[Secure-testing-commits] r5357 - data/CVE
Alec Berryman
alec-guest at alioth.debian.org
Sat Jan 27 21:00:43 CET 2007
Author: alec-guest
Date: 2007-01-27 21:00:39 +0100 (Sat, 27 Jan 2007)
New Revision: 5357
Modified:
data/CVE/list
Log:
CVE-2007-0227: slocate
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-27 14:17:43 UTC (rev 5356)
+++ data/CVE/list 2007-01-27 20:00:39 UTC (rev 5357)
@@ -415,7 +415,7 @@
CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...)
NOT-FOR-US: FreeWebshop
CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...)
- NOT-FOR-US: OWA
+ NOT-FOR-US: OWA
CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial ...)
NOT-FOR-US: Twilight Webserver
CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
@@ -508,8 +508,8 @@
CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...)
- xine-ui 0.99.4+dfsg+cvs20061111-2 (unimportant; bug #407369)
NOTE: My understanding is that this CVE is bogus.
- NOTE: I failed to see where the format string vulnerability is, I have report
- NOTE: a bug in case I have missed something.
+ NOTE: I failed to see where the format string vulnerability is, I have report
+ NOTE: a bug in case I have missed something.
CVE-2007-0253 (** DISPUTED ** ...)
- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
NOTE: See CVE-2007-0257
@@ -566,11 +566,17 @@
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...)
NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...)
- TODO: check
+ - slocate <unfixed> (unimportant)
+ NOTE: slocate will allow users to find files in directories with the
+ NOTE: executable bit set but without the readable bit set - files the
+ NOTE: user can access if the user knows the exact path but couldn't
+ NOTE: otherwise find. I'm not convinced this is an issue - the executable
+ NOTE: bit means "searchable" for directories - but the original argument
+ NOTE: is plausible.
CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...)
NOT-FOR-US: uniForum
CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in ...)
- NOT-FOR-US: Shopping Cart
+ NOT-FOR-US: Shopping Cart
CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP ...)
NOT-FOR-US: Shopping Cart
CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...)
@@ -768,15 +774,15 @@
CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure ...)
NOT-FOR-US: Mac OS X
CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...)
- NOT-FOR-US: HP all-in-one drivers
+ NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
- centericq 4.21.0-17 (low)
[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
NOTE: The bug really exist but, is not exploitable because the LiveJournal server
NOTE: has a length restriction on both the username (15 characters) and the real name
NOTE: (50 characters). In my opnion is only exploitable if the user try connect in
- NOTE: fake LiveJournal server. All version of Debian centericq packages have a
- NOTE: compromised code.
+ NOTE: fake LiveJournal server. All version of Debian centericq packages have a
+ NOTE: compromised code.
CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
- geoip 1.3.17-1.1 (bug #406628; medium)
CVE-2007-0158
@@ -805,7 +811,7 @@
CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an ...)
NOT-FOR-US: Cuyahoga
CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips ...)
- NOT-FOR-US: Fix and Chips
+ NOT-FOR-US: Fix and Chips
CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP ...)
NOT-FOR-US: BinGoPHP
CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing ...)
@@ -841,7 +847,7 @@
CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
NOT-FOR-US: Formbankserver
CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ ...)
- NOT-FOR-US: Serene Bach
+ NOT-FOR-US: Serene Bach
CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before ...)
- drupal 4.7.5-1
NOTE: vendor advisory: http://drupal.org/node/104233
@@ -1143,7 +1149,7 @@
- drupal 4.7.5-1 (low)
NOTE: DRUPAL-SA-2007-002
CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...)
- - wordpress 2.0.6-1 (bug #405691; medium)
+ - wordpress 2.0.6-1 (bug #405691; medium)
NOTE: http://www.hardened-php.net/advisory_022007.141.html
CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes ...)
- wordpress 2.0.6-1 (bug #405691; medium)
@@ -1233,7 +1239,7 @@
CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 ...)
- tdiary 2.0.2+20060303-5 (bug #403345; bug #404940; medium)
CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php ...)
- NOT-FOR-US: ac4p Mobilelib gold
+ NOT-FOR-US: ac4p Mobilelib gold
CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster ...)
NOT-FOR-US: Shadowed Portal / Roster Module
CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not ...)
@@ -1243,7 +1249,7 @@
CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 ...)
NOT-FOR-US: RealPlayer for Windows
CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out (WYWO) ...)
- NOT-FOR-US: WYWO - InOut Board
+ NOT-FOR-US: WYWO - InOut Board
CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
NOT-FOR-US: CMS Made Simple
CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment ...)
@@ -1330,7 +1336,7 @@
CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...)
NOT-FOR-US: DB Hub
CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...)
- NOT-FOR-US: buratinable templator (aka bubla)
+ NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...)
- wordpress 2.0.6-1 (bug #405299)
CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...)
@@ -1361,7 +1367,7 @@
CVE-2006-6795 (PHP remote file inclusion vulnerability in gallery/displayCategory.php ...)
NOT-FOR-US: myPHPNuke
CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows ...)
- NOT-FOR-US: Efkan Forum
+ NOT-FOR-US: Efkan Forum
CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi ...)
NOT-FOR-US: Okul Merkezi Portal
CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar MX ...)
@@ -1401,7 +1407,7 @@
CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial of ...)
NOT-FOR-US: acFTP
CVE-2006-6774 (PHP remote file inclusion vulnerability in ...)
- NOT-FOR-US: Content Federator
+ NOT-FOR-US: Content Federator
CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote ...)
NOT-FOR-US: Fishyshoop
CVE-2006-6772 (Format string vulnerability in w3m 0.5.1, when run with the dump or ...)
@@ -1451,7 +1457,7 @@
CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...)
NOT-FOR-US: Novell NetMail
CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in template.php in ...)
- NOT-FOR-US: phpMyAnime (aka phpmymanga)
+ NOT-FOR-US: phpMyAnime (aka phpmymanga)
CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer ...)
NOT-FOR-US: RealNetworks RealPlayer
CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows remote ...)
@@ -1547,11 +1553,11 @@
CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before ...)
NOT-FOR-US: Hitachi Directory Server
CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source ...)
- NOT-FOR-US: SugarCRM Open Source
+ NOT-FOR-US: SugarCRM Open Source
CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php in ...)
NOT-FOR-US: Newxooper
CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in PgmReloaded ...)
- NOT-FOR-US: PgmReloaded
+ NOT-FOR-US: PgmReloaded
CVE-2006-6709 (Multiple SQL injection vulnerabilities in MGinternet Property Site ...)
NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6708 (Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet ...)
@@ -1723,7 +1729,7 @@
CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before ...)
NOT-FOR-US: MySite for Drupal
CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) ...)
- NOT-FOR-US: Drupal Project Issue Tracking
+ NOT-FOR-US: Drupal Project Issue Tracking
CVE-2006-6645 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Web Links module for mxBB
CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...)
@@ -1733,7 +1739,7 @@
CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 ...)
NOT-FOR-US: Sistemi
CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance ...)
- NOT-FOR-US: CA CleverPath Portal
+ NOT-FOR-US: CA CleverPath Portal
CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture ...)
NOT-FOR-US: SiteCatalyst
CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local ...)
@@ -1801,7 +1807,7 @@
NOT-FOR-US: Barman
CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote ...)
- nexuiz 2.2.1-1 (low)
- NOTE: Only game console command execution possible, not shell commands
+ NOTE: Only game console command execution possible, not shell commands
CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of ...)
- nexuiz 2.2.1-1
CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP ...)
@@ -2460,7 +2466,7 @@
CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...)
NOT-FOR-US: mg.applanix
CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...)
- NOT-FOR-US: nVIDIA nView
+ NOT-FOR-US: nVIDIA nView
CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...)
NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...)
@@ -2528,7 +2534,7 @@
CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...)
NOT-FOR-US: Tivoli
CVE-2006-6308 (** DISPUTED ** ...)
- NOT-FOR-US: Symantec LiveState
+ NOT-FOR-US: Symantec LiveState
CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...)
NOT-FOR-US: Novell Netware
CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...)
@@ -2560,7 +2566,7 @@
CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 allows remote ...)
NOT-FOR-US: Apple Airport
CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable ...)
- NOT-FOR-US: MailEnable Professional
+ NOT-FOR-US: MailEnable Professional
CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...)
NOT-FOR-US: MailEnable
CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset ...)
@@ -2590,11 +2596,11 @@
CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ...)
NOT-FOR-US: ContentServ
CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server ...)
- NOT-FOR-US: Sun Java System Proxy Server
+ NOT-FOR-US: Sun Java System Proxy Server
CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...)
NOT-FOR-US: Solaris
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...)
- NOT-FOR-US: Expinion.net iNews
+ NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which ...)
- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which allows remote ...)
@@ -2709,7 +2715,7 @@
CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...)
NOT-FOR-US: Google Search Appliance
CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
- NOT-FOR-US: Symantec Veritas NetBackup
+ NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...)
NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...)
@@ -2761,7 +2767,7 @@
CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution ...)
- b2evolution <not-affected> (0.9 releases not vulnerable)
CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
- NOT-FOR-US: Fixit iDMS Pro Image Gallery
+ NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...)
NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...)
@@ -2769,7 +2775,7 @@
CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier ...)
NOT-FOR-US: BasicForum
CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog ...)
- NOT-FOR-US: 8pixel.net SimpleBlog
+ NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...)
NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 ...)
@@ -2791,7 +2797,7 @@
CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop ...)
NOT-FOR-US: Gabriele Teotino GNotebook
CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech ...)
- NOT-FOR-US: ClickTech ClickContact
+ NOT-FOR-US: ClickTech ClickContact
CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...)
NOT-FOR-US: iNews Publisher
CVE-2006-6179 (Buffer overflow in ...)
@@ -2813,7 +2819,7 @@
CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and ...)
- tdiary 2.1.4-4 (bug #400447; bug #400650)
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...)
- NOT-FOR-US: Mac OS X
+ NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input plugin ...)
{DSA-1244-1}
- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
@@ -2959,7 +2965,7 @@
CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 ...)
NOT-FOR-US: Alan Ward A-Cart Pro
CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech ...)
- NOT-FOR-US: BPG-InfoTech Content Management System
+ NOT-FOR-US: BPG-InfoTech Content Management System
CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 ...)
NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...)
@@ -3413,7 +3419,7 @@
CVE-2006-5899 (** DISPUTED ** ...)
NOT-FOR-US: @cid stat
CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 ...)
- NOT-FOR-US: PhpMyChat
+ NOT-FOR-US: PhpMyChat
CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...)
NOT-FOR-US: PhpMyChat Plus
CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the ...)
@@ -3527,7 +3533,7 @@
CVE-2006-5848
REJECTED
CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop ...)
- NOT-FOR-US: FreeWebshop
+ NOT-FOR-US: FreeWebshop
CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 ...)
NOT-FOR-US: FreeWebshop
CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 ...)
@@ -3578,7 +3584,7 @@
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...)
- linux-2.6 <unfixed> (low)
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
- NOT-FOR-US: Symantec Veritas NetBackup
+ NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...)
NOT-FOR-US: Citrix
CVE-2006-5820
@@ -3590,16 +3596,16 @@
- gv 1:3.6.2-3 (medium; bug #398292)
- evince 0.4.0-3 (medium; bug #400904; bug #400906; bug #402063)
CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before ...)
- NOT-FOR-US: Lotus Domino
+ NOT-FOR-US: Lotus Domino
CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure ...)
NOT-FOR-US: Parallels
CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
NOT-FOR-US: Business Card Web Builder
CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...)
{DSA-1222-1}
- - proftpd-dfsg 1.3.0-15 (bug #399070; high)
+ - proftpd-dfsg 1.3.0-15 (bug #399070; high)
CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
- NOT-FOR-US: Novell eDirectory
+ NOT-FOR-US: Novell eDirectory
CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...)
NOT-FOR-US: Novell eDirectory
CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers to ...)
@@ -3833,7 +3839,7 @@
CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote ...)
NOT-FOR-US: ECI Telecom
CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in Darwin ...)
- NOT-FOR-US: Apple Mac OS X
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon ...)
NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient in ...)
@@ -4025,7 +4031,7 @@
CVE-2006-5626 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: phpFaber
CVE-2006-5625 (PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in ...)
- NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS)
+ NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS)
CVE-2006-5624 (Multiple PHP remote file inclusion vulnerabilities in Multi-Page ...)
NOT-FOR-US: Multi-Page Comment System (MPCS)
CVE-2006-5623 (PHP remote file inclusion vulnerability in ip.inc.php in Electronic ...)
@@ -4072,7 +4078,7 @@
CVE-2006-5603 (SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 ...)
NOT-FOR-US: Snitz Forums
CVE-2006-5600 (Axalto Protiva 1.1, possibly only non-commercial versions, stores ...)
- NOT-FOR-US: Axalto Protiva
+ NOT-FOR-US: Axalto Protiva
CVE-2006-5599 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
NOT-FOR-US: Oracle
CVE-2006-5598 (Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery ...)
@@ -4166,7 +4172,7 @@
CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows ...)
NOT-FOR-US: Imageview
CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 ...)
- NOT-FOR-US: Cisco Security Agent
+ NOT-FOR-US: Cisco Security Agent
CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and ...)
NOT-FOR-US: RevilloC MailServer
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...)
@@ -4509,7 +4515,7 @@
CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web ...)
NOT-FOR-US: Free Web Publishing System (FreeWPS)
CVE-2006-5410 (PHP remote file inclusion vulnerability in ...)
- NOT-FOR-US: BoonEx Dolphin
+ NOT-FOR-US: BoonEx Dolphin
CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management ...)
NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ...)
@@ -5040,7 +5046,7 @@
CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web ...)
NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
- NOT-FOR-US: Skrypty PPA Gallery
+ NOT-FOR-US: Skrypty PPA Gallery
CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...)
NOT-FOR-US: digiSHOP
CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly ...)
@@ -5134,7 +5140,7 @@
CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 ...)
NOT-FOR-US: Zen Cart
CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD ...)
- NOT-FOR-US: PHPSelect Web Development Division
+ NOT-FOR-US: PHPSelect Web Development Division
CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...)
- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; unimportant)
NOTE: Only path disclosure
@@ -7201,7 +7207,7 @@
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...)
NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
- NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition
+ NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition
CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite ...)
NOT-FOR-US: WebDynamite ProjectButler
CVE-2006-4204 (Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 ...)
@@ -7274,7 +7280,7 @@
{DSA-1196-1}
- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL ...)
- NOT-FOR-US: GNU Radius
+ NOT-FOR-US: GNU Radius
CVE-2006-4180
REJECTED
CVE-2006-4179
@@ -7318,7 +7324,7 @@
CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action in ...)
NOT-FOR-US: XennoBB
CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and ...)
- NOT-FOR-US: MVCnPHP
+ NOT-FOR-US: MVCnPHP
CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette ...)
NOT-FOR-US: Chaussette
CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 ...)
@@ -7379,7 +7385,7 @@
CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...)
NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla!
CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in ...)
- NOT-FOR-US: Webring Component (com_webring) for Joomla!
+ NOT-FOR-US: Webring Component (com_webring) for Joomla!
CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec ...)
NOT-FOR-US: Symantec VERITAS
CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ...)
@@ -7460,7 +7466,7 @@
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to ...)
NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel ...)
- NOT-FOR-US: Archangel Weblog
+ NOT-FOR-US: Archangel Weblog
CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 ...)
NOT-FOR-US: Webligo BlogHoster
CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and ...)
@@ -7529,7 +7535,7 @@
CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor ...)
NOT-FOR-US: SAPID Blog
CVE-2006-4062 (PHP remote file inclusion vulnerability in ...)
- NOT-FOR-US: SAPID Shop
+ NOT-FOR-US: SAPID Shop
CVE-2006-4061 (** DISPUTED ** ...)
NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual ...)
@@ -7714,7 +7720,7 @@
CVE-2006-3984 (PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in ...)
NOT-FOR-US: Phpauction
CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in ...)
- NOT-FOR-US: php(Reactor)
+ NOT-FOR-US: php(Reactor)
CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in ...)
NOT-FOR-US: Knusperleicht
CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in Mambo ...)
@@ -7804,7 +7810,7 @@
CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and ...)
NOT-FOR-US: Microsoft
CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 ...)
- NOT-FOR-US: N1 Grid Engine
+ NOT-FOR-US: N1 Grid Engine
CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
NOT-FOR-US: phpbb-Auction
CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ...)
@@ -7903,7 +7909,7 @@
CVE-2006-3894
RESERVED
CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...)
- NOT-FOR-US: Newtone ImageKit
+ NOT-FOR-US: Newtone ImageKit
CVE-2006-3892
RESERVED
CVE-2006-3891
@@ -8034,7 +8040,7 @@
- tomcat5 <not-affected> (bug #380361; maintainter can't reproduce)
- tomcat5.5 <not-affected> (bug #380376; maintainer can't reproduce)
CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...)
- NOT-FOR-US: EJ3 TOPo
+ NOT-FOR-US: EJ3 TOPo
CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite ...)
NOT-FOR-US: EJ3 TOPo
CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog ...)
@@ -8235,7 +8241,7 @@
CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the ...)
NOT-FOR-US: perForms component (com_performs) for Joomla!
CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum ...)
- NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo
+ NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo
CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login ...)
NOT-FOR-US: PHP-Post
CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...)
@@ -8283,7 +8289,7 @@
CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash ...)
NOT-FOR-US: Hashcash Component (com_hashcash) for Joomla
CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap ...)
- NOT-FOR-US: Sitemap component (com_sitemap) for Mambo
+ NOT-FOR-US: Sitemap component (com_sitemap) for Mambo
CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: LoudMouth Component for Mambo
CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite module ...)
@@ -8292,7 +8298,7 @@
- apache2 2.0.55-4.1 (medium; bug #380182)
CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...)
{DSA-1141-1 DSA-1140-1}
- - gnupg 1.4.5-1 (medium; bug #381204)
+ - gnupg 1.4.5-1 (medium; bug #381204)
- gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the ...)
- linux-2.6 2.6.17-7
@@ -8644,7 +8650,7 @@
CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module ...)
NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke allows ...)
- NOT-FOR-US: Sections module for PHP-Nuke
+ NOT-FOR-US: Sections module for PHP-Nuke
CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password ...)
- shadow <not-affected> (fix for a mistake in the Ubuntu installer)
CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in Cisco ...)
@@ -8658,7 +8664,7 @@
CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in Cisco ...)
NOT-FOR-US: Cisco
CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...)
{DSA-1111}
- linux-2.6 2.6.17-4 (bug #378324; high)
@@ -8819,9 +8825,9 @@
CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote ...)
NOT-FOR-US: FreeHost
CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
- NOT-FOR-US: AjaxPortal
+ NOT-FOR-US: AjaxPortal
CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOT-FOR-US: PHP-Blogger
+ NOT-FOR-US: PHP-Blogger
CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a ...)
@@ -9201,7 +9207,7 @@
CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 ...)
NOT-FOR-US: Arctic
CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp ...)
- NOT-FOR-US: MyAds module for Xoops
+ NOT-FOR-US: MyAds module for Xoops
CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo ...)
NOT-FOR-US: Pearl For Mambo
CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows ...)
@@ -9451,7 +9457,7 @@
CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ...)
NOT-FOR-US: DataLife
CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab ...)
- NOT-FOR-US: Woltlab Burning Board
+ NOT-FOR-US: Woltlab Burning Board
CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board ...)
NOT-FOR-US: Woltlab Burning Board
CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board ...)
@@ -9840,9 +9846,9 @@
CVE-2006-3040 (** DISPUTED ** ...)
NOT-FOR-US: Amr Talkbox
CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
- NOT-FOR-US: Cescripts Realty Home Rent
+ NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
- NOT-FOR-US: Cescripts Realty Home Rent
+ NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ...)
NOT-FOR-US: ST AdManager Lite
CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -9858,7 +9864,7 @@
CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in ...)
NOT-FOR-US: fipsCMS
CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...)
- NOT-FOR-US: DwZone Shopping Cart
+ NOT-FOR-US: DwZone Shopping Cart
CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech ...)
NOT-FOR-US: ClickTech Clickcart
CVE-2006-3028 (PHP remote file inclusion vulnerability in ...)
@@ -9986,7 +9992,7 @@
CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the ...)
NOT-FOR-US: Moblog
CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and ...)
- NOT-FOR-US: Moblog
+ NOT-FOR-US: Moblog
CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery ...)
NOT-FOR-US: Coppermine
CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -10235,7 +10241,7 @@
CVE-2006-2865 (** DISPUTED ** ...)
NOTE: phpbb2, but invalid
CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes ...)
- NOT-FOR-US: BlueShoes
+ NOT-FOR-US: BlueShoes
CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in ...)
NOT-FOR-US: CS-Cart
CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...)
@@ -10257,7 +10263,7 @@
CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows ...)
NOT-FOR-US: iBWd
CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal ...)
- NOT-FOR-US: abarcar
+ NOT-FOR-US: abarcar
CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ...)
NOT-FOR-US: dotWidget
CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject ...)
@@ -10283,7 +10289,7 @@
CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) ...)
NOT-FOR-US: PmWiki
CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module ...)
- NOT-FOR-US: WeBWorK
+ NOT-FOR-US: WeBWorK
CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for ...)
NOT-FOR-US: F-Secure
CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book ...)
@@ -10337,7 +10343,7 @@
CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: CoolPHP
CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes ...)
- NOT-FOR-US: SimpleBoard
+ NOT-FOR-US: SimpleBoard
CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions ...)
NOT-FOR-US: iShopCart
CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart ...)
@@ -10361,7 +10367,7 @@
CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum ...)
NOT-FOR-US: MySQL Eventum
CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ...)
- NOT-FOR-US: OpenBook
+ NOT-FOR-US: OpenBook
CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS ...)
NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass ...)
@@ -10587,7 +10593,7 @@
CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns ...)
NOT-FOR-US: tinyBB
CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a ...)
- NOT-FOR-US: Open-Xchange
+ NOT-FOR-US: Open-Xchange
CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote ...)
NOT-FOR-US: Nukedit
CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...)
@@ -10712,7 +10718,7 @@
CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...)
NOT-FOR-US: Cisco VPN Client
CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News ...)
- NOT-FOR-US: Pre News Manager
+ NOT-FOR-US: Pre News Manager
CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...)
NOT-FOR-US: SiteScape Forum
CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly ...)
@@ -10772,7 +10778,7 @@
CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation ...)
NOT-FOR-US: Vacation Rental Script
CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in ...)
- NOT-FOR-US: CosmicShoppingCart
+ NOT-FOR-US: CosmicShoppingCart
CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...)
NOT-FOR-US: CosmicShoppingCart
CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ...)
@@ -10939,7 +10945,7 @@
CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in RWiki ...)
NOT-FOR-US: RWiki
CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web Proxy ...)
- NOT-FOR-US: Sun Java System Web Proxy Server
+ NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 ...)
NOT-FOR-US: Sun Java System Application Server
CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server ...)
@@ -11158,7 +11164,7 @@
- nagios 2:1.4-1 (bug #366682; bug #366803; bug #368193; high)
- nagios2 2.3-1 (bug #366683; bug #368199; high)
CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS ...)
- NOT-FOR-US: Spymac
+ NOT-FOR-US: Spymac
CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 ...)
NOT-FOR-US: ScozNews
CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier ...)
@@ -11172,7 +11178,7 @@
CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for ...)
NOT-FOR-US: ZipTV
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...)
- NOT-FOR-US: VMware ESX
+ NOT-FOR-US: VMware ESX
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted ...)
- dia 0.95.0-4 (bug #368202; low)
[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
@@ -11434,7 +11440,7 @@
RESERVED
CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...)
{DSA-857-1}
- - graphviz 2.2.1-1sarge1 (bug #336985; low)
+ - graphviz 2.2.1-1sarge1 (bug #336985; low)
CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...)
{DSA-1216}
- flexbackup 1.2.1-3 (bug #334350; low)
@@ -11561,9 +11567,9 @@
CVE-2006-2312 (Unspecified vulnerability in the URI handler in Skype 2.0.*.104 and ...)
NOT-FOR-US: Skype
CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...)
- NOT-FOR-US: BlueDragon Server and Server JX
+ NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote ...)
- NOT-FOR-US: BlueDragon Server and Server JX
+ NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain ...)
NOT-FOR-US: EServ
CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...)
@@ -11659,7 +11665,7 @@
CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to ...)
NOT-FOR-US: Chirpy!
CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 ...)
- NOT-FOR-US: Ocean12 Calendar Manager Pro
+ NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...)
NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows ...)
@@ -11800,7 +11806,7 @@
CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to cause a ...)
NOT-FOR-US: NetBSD kernel
CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality ...)
- NOT-FOR-US: Invision Power Board
+ NOT-FOR-US: Invision Power Board
CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown ...)
NOT-FOR-US: Kerio MailServer
CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery 2.0.6 ...)
@@ -12026,7 +12032,7 @@
CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 ...)
NOT-FOR-US: Jupiter
CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email ...)
- NOT-FOR-US: Kamgaing
+ NOT-FOR-US: Kamgaing
CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows ...)
NOT-FOR-US: MyBB
CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote ...)
@@ -12088,7 +12094,7 @@
- pdnsd 1.2.4par-0.1 (bug #368268; high)
CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ...)
[sarge] - mydns 1.0.0-4sarge1
- - mydns 1.1.0+pre-3 (medium; bug #348826)
+ - mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers ...)
NOT-FOR-US: Juniper Networks JUNOSe
CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...)
@@ -12259,7 +12265,7 @@
CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote ...)
NOT-FOR-US: Winny
CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 ...)
- NOT-FOR-US: IZArc Archiver
+ NOT-FOR-US: IZArc Archiver
CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows remote ...)
NOT-FOR-US: ClanSys
CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote ...)
@@ -12327,8 +12333,8 @@
NOT-FOR-US: FlexBB
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote ...)
{DSA-1055-1 DSA-1053-1}
- - firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
- - mozilla <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
+ - mozilla <unfixed> (high)
[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in Thunderbird)
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
- typo3-src 4.0.2-1 (bug #364350)
@@ -12483,11 +12489,11 @@
CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2) ...)
NOT-FOR-US: TotalCalendar
CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute ...)
- NOT-FOR-US: PHP Net Tools
+ NOT-FOR-US: PHP Net Tools
CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote ...)
NOT-FOR-US: PMTool
CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet ...)
- NOT-FOR-US: Internet Photoshow
+ NOT-FOR-US: Internet Photoshow
CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 ...)
NOT-FOR-US: Papoo
CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...)
@@ -12671,7 +12677,7 @@
CVE-2006-1840 (Multiple unspecified vulnerabilities in Empire Server before 4.3.1 ...)
NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game)
CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album ...)
- NOT-FOR-US: PHP Album
+ NOT-FOR-US: PHP Album
CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass ...)
NOT-FOR-US: Fuju News
CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows ...)
@@ -13045,9 +13051,9 @@
CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information ...)
NOT-FOR-US: Clever Copy
CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...)
- NOT-FOR-US: MyBB
+ NOT-FOR-US: MyBB
CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
- NOT-FOR-US: MyBB
+ NOT-FOR-US: MyBB
CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl ...)
NOT-FOR-US: TUGZip
CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder ...)
@@ -13120,9 +13126,9 @@
CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner ...)
NOT-FOR-US: Aweb Banner
CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...)
- NOT-FOR-US: Matt Wright Guestbook
+ NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...)
- NOT-FOR-US: Matt Wright Guestbook
+ NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 ...)
- gallery 1.5.3-1 (bug #361758)
CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...)
@@ -13149,7 +13155,7 @@
CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in ...)
NOT-FOR-US: APT-webshop-system
CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier ...)
- NOT-FOR-US: ecotwo Shopsystem
+ NOT-FOR-US: ecotwo Shopsystem
CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook ...)
NOT-FOR-US: Chipmunk Guestbook
CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft ...)
@@ -13208,7 +13214,7 @@
CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before ...)
NOT-FOR-US: YaST
CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility ...)
- NOT-FOR-US: Trusted Mobility Agent
+ NOT-FOR-US: Trusted Mobility Agent
CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated Enterprise ...)
NOT-FOR-US: Accelerated E Solutions
CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry vCard ...)
@@ -13235,7 +13241,7 @@
CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar and ...)
NOTE: other reports indicate that Firefox is not vulnerable
CVE-2006-1649 (The "restore to" selection in the "quarantine a file" capability of ...)
- NOT-FOR-US: Eset Software NOD32 Antivirus 2.5
+ NOT-FOR-US: Eset Software NOD32 Antivirus 2.5
CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier ...)
NOT-FOR-US: SMART SynchronEyes
CVE-2006-1647 (An unspecified "logical programming mistake" in SMART SynchronEyes ...)
@@ -13357,7 +13363,7 @@
NOT-FOR-US: X-Doom, ZDaemon
NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe ...)
- NOT-FOR-US: Microsoft Windows Help
+ NOT-FOR-US: Microsoft Windows Help
CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage ...)
- acidbase 1.2.5-1 (bug #363548; low)
[sarge] - acidbase <no-dsa> (Hardly exploitable)
@@ -13383,7 +13389,7 @@
CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan ...)
NOT-FOR-US: Egypt SiteMan
CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote ...)
- NOT-FOR-US: MonAlbum
+ NOT-FOR-US: MonAlbum
CVE-2006-1584 (Unspecified vulnerability in index.php in Warcraft III Replay Parser ...)
NOT-FOR-US: Warcraft III Replay
CVE-2006-1583 (Cross-site scripting (XSS) vulnerability in index.php in Warcraft III ...)
@@ -13397,7 +13403,7 @@
CVE-2006-1579 (SQL injection vulnerability in topics.php in Dynamic Bulletin Board ...)
NOT-FOR-US: Dynamic Bulletin Board System
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library ...)
- NOT-FOR-US: Keystone Digital Library Suite
+ NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
{DSA-1133-1}
[woody] - mantis <not-affected> (Vulnerable code not present)
@@ -13415,7 +13421,7 @@
CVE-2006-1571 (Multiple SQL injection vulnerabilities in loginprocess.php in ...)
NOT-FOR-US: qliteNews
CVE-2006-1570 (Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 ...)
- NOT-FOR-US: Esqlanelapse
+ NOT-FOR-US: Esqlanelapse
CVE-2006-1569 (Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote ...)
NOT-FOR-US: RedCMS
CVE-2006-1568 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
@@ -13440,21 +13446,21 @@
CVE-2006-1560 (Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 ...)
NOT-FOR-US: SkinTech phpNewsManager
CVE-2006-1559 (SQL injection vulnerability in PHP Script Index allows remote ...)
- NOT-FOR-US: PHP Script Index
+ NOT-FOR-US: PHP Script Index
CVE-2006-1558 (Cross-site scripting (XSS) vulnerability in search.php in PHP Script ...)
- NOT-FOR-US: PHP Script Index
+ NOT-FOR-US: PHP Script Index
CVE-2006-1557 (Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote ...)
NOT-FOR-US: X-Changer
CVE-2006-1556 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: AL-Caricatier
CVE-2006-1555 (VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and ...)
- NOT-FOR-US: VSNS Lemon
+ NOT-FOR-US: VSNS Lemon
CVE-2006-1554 (Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows ...)
- NOT-FOR-US: VSNS Lemon
+ NOT-FOR-US: VSNS Lemon
CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in VSNS ...)
- NOT-FOR-US: VSNS Lemon
+ NOT-FOR-US: VSNS Lemon
CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows ...)
- NOT-FOR-US: Apple
+ NOT-FOR-US: Apple
CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...)
NOT-FOR-US: PAJAX
CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
@@ -13509,11 +13515,11 @@
- libstruts1.2-java 1.2.9-1 (bug #360551)
[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in ...)
- NOT-FOR-US: VNews
+ NOT-FOR-US: VNews
CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
- NOT-FOR-US: VNews
+ NOT-FOR-US: VNews
CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba ...)
- NOT-FOR-US: VNews
+ NOT-FOR-US: VNews
CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running on ...)
NOT-FOR-US: Bogus issue, this doesn't trigger any local overflow
NOTE: Should be rejected
@@ -13641,7 +13647,7 @@
CVE-2006-1503 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Virtual Wa
CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote ...)
- NOT-FOR-US: MPlayer
+ NOT-FOR-US: MPlayer
NOTE: I can't find the vulnerable code in xine-lib
CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows ...)
NOT-FOR-US: OneOrZero
@@ -13879,7 +13885,7 @@
CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Metisware Instructor
CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in ...)
- NOT-FOR-US: Meeting Reserve
+ NOT-FOR-US: Meeting Reserve
CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book ...)
NOT-FOR-US: G-Book
CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew ...)
@@ -13918,7 +13924,7 @@
CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote ...)
- twiki 1:4.0.4-3 (bug #367973)
CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ...)
- - twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian too young)
+ - twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian too young)
CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in ...)
NOT-FOR-US: Cisco
CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the ...)
@@ -14013,7 +14019,7 @@
CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...)
NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers ...)
- NOT-FOR-US: MyBB
+ NOT-FOR-US: MyBB
CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as ...)
NOT-FOR-US: VeriSign haydn.exe
CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, ...)
@@ -14040,13 +14046,13 @@
CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with ...)
- gnome-screensaver 2.14.1-1 (bug #357885)
CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow ...)
- NOT-FOR-US: Maian Weblog
+ NOT-FOR-US: Maian Weblog
CVE-2006-1333 (Multpile SQL injection vulnerabilities in BetaParticle Blog 6.0 and ...)
NOT-FOR-US: BetaParticle Blog
CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain ...)
- NOT-FOR-US: Noah's Classifieds
+ NOT-FOR-US: Noah's Classifieds
CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- NOT-FOR-US: Noah's Classifieds
+ NOT-FOR-US: Noah's Classifieds
CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier ...)
NOT-FOR-US: phpWebsite
CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows ...)
@@ -14122,9 +14128,9 @@
CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and ...)
NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway ...)
- NOT-FOR-US: Milkeyway Captive Portal
+ NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 ...)
- NOT-FOR-US: Milkeyway Captive Portal
+ NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB) ...)
NOT-FOR-US: Invision Power Board
CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
@@ -14173,7 +14179,7 @@
CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack sessions ...)
NOT-FOR-US: Invision Power Board
CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp in ...)
- NOT-FOR-US: VPMi Enterprise
+ NOT-FOR-US: VPMi Enterprise
CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net ...)
NOT-FOR-US: xhawk.net discussion
CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 ...)
@@ -14211,11 +14217,11 @@
CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes ...)
NOT-FOR-US: Apple Quicktime
CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and ...)
- NOT-FOR-US: HP-UX
+ NOT-FOR-US: HP-UX
CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows ...)
NOT-FOR-US: AIX
CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 ...)
- NOT-FOR-US: AIX
+ NOT-FOR-US: AIX
CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer ...)
NOT-FOR-US: Microsoft
CVE-2005-4743 (Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp ...)
@@ -14239,7 +14245,7 @@
CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication ...)
NOT-FOR-US: RSA Authentication Agent for Web
CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow ...)
- NOT-FOR-US: NetBSD
+ NOT-FOR-US: NetBSD
CVE-2005-4732 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: TuxBank
CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...)
@@ -14254,7 +14260,7 @@
NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities
- gpdf 2.10.0-3
CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...)
- NOT-FOR-US: Simple PHP Blog
+ NOT-FOR-US: Simple PHP Blog
CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before ...)
{DSA-1103 DSA-1097-1}
- linux-2.6 2.6.16-4
@@ -14263,9 +14269,9 @@
CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...)
- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...)
- NOT-FOR-US: Gemini
+ NOT-FOR-US: Gemini
CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...)
- NOT-FOR-US: DSLogin
+ NOT-FOR-US: DSLogin
CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...)
NOT-FOR-US: DSNewsletter
CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...)
@@ -14446,9 +14452,9 @@
CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 ...)
NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership Script ...)
- NOT-FOR-US: manas tungare Site Membership Script
+ NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site ...)
- NOT-FOR-US: manas tungare Site Membership Script
+ NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in Fantastic ...)
NOT-FOR-US: Fantastic News
CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers ...)
@@ -14461,7 +14467,7 @@
- teg 0.11.1-3 (bug #357645; low)
[sarge] - teg <no-dsa> (Only DoS against exotic, mostly single player game)
CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL ...)
- NOT-FOR-US: OWL Intranet Engine
+ NOT-FOR-US: OWL Intranet Engine
CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs function ...)
- peercast 0.1217.toots.20060314-1
CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold ...)
@@ -14510,7 +14516,7 @@
- monotone 0.26pre1-0.1 (low)
[sarge] - monotone <no-dsa> (Only exploitable in very far-fetched situation)
NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on the client
- NOTE: and massive social engineering
+ NOTE: and massive social engineering
CVE-2006-1128 (Directory traversal vulnerability in the session handling class ...)
- gallery2 2.0.3
CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 ...)
@@ -14607,7 +14613,7 @@
CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...)
NOT-FOR-US: phpArcadeScript
CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...)
- NOT-FOR-US: PluggedOut Nexus
+ NOT-FOR-US: PluggedOut Nexus
CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel ...)
NOT-FOR-US: Game-Panel
CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products ...)
@@ -14621,11 +14627,11 @@
CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the commentary ...)
NOT-FOR-US: Evo-Dev evoBlog
CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic ...)
- NOT-FOR-US: checkInvision Power Board
+ NOT-FOR-US: checkInvision Power Board
CVE-2006-1075 (Format string vulnerability in the visualization function in Jason ...)
- NOT-FOR-US: Liero Xtreme
+ NOT-FOR-US: Liero Xtreme
CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers ...)
- NOT-FOR-US: Liero Xtreme
+ NOT-FOR-US: Liero Xtreme
CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog ...)
NOT-FOR-US: Daverave Simplog
CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...)
@@ -14655,7 +14661,7 @@
{DSA-999-1}
- lurker 2.1-1
CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 ...)
- - curl 7.15.3-1
+ - curl 7.15.3-1
[woody] - curl <not-affected> (Vulnerable code not present)
[sarge] - curl <not-affected> (Vulnerable code not present)
CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might ...)
@@ -14760,7 +14766,7 @@
CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe ...)
NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas ...)
- NOT-FOR-US: Johnny_Vegas Vegas Forum
+ NOT-FOR-US: Johnny_Vegas Vegas Forum
CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 ...)
NOT-FOR-US: UkiBoard
CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...)
@@ -14787,17 +14793,17 @@
{DSA-1001-1}
- crossfire 1.9.0-1
CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...)
- NOT-FOR-US: M4 Project enigma-suite
+ NOT-FOR-US: M4 Project enigma-suite
CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and ...)
- NOT-FOR-US: N8cms
+ NOT-FOR-US: N8cms
CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow ...)
- NOT-FOR-US: N8cms
+ NOT-FOR-US: N8cms
CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard ...)
NOT-FOR-US: sendcard
CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote ...)
- NOT-FOR-US: Parodia
+ NOT-FOR-US: Parodia
CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in ...)
- NOT-FOR-US: Parodia
+ NOT-FOR-US: Parodia
CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall ...)
NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of ...)
@@ -14966,7 +14972,7 @@
CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote ...)
NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA ...)
- NOT-FOR-US: Woltlab Burning Board
+ NOT-FOR-US: Woltlab Burning Board
CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt ...)
NOT-FOR-US: StuffIt
CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon ...)
@@ -15112,9 +15118,9 @@
CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT) WebDrive, ...)
NOT-FOR-US: WebDrive
CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct brute ...)
- NOT-FOR-US: PunBB
+ NOT-FOR-US: PunBB
CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a denial of ...)
- NOT-FOR-US: PunBB
+ NOT-FOR-US: PunBB
CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify the ...)
NOT-FOR-US: Global Hauri ViRobot
CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote ...)
@@ -15130,7 +15136,7 @@
CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...)
NOT-FOR-US: StarForce Safe'n'Sec Personal
CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 ...)
- NOT-FOR-US: e107 CMS Chatbox plugin
+ NOT-FOR-US: e107 CMS Chatbox plugin
CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 ...)
NOT-FOR-US: SmE GB Host
CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c for zoo ...)
@@ -15255,7 +15261,7 @@
NOT-FOR-US: php-Nuke
CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to ...)
- tin 1:1.8.2-1
- [sarge] - tin <not-affected> (Vulnerable code not present)
+ [sarge] - tin <not-affected> (Vulnerable code not present)
CVE-2006-0803 (The signature verification functionality in the YaST Online Update ...)
NOT-FOR-US: YaSt Online Update
CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module ...)
@@ -15273,7 +15279,7 @@
CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...)
NOT-FOR-US: Clever Copy
CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 ...)
- NOT-FOR-US: Quirex
+ NOT-FOR-US: Quirex
CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the ...)
NOT-FOR-US: V-webmail
CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct ...)
@@ -15299,9 +15305,9 @@
CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe ...)
NOT-FOR-US: Siteframe Beaumont
CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier ...)
- NOT-FOR-US: PerlBlog
+ NOT-FOR-US: PerlBlog
CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and ...)
- NOT-FOR-US: PerlBlog
+ NOT-FOR-US: PerlBlog
CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in ...)
NOT-FOR-US: PerlBlog
CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums ...)
@@ -15442,7 +15448,7 @@
CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis ...)
NOT-FOR-US: MusOX DF
CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke ...)
- NOT-FOR-US: CPG-Nuke
+ NOT-FOR-US: CPG-Nuke
CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume CMS ...)
NOT-FOR-US: Plume CMS
CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when ...)
@@ -15452,7 +15458,7 @@
CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when ...)
NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a ...)
- NOT-FOR-US: RunCMS
+ NOT-FOR-US: RunCMS
CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows ...)
NOT-FOR-US: Winamp
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds ...)
@@ -15460,7 +15466,7 @@
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya ...)
NOT-FOR-US: Avaya VSU
CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a ...)
- NOT-FOR-US: Tivoli
+ NOT-FOR-US: Tivoli
CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote ...)
NOT-FOR-US: sNews
CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote ...)
@@ -15598,7 +15604,7 @@
- mantis 0.19.4-3
[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino ...)
- NOT-FOR-US: Lotus Domino
+ NOT-FOR-US: Lotus Domino
CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...)
NOT-FOR-US: Lotus Domino
CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 ...)
@@ -15612,7 +15618,7 @@
CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event ...)
NOT-FOR-US: Softcomplex
CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 ...)
- NOT-FOR-US: HP
+ NOT-FOR-US: HP
CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate ...)
@@ -15772,7 +15778,7 @@
{DSA-967-1}
- elog 2.6.1+r1642-1
CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...)
- NOT-FOR-US: PHP-Fusion
+ NOT-FOR-US: PHP-Fusion
CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server ...)
NOT-FOR-US: Lexmark Printer
CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based and ...)
@@ -15802,7 +15808,7 @@
NOT-FOR-US: Lotus Domino
CVE-2006-0579 (Multiple integer overflows in (1) the new_demux_packet function in ...)
- mplayer <not-affected> (fixed before first upload; 1.0pre7try3)
- NOTE: code not in ffmpeg and xine-lib
+ NOTE: code not in ffmpeg and xine-lib
CVE-2006-0578 (Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce ...)
NOT-FOR-US: Blue Coat Proxy Security Gateway OS
CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by ...)
@@ -15833,7 +15839,7 @@
CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in ...)
NOT-FOR-US: LoudBlog
CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...)
- NOT-FOR-US: Microsoft
+ NOT-FOR-US: Microsoft
CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c ...)
NOT-FOR-US: PluggedOut Blog
CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...)
@@ -15879,7 +15885,7 @@
CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...)
NOT-FOR-US: Microsoft
CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...)
- NOT-FOR-US: Cerulean Trillian
+ NOT-FOR-US: Cerulean Trillian
CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb ...)
NOT-FOR-US: NukedWeb
CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...)
@@ -15902,7 +15908,7 @@
NOT-FOR-US: cPanel
NOTE: Not Debian's cpanel
CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...)
- NOT-FOR-US: SoftMaker Shop
+ NOT-FOR-US: SoftMaker Shop
CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...)
NOT-FOR-US: Sun Java System Access Manager
CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...)
@@ -16061,10 +16067,10 @@
CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in ...)
NOT-FOR-US: MyBB
CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and ...)
- NOT-FOR-US: uebimiau
+ NOT-FOR-US: uebimiau
NOTE: this had an ITP back in 2002, but it never was done (bug #164116)
CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ...)
- NOT-FOR-US: CommuniGate Pro
+ NOT-FOR-US: CommuniGate Pro
CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
NOT-FOR-US: PHP GEN
CVE-2005-4706 (Unspecified vulnerability in the "privilege management" feature of Sun ...)
@@ -16125,13 +16131,13 @@
- migrationtools 46-2.1 (bug #338920; unimportant)
NOTE: The temp fix makes use of TMPDIR
CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...)
- NOT-FOR-US: AudienceView
+ NOT-FOR-US: AudienceView
CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...)
NOT-FOR-US: mIRC
CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...)
NOT-FOR-US: Sophos Anti-Virus
CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote ...)
- NOT-FOR-US: Internet Explorer 6
+ NOT-FOR-US: Internet Explorer 6
CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the ...)
NOT-FOR-US: Apple
CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the ...)
@@ -16198,7 +16204,7 @@
CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail ...)
NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote ...)
- NOT-FOR-US: WeBWorK
+ NOT-FOR-US: WeBWorK
CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users ...)
NOT-FOR-US: Phpclanwebsite
CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) ...)
@@ -16234,9 +16240,9 @@
CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php ...)
NOT-FOR-US: CityPost Simple Image-Editor
CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in ...)
- NOT-FOR-US: CityPost Simple PHP Upload
+ NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost ...)
- NOT-FOR-US: CityPost Simple PHP Upload
+ NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin ...)
NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin
CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...)
@@ -16299,7 +16305,7 @@
CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...)
NOT-FOR-US: Sun Grid Engine
CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin ...)
- NOT-FOR-US: AZ Bulletin Board
+ NOT-FOR-US: AZ Bulletin Board
CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: MyBB
CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...)
@@ -16360,7 +16366,7 @@
CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a ...)
NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...)
- NOT-FOR-US: Netrix X-Site Manager
+ NOT-FOR-US: Netrix X-Site Manager
CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows ...)
{DSA-988-1}
- squirrelmail 2:1.4.6-1 (bug #354063; bug #355424)
@@ -16375,9 +16381,9 @@
CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...)
NOT-FOR-US: Insane Visions BlogPHP
CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog ...)
- NOT-FOR-US: Noah Medling RCBlog
+ NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under ...)
- NOT-FOR-US: Noah Medling RCBlog
+ NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0369 (** DISPUTED ** ...)
- mysql-dfsg-4.1 <unfixed> (unimportant)
NOTE: This isn't a security hole, it's expected behaviour
@@ -16408,11 +16414,11 @@
CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause ...)
NOT-FOR-US: Ari Pikivirta Home Ftp Server
CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...)
- NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
+ NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) ...)
NOT-FOR-US: Cisco IOS
CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...)
- NOT-FOR-US: Fluffington FLog
+ NOT-FOR-US: Fluffington FLog
CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...)
{DSA-963-1}
[sarge] - mydns 1.0.0-4sarge1
@@ -16459,12 +16465,12 @@
- ecartis 1.0.0+cvs.20030911-11 (low; bug #348824)
[sarge] - ecartis <no-dsa> (No real fix available, only rare setups affected, minor exploit potential)
CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin ...)
- NOT-FOR-US: Squirrelmail plugin
+ NOT-FOR-US: Squirrelmail plugin
CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 ...)
{DSA-1148-1}
- gallery 1.5.2-1
CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, ...)
- NOT-FOR-US: HITSENSER Data Mart Server BS
+ NOT-FOR-US: HITSENSER Data Mart Server BS
CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...)
NOT-FOR-US: Tftpd32, different from the tftpd in Debian
CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information ...)
@@ -16515,7 +16521,7 @@
CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows ...)
NOT-FOR-US: aoblogger
CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote ...)
- NOT-FOR-US: Linksys hardware issue
+ NOT-FOR-US: Linksys hardware issue
CVE-2006-0308 (PHP remote file include vulnerability in HTMLtonuke.php in HTMLtoNuke ...)
NOT-FOR-US: HTMLtoNuke
CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer ...)
@@ -16527,7 +16533,7 @@
CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...)
NOT-FOR-US: dual dns server
CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla!
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...)
NOT-FOR-US: ZyXel hardware
CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other ...)
@@ -16745,7 +16751,7 @@
CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon ...)
NOT-FOR-US: Dragon Design Services Network (DDSN)
CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 ...)
- NOT-FOR-US: DCP-Portal
+ NOT-FOR-US: DCP-Portal
CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from ...)
NOT-FOR-US: MyBB
CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
@@ -16880,7 +16886,7 @@
CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...)
NOT-FOR-US: CaLogic Calendars
CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...)
- NOT-FOR-US: Cisco IP Phone
+ NOT-FOR-US: Cisco IP Phone
CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...)
NOT-FOR-US: Cray UNICOS
CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...)
@@ -16920,9 +16926,9 @@
CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown ...)
NOT-FOR-US: Solaris
CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 ...)
- NOT-FOR-US: PEARLINGER Pearl Forums
+ NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 ...)
- NOT-FOR-US: PEARLINGER Pearl Forums
+ NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote ...)
NOT-FOR-US: 3CFR
CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...)
@@ -16997,7 +17003,7 @@
NOT-FOR-US: Kayako SupportSuite
CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, ...)
- openoffice.org <unfixed> (unimportant)
- NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser.
+ NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser.
NOTE: If the admin doesn't web browsing, why is one installed/enabled?
CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows ...)
NOT-FOR-US: PD9 Software MegaBBS
@@ -17019,11 +17025,11 @@
CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 ...)
NOT-FOR-US: SysCP WebFTP
CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive ...)
- NOT-FOR-US: boastMachine
+ NOT-FOR-US: boastMachine
CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...)
- NOT-FOR-US: Mail Management Agent
+ NOT-FOR-US: Mail Management Agent
CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...)
- NOT-FOR-US: Mail Management Agent
+ NOT-FOR-US: Mail Management Agent
CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before ...)
NOT-FOR-US: Rockliffe MailSite
CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of Rockliffe ...)
@@ -17039,7 +17045,7 @@
CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote ...)
NOT-FOR-US: ADN Forum
CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in ...)
- NOT-FOR-US: Aquifer CMS
+ NOT-FOR-US: Aquifer CMS
CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server before ...)
NOT-FOR-US: Notes/Domino
CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...)
@@ -17063,13 +17069,13 @@
CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media ...)
NOT-FOR-US: Boxcar Media Shopping Cart
CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...)
- NOT-FOR-US: Foro Domus
+ NOT-FOR-US: Foro Domus
CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...)
- NOT-FOR-US: Modular Merchant Shopping Cart
+ NOT-FOR-US: Modular Merchant Shopping Cart
CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows ...)
- NOT-FOR-US: Timecan CMS
+ NOT-FOR-US: Timecan CMS
CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to ...)
- NOT-FOR-US: Timecan CMS
+ NOT-FOR-US: Timecan CMS
CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on ...)
NOT-FOR-US: PostgreSQL on Windows
CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier ...)
@@ -17100,7 +17106,7 @@
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
NOT-FOR-US: oaBoard
CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP ...)
- NOT-FOR-US: @Card ME PHP
+ NOT-FOR-US: @Card ME PHP
CVE-2006-0092
REJECTED
NOT-FOR-US: SiteSuite CMS
@@ -17115,7 +17121,7 @@
CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in ...)
NOT-FOR-US: Lizard Cart
CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation ...)
- NOT-FOR-US: Next Generation Image Gallery
+ NOT-FOR-US: Next Generation Image Gallery
CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote ...)
NOT-FOR-US: Nkads
CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ...)
@@ -17126,7 +17132,7 @@
NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-4633
REJECTED
- NOT-FOR-US: phpoutsourcing Zorum Forum
+ NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0 and ...)
NOT-FOR-US: Vote!Pro
CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...)
@@ -17138,9 +17144,9 @@
CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ...)
NOT-FOR-US: HelpDeskPoint
CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...)
- NOT-FOR-US: GmailSite
+ NOT-FOR-US: GmailSite
CVE-2005-4626 (The default configuration of Recruitment Software installs ...)
- NOT-FOR-US: Recruitment Software
+ NOT-FOR-US: Recruitment Software
CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...)
NOT-FOR-US: Strange Windows drivers
CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows ...)
@@ -17154,7 +17160,7 @@
CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to ...)
NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
- NOT-FOR-US: phpoutsourcing Zorum Forum
+ NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
{DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.15-1
@@ -17281,7 +17287,7 @@
CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp ...)
NOT-FOR-US: OoApp Guestbook
CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...)
- NOT-FOR-US: iPei Guestbook
+ NOT-FOR-US: iPei Guestbook
CVE-2005-4596 (Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook ...)
NOT-FOR-US: AdesGuestbook
CVE-2005-4595 (Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView ...)
@@ -17362,7 +17368,7 @@
- electricsheep 2.6.3+cvs20051206-1 (unimportant)
NOTE: This does not seem to be exploitable.
CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4 allows ...)
- NOT-FOR-US: Day Communique
+ NOT-FOR-US: Day Communique
CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi Business ...)
NOT-FOR-US: Hitachi Business Logic
CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic - ...)
@@ -17434,7 +17440,7 @@
CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the full ...)
NOT-FOR-US: eggblog
CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ...)
- NOT-FOR-US: NetDirect ShopEngine
+ NOT-FOR-US: NetDirect ShopEngine
CVE-2005-4544
RESERVED
CVE-2005-4543
@@ -17475,7 +17481,7 @@
CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 ...)
NOT-FOR-US: MIMEsweeper For Web
CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local ...)
- NOT-FOR-US: Sygate
+ NOT-FOR-US: Sygate
CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note private" when a ...)
{DSA-944-1}
- mantis 0.19.4-1 (bug #345288)
@@ -17537,7 +17543,7 @@
CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 ...)
NOT-FOR-US: Cisco
CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier ...)
- NOT-FOR-US: Text-e
+ NOT-FOR-US: Text-e
CVE-2005-4497 (Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and ...)
NOT-FOR-US: Tangora Portal
CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 ...)
@@ -17559,7 +17565,7 @@
CVE-2005-4488 (Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in ...)
NOT-FOR-US: Redakto WCMS
CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and ...)
- NOT-FOR-US: RAMSite
+ NOT-FOR-US: RAMSite
CVE-2005-4486 (** DISPUTED ** ...)
NOT-FOR-US: Quantum Art
CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 ...)
@@ -17577,7 +17583,7 @@
CVE-2005-4479 (SQL injection vulnerability in article.php in phpSlash 0.8.1 and ...)
NOT-FOR-US: phpSlash
CVE-2005-4478 (Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier ...)
- NOT-FOR-US: Papoo
+ NOT-FOR-US: Papoo
CVE-2005-4477 (Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and ...)
NOT-FOR-US: papaya CMS
CVE-2005-4476 (Cross-site scripting (XSS) vulnerability in store/search/results.html ...)
@@ -17645,7 +17651,7 @@
CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll ...)
NOT-FOR-US: SIP Proxy
CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC ...)
- NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
+ NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote ...)
NOT-FOR-US: Ingate Firewall / SIParator
CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive ...)
@@ -17654,13 +17660,13 @@
CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP ...)
NOT-FOR-US: Tolva PHP website system
CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ...)
- NOT-FOR-US: Beehive Forum
+ NOT-FOR-US: Beehive Forum
CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ...)
- NOT-FOR-US: Beehive Forum
+ NOT-FOR-US: Beehive Forum
CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe ...)
NOT-FOR-US: VMWare
CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...)
- NOT-FOR-US: Metadot Portal Server
+ NOT-FOR-US: Metadot Portal Server
CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote ...)
NOT-FOR-US: MailEnable
CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and ...)
@@ -17672,7 +17678,7 @@
NOT-FOR-US: livejournal
NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote ...)
- NOT-FOR-US: Ultraapps Issue Manager
+ NOT-FOR-US: Ultraapps Issue Manager
CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under ...)
NOT-FOR-US: Information Call Center
CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 ...)
@@ -17742,9 +17748,9 @@
CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory outside ...)
NOT-FOR-US: Dev-Editor
CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive ...)
- NOT-FOR-US: Honeycomb Archive Enterprise
+ NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in ...)
- NOT-FOR-US: Honeycomb Archive Enterprise
+ NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW) ...)
NOT-FOR-US: Widcomm Bluetooth for Windows
CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows remote ...)
@@ -17766,9 +17772,9 @@
CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and ...)
NOT-FOR-US: Miraserver
CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS ...)
- NOT-FOR-US: Mercury CMS
+ NOT-FOR-US: Mercury CMS
CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and ...)
- NOT-FOR-US: Mercury CMS
+ NOT-FOR-US: Mercury CMS
CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to ...)
NOT-FOR-US: Red Queen
CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x ...)
@@ -17844,15 +17850,15 @@
CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows ...)
NOT-FOR-US: Acuity CMS
CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ...)
- NOT-FOR-US: roundcube webmail
+ NOT-FOR-US: roundcube webmail
CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in ...)
- NOT-FOR-US: DRZES HMS
+ NOT-FOR-US: DRZES HMS
CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote ...)
- NOT-FOR-US: DRZES HMS
+ NOT-FOR-US: DRZES HMS
CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...)
- NOT-FOR-US: FLIP
+ NOT-FOR-US: FLIP
CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana ...)
- NOT-FOR-US: Hot Banana Web Content Management Suite
+ NOT-FOR-US: Hot Banana Web Content Management Suite
CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in ...)
NOT-FOR-US: Komodo CMS
CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows ...)
@@ -17927,9 +17933,9 @@
CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers ...)
NOT-FOR-US: ZixForum
CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board ...)
- NOT-FOR-US: Binary Board System
+ NOT-FOR-US: Binary Board System
CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
- NOT-FOR-US: Secure Smart Manager
+ NOT-FOR-US: Secure Smart Manager
CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant ...)
NOT-FOR-US: iHTML Merchant
CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall ...)
@@ -17945,21 +17951,21 @@
CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have ...)
NOT-FOR-US: Driverse
CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through ...)
- NOT-FOR-US: Hitachi Groupmax Mail SMTP
+ NOT-FOR-US: Hitachi Groupmax Mail SMTP
CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal ...)
- NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
+ NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
- NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
+ NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani ...)
NOT-FOR-US: Apani Networks EpiForce
CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the ...)
- NOT-FOR-US: Limbo CMS
+ NOT-FOR-US: Limbo CMS
CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 ...)
- NOT-FOR-US: Limbo CMS
+ NOT-FOR-US: Limbo CMS
CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and ...)
- NOT-FOR-US: Limbo CMS
+ NOT-FOR-US: Limbo CMS
CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not ...)
- NOT-FOR-US: Limbo CMS
+ NOT-FOR-US: Limbo CMS
CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers ...)
NOT-FOR-US: HP-UX
CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...)
@@ -17981,7 +17987,7 @@
CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...)
NOT-FOR-US: ScareCrow
CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...)
- NOT-FOR-US: SiteNet BBS
+ NOT-FOR-US: SiteNet BBS
CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...)
- trac 0.9.3-1 (bug #344006)
[sarge] - trac <unfixed> (medium)
@@ -18010,7 +18016,7 @@
CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial ...)
NOT-FOR-US: AppServ Open Project
CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...)
- NOT-FOR-US: Absolute Image Gallery XE
+ NOT-FOR-US: Absolute Image Gallery XE
CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
NOT-FOR-US: Alkacon OpenCms
CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...)
@@ -18054,11 +18060,11 @@
CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x ...)
NOT-FOR-US: Business Objects WebIntelligence
CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) ...)
- NOT-FOR-US: AIX
+ NOT-FOR-US: AIX
CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote ...)
- NOT-FOR-US: AIX
+ NOT-FOR-US: AIX
CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...)
- NOT-FOR-US: AIX
+ NOT-FOR-US: AIX
CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows ...)
NOT-FOR-US: Watchfire AppScan
CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...)
@@ -18117,9 +18123,9 @@
CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 ...)
NOT-FOR-US: QuickPayPro
CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta ...)
- NOT-FOR-US: Plogger
+ NOT-FOR-US: Plogger
CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows ...)
- NOT-FOR-US: Plogger
+ NOT-FOR-US: Plogger
CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe ...)
NOT-FOR-US: Snipe Gallery
CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows ...)
@@ -18127,20 +18133,20 @@
CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote ...)
NOT-FOR-US: QuickPayPro
CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in ...)
- NOT-FOR-US: VCD-db
+ NOT-FOR-US: VCD-db
CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and earlier ...)
- NOT-FOR-US: VCD-db
+ NOT-FOR-US: VCD-db
CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php ...)
NOT-FOR-US: PHP JackKnife
CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...)
{DSA-944-1}
- mantis 0.19.4-1 (bug #345288)
CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and ...)
- NOT-FOR-US: MySQL Auction
+ NOT-FOR-US: MySQL Auction
CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD ...)
NOT-FOR-US: CKGOLD
CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in ...)
- NOT-FOR-US: WHMCompleteSolution
+ NOT-FOR-US: WHMCompleteSolution
CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and ...)
NOT-FOR-US: EncapsGallery
CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad Manager ...)
@@ -18154,7 +18160,7 @@
CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...)
NOT-FOR-US: EveryAuction
CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and ...)
- NOT-FOR-US: PhpWebGallery
+ NOT-FOR-US: PhpWebGallery
CVE-2005-4227 (Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 ...)
NOT-FOR-US: DCP-Portal
CVE-2005-4226 (Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 ...)
@@ -18170,7 +18176,7 @@
CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...)
NOT-FOR-US: Arab Portal System
CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...)
- NOT-FOR-US: Netgear hardware issue
+ NOT-FOR-US: Netgear hardware issue
CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains ...)
NOT-FOR-US: Innovative CMS
CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows ...)
@@ -18315,7 +18321,7 @@
{DSA-955-1}
- mailman 2.1.5-10
CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to ...)
- NOT-FOR-US: Soti Pocket Controller-Professional
+ NOT-FOR-US: Soti Pocket Controller-Professional
CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop ...)
NOT-FOR-US: PGP Desktop Home
CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in ...)
@@ -18529,7 +18535,7 @@
CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a ...)
NOT-FOR-US: e107
CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with ...)
- NOT-FOR-US: MultiVOIP hardware
+ NOT-FOR-US: MultiVOIP hardware
CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote ...)
NOT-FOR-US: Blog System
CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function ...)
@@ -18552,15 +18558,15 @@
CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and ...)
NOT-FOR-US: Hobosworld HobSR
CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and ...)
- NOT-FOR-US: Warm Links
+ NOT-FOR-US: Warm Links
CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy ...)
NOT-FOR-US: MR CGI Guy Hot Links SQL
CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier allows ...)
NOT-FOR-US: FileLister
CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future Portal ...)
- NOT-FOR-US: Web4Future Portal Solutions News Portal
+ NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future Portal ...)
- NOT-FOR-US: Web4Future Portal Solutions News Portal
+ NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future Affiliate ...)
NOT-FOR-US: Web4Future Affiliate Manager
CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future ...)
@@ -18588,7 +18594,7 @@
CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect ...)
NOT-FOR-US: Help Desk Reloaded Free Help Desk
CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 ...)
- NOT-FOR-US: Interspire FastFind
+ NOT-FOR-US: Interspire FastFind
CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before ...)
- gallery2 2.0.2-1 (medium)
CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the "Add Image From Web" ...)
@@ -18623,7 +18629,7 @@
NOT-FOR-US: Jax Calendar
CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 ...)
{DSA-919-2}
- - curl 7.15.1-1 (bug #342339; bug #342696; medium)
+ - curl 7.15.1-1 (bug #342339; bug #342696; medium)
CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, ...)
NOT-FOR-US: SAPID CMS
CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
@@ -18643,7 +18649,7 @@
CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater ...)
NOT-FOR-US: SiteBeater MP3 Catalog
CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress ...)
- NOT-FOR-US: Solupress News
+ NOT-FOR-US: Solupress News
CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows ...)
NOT-FOR-US: Zen Cart
CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in ...)
@@ -18688,7 +18694,7 @@
CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...)
- NOT-FOR-US: NetClassifieds Premium Edition
+ NOT-FOR-US: NetClassifieds Premium Edition
CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC ...)
NOT-FOR-US: QualityEBiz Quality PPC
CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...)
@@ -18703,7 +18709,7 @@
{DSA-958-1}
- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...)
- NOT-FOR-US: Extreme Search Corporate Edition
+ NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...)
NOT-FOR-US: Citrix
CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...)
@@ -18736,9 +18742,9 @@
CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote ...)
- NOT-FOR-US: Microsoft cabarc
+ NOT-FOR-US: Microsoft cabarc
CVE-2004-2642 (Yeemp 0.9.9 and earlier does properly encrypt inbound files, which ...)
- NOT-FOR-US: Yeemp
+ NOT-FOR-US: Yeemp
CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire ...)
NOT-FOR-US: Sun appliances
CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before ...)
@@ -18754,7 +18760,7 @@
CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System ...)
NOT-FOR-US: McAfee
CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX ...)
- NOT-FOR-US: AIX
+ NOT-FOR-US: AIX
CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous ...)
NOT-FOR-US: Sesamie
CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify ...)
@@ -18770,9 +18776,9 @@
CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...)
NOT-FOR-US: J2ME
CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular ...)
- NOT-FOR-US: Siemens cell phone
+ NOT-FOR-US: Siemens cell phone
CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows ...)
- NOT-FOR-US: Outblaze Email
+ NOT-FOR-US: Outblaze Email
CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki ...)
NOT-FOR-US: WackoWiki
CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when ...)
@@ -18782,9 +18788,9 @@
CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when ...)
NOT-FOR-US: Nortel Contivity VPN client
CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly ...)
- NOT-FOR-US: ripMIME
+ NOT-FOR-US: ripMIME
CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail ...)
- NOT-FOR-US: ripMIME
+ NOT-FOR-US: ripMIME
CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) ...)
NOT-FOR-US: Pegasi Web Server
CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 ...)
@@ -18885,9 +18891,9 @@
CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 ...)
NOT-FOR-US: Microsoft
CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...)
- NOT-FOR-US: ilyav Survey System
+ NOT-FOR-US: ilyav Survey System
CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...)
- NOT-FOR-US: ilyav Survey System
+ NOT-FOR-US: ilyav Survey System
CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...)
NOT-FOR-US: Orca Knowledgebase
CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier ...)
@@ -18936,7 +18942,7 @@
CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers ...)
NOT-FOR-US: Babe Logger
CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote ...)
- NOT-FOR-US: PBLang
+ NOT-FOR-US: PBLang
CVE-2005-3918 (** DISPUTED ** ...)
NOT-FOR-US: OvBB
CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 ...)
@@ -18948,7 +18954,7 @@
CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow ...)
NOT-FOR-US: AFFcommerce
CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...)
- NOT-FOR-US: Virtual Hosting Control System
+ NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...)
{DSA-1199-1}
- webmin <not-affected> (Fixed through corrected Perl)
@@ -18972,11 +18978,11 @@
CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows ...)
NOT-FOR-US: SCO Unixware
CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...)
- NOT-FOR-US: Virtual Hosting Control System
+ NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not ...)
NOT-FOR-US: Flash MX
CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server does 5.1 ...)
- NOT-FOR-US: Macromedia Breeze
+ NOT-FOR-US: Macromedia Breeze
CVE-2005-3899 (The automatic update feature in Google Talk allows remote attackers to ...)
NOT-FOR-US: Google Talk
CVE-2005-3898
@@ -19011,7 +19017,7 @@
CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in ...)
NOT-FOR-US: Gadu-Gadu
CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and ...)
- NOT-FOR-US: Cisco Security Agent
+ NOT-FOR-US: Cisco Security Agent
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...)
{DSA-916-1}
- inkscape 0.42-1 (bug #321501; low)
@@ -19112,7 +19118,7 @@
CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk ...)
NOT-FOR-US: SupportPRO Supportdesk
CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft ...)
- NOT-FOR-US: IsolSoft Support Center
+ NOT-FOR-US: IsolSoft Support Center
CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in ...)
NOT-FOR-US: sCssBoard
CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...)
@@ -19156,7 +19162,7 @@
CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory ...)
NOT-FOR-US: Softbiz Web Host Directory
CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 ...)
- NOT-FOR-US: freeForum
+ NOT-FOR-US: freeForum
CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and ...)
NOT-FOR-US: Orca Forum
CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro ...)
@@ -19166,7 +19172,7 @@
CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...)
NOT-FOR-US: freeFTPd
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...)
- NOT-FOR-US: AMAX Magic Winmail Server
+ NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels ...)
{DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-1 (medium)
@@ -19201,11 +19207,11 @@
CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in ...)
NOT-FOR-US: PHP-Nuke
CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 ...)
- NOT-FOR-US: phpAdsNew and phpPgAds
+ NOT-FOR-US: phpAdsNew and phpPgAds
CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOT-FOR-US: phpwcms
+ NOT-FOR-US: phpwcms
CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...)
- NOT-FOR-US: phpwcms
+ NOT-FOR-US: phpwcms
CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...)
NOT-FOR-US: Cisco appliance
CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
@@ -19314,9 +19320,9 @@
- x-face-el 1.3.6.23-1
NOTE: DSA-340
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
- NOT-FOR-US: Solaris
+ NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...)
- NOT-FOR-US: IPUpdate
+ NOT-FOR-US: IPUpdate
CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 ...)
NOT-FOR-US: HP-UX
CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...)
@@ -19358,7 +19364,7 @@
CVE-2005-3760 (Double-free vulnerability in the BBOORB module in IBM WebSphere ...)
NOT-FOR-US: WebSphere
CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
- NOT-FOR-US: Google search appliance
+ NOT-FOR-US: Google search appliance
CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly ...)
NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour
NOTE: is well documented and can be switched off. Let's hope that all users
@@ -19367,11 +19373,11 @@
- ooo2dbk <not-affected> (uses it's own xslt unless overridden by command line arg)
TODO: check zope-zms (stef-guest: pinged maintainers)
CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, ...)
- NOT-FOR-US: Google search appliance
+ NOT-FOR-US: Google search appliance
CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...)
- NOT-FOR-US: Google search appliance
+ NOT-FOR-US: Google search appliance
CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
- NOT-FOR-US: Google search appliance
+ NOT-FOR-US: Google search appliance
CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...)
NOT-FOR-US: Opera
CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in the diagela command ...)
@@ -19409,12 +19415,12 @@
CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add content" page in ...)
NOT-FOR-US: phpMyFAQ
CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper ...)
- NOT-FOR-US: Juniper products using IKE
+ NOT-FOR-US: Juniper products using IKE
CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
{DSA-965-1}
- ipsec-tools 1:0.6.3-1 (bug #340584; low)
CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain ...)
- NOT-FOR-US: AMAX Magic Winmail
+ NOT-FOR-US: AMAX Magic Winmail
CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote ...)
- isoqlog 2.2-0.1
CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and ...)
@@ -19432,7 +19438,7 @@
CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Serena TeamTrack
CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business ...)
- NOT-FOR-US: Leigh Business Enterprises
+ NOT-FOR-US: Leigh Business Enterprises
CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences ...)
NOT-FOR-US: ISS Web+Center
CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits ...)
@@ -19466,7 +19472,7 @@
{DSA-907-1}
- ipmenu 0.0.3-5
CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...)
- NOT-FOR-US: yaSSL
+ NOT-FOR-US: yaSSL
CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Revize CMS
CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain ...)
@@ -19517,9 +19523,9 @@
CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server ...)
NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...)
- NOT-FOR-US: MailEnable Professional
+ NOT-FOR-US: MailEnable Professional
CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of ...)
- NOT-FOR-US: MailEnable Professional
+ NOT-FOR-US: MailEnable Professional
CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the ...)
NOT-FOR-US: XMB
CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 ...)
@@ -19730,7 +19736,7 @@
CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows ...)
NOT-FOR-US: phpAdsNews
CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows ...)
- NOT-FOR-US: Windows
+ NOT-FOR-US: Windows
CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...)
NOT-FOR-US: DB2
CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...)
@@ -19957,14 +19963,14 @@
CVE-2005-3562
REJECTED
CVE-2005-3561 ( ...)
- NOT-FOR-US: ATutor
+ NOT-FOR-US: ATutor
CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
NOT-FOR-US: Zone Labs
CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...)
{DSA-1048-1}
- asterisk 1:1.2.7.1.dfsg-2 (bug #338116; medium)
CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...)
- NOT-FOR-US: OSTE
+ NOT-FOR-US: OSTE
CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist ...)
NOT-FOR-US: PHPList
CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 ...)
@@ -20109,9 +20115,9 @@
CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in ...)
NOT-FOR-US: FlatFrag
CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video ...)
- NOT-FOR-US: Asus Video Security
+ NOT-FOR-US: Asus Video Security
CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...)
- NOT-FOR-US: Asus Video Security
+ NOT-FOR-US: Asus Video Security
CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a ...)
- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow ...)
@@ -20139,7 +20145,7 @@
CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows ...)
NOT-FOR-US: OpenTopic
CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin ...)
- NOT-FOR-US: YaBB
+ NOT-FOR-US: YaBB
CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's ...)
NOT-FOR-US: NetTelephone
CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a ...)
@@ -20159,7 +20165,7 @@
CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) ...)
NOT-FOR-US: a.shopKart
CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ...)
- NOT-FOR-US: GuildFTPd
+ NOT-FOR-US: GuildFTPd
CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 ...)
NOT-FOR-US: EServer
CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...)
@@ -20187,7 +20193,7 @@
CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute ...)
NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1253 (Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code ...)
- NOT-FOR-US: Bookmark4U
+ NOT-FOR-US: Bookmark4U
CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute ...)
NOT-FOR-US: S8Forum
CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...)
@@ -20446,7 +20452,7 @@
CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a ...)
NOT-FOR-US: Hasbani Web Server
CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...)
- NOT-FOR-US: XCP DRM
+ NOT-FOR-US: XCP DRM
CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
NOT-FOR-US: Simple PHP Blog
CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express ...)
@@ -20852,7 +20858,7 @@
- php4 4:4.4.2-1 (bug #336004; bug #354684; low)
- php5 5.1.1-1 (bug #336005; low)
[sarge] - php4 <not-affected>
- NOTE: can't reproduce, error may not be present in 4.3.
+ NOTE: can't reproduce, error may not be present in 4.3.
NOTE: tentatively marking as not-affected in sarge.
CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib ...)
{DSA-886-1}
@@ -20892,7 +20898,7 @@
{DSA-887-1 DTSA-21-1}
- clamav 0.87.1-1 (high)
CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...)
- NOT-FOR-US: NetCache
+ NOT-FOR-US: NetCache
CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...)
NOT-FOR-US: phpCodeGenie
CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown ...)
@@ -21362,7 +21368,7 @@
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
- php5 5.0.5-2 (low)
- php4 4:4.4.0-3 (low)
- [sarge] - php4 <no-dsa> (Safe mode violations not supported)
+ [sarge] - php4 <no-dsa> (Safe mode violations not supported)
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
{DSA-1017-1}
- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
@@ -21407,7 +21413,7 @@
CVE-2005-3166 (Unspecified vulnerability in "edit submission handling" for MediaWiki ...)
- mediawiki 1.4.11-1 (bug #332408; unknown)
CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...)
- - mediawiki 1.4.9
+ - mediawiki 1.4.9
CVE-2005-3164 (Hitachi Cosminexus Application Server does not properly handle when a ...)
NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
@@ -22789,9 +22795,9 @@
CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...)
NOT-FOR-US: World Poker Championship
CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...)
- NOT-FOR-US: PHPFreeNews
+ NOT-FOR-US: PHPFreeNews
CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
- NOT-FOR-US: PHPFreeNews
+ NOT-FOR-US: PHPFreeNews
CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...)
- phpadsnew <itp> (bug #226636)
CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
@@ -22799,7 +22805,7 @@
CVE-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...)
NOT-FOR-US: WinFTP Server
CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...)
- NOT-FOR-US: PHPTB Topic Board
+ NOT-FOR-US: PHPTB Topic Board
CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...)
- mediabox404 <itp> (bug #294397)
CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
@@ -22823,19 +22829,19 @@
CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...)
NOT-FOR-US: Google Toolbar
CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...)
- NOT-FOR-US: PHPNews
+ NOT-FOR-US: PHPNews
CVE-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite arbitrary ...)
- wmfrog <itp> (bug #294352)
CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...)
NOT-FOR-US: Outpost Pro
CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...)
- NOT-FOR-US: QuoteEngine
+ NOT-FOR-US: QuoteEngine
CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...)
- NOT-FOR-US: MadBMS
+ NOT-FOR-US: MadBMS
CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...)
- NOT-FOR-US: phpScheduleIt
+ NOT-FOR-US: phpScheduleIt
CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...)
- NOT-FOR-US: SillySearch
+ NOT-FOR-US: SillySearch
CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...)
NOT-FOR-US: Easy Chat Server
CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...)
@@ -22923,15 +22929,15 @@
CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
NOT-FOR-US: ADM ActiveX control
CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...)
- NOT-FOR-US: WinAgents TFTP Server
+ NOT-FOR-US: WinAgents TFTP Server
CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...)
- NOT-FOR-US: ignitionServer
+ NOT-FOR-US: ignitionServer
CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...)
NOT-FOR-US: Trend OfficeScan
CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...)
NOT-FOR-US: EnderUNIX spamGuard
CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...)
- NOT-FOR-US: WWWguestbook
+ NOT-FOR-US: WWWguestbook
CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
NOT-FOR-US: Axis Network Camera
CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...)
@@ -22953,11 +22959,11 @@
CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...)
NOT-FOR-US: slimftpd not in debian
CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...)
- NOT-FOR-US: smtp.proxy
+ NOT-FOR-US: smtp.proxy
CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...)
- NOT-FOR-US: ccproxy
+ NOT-FOR-US: ccproxy
CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...)
- NOT-FOR-US: Davenport
+ NOT-FOR-US: Davenport
CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...)
NOT-FOR-US: Novell NetWare
CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...)
@@ -23244,7 +23250,7 @@
CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...)
NOT-FOR-US: Leif M. Wright Web Blog
CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...)
- NOT-FOR-US: Forum Web Server
+ NOT-FOR-US: Forum Web Server
CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...)
NOT-FOR-US: Oracle
CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...)
@@ -23280,7 +23286,7 @@
CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...)
NOT-FOR-US: Kerio Personal Firewal
CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...)
- NOT-FOR-US: Clearswift MAILsweeper
+ NOT-FOR-US: Clearswift MAILsweeper
CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Vizer
CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...)
@@ -23758,7 +23764,7 @@
{DSA-813-1 DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- centericq 4.20.0-9 (bug #323185; medium)
- [sarge] - ekg <not-affected>
+ [sarge] - ekg <not-affected>
NOTE: I checked the ekg source from Sarge and all fixes from the centericq DSA 813
NOTE: are already included.
CVE-2005-2447
@@ -25426,7 +25432,7 @@
- clamav 0.86.1-1 (bug #318756; medium)
CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
NOT-FOR-US: Affected only Real Player, not Helix Player
- NOTE: http://service.real.com/help/faq/security/050623_player/EN/
+ NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
NOT-FOR-US: Real Player
NOTE: This didn't affected Helix, although the changelog claimed so, see
@@ -26300,7 +26306,7 @@
CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
- libpam-opie <unfixed> (bug #112279; unimportant)
NOTE: This is documented and not really important. In contrast to passwords
- NOTE: used by humans
+ NOTE: used by humans
[sarge] - libpam-opie <no-dsa> (Documented shortcoming, minor impact)
CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
@@ -26444,7 +26450,7 @@
CVE-2005-1919
REJECTED
CVE-2005-1918 (The original patch for a GNU tar directory traversal vulnerability ...)
- - tar 1.14-2.2
+ - tar 1.14-2.2
NOTE: 1.14-2.2 is ok, maybe Debian was not-affected anyway
CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is not the same one
@@ -27538,7 +27544,7 @@
CVE-2005-XXXX [vpnc: config file path security hole]
- vpnc 0.3.2+SVN20050326-2
CVE-2005-XXXX [Several buffer overflows in termpkg]
- - termpkg 3.3-2
+ - termpkg 3.3-2
CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
NOTE: already fixed since 2.15-6
@@ -27872,7 +27878,7 @@
CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...)
- cherokee 0.4.21b01-1
CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...)
- NOT-FOR-US: Kinesphere eXchange POP3
+ NOT-FOR-US: Kinesphere eXchange POP3
CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...)
NOT-FOR-US: Eudora
CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in phpBB ...)
@@ -28860,9 +28866,9 @@
[sarge] - kernel-source-2.4.27 2.4.27-10
NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...)
- - gaim 1:1.2.1-1.1
+ - gaim 1:1.2.1-1.1
CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...)
- - gaim 1:1.2.1-1.1
+ - gaim 1:1.2.1-1.1
CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
{DSA-741-1}
- bzip2 1.0.2-7
@@ -29775,7 +29781,7 @@
CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...)
NOT-FOR-US: Adobe SVG Viewer
CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for ...)
- NOT-FOR-US: EncapsBB
+ NOT-FOR-US: EncapsBB
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
- kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 <not-affected>
@@ -29985,7 +29991,7 @@
CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat ...)
NOT-FOR-US: PHPOpenChat
CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...)
- NOT-FOR-US: Delegate
+ NOT-FOR-US: Delegate
CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0 allows ...)
NOT-FOR-US: TRG News Script
CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows ...)
@@ -30098,9 +30104,9 @@
CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
- mathopd 1.5p5-1
CVE-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...)
- NOT-FOR-US: Cherokee
+ NOT-FOR-US: Cherokee
CVE-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
- NOT-FOR-US: Cherokee
+ NOT-FOR-US: Cherokee
CVE-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...)
NOT-FOR-US: Nokia Firewall appliances
CVE-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
@@ -30185,31 +30191,31 @@
CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...)
NOT-FOR-US: Hola CMS
CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)
- NOT-FOR-US: ZPanel
+ NOT-FOR-US: ZPanel
CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows ...)
- NOT-FOR-US: ZPanel
+ NOT-FOR-US: ZPanel
CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...)
- NOT-FOR-US: ZPanel
+ NOT-FOR-US: ZPanel
CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...)
- NOT-FOR-US: phpAdsNew
+ NOT-FOR-US: phpAdsNew
CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
- NOT-FOR-US: phpAdsNew
+ NOT-FOR-US: phpAdsNew
CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...)
- NOT-FOR-US: SimpGB
+ NOT-FOR-US: SimpGB
CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...)
- NOT-FOR-US: YaBB
+ NOT-FOR-US: YaBB
CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...)
- NOT-FOR-US: Phorum
+ NOT-FOR-US: Phorum
CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...)
- NOT-FOR-US: Phorum
+ NOT-FOR-US: Phorum
CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...)
- NOT-FOR-US: paFileDB
+ NOT-FOR-US: paFileDB
CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
- NOT-FOR-US: paFileDB
+ NOT-FOR-US: paFileDB
CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
- NOT-FOR-US: paFileDB
+ NOT-FOR-US: paFileDB
CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...)
- NOT-FOR-US: PlatinumFTP
+ NOT-FOR-US: PlatinumFTP
CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...)
NOT-FOR-US: PhotoPost
CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
@@ -30293,7 +30299,7 @@
CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...)
NOT-FOR-US: Adobe PhotoDeluxe
CVE-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...)
- NOT-FOR-US: Advanced Poll
+ NOT-FOR-US: Advanced Poll
CVE-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...)
NOT-FOR-US: WinVNC
CVE-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...)
@@ -30314,7 +30320,7 @@
CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
- omniorb4 4.0.5-2
CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...)
- NOT-FOR-US: not part of Woody, has been removed from sarge/sid
+ NOT-FOR-US: not part of Woody, has been removed from sarge/sid
CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...)
NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable
CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...)
@@ -30581,13 +30587,13 @@
CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...)
NOT-FOR-US: JoWood Chaser (for Windows)
CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...)
- NOT-FOR-US: PHP-Fusion
+ NOT-FOR-US: PHP-Fusion
CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for ...)
- NOT-FOR-US: SocialMPN
+ NOT-FOR-US: SocialMPN
CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...)
NOT-FOR-US: Gene6 FTP Server for Win
CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...)
- NOT-FOR-US: The Includer
+ NOT-FOR-US: The Includer
CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...)
NOT-FOR-US: Windows
CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...)
@@ -30605,19 +30611,19 @@
CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Nokia
CVE-2005-0680 (PHP remote file inclusion vulnerability in ...)
- NOT-FOR-US: Download Center Lite
+ NOT-FOR-US: Download Center Lite
CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php for ...)
- NOT-FOR-US: Tell A Friend Script
+ NOT-FOR-US: Tell A Friend Script
CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for Form ...)
- NOT-FOR-US: Form Mail Script
+ NOT-FOR-US: Form Mail Script
CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...)
- NOT-FOR-US: Zorum
+ NOT-FOR-US: Zorum
CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...)
- NOT-FOR-US: Zorum
+ NOT-FOR-US: Zorum
CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...)
- NOT-FOR-US: Zorum
+ NOT-FOR-US: Zorum
CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...)
- NOT-FOR-US: Pabox for PHPNuke
+ NOT-FOR-US: Pabox for PHPNuke
CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
- phpbb2 2.0.13-2
CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
@@ -30721,9 +30727,9 @@
CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...)
NOT-FOR-US: Symantec DNSd
CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...)
- NOT-FOR-US: Zorum
+ NOT-FOR-US: Zorum
CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...)
- NOT-FOR-US: Zorum
+ NOT-FOR-US: Zorum
CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
- squid 2.5.9-2
CVE-2005-0940
@@ -31345,7 +31351,7 @@
- lynx-cur 2.8.6-6 (low)
- lynx-ssl <removed>
CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
- - links 0.99+1.00pre12-1 (bug #296341; low)
+ - links 0.99+1.00pre12-1 (bug #296341; low)
CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
NOT-FOR-US: Opera
CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...)
@@ -31569,7 +31575,7 @@
CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...)
NOT-FOR-US: Invision Power Board
CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for the Cash ...)
- NOT-FOR-US: Cash Mod module of phpbb2
+ NOT-FOR-US: Cash Mod module of phpbb2
CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...)
NOT-FOR-US: ZoneAlarm
CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...)
@@ -31666,7 +31672,7 @@
NOT-FOR-US: MercuryBoard
CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...)
- phpmyadmin 4:2.6.2 (unimportant)
- NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki at netia.net.pl> :
+ NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki at netia.net.pl> :
NOTE: I think it is not a problem on Debian as far as everybody knows the full
NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...)
@@ -31917,7 +31923,7 @@
CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...)
- linux-2.6 <not-affected> (Linux is not vulnerable, see #310804)
- kernel-source-2.4.27 <not-affected> (Linux is not vulnerable, see #310804)
- - kfreebsd5-source 5.3-15 (medium)
+ - kfreebsd5-source 5.3-15 (medium)
CVE-2005-0355
RESERVED
CVE-2005-0354
@@ -32035,7 +32041,7 @@
CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...)
- imp3 3.2.5-1
CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...)
- NOT-FOR-US: db2www
+ NOT-FOR-US: db2www
CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...)
NOT-FOR-US: Board Power
CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...)
@@ -32443,7 +32449,7 @@
CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...)
NOT-FOR-US: AIX
CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...)
- NOT-FOR-US: S/MIME plugin
+ NOT-FOR-US: S/MIME plugin
CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...)
NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
- epiphany-browser 1.4.8-2
@@ -32466,7 +32472,7 @@
- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...)
NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
- NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers
+ NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers
NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
@@ -32495,7 +32501,7 @@
CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...)
- gallery 1.4.4-pl5-1
CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...)
- NOT-FOR-US: Invision Community Blog
+ NOT-FOR-US: Invision Community Blog
CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...)
NOT-FOR-US: Woltlab Burning Board Lite
CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...)
@@ -32575,9 +32581,9 @@
CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...)
NOT-FOR-US: NodeManager Professional
CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...)
- NOT-FOR-US: vacation plugin
+ NOT-FOR-US: vacation plugin
CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...)
- NOT-FOR-US: vacation plugin
+ NOT-FOR-US: vacation plugin
CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
NOT-FOR-US: mod_dosevasive module for apache
CVE-2005-0181
@@ -33052,7 +33058,7 @@
CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...)
NOT-FOR-US: Solaris
CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...)
- NOT-FOR-US: Sun Java System Web Proxy Server
+ NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...)
- gzip <not-affected> (gzip on Solaris)
CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
@@ -34396,7 +34402,7 @@
RESERVED
CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...)
{DSA-611-1}
- - htget <removed>
+ - htget <removed>
CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
{DSA-559-1}
- net-acct 0.71-7
@@ -34590,7 +34596,7 @@
CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
NOT-FOR-US: Windows
CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
- NOT-FOR-US: Real Helix server
+ NOT-FOR-US: Real Helix server
CVE-2004-0773
RESERVED
CVE-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
@@ -34861,9 +34867,9 @@
NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
- kernel-patch-adamantix 1.6
CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...)
- NOT-FOR-US: popclient
+ NOT-FOR-US: popclient
CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...)
- NOT-FOR-US: csFAQ
+ NOT-FOR-US: csFAQ
CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...)
NOT-FOR-US: PowerPortal
CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
@@ -35084,7 +35090,7 @@
CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
NOT-FOR-US: Wingate
CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
- NOT-FOR-US: GNU radius
+ NOT-FOR-US: GNU radius
CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...)
NOT-FOR-US: Windows
CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...)
@@ -35142,7 +35148,7 @@
- queue 1.30.1-5
CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- - kernel-source-2.4.27 2.4.27-1
+ - kernel-source-2.4.27 2.4.27-1
- linux-2.6 2.6.12-1 (bug #261521)
CVE-2004-0553
RESERVED
@@ -35709,7 +35715,7 @@
CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...)
NOT-FOR-US: Online Store Kit
CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
- NOT-FOR-US: smallftpd;
+ NOT-FOR-US: smallftpd;
CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...)
NOT-FOR-US: CesarFTP; Win32
CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
@@ -35717,17 +35723,17 @@
CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...)
- NOT-FOR-US: yabb;
+ NOT-FOR-US: yabb;
CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...)
- NOT-FOR-US: ShopCartCGI 2.3;
+ NOT-FOR-US: ShopCartCGI 2.3;
CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...)
NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...)
- NOT-FOR-US: YaBB;
+ NOT-FOR-US: YaBB;
CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...)
- NOT-FOR-US: Purge Jihad;
+ NOT-FOR-US: Purge Jihad;
CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...)
- NOT-FOR-US: SignatureDB;
+ NOT-FOR-US: SignatureDB;
CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...)
- mnogosearch 3.2.18
NOTE: it's not quite clear which version exactly fixes the problem;
@@ -35736,57 +35742,57 @@
NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2)
NOTE: and I can confirm the buffer overflow is fixed there
CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...)
- NOT-FOR-US: Xlight FTP server 1.52;
+ NOT-FOR-US: Xlight FTP server 1.52;
CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...)
- NOT-FOR-US: RobotFTP;
+ NOT-FOR-US: RobotFTP;
CVE-2004-0285 (PHP remote file inclusion vulnerabilities in include/footer.inc.php in ...)
- NOT-FOR-US: PHP scripts
+ NOT-FOR-US: PHP scripts
CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...)
NOT-FOR-US: MSIE bugs
CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...)
- NOT-FOR-US: mailmgr;
+ NOT-FOR-US: mailmgr;
CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...)
- NOT-FOR-US: Crob FTP;
+ NOT-FOR-US: Crob FTP;
CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...)
- NOT-FOR-US: Caucho Technology Resin;
+ NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...)
- NOT-FOR-US: Caucho Technology Resin;
+ NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
- NOT-FOR-US: AIMSniff;
+ NOT-FOR-US: AIMSniff;
CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...)
- NOT-FOR-US: Ratbag game engine;
+ NOT-FOR-US: Ratbag game engine;
CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...)
- NOT-FOR-US: Dream FTP;
+ NOT-FOR-US: Dream FTP;
CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...)
- NOT-FOR-US: BosDates;
+ NOT-FOR-US: BosDates;
CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
- NOT-FOR-US: MaxWebPortal;
+ NOT-FOR-US: MaxWebPortal;
CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...)
- NOT-FOR-US: MaxWebPortal;
+ NOT-FOR-US: MaxWebPortal;
CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...)
- NOT-FOR-US: PHP-Nuke;
+ NOT-FOR-US: PHP-Nuke;
CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...)
- NOT-FOR-US: EvolutionX;
+ NOT-FOR-US: EvolutionX;
CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...)
- NOT-FOR-US: eTrust InoculateIT;
+ NOT-FOR-US: eTrust InoculateIT;
CVE-2004-0266 (SQL injection vulnerability in the "public message" capability ...)
- NOT-FOR-US: PHP-Nuke;
+ NOT-FOR-US: PHP-Nuke;
CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...)
- NOT-FOR-US: PHP-Nuke;
+ NOT-FOR-US: PHP-Nuke;
CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...)
NOT-FOR-US: PalmOS
CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...)
- NOT-FOR-US: The Palace;
+ NOT-FOR-US: The Palace;
CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
- NOT-FOR-US: CactuShop;
+ NOT-FOR-US: CactuShop;
CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...)
- NOT-FOR-US: formmail.php;
+ NOT-FOR-US: formmail.php;
CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...)
NOT-FOR-US: RealPlayer
CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...)
- NOT-FOR-US: Xlight;
+ NOT-FOR-US: Xlight;
CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...)
- NOT-FOR-US: Discuz;
+ NOT-FOR-US: Discuz;
CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...)
NOT-FOR-US: IBM Cloudscape
CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...)
@@ -36845,21 +36851,21 @@
CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...)
- libapache-gallery-perl 0.7
CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...)
- NOT-FOR-US: IkonBoard
+ NOT-FOR-US: IkonBoard
CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...)
NOT-FOR-US: ICQ Web Front
CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
NOT-FOR-US: microsoft
CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...)
- NOT-FOR-US: RogerWilco
+ NOT-FOR-US: RogerWilco
CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...)
NOT-FOR-US: ftp desktop (windows)
CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...)
NOT-FOR-US: winamp
CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...)
- NOT-FOR-US: Escapade Scripting Engine (ESP
+ NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...)
- NOT-FOR-US: Escapade Scripting Engine (ESP
+ NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...)
NOT-FOR-US: foxweb
CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...)
@@ -36873,19 +36879,19 @@
CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...)
NOT-FOR-US: check point firewall
CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...)
- NOT-FOR-US: sitebuilder
+ NOT-FOR-US: sitebuilder
CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...)
- NOT-FOR-US: gtkftpd
+ NOT-FOR-US: gtkftpd
CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
- NOT-FOR-US: newsPHP
+ NOT-FOR-US: newsPHP
CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...)
- NOT-FOR-US: newsPHP
+ NOT-FOR-US: newsPHP
CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...)
- NOT-FOR-US: AttilaPHP
+ NOT-FOR-US: AttilaPHP
CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...)
- NOT-FOR-US: PY-Membres
+ NOT-FOR-US: PY-Membres
CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...)
- NOT-FOR-US: PY-Membres
+ NOT-FOR-US: PY-Membres
CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
NOT-FOR-US: SAP
CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...)
@@ -36911,13 +36917,13 @@
CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...)
NOT-FOR-US: VMware
CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
- NOT-FOR-US: phpWebSite
+ NOT-FOR-US: phpWebSite
CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
- NOT-FOR-US: phpWebSite
+ NOT-FOR-US: phpWebSite
CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...)
- NOT-FOR-US: phpWebSite
+ NOT-FOR-US: phpWebSite
CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
- NOT-FOR-US: phpWebSite
+ NOT-FOR-US: phpWebSite
CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...)
- libpam-ldap 164-1
- libnss-ldap 207-1
@@ -37527,7 +37533,7 @@
CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
- linux-2.6 <not-affected> (Generic C version fixed in 2.6.x)
NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
- NOTE: arch specific asm versions:
+ NOTE: arch specific asm versions:
NOTE: x86 is not affected
NOTE: ppc32 fixed in 2.4.22-rc4
NOTE: not an issue on alpha, see bug #280492
@@ -37661,7 +37667,7 @@
CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...)
NOT-FOR-US: Son hServer
CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
- NOT-FOR-US: bandmin;
+ NOT-FOR-US: bandmin;
CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...)
NOT-FOR-US: Remote PC Access
CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
@@ -37677,7 +37683,7 @@
CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...)
NOT-FOR-US: BRS WebWeaver
CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...)
- NOT-FOR-US: Uptimes Project upclient;
+ NOT-FOR-US: Uptimes Project upclient;
CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...)
- gbatnav 1.0.4-4
CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...)
@@ -37968,7 +37974,7 @@
CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...)
- firebird2 1.5.1-1 (bug #251458)
CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...)
- NOT-FOR-US: SMTP Service for ESMTP CMailServer
+ NOT-FOR-US: SMTP Service for ESMTP CMailServer
CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
NOT-FOR-US: PHP-Nuke
CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...)
@@ -38520,7 +38526,7 @@
CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...)
NOT-FOR-US: microsoft
CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...)
- - stunnel4 4.04-1
+ - stunnel4 4.04-1
- stunnel 2:3.24-1
CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...)
{DSA-396}
@@ -39271,7 +39277,7 @@
CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...)
NOT-FOR-US: BlackICE Agent
CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...)
- NOT-FOR-US: YaBB
+ NOT-FOR-US: YaBB
CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...)
NOT-FOR-US: Cisco
CVE-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remote ...)
@@ -39293,25 +39299,25 @@
CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...)
NOT-FOR-US: nCipher MSCAPI
CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...)
- NOT-FOR-US: JRun
+ NOT-FOR-US: JRun
CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...)
- tomcat 3.2.3-1
CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...)
- NOT-FOR-US: Jon Hedley AlienForm2
+ NOT-FOR-US: Jon Hedley AlienForm2
CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...)
NOT-FOR-US: Datalex PLC BooktIt Consumer
CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...)
- NOT-FOR-US: MyHelpDesk
+ NOT-FOR-US: MyHelpDesk
CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...)
- NOT-FOR-US: MyHelpDesk
+ NOT-FOR-US: MyHelpDesk
CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...)
NOT-FOR-US: Netware
CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...)
NOT-FOR-US: Netware
CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...)
- NOT-FOR-US: pirch
+ NOT-FOR-US: pirch
CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...)
- NOT-FOR-US: webMathematica
+ NOT-FOR-US: webMathematica
CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...)
NOT-FOR-US: mmftpd not in Debian anymore
CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...)
@@ -39333,27 +39339,27 @@
CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...)
NOT-FOR-US: Xandros specific tool
CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...)
- NOT-FOR-US: Slurp NNTP
+ NOT-FOR-US: Slurp NNTP
CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...)
NOTE: DSA-129
CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...)
NOTE: netstd
CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...)
- NOT-FOR-US: mnews
+ NOT-FOR-US: mnews
CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...)
NOT-FOR-US: Cisco
CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...)
- NOT-FOR-US: SHOUTcast
+ NOT-FOR-US: SHOUTcast
CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...)
NOT-FOR-US: Informix
CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...)
- NOT-FOR-US: wbboard
+ NOT-FOR-US: wbboard
CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...)
- phpbb2 2.0.6c-1
CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...)
- amanda 2.4.0b6-1
CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...)
- NOT-FOR-US: Falcon
+ NOT-FOR-US: Falcon
CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...)
- swatch 3.0.4-1
CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...)
@@ -39377,9 +39383,9 @@
CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...)
NOT-FOR-US: Cisco
CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...)
- NOT-FOR-US: CFXImage
+ NOT-FOR-US: CFXImage
CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...)
- NOT-FOR-US: LogiSense
+ NOT-FOR-US: LogiSense
CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...)
NOT-FOR-US: Shambala
CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...)
@@ -39411,7 +39417,7 @@
CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
NOT-FOR-US: Cisco
CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...)
- NOT-FOR-US: iSCSI
+ NOT-FOR-US: iSCSI
CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
@@ -39507,9 +39513,9 @@
CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...)
NOT-FOR-US: Cisco
CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...)
- NOT-FOR-US: simpleinit
+ NOT-FOR-US: simpleinit
CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...)
- NOT-FOR-US: Phorum
+ NOT-FOR-US: Phorum
CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...)
NOT-FOR-US: HP
CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...)
@@ -39519,15 +39525,15 @@
- webmin 0.980-1
- usermin 0.910-1
CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...)
- NOT-FOR-US: Talentsoft
+ NOT-FOR-US: Talentsoft
CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...)
- NOT-FOR-US: CGIscript.net
+ NOT-FOR-US: CGIscript.net
CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...)
- NOT-FOR-US: CGIscript.net
+ NOT-FOR-US: CGIscript.net
CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...)
- NOT-FOR-US: CGIscript.net
+ NOT-FOR-US: CGIscript.net
CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...)
- NOT-FOR-US: CGIscript.net
+ NOT-FOR-US: CGIscript.net
CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
NOT-FOR-US: AIX
CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...)
@@ -39543,7 +39549,7 @@
CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...)
- slrn 0.9.6.2-9
CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...)
- NOT-FOR-US: PostCalendat
+ NOT-FOR-US: PostCalendat
CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...)
- squid <not-affected> (Historic vulnerability, fixed before Woody was released)
CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...)
@@ -39571,7 +39577,7 @@
CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...)
- squid 2.4.6-2
CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...)
- NOT-FOR-US: EASM
+ NOT-FOR-US: EASM
CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...)
NOT-FOR-US: HP
CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...)
@@ -39618,7 +39624,7 @@
{DSA-201}
- freeswan 1.99-1
CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...)
- NOT-FOR-US: ZMerge
+ NOT-FOR-US: ZMerge
CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...)
- apache2 2.0.40
CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
@@ -39828,7 +39834,7 @@
CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before ...)
{DSA-436}
- mailman 2.1-1
- NOTE: I have mailed Tollef Fog Heen <tfheen at debian.org> about this.
+ NOTE: I have mailed Tollef Fog Heen <tfheen at debian.org> about this.
NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal ...)
- kdepim 4:3.1.5-1
@@ -39870,7 +39876,7 @@
{DSA-255}
- tcpdump 3.7.1-1.2
CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is ...)
- - zlib 1:1.1.4-10
+ - zlib 1:1.1.4-10
CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, ...)
NOT-FOR-US: peopletools
CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote ...)
@@ -39919,9 +39925,9 @@
{DSA-496}
- eterm 0.9.2-6
CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the window ...)
- NOTE: I have mailed Goran Weinholt <weinholt at debian.org> about this.
- NOTE: Goran Weinholt <weinholt at debian.org> tell me that aterm 0.4.2 was
- NOTE: never vulnerable to the problem described.
+ NOTE: I have mailed Goran Weinholt <weinholt at debian.org> about this.
+ NOTE: Goran Weinholt <weinholt at debian.org> tell me that aterm 0.4.2 was
+ NOTE: never vulnerable to the problem described.
NOTE: this CVE is bogus.
CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to ...)
- rxvt 1:2.6.4-6.1 (bug #244810)
@@ -39973,8 +39979,8 @@
CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...)
NOT-FOR-US: sun
CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu ...)
- NOTE: I have mailed Goran Weinholt <weinholt at debian.org> about this.
- NOTE: Goran Weinholt <weinholt at debian.org> tell me that aterm 0.4.2 was
+ NOTE: I have mailed Goran Weinholt <weinholt at debian.org> about this.
+ NOTE: Goran Weinholt <weinholt at debian.org> tell me that aterm 0.4.2 was
NOTE: never vulnerable to the problem described.
NOTE: this CVE is bogus.
CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify menu ...)
More information about the Secure-testing-commits
mailing list