT-FOR-US: X-Cart 3.4.3
CAN-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...)
- NOTE: not-for-us (PhotoPost PHP Pro)
+ NOT-FOR-US: PhotoPost PHP Pro
CAN-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...)
- overkill 0.16-7
CAN-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...)
- NOTE: not-for-us (Aprox PHP Portal)
+ NOT-FOR-US: Aprox PHP Portal
CAN-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...)
- NOTE: not-for-us (thePHOTOtool)
+ NOT-FOR-US: thePHOTOtool
CAN-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...)
{DSA-515}
CAN-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...)
{DSA-515}
CAN-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...)
- NOTE: not-for-us (utempter)
+ NOT-FOR-US: utempter
CAN-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
{DSA-497}
CAN-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
{DSA-497}
CAN-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...)
- NOTE: not-for-us (famous TCP RST bug)
+ NOT-FOR-US: famous TCP RST bug
CAN-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
- NOTE: not-for-us (Kernel 2.6 framebuffer bug)
+ NOT-FOR-US: Kernel 2.6 framebuffer bug
CAN-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
NOTE: fixed in linux 2.4.27-pre3
CAN-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...)
- NOTE: not-for-us (ZoneMinder)
+ NOT-FOR-US: ZoneMinder
CAN-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
{DSA-497}
CAN-2004-0225
@@ -13681,63 +13681,63 @@
CAN-2004-0223
NOTE: reserved
CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...)
- NOTE: not-for-us (isakmpd in OpenBSD)
+ NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (isakmpd in OpenBSD)
+ NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (isakmpd in OpenBSD)
+ NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (isakmpd in OpenBSD)
+ NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (isakmpd in OpenBSD)
+ NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...)
- NOTE: not-for-us (Symantec AntiVirus Scan Engine for Red Hat)
+ NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat
CAN-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...)
- NOTE: not-for-us (MSIE bug)
+ NOT-FOR-US: MSIE bug
CAN-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...)
- NOTE: not-for-us (MS-Outlook-Express)
+ NOT-FOR-US: MS-Outlook-Express
CAN-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...)
- NOTE: not-for-us (MSIE bug)
+ NOT-FOR-US: MSIE bug
CAN-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0207 ("Shatter" style vulnerability in the Window Management application ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...)
- NOTE: not-for-us (Visual Studio bug)
+ NOT-FOR-US: Visual Studio bug
CAN-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...)
- NOTE: not-for-us (Exchange bug)
+ NOT-FOR-US: Exchange bug
CAN-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...)
- NOTE: not-for-us (DirectX)
+ NOT-FOR-US: DirectX
CAN-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...)
- NOTE: not-for-us (Windows HTML Help)
+ NOT-FOR-US: Windows HTML Help
CAN-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...)
- NOTE: not-for-us (famous Windows GDI+ JPEG parsing bug)
+ NOT-FOR-US: famous Windows GDI+ JPEG parsing bug
CAN-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0198
NOTE: reserved
CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...)
- NOTE: not-for-us (MSJet bug)
+ NOT-FOR-US: MSJet bug
CAN-2004-0196
NOTE: reserved
CAN-2004-0195
NOTE: reserved
CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
- NOTE: not-for-us (Symantec Gateway Security)
+ NOT-FOR-US: Symantec Gateway Security
CAN-2004-0187
NOTE: rejected
CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
@@ -13747,7 +13747,7 @@
{DSA-478}
- tcpdump 3.7.2-4
CAN-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (mailman; RedHat specific bug)
+ NOT-FOR-US: mailman; RedHat specific bug
CAN-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...)
NOTE: fixed in 2.4.26-pre5
CAN-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...)
@@ -13772,24 +13772,24 @@
CAN-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
- apache 1.3.29.0.2-5
CAN-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
- NOTE: not-for-us (ltrace; Debian (and no other distribution) installs this SUID root)
+ NOT-FOR-US: ltrace; Debian (and no other distribution) installs this SUID root
CAN-2004-0170
NOTE: reserved
CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
- NOTE: not-for-us (CoreFoundation for Mac OS X)
+ NOT-FOR-US: CoreFoundation for Mac OS X
CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...)
- ipsec-tools 0.3.3-1
NOTE: not mentioned in the changelog, so I don't know which version exactly fixes
NOTE: the problem, but the patch that fixes the bug is applied:
NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
CAN-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...)
- NOTE: not-for-us (Sygate Secure Enterprise)
+ NOT-FOR-US: Sygate Secure Enterprise
CAN-2004-0162 (Multiple content security gateway and antivirus products allow remote ...)
- NOTE: not-for-us (general MIME bug with security gateways)
+ NOT-FOR-US: general MIME bug with security gateways
CAN-2004-0161 (Multiple content security gateway and antivirus products allow remote ...)
- NOTE: not-for-us (general MIME bug with security gateways)
+ NOT-FOR-US: general MIME bug with security gateways
CAN-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
{DSA-445}
CAN-2004-0157 (xonix 1.4 and earlier invokes an external program while running at ...)
@@ -13817,7 +13817,7 @@
CAN-2004-0144
NOTE: reserved
CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...)
- NOTE: not-for-us (Nokia mobile phones)
+ NOT-FOR-US: Nokia mobile phones
CAN-2004-0142
NOTE: reserved
CAN-2004-0141
@@ -13825,41 +13825,41 @@
CAN-2004-0140
NOTE: reserved
CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2004-0138
NOTE: reserved
CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
- NOTE: not-for-us (IRIX init)
+ NOT-FOR-US: IRIX init
CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...)
NOTE: fixed in 2.4.26-pre2
CAN-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...)
- NOTE: not-for-us (phpGedView)
+ NOT-FOR-US: phpGedView
CAN-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...)
- NOTE: not-for-us (phpGedView)
+ NOT-FOR-US: phpGedView
CAN-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...)
- NOTE: not-for-us (FreeBSD jail)
+ NOT-FOR-US: FreeBSD jail
CAN-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...)
- openssl 0.9.7d-1
CAN-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...)
@@ -13888,19 +13888,19 @@
CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
{DSA-448}
CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-0091 (** DISPUTED ** ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...)
{DSA-443}
CAN-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...)
@@ -13915,55 +13915,55 @@
CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
NOTE: turned out not to be vulnerable. See bug #278777
CAN-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...)
- NOTE: not-for-us (EasyDynamicPages)
+ NOT-FOR-US: EasyDynamicPages
CAN-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...)
- NOTE: not-for-us (Accipiter Direct Server 6.0)
+ NOT-FOR-US: Accipiter Direct Server 6.0
CAN-2004-0071 (Directory traversal vulnerability in buildManPage in ...)
- NOTE: not-for-us (PHP Man Page Lookup 1.2.0)
+ NOT-FOR-US: PHP Man Page Lookup 1.2.0
CAN-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...)
- NOTE: not-for-us (HD Soft Windows FTP Server 1.6)
+ NOT-FOR-US: HD Soft Windows FTP Server 1.6
CAN-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...)
- NOTE: not-for-us (phpGedView)
+ NOT-FOR-US: phpGedView
CAN-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...)
- NOTE: not-for-us (phpGedView)
+ NOT-FOR-US: phpGedView
CAN-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...)
- NOTE: not-for-us (phpGedView)
+ NOT-FOR-US: phpGedView
CAN-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...)
- NOTE: not-for-us (SuSE YaST)
+ NOT-FOR-US: SuSE YaST
CAN-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...)
- NOTE: not-for-us (FishCart)
+ NOT-FOR-US: FishCart
CAN-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...)
- NOTE: not-for-us (WWW File Share Pro 2.42)
+ NOT-FOR-US: WWW File Share Pro 2.42
CAN-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...)
- NOTE: not-for-us (WWW File Share Pro 2.42)
+ NOT-FOR-US: WWW File Share Pro 2.42
CAN-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...)
- NOTE: not-for-us (WWW File Share Pro 2.42)
+ NOT-FOR-US: WWW File Share Pro 2.42
CAN-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...)
- NOTE: not-for-us (Antivir)
+ NOT-FOR-US: Antivir
CAN-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...)
{DSA-425}
CAN-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
- NOTE: not-for-us (Nortel Networks products)
+ NOT-FOR-US: Nortel Networks products
CAN-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...)
{DSA-425}
CAN-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
- NOTE: not-for-us (Cisco IOS)
+ NOT-FOR-US: Cisco IOS
CAN-2004-0053 (Multiple content security gateway and antivirus products allow remote ...)
- NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
+ NOT-FOR-US: Multiple security gateways MIME parsing stuff
CAN-2004-0052 (Multiple content security gateway and antivirus products allow remote ...)
- NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
+ NOT-FOR-US: Multiple security gateways MIME parsing stuff
CAN-2004-0051 (Multiple content security gateway and antivirus products allow remote ...)
- NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
+ NOT-FOR-US: Multiple security gateways MIME parsing stuff
CAN-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...)
- NOTE: not-for-us (Verity Ultraseek)
+ NOT-FOR-US: Verity Ultraseek
CAN-2004-0048
NOTE: reserved
CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
{DSA-430}
CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
- NOTE: not-for-us (SnapStream PVS LITE)
+ NOT-FOR-US: SnapStream PVS LITE
CAN-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...)
- NOTE: not-for-us (Yahoo Instant Messenger)
+ NOT-FOR-US: Yahoo Instant Messenger
CAN-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...)
- vsftpd 2.0.1-1
NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
@@ -13971,17 +13971,17 @@
CAN-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...)
{DSA-421}
CAN-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
- NOTE: not-for-us (Check Point Firewall)
+ NOT-FOR-US: Check Point Firewall
CAN-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...)
- NOTE: not-for-us (FistClass Desktop Client)
+ NOT-FOR-US: FistClass Desktop Client
CAN-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-0030 (PHP remote code injection vulnerability in (1) functions.php, (2) ...)
- NOTE: not-for-us (PHPGEDVIEW)
+ NOT-FOR-US: PHPGEDVIEW
CAN-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
- NOTE: not-for-us (Lotus Notes Domino)
+ NOT-FOR-US: Lotus Notes Domino
CAN-2004-0027
NOTE: reserved
CAN-2004-0026
@@ -14026,19 +14026,19 @@
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.26-rc4
CAN-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
- NOTE: not-for-us (FreeBSD netinet)
+ NOT-FOR-US: FreeBSD netinet
CAN-2003-1565
NOTE: rejected
CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1047
NOTE: rejected
CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
@@ -14052,51 +14052,51 @@
CAN-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...)
- bugzilla 2.16.4-1
CAN-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...)
NOTE: linux kernel kmod local DoS, fixed in all current kernels
CAN-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...)
- NOTE: not-for-us (Pi3Web not in debian)
+ NOT-FOR-US: Pi3Web not in debian
CAN-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...)
- NOTE: not-for-us (VBulletin)
+ NOT-FOR-US: VBulletin
CAN-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...)
- NOTE: not-for-us (Dameware)
+ NOT-FOR-US: Dameware
CAN-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...)
{DSA-425}
CAN-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...)
- NOTE: not-for-us (solaris)
+ NOT-FOR-US: solaris
CAN-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
{DSA-424}
CAN-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
- irssi-text 0.8.9-0.1
CAN-2003-1019
NOTE: reserved
CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
- flashplugin-nonfree 7.0.25-1
CAN-2003-1016 (Multiple content security gateway and antivirus products allow remote ...)
@@ -14114,38 +14114,38 @@
{DSA-407}
- ethereal 0.10.0-1
CAN-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...)
- xchat 2.0.7
NOTE: apparently only DOS
CAN-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-0998 (Unknown "potential system security vulnerability" in Computer ...)
- NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
+ NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CAN-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer ...)
- NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
+ NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CAN-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...)
- mailman 2.1.3
CAN-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
@@ -14162,25 +14162,25 @@
CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
NOTE: fixed in 2.4.24-rc1
CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
- NOTE: not-for-us (Cisco Unity on IBM servers)
+ NOT-FOR-US: Cisco Unity on IBM servers
CAN-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...)
- NOTE: not-for-us (visitorbook.pl)
+ NOT-FOR-US: visitorbook.pl
CAN-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...)
- NOTE: not-for-us (visitorbook.pl)
+ NOT-FOR-US: visitorbook.pl
CAN-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...)
- NOTE: not-for-us (visitorbook.pl)
+ NOT-FOR-US: visitorbook.pl
CAN-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...)
- NOTE: not-for-us (gpgkeys_hkp)
+ NOT-FOR-US: gpgkeys_hkp
CAN-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...)
- cvs 1:1.11.10
CAN-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
- NOTE: not-for-us (netware)
+ NOT-FOR-US: netware
CAN-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...)
NOTE: nor-for-us (MacOS)
CAN-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...)
- NOTE: not-for-us (Applied Watch Command Center)
+ NOT-FOR-US: Applied Watch Command Center
CAN-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...)
{DSA-452}
CAN-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...)
@@ -14189,14 +14189,14 @@
CAN-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...)
{DSA-429}
CAN-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...)
- NOTE: not-for-us (Sun Fire B1600)
+ NOT-FOR-US: Sun Fire B1600
CAN-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...)
NOTE: freeradius module in question is not built in debian package
NOTE: buffer overflow apparently fixed in freeradius 1.0.1
CAN-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...)
- freeradius 0.9.2-4
CAN-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) ...)
- NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
+ NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CAN-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...)
{DSA-436}
CAN-2003-0964
@@ -14210,7 +14210,7 @@
NOTE: do_brk hole
NOTE: fixed in 2.4.23-pre7
CAN-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
- NOTE: not-for-us (OpenCA)
+ NOT-FOR-US: OpenCA
CAN-2003-0959
NOTE: reserved
CAN-2003-0958
@@ -14220,17 +14220,17 @@
CAN-2003-0956
NOTE: reserved
CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
- NOTE: not-for-us (rcp)
+ NOT-FOR-US: rcp
CAN-2003-0953
NOTE: reserved
CAN-2003-0952
NOTE: reserved
CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
- NOTE: not-for-us (PeopleSoft PeopleTools)
+ NOT-FOR-US: PeopleSoft PeopleTools
CAN-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...)
{DSA-405}
CAN-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...)
@@ -14240,41 +14240,41 @@
CAN-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...)
- clamav 0.65
CAN-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...)
- NOTE: not-for-us (SAP database server (SAP DB))
+ NOT-FOR-US: SAP database server (SAP DB)
CAN-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...)
- NOTE: not-for-us (SAP database server (SAP DB))
+ NOT-FOR-US: SAP database server (SAP DB)
CAN-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...)
- NOTE: not-for-us (UnixWare)
+ NOT-FOR-US: UnixWare
CAN-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...)
- NOTE: not-for-us (PCAnywhere)
+ NOT-FOR-US: PCAnywhere
CAN-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...)
- net-snmp 5.0.9
CAN-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...)
- NOTE: not-for-us (Symbol Access Portable Data Terminal)
+ NOT-FOR-US: Symbol Access Portable Data Terminal
CAN-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...)
{DSA-398}
CAN-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...)
{DSA-400}
CAN-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...)
- NOTE: not-for-us (Sygate Enforcer)
+ NOT-FOR-US: Sygate Enforcer
CAN-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...)
- NOTE: not-for-us (Clearswift MAILsweeper)
+ NOT-FOR-US: Clearswift MAILsweeper
CAN-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
- NOTE: not-for-us (Clearswift MAILsweeper)
+ NOT-FOR-US: Clearswift MAILsweeper
CAN-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
- NOTE: not-for-us (Clearswift MAILsweeper)
+ NOT-FOR-US: Clearswift MAILsweeper
CAN-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...)
{DSA-407}
- ethereal 0.9.16-0.1
@@ -14305,23 +14305,23 @@
CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...)
{DSA-409}
CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0912
NOTE: reserved
CAN-2003-0911
NOTE: reserved
CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...)
{DSA-402}
CAN-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...)
@@ -14331,15 +14331,15 @@
CAN-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...)
{DSA-396}
CAN-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...)
- NOTE: not-for-us (Sun/Java)
+ NOT-FOR-US: Sun/Java
CAN-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2003-0893
NOTE: reserved
CAN-2003-0892
@@ -14361,21 +14361,21 @@
CAN-2003-0884
NOTE: reserved
CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0879
NOTE: rejected
CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...)
NOTE: source package only
NOTE: openslp: slpd.all_init symlink vuln
@@ -14383,15 +14383,15 @@
NOTE: source package still distributes the file, however.
- openslp 1.0.11a-1
CAN-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...)
- NOTE: not-for-us (Deskpro)
+ NOT-FOR-US: Deskpro
CAN-2003-0873
NOTE: reserved
CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2003-0869
NOTE: reserved
CAN-2003-0868
@@ -14444,11 +14444,11 @@
{DSA-428}
- slocate 2.7-3
CAN-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...)
- NOTE: not-for-us (SuSE)
+ NOT-FOR-US: SuSE
CAN-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...)
- NOTE: not-for-us (SuSE)
+ NOT-FOR-US: SuSE
CAN-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
- NOTE: not-for-us (JBoss)
+ NOT-FOR-US: JBoss
CAN-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
@@ -14459,21 +14459,21 @@
NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
CAN-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...)
- NOTE: not-for-us (Peoplesoft)
+ NOT-FOR-US: Peoplesoft
CAN-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
- NOTE: not-for-us (CDE)
+ NOT-FOR-US: CDE
CAN-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
{DSA-392}
- webfs 1.20
@@ -14491,59 +14491,59 @@
{DSA-391}
- freesweep 0.88-4.1
CAN-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...)
{DSA-717-1}
- lsh-server 1.4.2-6
CAN-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0811
NOTE: reserved
CAN-2003-0810
NOTE: reserved
CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0808
NOTE: reserved
CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...)
{DSA-387}
NOTE: gopherd not in testing or unstable (deprecated)
CAN-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...)
- NOTE: not-for-us (BSD)
+ NOT-FOR-US: BSD
CAN-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
- NOTE: not-for-us (Nokia)
+ NOT-FOR-US: Nokia
CAN-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
- NOTE: not-for-us (Nokia)
+ NOT-FOR-US: Nokia
CAN-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...)
- NOTE: not-for-us (Nokia)
+ NOT-FOR-US: Nokia
CAN-2003-0800
NOTE: reserved
CAN-2003-0799
@@ -14551,9 +14551,9 @@
CAN-2003-0798
NOTE: reserved
CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...)
{DSA-415}
CAN-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...)
@@ -14577,7 +14577,7 @@
CAN-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...)
{DSA-389}
CAN-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
- NOTE: not-for-us (IBM TSM)
+ NOT-FOR-US: IBM TSM
CAN-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...)
{DSA-385}
CAN-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...)
@@ -14601,132 +14601,132 @@
CAN-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
{DSA-379}
CAN-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...)
- NOTE: not-for-us (WS_FTP server)
+ NOT-FOR-US: WS_FTP server
CAN-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...)
- libapache-gallery-perl 0.7
CAN-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...)
- NOTE: not-for-us (IkonBoard not in Debian)
+ NOT-FOR-US: IkonBoard
CAN-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...)
- NOTE: not-for-us (ICQ Web Front)
+ NOT-FOR-US: ICQ Web Front
CAN-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...)
- NOTE: not-for-us (RogerWilco not in Debian)
+ NOT-FOR-US: RogerWilco
CAN-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...)
- NOTE: not-for-us (ftp desktop (windows))
+ NOT-FOR-US: ftp desktop (windows)
CAN-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...)
- NOTE: not-for-us (winamp)
+ NOT-FOR-US: winamp
CAN-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...)
- NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian)
+ NOT-FOR-US: Escapade Scripting Engine (ESP
CAN-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...)
- NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian)
+ NOT-FOR-US: Escapade Scripting Engine (ESP
CAN-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...)
- NOTE: not-for-us (foxweb)
+ NOT-FOR-US: foxweb
CAN-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...)
- asterisk 0.5.0
CAN-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (optisoft blubster)
+ NOT-FOR-US: optisoft blubster
CAN-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...)
- NOTE: not-for-us (check point firewall)
+ NOT-FOR-US: check point firewall
CAN-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...)
- NOTE: not-for-us (sitebuilder not in Debian)
+ NOT-FOR-US: sitebuilder
CAN-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...)
- NOTE: not-for-us (gtkftpd not in Debian)
+ NOT-FOR-US: gtkftpd
CAN-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
- NOTE: not-for-us (newsPHP not in Debian)
+ NOT-FOR-US: newsPHP
CAN-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...)
- NOTE: not-for-us (newsPHP not in Debian)
+ NOT-FOR-US: newsPHP
CAN-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...)
- NOTE: not-for-us (AttilaPHP not in Debian)
+ NOT-FOR-US: AttilaPHP
CAN-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...)
- NOTE: not-for-us (PY-Membres not in Debian)
+ NOT-FOR-US: PY-Membres
CAN-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...)
- NOTE: not-for-us (PY-Membres not in Debian)
+ NOT-FOR-US: PY-Membres
CAN-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...)
- NOTE: not-for-us (Distributed Computing Environment (DCE) not in Deb)
+ NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb
CAN-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...)
- NOTE: not-for-us (castlerock SNMPc)
+ NOT-FOR-US: castlerock SNMPc
CAN-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...)
- leafnode 1.9.42
CAN-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
{DSA-376}
- exim 3.36-8
CAN-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2003-0741
NOTE: reserved
CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
- stunnel 2:3.26
- stunnel4 2:4.04
CAN-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...)
- NOTE: not-for-us (VMware)
+ NOT-FOR-US: VMware
CAN-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
- NOTE: not-for-us (phpWebSite not in Debian)
+ NOT-FOR-US: phpWebSite
CAN-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
- NOTE: not-for-us (phpWebSite not in Debian)
+ NOT-FOR-US: phpWebSite
CAN-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...)
- NOTE: not-for-us (phpWebSite not in Debian)
+ NOT-FOR-US: phpWebSite
CAN-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
- NOTE: not-for-us (phpWebSite not in Debian)
+ NOT-FOR-US: phpWebSite
CAN-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...)
- libpam-ldap 164-1
- libnss-ldap 207-1
CAN-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...)
- NOTE: not-for-us (BEA weblogic)
+ NOT-FOR-US: BEA weblogic
CAN-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...)
{DSA-380}
CAN-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...)
- NOTE: not-for-us (tellurian tftpdNT)
+ NOT-FOR-US: tellurian tftpdNT
CAN-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...)
- horde2 2.2.4
CAN-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...)
- NOTE: not-for-us (RealOne player)
+ NOT-FOR-US: RealOne player
CAN-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...)
- NOTE: not-for-us (Real Networks Server / Helix Server)
+ NOT-FOR-US: Real Networks Server / Helix Server
CAN-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...)
- gkrellmd 2.1.14
CAN-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
- NOTE: not-for-us (solaris)
+ NOT-FOR-US: solaris
CAN-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...)
- pine 4.58
CAN-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...)
- pine 4.58
CAN-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0716
NOTE: reserved
CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0713
NOTE: reserved
CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...)
- NOTE: not-for-us (pchealth for windows)
+ NOT-FOR-US: pchealth for windows
CAN-2003-0710
NOTE: reserved
CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...)
@@ -14740,13 +14740,13 @@
CAN-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...)
{DSA-378}
CAN-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...)
- NOTE: not-for-us (KisMAC for Mac OS X)
+ NOT-FOR-US: KisMAC for Mac OS X
CAN-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...)
- NOTE: not-for-us (KisMAC for Mac OS X)
+ NOT-FOR-US: KisMAC for Mac OS X
CAN-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...)
NOTE: fixed in 2.4.22-pre3
CAN-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...)
@@ -14755,9 +14755,9 @@
NOTE: rejected
NOTE: see CAN-2003-0743
CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...)
{DSA-383 DSA-382}
CAN-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...)
@@ -14784,52 +14784,52 @@
CAN-2003-0684
NOTE: reserved
CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...)
- NOTE: not-for-us (SGI)
+ NOT-FOR-US: SGI
CAN-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
{DSA-383 DSA-382}
- openssh 1:3.6.1p2-9
CAN-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...)
{DSA-384}
CAN-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0678
NOTE: reserved
CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
- NOTE: not-for-us (Sun iPlanet)
+ NOT-FOR-US: Sun iPlanet
CAN-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...)
{DSA-370}
CAN-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...)
- NOTE: not-for-us (sustworks IPNetSentryX)
+ NOT-FOR-US: sustworks IPNetSentryX
CAN-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...)
- NOTE: not-for-us (sustworks IPNetSentryX)
+ NOT-FOR-US: sustworks IPNetSentryX
CAN-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...)
- NOTE: not-for-us (solaris)
+ NOT-FOR-US: solaris
CAN-2003-0668
NOTE: reserved
CAN-2003-0667
NOTE: reserved
CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...)
- NOTE: not-for-us (docview / caldera)
+ NOT-FOR-US: docview / caldera
CAN-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...)
{DSA-365}
CAN-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...)
@@ -14839,21 +14839,21 @@
CAN-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...)
{DSA-373}
CAN-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...)
{DSA-367}
CAN-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...)
- NOTE: not-for-us (mod_mylo for apache)
+ NOT-FOR-US: mod_mylo for apache
CAN-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...)
- NOTE: not-for-us (gamespy)
+ NOT-FOR-US: gamespy
CAN-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...)
{DSA-368}
CAN-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...)
{DSA-472}
CAN-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...)
- NOTE: not-for-us (ActiveX)
+ NOT-FOR-US: ActiveX
CAN-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...)
{DSA-364}
CAN-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...)
@@ -14862,49 +14862,49 @@
{DSA-358}
NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3)
CAN-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...)
- NOTE: not-for-us (Watchguard / win)
+ NOT-FOR-US: Watchguard / win
CAN-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...)
- NOTE: not-for-us (Watchguard / win)
+ NOT-FOR-US: Watchguard / win
CAN-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...)
- NOTE: not-for-us (novell ichain)
+ NOT-FOR-US: novell ichain
CAN-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...)
- NOTE: not-for-us (novell ichain)
+ NOT-FOR-US: novell ichain
CAN-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...)
- NOTE: not-for-us (novell ichain)
+ NOT-FOR-US: novell ichain
CAN-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...)
- NOTE: not-for-us (novell ichain)
+ NOT-FOR-US: novell ichain
CAN-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...)
- NOTE: not-for-us (novell ichain)
+ NOT-FOR-US: novell ichain
CAN-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...)
- NOTE: not-for-us (VMware)
+ NOT-FOR-US: VMware
CAN-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...)
{DSA-359}
CAN-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...)
- NOTE: not-for-us (peoplesoft)
+ NOT-FOR-US: peoplesoft
CAN-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
- NOTE: not-for-us (peoplesoft)
+ NOT-FOR-US: peoplesoft
CAN-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
- NOTE: not-for-us (peoplesoft)
+ NOT-FOR-US: peoplesoft
CAN-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
- NOTE: not-for-us (peoplesoft)
+ NOT-FOR-US: peoplesoft
CAN-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...)
{DSA-360}
CAN-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
- NOTE: not-for-us (BEA Tuxedo)
+ NOT-FOR-US: BEA Tuxedo
CAN-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
- NOTE: not-for-us (BEA Tuxedo)
+ NOT-FOR-US: BEA Tuxedo
CAN-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
- NOTE: not-for-us (BEA Tuxedo)
+ NOT-FOR-US: BEA Tuxedo
CAN-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...)
{DSA-364}
CAN-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...)
@@ -14915,7 +14915,7 @@
CAN-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
{DSA-362}
CAN-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...)
{DSA-371}
CAN-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...)
@@ -14927,9 +14927,9 @@
CAN-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...)
{DSA-356}
CAN-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-0608
NOTE: reserved
CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...)
@@ -14938,9 +14938,9 @@
{DSA-353}
- sup 1.8-9
CAN-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...)
- bugzilla 2.16.3
NOTE: in 2.17.x : we need at least 2.17.4
@@ -14948,7 +14948,7 @@
- bugzilla 2.16.3
NOTE: in 2.17.x : we need at least 2.17.4
CAN-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0600
NOTE: reserved
CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
@@ -14956,59 +14956,59 @@
CAN-2003-0598
NOTE: rejected
CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...)
- NOTE: not-for-us (Unixware)
+ NOT-FOR-US: Unixware
CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...)
{DSA-352}
- fdclone 2.02a
CAN-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...)
- NOTE: not-for-us (WiTango Application Server and Tango 2000)
+ NOT-FOR-US: WiTango Application Server and Tango 2000
CAN-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...)
NOTE: cannot find reference to it being fixed.
TODO: check
CAN-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...)
- NOTE: not-for-us (opera)
+ NOT-FOR-US: opera
CAN-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...)
{DSA-459}
CAN-2003-0591
NOTE: rejected
CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
- NOTE: not-for-us (Splatt Forum)
+ NOT-FOR-US: Splatt Forum
CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
- NOTE: not-for-us (Digi-ads)
+ NOT-FOR-US: Digi-ads
CAN-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...)
- NOTE: not-for-us (Digi-news)
+ NOT-FOR-US: Digi-news
CAN-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...)
- NOTE: not-for-us (Infopop Ultimate Bulletin Board (UBB))
+ NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB)
CAN-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...)
- NOTE: not-for-us (Brooky eStore)
+ NOT-FOR-US: Brooky eStore
CAN-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...)
- NOTE: not-for-us (Brooky eStore)
+ NOT-FOR-US: Brooky eStore
CAN-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...)
- NOTE: not-for-us (BRU)
+ NOT-FOR-US: BRU
CAN-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...)
- NOTE: not-for-us (BRU)
+ NOT-FOR-US: BRU
CAN-2003-0582
NOTE: rejected
CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
{DSA-360}
CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...)
- NOTE: not-for-us (IBM U2 UniVerse)
+ NOT-FOR-US: IBM U2 UniVerse
CAN-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...)
- NOTE: not-for-us (IBM U2 UniVerse)
+ NOT-FOR-US: IBM U2 UniVerse
CAN-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...)
- NOTE: not-for-us (IBM U2 UniVerse)
+ NOT-FOR-US: IBM U2 UniVerse
CAN-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...)
- mpg123 0.59r-1
CAN-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0571
NOTE: reserved
CAN-2003-0570
@@ -15018,7 +15018,7 @@
CAN-2003-0568
NOTE: reserved
CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0566
NOTE: reserved
CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...)
@@ -15032,25 +15032,25 @@
CAN-2003-0563
NOTE: reserved
CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
- NOTE: not-for-us (IglooFTP)
+ NOT-FOR-US: IglooFTP
CAN-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...)
- NOTE: not-for-us (VP-ASP)
+ NOT-FOR-US: VP-ASP
CAN-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...)
- NOTE: not-for-us (phpforum)
+ NOT-FOR-US: phpforum
CAN-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...)
- NOTE: not-for-us (LeapFTP)
+ NOT-FOR-US: LeapFTP
CAN-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...)
- NOTE: not-for-us (StoreFront)
+ NOT-FOR-US: StoreFront
CAN-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Polycom MGC)
+ NOT-FOR-US: Polycom MGC
CAN-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...)
NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
CAN-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...)
- NOTE: not-for-us (NeoModus Direct Connect)
+ NOT-FOR-US: NeoModus Direct Connect
CAN-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...)
- NOTE: not-for-us (Netscape)
+ NOT-FOR-US: Netscape
CAN-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre3
@@ -15067,7 +15067,7 @@
CAN-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, ...)
- gdm 2.4.1.5
CAN-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...)
- NOTE: not-for-us (up2date)
+ NOT-FOR-US: up2date
CAN-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
{DSA-394 DSA-393}
CAN-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...)
@@ -15096,37 +15096,37 @@
CAN-2003-0534
NOTE: reserved
CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0529
NOTE: reserved
CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0527
NOTE: reserved
CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...)
NOTE: appears specific to the knoppix CD
CAN-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...)
- NOTE: not-for-us (ProductCart)
+ NOT-FOR-US: ProductCart
CAN-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...)
- NOTE: not-for-us (ProductCart)
+ NOT-FOR-US: ProductCart
CAN-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...)
- NOTE: not-for-us (cPanel is not our cpanel)
+ NOT-FOR-US: cPanel is not our cpanel
CAN-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...)
- mgetty 1.1.29
CAN-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...)
@@ -15134,31 +15134,31 @@
CAN-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...)
{DSA-347}
CAN-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...)
- NOTE: not-for-us (Cisco Aironet AP1x00 Series Wireless devices)
+ NOT-FOR-US: Cisco Aironet AP1x00 Series Wireless devices
CAN-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
- NOTE: not-for-us (ezbounce)
+ NOT-FOR-US: ezbounce
CAN-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)
- NOTE: not-for-us (Cyberstrong eShop)
+ NOT-FOR-US: Cyberstrong eShop
CAN-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...)
- NOTE: not-for-us (acroread)
+ NOT-FOR-US: acroread
CAN-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
{DSA-365}
CAN-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...)
- NOTE: not-for-us (Apple Quicktime)
+ NOT-FOR-US: Apple Quicktime
CAN-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre10
@@ -15167,66 +15167,66 @@
CAN-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
{DSA-335}
CAN-2003-0498 (CachÃ© Database 5.x installs the /cachesys/csp directory with insecure ...)
- NOTE: not-for-us (Intersystems Cache database)
+ NOT-FOR-US: Intersystems Cache database
CAN-2003-0497 (CachÃ© Database 5.x installs /cachesys/bin/cache with world-writable ...)
- NOTE: not-for-us (Intersystems Cache database)
+ NOT-FOR-US: Intersystems Cache database
CAN-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...)
- NOTE: not-for-us (lednews; not in debian)
+ NOT-FOR-US: lednews; not in debian
CAN-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...)
- NOTE: not-for-us (snitz forums; not in debian)
+ NOT-FOR-US: snitz forums; not in debian
CAN-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...)
- NOTE: not-for-us (snitz forums; not in debian)
+ NOT-FOR-US: snitz forums; not in debian
CAN-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...)
- NOTE: not-for-us (snitz forums; not in debian)
+ NOT-FOR-US: snitz forums; not in debian
CAN-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
- NOTE: not-for-us (xoop; not in debian)
+ NOT-FOR-US: xoop; not in debian
CAN-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
- NOTE: not-for-us (Dantz Retrospect)
+ NOT-FOR-US: Dantz Retrospect
CAN-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
{DSA-330}
CAN-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
- NOTE: not-for-us (Kerio Mail server)
+ NOT-FOR-US: Kerio Mail server
CAN-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...)
- NOTE: not-for-us (Kerio Mail server)
+ NOT-FOR-US: Kerio Mail server
CAN-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...)
- phpbb2 2.0.6
CAN-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...)
- NOTE: not-for-us (Progress 4GL Compiler)
+ NOT-FOR-US: Progress 4GL Compiler
CAN-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...)
- phpbb2 2.0.6d-3
CAN-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...)
- NOTE: not-for-us (XMB Forum)
+ NOT-FOR-US: XMB Forum
CAN-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...)
- tutos 1.1.20030715-1
CAN-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
- tutos 1.1.20030715-1
CAN-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...)
- NOTE: not-for-us (VMware)
+ NOT-FOR-US: VMware
CAN-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...)
- NOTE: not-for-us (WebBBS; not in debian)
+ NOT-FOR-US: WebBBS; not in debian
CAN-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...)
- NOTE: not-for-us (bahamut and other irc daemons; not in debian)
+ NOT-FOR-US: bahamut and other irc daemons; not in debian
CAN-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...)
- wzdftpd 0.2
CAN-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre4
CAN-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...)
- NOTE: not-for-us (iWeb server)
+ NOT-FOR-US: iWeb server
CAN-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...)
- NOTE: not-for-us (iWeb server)
+ NOT-FOR-US: iWeb server
CAN-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...)
- NOTE: not-for-us (webadmin / win)
+ NOT-FOR-US: webadmin / win
CAN-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka ...)
- NOTE: not-for-us (symantec activex)
+ NOT-FOR-US: symantec activex
CAN-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...)
{DSA-363}
CAN-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...)
@@ -15250,16 +15250,16 @@
CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
{DSA-423 DSA-358}
CAN-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
- NOTE: not-for-us (apache for win and os/2)
+ NOT-FOR-US: apache for win and os/2
CAN-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
{DSA-361}
CAN-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2003-0457
NOTE: reserved
- mysql-dfsg 4.0.21-4
CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...)
- NOTE: not-for-us (visnetic website)
+ NOT-FOR-US: visnetic website
CAN-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...)
{DSA-331}
CAN-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...)
@@ -15273,13 +15273,13 @@
CAN-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...)
{DSA-321}
CAN-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...)
- NOTE: not-for-us (progress database)
+ NOT-FOR-US: progress database
CAN-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...)
- NOTE: not-for-us (portmon; not in debian)
+ NOT-FOR-US: portmon; not in debian
CAN-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...)
{DSA-328}
CAN-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
@@ -15322,81 +15322,81 @@
CAN-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
{DSA-320}
CAN-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
- NOTE: not-for-us (SMC)
+ NOT-FOR-US: SMC
CAN-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
NOTE: only linux 2.0.x
CAN-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...)
- NOTE: not-for-us (Son hServer)
+ NOT-FOR-US: Son hServer
CAN-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
- NOTE: not-for-us (bandmin; not in Debian)
+ NOT-FOR-US: bandmin;
CAN-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...)
- NOTE: not-for-us (Remote PC Access)
+ NOT-FOR-US: Remote PC Access
CAN-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CAN-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CAN-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CAN-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CAN-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...)
- NOTE: not-for-us (AnalogX proxy)
+ NOT-FOR-US: AnalogX proxy
CAN-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...)
- NOTE: not-for-us (BRS WebWeaver)
+ NOT-FOR-US: BRS WebWeaver
CAN-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...)
- NOTE: not-for-us (Uptimes Project upclient; not in Debian)
+ NOT-FOR-US: Uptimes Project upclient;
CAN-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...)
- gbatnav 1.0.4-4
CAN-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...)
- NOTE: not-for-us (PalmVNC)
+ NOT-FOR-US: PalmVNC
CAN-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...)
- NOTE: not-for-us (Vignette)
+ NOT-FOR-US: Vignette
CAN-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...)
- NOTE: not-for-us (Vignette)
+ NOT-FOR-US: Vignette
CAN-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...)
- NOTE: not-for-us (Vignette)
+ NOT-FOR-US: Vignette
CAN-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...)
- NOTE: not-for-us (Vignette)
+ NOT-FOR-US: Vignette
CAN-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...)
- NOTE: not-for-us (Vignette)
+ NOT-FOR-US: Vignette
CAN-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...)
- NOTE: not-for-us (Vignette / AIX)
+ NOT-FOR-US: Vignette / AIX
CAN-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...)
- NOTE: not-for-us (Vignette StoryServer)
+ NOT-FOR-US: Vignette StoryServer
CAN-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...)
- NOTE: not-for-us (Vignette StoryServer)
+ NOT-FOR-US: Vignette StoryServer
CAN-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...)
- NOTE: not-for-us (FastTrack network code (Kazaa))
+ NOT-FOR-US: FastTrack network code (Kazaa)
CAN-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...)
- linux-atm 2.4.1
CAN-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...)
- NOTE: not-for-us (BLNews)
+ NOT-FOR-US: BLNews
CAN-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...)
- NOTE: not-for-us (Privacyware Privatefirewall)
+ NOT-FOR-US: Privacyware Privatefirewall
CAN-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...)
- NOTE: not-for-us (ST FTP Service (DOS))
+ NOT-FOR-US: ST FTP Service (DOS)
CAN-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...)
- NOTE: not-for-us (Magic WinMail Server)
+ NOT-FOR-US: Magic WinMail Server
CAN-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...)
- opt 3.19
CAN-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...)
- NOTE: not-for-us (RSA ACE/Agent)
+ NOT-FOR-US: RSA ACE/Agent
CAN-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...)
NOTE: pam is not vulnerable in default confuguration
NOTE: pam is not vulnerable at all in sarge, according to maintainer
@@ -15416,15 +15416,15 @@
CAN-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...)
{DSA-314}
CAN-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
- NOTE: not-for-us (MaxOS)
+ NOT-FOR-US: MaxOS
CAN-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
- NOTE: not-for-us (MaxOS)
+ NOT-FOR-US: MaxOS
CAN-2003-0377 (SQL injection vulnerability in the web-based administration interface ...)
- NOTE: not-for-us (iisPROTECT)
+ NOT-FOR-US: iisPROTECT
CAN-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
- NOTE: not-for-us (XMBforum aka Partagium))
+ NOT-FOR-US: XMBforum aka Partagium)
CAN-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...)
- nessus 2.0.6
CAN-2003-0373 (Multiple buffer overflows in Nessus before 2.0.6 allow local users ...)
@@ -15432,19 +15432,19 @@
CAN-2003-0372 (Signed integer vulnerability in libnsl in Nessus before 2.0.6 allows ...)
- nessus 2.0.6
CAN-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...)
- NOTE: not-for-us (Prishtina FTP client)
+ NOT-FOR-US: Prishtina FTP client
CAN-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...)
{DSA-361}
CAN-2003-0369
NOTE: reserved
CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...)
- NOTE: not-for-us (Nokia Gateway GPRS)
+ NOT-FOR-US: Nokia Gateway GPRS
CAN-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
{DSA-308}
CAN-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
{DSA-318}
CAN-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full ...)
- NOTE: not-for-us (ICQLite)
+ NOT-FOR-US: ICQLite
CAN-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
{DSA-442 DSA-336 DSA-332 DSA-311}
CAN-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...)
@@ -15464,63 +15464,63 @@
CAN-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...)
{DSA-313}
CAN-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
- gs-gpl 7.07
CAN-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0351
NOTE: rejected
CAN-2003-0350 (The control for listing accessibility options in the Accessibility ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
- NOTE: not-for-us (BlackMoon FTP Server)
+ NOT-FOR-US: BlackMoon FTP Server
CAN-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
- NOTE: not-for-us (BlackMoon FTP Server)
+ NOT-FOR-US: BlackMoon FTP Server
CAN-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...)
- NOTE: not-for-us (Owl Intranet Engine)
+ NOT-FOR-US: Owl Intranet Engine
CAN-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...)
- NOTE: not-for-us (Puresecure)
+ NOT-FOR-US: Puresecure
CAN-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...)
- NOTE: not-for-us (WsMp3)
+ NOT-FOR-US: WsMp3
CAN-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...)
- NOTE: not-for-us (WsMp3)
+ NOT-FOR-US: WsMp3
CAN-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...)
- NOTE: not-for-us (lsadmin)
+ NOT-FOR-US: lsadmin
CAN-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...)
- NOTE: not-for-us (Slaskware specific)
+ NOT-FOR-US: Slaskware specific
CAN-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...)
- ircii-pana 1:1.0-0c19.20030512-1
CAN-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...)
- NOTE: not-for-us (C-Kermit on HP-UX)
+ NOT-FOR-US: C-Kermit on HP-UX
CAN-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...)
- NOTE: not-for-us (BadBlue)
+ NOT-FOR-US: BadBlue
CAN-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...)
- NOTE: not-for-us (ttForum)
+ NOT-FOR-US: ttForum
CAN-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...)
NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
CAN-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...)
- NOTE: not-for-us (CesarFTP)
+ NOT-FOR-US: CesarFTP
CAN-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...)
{DSA-399 DSA-306}
CAN-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...)
- NOTE: not-for-us (Sybase Adaptive Server Enterprise)
+ NOT-FOR-US: Sybase Adaptive Server Enterprise
CAN-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
NOTE: bug does exist in slocate.
NOTE: only impacts security if kernel has been recompiled to allow
@@ -15538,23 +15538,23 @@
CAN-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...)
{DSA-306}
CAN-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...)
- NOTE: not-for-us (ttCMS)
+ NOT-FOR-US: ttCMS
CAN-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...)
- NOTE: not-for-us (SmartMax MailMax)
+ NOT-FOR-US: SmartMax MailMax
CAN-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...)
- NOTE: not-for-us (iisPROTECT)
+ NOT-FOR-US: iisPROTECT
CAN-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...)
- NOTE: not-for-us (Venturi Client)
+ NOT-FOR-US: Venturi Client
CAN-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Snowblind Web Server)
+ NOT-FOR-US: Snowblind Web Server
CAN-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Snowblind Web Server)
+ NOT-FOR-US: Snowblind Web Server
CAN-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
- NOTE: not-for-us (Snowblind Web Server)
+ NOT-FOR-US: Snowblind Web Server
CAN-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
- NOTE: not-for-us (Snowblind Web Server)
+ NOT-FOR-US: Snowblind Web Server
CAN-2003-0311
NOTE: reserved
CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...)
@@ -15562,23 +15562,23 @@
NOTE: and I guess that fix made it into new upstream versions,
NOTE: but I did not check in detail
CAN-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...)
{DSA-305}
CAN-2003-0307 (Poster version.two allows remote authenticated users to gain ...)
- NOTE: not-for-us (Poster version.two)
+ NOT-FOR-US: Poster version.two
CAN-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...)
- NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk)
+ NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CAN-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...)
- NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk)
+ NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CAN-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...)
- NOTE: not-for-us (Microsort)
+ NOT-FOR-US: Microsort
CAN-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...)
NOTE: sylpheed and sylpheed-claws might still be vulnerable
NOTE: but it's only a crasher
@@ -15595,31 +15595,31 @@
CAN-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...)
- evolution 1.3.2
CAN-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...)
- NOTE: not-for-us (php-proxima)
+ NOT-FOR-US: php-proxima
CAN-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...)
- NOTE: not-for-us (PalmOS)
+ NOT-FOR-US: PalmOS
CAN-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...)
- NOTE: not-for-us (Inktomi)
+ NOT-FOR-US: Inktomi
CAN-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...)
- NOTE: not-for-us (3com OfficeConnect Remote 812 ADSL Router)
+ NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router
CAN-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (eServ)
+ NOT-FOR-US: eServ
CAN-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...)
- cdrtools 4:2.0+a14-1
CAN-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP ...)
- NOTE: not-for-us (IP Messenger for Win)
+ NOT-FOR-US: IP Messenger for Win
CAN-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...)
- NOTE: not-for-us (Movable Type)
+ NOT-FOR-US: Movable Type
CAN-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...)
- NOTE: not-for-us (Snitz Forums)
+ NOT-FOR-US: Snitz Forums
CAN-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...)
- NOTE: not-for-us (bad sendmail config on AIX)
+ NOT-FOR-US: bad sendmail config on AIX
CAN-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...)
- NOTE: not-for-us (Adobe Acrobat)
+ NOT-FOR-US: Adobe Acrobat
CAN-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...)
{DSA-344}
CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...)
@@ -15627,53 +15627,53 @@
NOTE: firebird (1) in debian is very insecure and vulnerable, but
NOTE: the server is not included, just the libraries. See bug #251458
CAN-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...)
- NOTE: not-for-us (SMTP Service for ESMTP CMailServer )
+ NOT-FOR-US: SMTP Service for ESMTP CMailServer
CAN-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...)
- NOTE: not-for-us (HappyMail)
+ NOT-FOR-US: HappyMail
CAN-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...)
- NOTE: not-for-us (HappyMail)
+ NOT-FOR-US: HappyMail
CAN-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...)
- NOTE: not-for-us (Pi3Web)
+ NOT-FOR-US: Pi3Web
CAN-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (YaBB SE)
+ NOT-FOR-US: YaBB SE
CAN-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...)
- NOTE: not-for-us (ListProc)
+ NOT-FOR-US: ListProc
CAN-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
NOTE: old version of Request Tracker not in debian.
CAN-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...)
- NOTE: not-for-us (miniPortail)
+ NOT-FOR-US: miniPortail
CAN-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...)
- NOTE: not-for-us (Personal FTP Server)
+ NOT-FOR-US: Personal FTP Server
CAN-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...)
- NOTE: not-for-us (Apple Airport)
+ NOT-FOR-US: Apple Airport
CAN-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...)
- NOTE: not-for-us (youbin)
+ NOT-FOR-US: youbin
CAN-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...)
- NOTE: not-for-us (SLWebMail on Windows)
+ NOT-FOR-US: SLWebMail on Windows
CAN-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...)
- NOTE: not-for-us (SLWebMail on Windows)
+ NOT-FOR-US: SLWebMail on Windows
CAN-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...)
- NOTE: not-for-us (SLWebMail on Windows)
+ NOT-FOR-US: SLWebMail on Windows
CAN-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...)
- NOTE: not-for-us (SDBINST for SAP database)
+ NOT-FOR-US: SDBINST for SAP database
CAN-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...)
- NOTE: not-for-us (SLMail)
+ NOT-FOR-US: SLMail
CAN-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...)
- NOTE: not-for-us (FTGatePro)
+ NOT-FOR-US: FTGatePro
CAN-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
{DSA-299}
CAN-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...)
{DSA-302}
CAN-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...)
- kopete 3.2.0
CAN-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...)
@@ -15702,63 +15702,63 @@
CAN-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
CAN-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...)
- NOTE: not-for-us (Happycgi.com Happymall)
+ NOT-FOR-US: Happycgi.com Happymall
CAN-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...)
- NOTE: not-for-us (FrontRange GoldMine / win)
+ NOT-FOR-US: FrontRange GoldMine / win
CAN-2003-0240 (The web-based administration capability for various Axis Network ...)
- NOTE: not-for-us (Axis Network Camera)
+ NOT-FOR-US: Axis Network Camera
CAN-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...)
- NOTE: not-for-us (Mirabilis ICQ / windows)
+ NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...)
- NOTE: not-for-us (Mirabilis ICQ / windows)
+ NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...)
- NOTE: not-for-us (Mirabilis ICQ / windows)
+ NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...)
- NOTE: not-for-us (Mirabilis ICQ / windows)
+ NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
- NOTE: not-for-us (Mirabilis ICQ / windows)
+ NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0234
NOTE: reserved
CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go gain ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0229
NOTE: reserved
CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...)
- NOTE: not-for-us (HP tru64)
+ NOT-FOR-US: HP tru64
CAN-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...)
- NOTE: not-for-us (Kerio Personal Firewall)
+ NOT-FOR-US: Kerio Personal Firewall
CAN-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
- NOTE: not-for-us (Kerio Personal Firewall)
+ NOT-FOR-US: Kerio Personal Firewall
CAN-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...)
- NOTE: not-for-us (Monkey http daemon; not in debian)
+ NOT-FOR-US: Monkey http daemon; not in debian
CAN-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...)
- NOTE: not-for-us (Neoteris Instant Virtual Extranet)
+ NOT-FOR-US: Neoteris Instant Virtual Extranet
CAN-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...)
- NOTE: not-for-us (bttlxeForum / win)
+ NOT-FOR-US: bttlxeForum / win
CAN-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...)
{DSA-292}
CAN-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...)
@@ -15768,11 +15768,11 @@
CAN-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...)
- xinetd 2.3.11
CAN-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...)
{DSA-297}
CAN-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...)
- NOTE: not-for-us (macromedia flash)
+ NOT-FOR-US: macromedia flash
CAN-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...)
{DSA-286}
CAN-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
@@ -15792,9 +15792,9 @@
CAN-2003-0199
NOTE: reserved
CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...)
- NOTE: not-for-us (Interbase Database)
+ NOT-FOR-US: Interbase Database
CAN-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...)
{DSA-280}
CAN-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
@@ -15825,33 +15825,33 @@
CAN-2003-0182
NOTE: reserved
CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
- NOTE: not-for-us (Lotus Domino Web Server)
+ NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
- NOTE: not-for-us (Lotus Domino Web Server)
+ NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...)
- NOTE: not-for-us (Lotus Domino Web Server)
+ NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...)
- NOTE: not-for-us (Lotus Domino Web Server)
+ NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...)
{DSA-283}
CAN-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...)
NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
CAN-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...)
- NOTE: not-for-us (HP Instant TopTools)
+ NOT-FOR-US: HP Instant TopTools
CAN-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...)
- NOTE: not-for-us (Apple QuickTime Player)
+ NOT-FOR-US: Apple QuickTime Player
CAN-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...)
{DSA-300 DSA-274}
CAN-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...)
@@ -15885,13 +15885,13 @@
CAN-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...)
{DSA-265}
CAN-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
{DSA-303}
CAN-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
- NOTE: not-for-us (McAfee ePolicy Orchestrator)
+ NOT-FOR-US: McAfee ePolicy Orchestrator
CAN-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...)
- NOTE: not-for-us (McAfee ePolicy Orchestrator)
+ NOT-FOR-US: McAfee ePolicy Orchestrator
CAN-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...)
{DSA-288}
CAN-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...)
@@ -15899,9 +15899,9 @@
CAN-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...)
{DSA-275 DSA-267}
CAN-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...)
- NOTE: not-for-us (acroread)
+ NOT-FOR-US: acroread
CAN-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CAN-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...)
{DSA-268}
CAN-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...)
@@ -15909,7 +15909,7 @@
CAN-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...)
{DSA-273 DSA-269 DSA-266}
CAN-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...)
- NOTE: not-for-us (Nokia Serving GPRS support node)
+ NOT-FOR-US: Nokia Serving GPRS support node
CAN-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...)
{DSA-285}
CAN-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...)
@@ -15931,35 +15931,35 @@
CAN-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...)
{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
CAN-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
- NOTE: not-for-us (SOHO Routefinder 550 firmware)
+ NOT-FOR-US: SOHO Routefinder 550 firmware
CAN-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...)
- NOTE: not-for-us (Clearswift MAILsweeper)
+ NOT-FOR-US: Clearswift MAILsweeper
CAN-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-0118 (SQL injection vulnerability in the Document Tracking and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...)
- NOTE: not-for-us (Symantec Enterprise Firewall)
+ NOT-FOR-US: Symantec Enterprise Firewall
CAN-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...)
- NOTE: not-for-us (ServerMask)
+ NOT-FOR-US: ServerMask
CAN-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...)
{DSA-319}
CAN-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...)
@@ -15967,15 +15967,15 @@
CAN-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...)
{DSA-277}
CAN-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-0090
NOTE: rejected
CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
{DSA-262}
CAN-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...)
@@ -15996,7 +15996,7 @@
CAN-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
{DSA-266}
CAN-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...)
- NOTE: not-for-us (HP UX)
+ NOT-FOR-US: HP UX
CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
- krb5 1.2.4
CAN-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...)
@@ -16004,13 +16004,13 @@
CAN-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
{DSA-252}
CAN-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
NOTE: apparently fixed upstream 2002-11-12 changelog
CAN-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...)
- NOTE: not-for-us (commercial ssh clients)
+ NOT-FOR-US: commercial ssh clients
CAN-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...)
- NOTE: not-for-us (commercial ssh clients)
+ NOT-FOR-US: commercial ssh clients
CAN-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
{DSA-246}
CAN-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
@@ -16023,9 +16023,9 @@
CAN-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
{DSA-244}
CAN-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
- NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux)
+ NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CAN-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...)
- NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux)
+ NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CAN-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...)
NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
NOTE: chooser/mtinkc.c's version, which goes into mtinkc
@@ -16033,7 +16033,7 @@
CAN-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
{DSA-228}
CAN-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
- NOTE: not-for-us (Protegrity Secure.Data Extension Feature)
+ NOT-FOR-US: Protegrity Secure.Data Extension Feature
CAN-2003-0029
NOTE: reserved
CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
@@ -16045,9 +16045,9 @@
CAN-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...)
{DSA-633-1}
CAN-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)
- NOTE: not-for-us (Windows Script Engine for JScript)
+ NOT-FOR-US: Windows Script Engine for JScript
CAN-2003-0008
NOTE: reserved
CAN-2003-0006
@@ -16057,7 +16057,7 @@
CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...)
NOTE: mailreader. Affects 2.3.30 and 2.3.31.
NOTE: Sarge uses 2.3.29.
@@ -16068,13 +16068,13 @@
{DSA-215}
- cyrus-imapd 1.5.19-9.10
CAN-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...)
{DSA-437}
- cgiemail 1.6-20
@@ -16100,7 +16100,7 @@
CAN-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...)
- wget 1.8.1-6.1
CAN-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...)
- stunnel4 4.04-1
- stunnel 2:3.24-1
@@ -16108,88 +16108,88 @@
{DSA-396}
- thttpd 2.23beta1-2.3
CAN-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...)
- NOTE: not-for-us (ion-p)
+ NOT-FOR-US: ion-p
CAN-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...)
- NOTE: not-for-us (Webweaver)
+ NOT-FOR-US: Webweaver
CAN-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...)
- NOTE: not-for-us (Coolsoft)
+ NOT-FOR-US: Coolsoft
CAN-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...)
- NOTE: not-for-us (Coolsoft)
+ NOT-FOR-US: Coolsoft
CAN-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...)
- NOTE: not-for-us (SolarWinds)
+ NOT-FOR-US: SolarWinds
CAN-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...)
- NOTE: not-for-us (MDaemon)
+ NOT-FOR-US: MDaemon
CAN-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (Molly)
+ NOT-FOR-US: Molly
CAN-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...)
NOTE: problem in jetty 4.1.0, Debian started with 4.2
CAN-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...)
- NOTE: not-for-us (EMU Webmail)
+ NOT-FOR-US: EMU Webmail
CAN-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...)
- NOTE: not-for-us (EMU Webmail)
+ NOT-FOR-US: EMU Webmail
CAN-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...)
- NOTE: not-for-us (Miniserver)
+ NOT-FOR-US: Miniserver
CAN-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...)
- NOTE: not-for-us (PowerFTP)
+ NOT-FOR-US: PowerFTP
CAN-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...)
- NOTE: not-for-us (Coolforum)
+ NOT-FOR-US: Coolforum
CAN-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...)
- NOTE: not-for-us (BRU)
+ NOT-FOR-US: BRU
CAN-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...)
{DSA-227}
- openldap2 2.0.27-3
CAN-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...)
- NOTE: not-for-us (Unreal)
+ NOT-FOR-US: Unreal
CAN-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...)
NOTE: linuxconf not in unstable or testing
CAN-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...)
- NOTE: not-for-us (webserver-4everyone)
+ NOT-FOR-US: webserver-4everyone
CAN-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...)
NOTE: AFD not in debian
CAN-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...)
- NOTE: not-for-us (FactoSystem)
+ NOT-FOR-US: FactoSystem
CAN-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...)
- NOTE: not-for-us (SWServer)
+ NOT-FOR-US: SWServer
CAN-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...)
- NOTE: not-for-us (Jawmail)
+ NOT-FOR-US: Jawmail
CAN-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...)
- NOTE: not-for-us (PlanetDNS)
+ NOT-FOR-US: PlanetDNS
CAN-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...)
- NOTE: not-for-us (db4web)
+ NOT-FOR-US: db4web
CAN-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...)
- NOTE: not-for-us (db4web)
+ NOT-FOR-US: db4web
CAN-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...)
NOTE: phpGB not in Debian
CAN-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...)
@@ -16197,25 +16197,25 @@
CAN-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...)
NOTE: phpGB not in Debian
CAN-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...)
- NOTE: not-for-us (Shoutcase)
+ NOT-FOR-US: Shoutcase
CAN-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...)
- flashplugin-nonfree 6.0.61.0-1
CAN-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...)
- NOTE: not-for-us (Cafelog)
+ NOT-FOR-US: Cafelog
CAN-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...)
- NOTE: not-for-us (Cafelog)
+ NOT-FOR-US: Cafelog
CAN-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...)
- NOTE: not-for-us (Cafelog)
+ NOT-FOR-US: Cafelog
CAN-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...)
- NOTE: not-for-us (Organic PHP)
+ NOT-FOR-US: Organic PHP
CAN-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (Webshop Manager)
+ NOT-FOR-US: Webshop Manager
CAN-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...)
NOTE: L-Forum not in Debian
CAN-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
@@ -16225,49 +16225,49 @@
CAN-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...)
NOTE: L-Forum not in Debian
CAN-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...)
- NOTE: not-for-us (mIRC)
+ NOT-FOR-US: mIRC
CAN-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...)
- NOTE: not-for-us (OmniHTTPD)
+ NOT-FOR-US: OmniHTTPD
CAN-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...)
- NOTE: not-for-us (MyWebServer)
+ NOT-FOR-US: MyWebServer
CAN-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...)
- NOTE: not-for-us (MyWebServer)
+ NOT-FOR-US: MyWebServer
CAN-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...)
- NOTE: not-for-us (MyWebServer)
+ NOT-FOR-US: MyWebServer
CAN-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...)
NOTE: Blazix not in Debian
CAN-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...)
- NOTE: not-for-us (IBM UniVerse)
+ NOT-FOR-US: IBM UniVerse
CAN-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...)
NOTE: eUpload not in Debian
CAN-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...)
NOTE: CERN HTTPD not in Debian
CAN-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...)
- NOTE: not-for-us (Google Toolbar)
+ NOT-FOR-US: Google Toolbar
CAN-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
- NOTE: not-for-us (Google Toolbar)
+ NOT-FOR-US: Google Toolbar
CAN-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...)
- NOTE: not-for-us (Tomahawk)
+ NOT-FOR-US: Tomahawk
CAN-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that ...)
- NOTE: not-for-us (Gateway)
+ NOT-FOR-US: Gateway
CAN-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...)
- NOTE: not-for-us (Belkin)
+ NOT-FOR-US: Belkin
CAN-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...)
- NOTE: not-for-us (ShoutBox)
+ NOT-FOR-US: ShoutBox
CAN-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...)
NOTE: dotproject not in Debian
CAN-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...)
NOTE: Easy Homepage Creator not in Debian
CAN-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...)
NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
NOTE: is version 2.5.x
@@ -16278,19 +16278,19 @@
NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
NOTE: is version 2.5.x
CAN-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...)
- NOTE: not-for-us (Webeasymail)
+ NOT-FOR-US: Webeasymail
CAN-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...)
- NOTE: not-for-us (Webeasymail)
+ NOT-FOR-US: Webeasymail
CAN-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...)
- NOTE: not-for-us (Duma)
+ NOT-FOR-US: Duma
CAN-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...)
- NOTE: not-for-us (East Guestbook)
+ NOT-FOR-US: East Guestbook
CAN-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...)
- NOTE: not-for-us (HP Openview)
+ NOT-FOR-US: HP Openview
CAN-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1404
NOTE: rejected
CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...)
@@ -16351,13 +16351,13 @@
CAN-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...)
- ethereal 0.9.8-1
CAN-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...)
- NOTE: not-for-us (TYPSoft FTP Server)
+ NOT-FOR-US: TYPSoft FTP Server
CAN-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...)
- NOTE: not-for-us (LocalWEB2000 HTTP server)
+ NOT-FOR-US: LocalWEB2000 HTTP server
CAN-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...)
- NOTE: not-for-us (CartMan)
+ NOT-FOR-US: CartMan
CAN-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...)
- NOTE: not-for-us (Melange Chat System)
+ NOT-FOR-US: Melange Chat System
CAN-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...)
- libsasl2 2.1.10-1
CAN-2002-1346
@@ -16377,16 +16377,16 @@
{DSA-220}
- squirrelmail 1:1.3.2-2
CAN-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in ...)
- NOTE: not-for-us (Office Web Components)
+ NOT-FOR-US: Office Web Components
CAN-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web ...)
- NOTE: not-for-us (Office Web Components)
+ NOT-FOR-US: Office Web Components
CAN-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...)
- NOTE: not-for-us (Office Web Components)
+ NOT-FOR-US: Office Web Components
CAN-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...)
{DSA-251 DSA-250 DSA-249}
- w3mmee 0.3.p24.17-3
CAN-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...)
- NOTE: not-for-us (BizDesign)
+ NOT-FOR-US: BizDesign
CAN-2002-1333
NOTE: reserved
CAN-2002-1332
@@ -16404,21 +16404,21 @@
CAN-2002-1324
NOTE: reserved
CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...)
- NOTE: not-for-us (ClearCase)
+ NOT-FOR-US: ClearCase
CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...)
NOTE: Realplayer not in Sarge
CAN-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...)
- NOTE: not-for-us (iPlanet)
+ NOT-FOR-US: iPlanet
CAN-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...)
- NOTE: not-for-us (iPlanet)
+ NOT-FOR-US: iPlanet
CAN-2002-1314
NOTE: reserved
CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...)
- NOTE: not-for-us (Linksys)
+ NOT-FOR-US: Linksys
CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
- NOTE: not-for-us (Macromedia)
+ NOT-FOR-US: Macromedia
CAN-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
- NOTE: not-for-us (Macromedia)
+ NOT-FOR-US: Macromedia
CAN-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...)
{DSA-214}
- kdenetwork 2.2.2-14.20
@@ -16441,35 +16441,35 @@
CAN-2002-1297
NOTE: reserved
CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...)
- NOTE: not-for-us (SuSE-specific lprfilter package)
+ NOT-FOR-US: SuSE-specific lprfilter package
CAN-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...)
- NOTE: not-for-us (Novell iManager (eMFrame))
+ NOT-FOR-US: Novell iManager (eMFrame)
CAN-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...)
{DSA-204}
CAN-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
{DSA-204}
CAN-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...)
- NOTE: not-for-us (RealSecure Event Collector)
+ NOT-FOR-US: RealSecure Event Collector
CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
{DSA-194}
CAN-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...)
@@ -16481,19 +16481,19 @@
CAN-2002-1273
NOTE: reserved
CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2002-1263
NOTE: rejected
CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1261
NOTE: rejected
CAN-2002-1259
NOTE: rejected
CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1249
NOTE: reserved
CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
@@ -16507,7 +16507,7 @@
CAN-2002-1240
NOTE: reserved
CAN-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...)
- NOTE: not-for-us (Peter Sandvik's Simple Web Server)
+ NOT-FOR-US: Peter Sandvik's Simple Web Server
CAN-2002-1237
NOTE: reserved
CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
@@ -16517,9 +16517,9 @@
CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
{DSA-195 DSA-188 DSA-187}
CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
- NOTE: not-for-us (Avaya Cajun switches)
+ NOT-FOR-US: Avaya Cajun switches
CAN-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...)
{DSA-178}
CAN-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...)
@@ -16527,19 +16527,19 @@
CAN-2002-1218
NOTE: reserved
CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...)
- tar 1.13.25
CAN-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...)
{DSA-174}
CAN-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...)
- NOTE: not-for-us (RadioBird Software WebServer 4 Everyone)
+ NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CAN-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...)
- NOTE: not-for-us (RadioBird Software WebServer 4 Everyone)
+ NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CAN-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...)
- NOTE: not-for-us (SolarWinds TFTP Server)
+ NOT-FOR-US: SolarWinds TFTP Server
CAN-2002-1208
NOTE: reserved
CAN-2002-1207
@@ -16549,27 +16549,27 @@
CAN-2002-1205
NOTE: reserved
CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...)
- NOTE: not-for-us (Netscape Communicator 4.x)
+ NOT-FOR-US: Netscape Communicator 4.x
CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...)
- NOTE: not-for-us (IBM SecureWay Firewall)
+ NOT-FOR-US: IBM SecureWay Firewall
CAN-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...)
- NOTE: not-for-us (Sabre Desktop)
+ NOT-FOR-US: Sabre Desktop
CAN-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...)
- NOTE: not-for-us (Cisco IOS)
+ NOT-FOR-US: Cisco IOS
CAN-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- NOTE: not-for-us (Microsoft IIS)
+ NOT-FOR-US: Microsoft IIS
CAN-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...)
{DSA-171}
CAN-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
@@ -16581,9 +16581,9 @@
CAN-2002-1171
NOTE: reserved
CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
- NOTE: not-for-us (IBM Websphere)
+ NOT-FOR-US: IBM Websphere
CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
- NOTE: not-for-us (IBM Websphere)
+ NOT-FOR-US: IBM Websphere
CAN-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...)
NOTE: wn not in Debian testing
CAN-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...)
@@ -16595,33 +16595,33 @@
NOTE: assuming the current unstable/testing version is ok then..
- kon2 0.3.9b-18
CAN-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...)
- NOTE: not-for-us (Microsoft Netmeeting)
+ NOT-FOR-US: Microsoft Netmeeting
CAN-2002-1149 (The installation procedure for Invision Board suggests that users ...)
- NOTE: not-for-us (Invision Board)
+ NOT-FOR-US: Invision Board
CAN-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...)
- NOTE: not-for-us (Microsoft SQL)
+ NOT-FOR-US: Microsoft SQL
CAN-2002-1144
NOTE: reserved
CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...)
- NOTE: not-for-us (Microsoft Word & Excel)
+ NOT-FOR-US: Microsoft Word & Excel
CAN-2002-1136
NOTE: reserved
CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...)
- NOTE: not-for-us (Dino's Webserver)
+ NOT-FOR-US: Dino's Webserver
CAN-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...)
{DSA-191}
CAN-2002-1130
NOTE: reserved
CAN-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...)
{DSA-166}
CAN-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...)
@@ -16629,7 +16629,7 @@
NOTE: messages.
TODO: check Debian mailscanners, if any.
CAN-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...)
- NOTE: not-for-us (Savant Web Server)
+ NOT-FOR-US: Savant Web Server
CAN-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...)
{DSA-161}
CAN-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...)
@@ -16637,333 +16637,333 @@
CAN-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...)
{DSA-153}
CAN-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...)
- libesmtp5 0.8.11-1
CAN-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...)
- NOTE: not-for-us (Abyss)
+ NOT-FOR-US: Abyss
CAN-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...)
- NOTE: not-for-us (Abyss)
+ NOT-FOR-US: Abyss
CAN-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...)
- NOTE: not-for-us (IPSwitch)
+ NOT-FOR-US: IPSwitch
CAN-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...)
- NOTE: not-for-us (Pegasus)
+ NOT-FOR-US: Pegasus
CAN-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...)
- NOTE: not-for-us (MERCUR Mailserver)
+ NOT-FOR-US: MERCUR Mailserver
CAN-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...)
- NOTE: not-for-us (ZyXEL)
+ NOT-FOR-US: ZyXEL
CAN-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (ZyXEL)
+ NOT-FOR-US: ZyXEL
CAN-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...)
- phpwiki 1.3.4-1
CAN-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...)
{DSA-157}
CAN-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...)
{DSA-165}
CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...)
- NOTE: not-for-us (Microsoft Windows specific)
+ NOT-FOR-US: Microsoft Windows specific
CAN-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...)
- NOTE: not-for-us (YaBB not in Debian)
+ NOT-FOR-US: YaBB
CAN-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0943 (MetaCart2.sql stores the user database under the web document root ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...)
- NOTE: not-for-us (JRun not in Debian)
+ NOT-FOR-US: JRun
CAN-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...)
- tomcat 3.2.3-1
CAN-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...)
- NOTE: not-for-us (MyHelpDesk not in Debian)
+ NOT-FOR-US: MyHelpDesk
CAN-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...)
- NOTE: not-for-us (MyHelpDesk not in Debian)
+ NOT-FOR-US: MyHelpDesk
CAN-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...)
- NOTE: not-for-us (Netware)
+ NOT-FOR-US: Netware
CAN-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...)
- NOTE: not-for-us (Netware)
+ NOT-FOR-US: Netware
CAN-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...)
- NOTE: not-for-us (pirch not in Debian)
+ NOT-FOR-US: pirch
CAN-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...)
- NOTE: not-for-us (webMathematica not in Debian)
+ NOT-FOR-US: webMathematica
CAN-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...)
- NOTE: not-for-us (mmftpd not in Debian anymore)
+ NOT-FOR-US: mmftpd not in Debian anymore
CAN-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...)
- NOTE: not-for-us (Xandros specific)
+ NOT-FOR-US: Xandros specific
CAN-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...)
- NOTE: not-for-us (Slurp NNTP not in Debian)
+ NOT-FOR-US: Slurp NNTP
CAN-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...)
NOTE: DSA-129
CAN-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...)
- NOTE: not-for-us (netstd not in Debian anymore)
+ NOT-FOR-US: netstd not in Debian anymore
CAN-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...)
- NOTE: not-for-us (mnews not in Debian)
+ NOT-FOR-US: mnews
CAN-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...)
- NOTE: not-for-us (SHOUTcast not in Debian)
+ NOT-FOR-US: SHOUTcast
CAN-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...)
- NOTE: not-for-us (Informix)
+ NOT-FOR-US: Informix
CAN-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...)
- NOTE: not-for-us (wbboard not in Debian)
+ NOT-FOR-US: wbboard
CAN-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...)
- phpbb2 2.0.6c-1
CAN-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...)
- amanda 2.4.0b6-1
CAN-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...)
- NOTE: not-for-us (Falcon not in Debian)
+ NOT-FOR-US: Falcon
CAN-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...)
- swatch 3.0.4-1
CAN-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...)
- NOTE: not-for-us (3com)
+ NOT-FOR-US: 3com
CAN-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...)
- NOTE: not-for-us (Compaq)
+ NOT-FOR-US: Compaq
CAN-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...)
- NOTE: not-for-us (CFXImage not in Debian)
+ NOT-FOR-US: CFXImage
CAN-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...)
- NOTE: not-for-us (LogiSense not in Debian)
+ NOT-FOR-US: LogiSense
CAN-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...)
- NOTE: not-for-us (Shambala)
+ NOT-FOR-US: Shambala
CAN-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...)
- NOTE: not-for-us (Shambala)
+ NOT-FOR-US: Shambala
CAN-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...)
{DSA-150}
CAN-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...)
- NOTE: not-for-us (IIS)
+ NOT-FOR-US: IIS
CAN-2002-0868
NOTE: reserved
CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...)
{DSA-147}
CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...)
- NOTE: not-for-us (SuSE specific)
+ NOT-FOR-US: SuSE specific
CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...)
- NOTE: not-for-us (iSCSI not in Debian)
+ NOT-FOR-US: iSCSI
CAN-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
@@ -16979,13 +16979,13 @@
CAN-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...)
{DSA-162}
CAN-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...)
- NOTE: not-for-us (Internet Explorer)
+ NOT-FOR-US: Internet Explorer
CAN-2002-0828
NOTE: rejected
CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
- NOTE: not-for-us (UnixWare)
+ NOT-FOR-US: UnixWare
CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...)
- libnss-ldap 199-1
CAN-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...)
@@ -16993,13 +16993,13 @@
CAN-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...)
- ethereal 0.9.4-1woody1
CAN-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...)
- NOTE: not-for-us (artscontrol not suid root)
+ NOT-FOR-US: artscontrol not suid root
CAN-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) ...)
- mozilla 2:1.0.0-1
CAN-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...)
NOTE: bugzilla 2.16.0-2.1
CAN-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...)
@@ -17007,57 +17007,57 @@
CAN-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...)
NOTE: bugzilla 2.16.0-2.1
CAN-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...)
- viewcvs 0.9.2-5
CAN-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...)
- NOTE: not-for-us (Quake server)
+ NOT-FOR-US: Quake server
CAN-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...)
- NOTE: not-for-us (simpleinit not in Debian)
+ NOT-FOR-US: simpleinit
CAN-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...)
- NOTE: not-for-us (Phorum not in Debian)
+ NOT-FOR-US: Phorum
CAN-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...)
- webmin 0.980-1
- usermin 0.910-1
@@ -17065,49 +17065,49 @@
- webmin 0.980-1
- usermin 0.910-1
CAN-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...)
- NOTE: not-for-us (Talentsoft not in Debian)
+ NOT-FOR-US: Talentsoft
CAN-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...)
- NOTE: not-for-us (CGIscript.net not in Debian)
+ NOT-FOR-US: CGIscript.net
CAN-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...)
- NOTE: not-for-us (CGIscript.net not in Debian)
+ NOT-FOR-US: CGIscript.net
CAN-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...)
- NOTE: not-for-us (CGIscript.net not in Debian)
+ NOT-FOR-US: CGIscript.net
CAN-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...)
- NOTE: not-for-us (CGIscript.net not in Debian)
+ NOT-FOR-US: CGIscript.net
CAN-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...)
- slrn 0.9.6.2-9
CAN-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...)
- NOTE: not-for-us (PostCalendat not in Debian)
+ NOT-FOR-US: PostCalendat
CAN-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...)
- NOTE: not-for-us (only potato was vulnerable)
+ NOT-FOR-US: only potato was vulnerable
CAN-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...)
- NOTE: not-for-us (MyGuestbook)
+ NOT-FOR-US: MyGuestbook
CAN-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...)
- NOTE: not-for-us (vqServer)
+ NOT-FOR-US: vqServer
CAN-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...)
- NOTE: not-for-us (guestbook)
+ NOT-FOR-US: guestbook
CAN-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...)
{DSA-140}
CAN-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...)
- NOTE: not-for-us (internet explorer)
+ NOT-FOR-US: internet explorer
CAN-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...)
- NOTE: not-for-us (Microsoft SQL Server)
+ NOT-FOR-US: Microsoft SQL Server
CAN-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...)
- php4 4:4.2.2-1
CAN-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...)
@@ -17115,53 +17115,53 @@
CAN-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...)
- squid 2.4.6-2
CAN-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...)
- NOTE: not-for-us (EASM not in Debian)
+ NOT-FOR-US: EASM
CAN-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...)
- dhcp3 3.0+3.0.1rc9-1
CAN-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2002-0689
NOTE: reserved
CAN-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
- glibc 2.2.5-8
CAN-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...)
{DSA-201}
CAN-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...)
- NOTE: not-for-us (ZMerge not in Debian)
+ NOT-FOR-US: ZMerge
CAN-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...)
- apache2 2.0.40
CAN-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
More information about the Secure-testing-commits
mailing list