Author: micah
Date: 2005-09-23 23:22:07 +0000 (Fri, 23 Sep 2005)
New Revision: 2142
Modified:
data/CAN/list
Log:
Changing NOTE: not-for-us (package_name) to NOT-FOR-US: package_name
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-23 22:55:25 UTC (rev 2141)
+++ data/CAN/list 2005-09-23 23:22:07 UTC (rev 2142)
@@ -3,110 +3,110 @@
CAN-2005-XXXX [ITL injection in interchange]
- interchange 5.2.1-1 (bug #329705; unknown)
CAN-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce
allows ...)
- NOTE: not-for-us (Mall23 eCommerce)
+ NOT-FOR-US: Mall23 eCommerce
CAN-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160,
when ...)
- webmin 1.220-1 (high; bug #329741)
- usermin 1.150-1 (high; bug #329742)
NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821
CAN-2005-3041 (Unspecified "drag-and-drop vulnerability" in
Opera Web Browser before ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-3040 (Directory traversal vulnerability in the web interface
(ISALogin.dll) ...)
- NOTE: not-for-us (TAC Vista)
+ NOT-FOR-US: TAC Vista
CAN-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce
allows ...)
- NOTE: not-for-us (Mall23 eCommerce)
+ NOT-FOR-US: Mall23 eCommerce
CAN-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before
Hotfix 2.4 ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book
Server ...)
- NOTE: not-for-us (Handy Address Book Server)
+ NOT-FOR-US: Handy Address Book Server
CAN-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password
information in ...)
- NOTE: not-for-us (File Transfer Anywhere)
+ NOT-FOR-US: File Transfer Anywhere
CAN-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7
and 3.0 ...)
- NOTE: not-for-us (Compuware DriverStudio)
+ NOT-FOR-US: Compuware DriverStudio
CAN-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7
and 3.0 ...)
- NOTE: not-for-us (Compuware DriverStudio)
+ NOT-FOR-US: Compuware DriverStudio
CAN-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote
attackers to ...)
- NOTE: not-for-us (vxWeb - WinCE software)
+ NOT-FOR-US: vxWeb - WinCE software
CAN-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to
cause a ...)
- NOTE: not-for-us (vxTfpSrv - WinCE software)
+ NOT-FOR-US: vxTfpSrv - WinCE software
CAN-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to
execute ...)
- NOTE: not-for-us (vxTfpSrv - WinCE software)
+ NOT-FOR-US: vxTfpSrv - WinCE software
CAN-2005-3030 (Directory traversal vulnerability in the archive decompression
library ...)
- NOTE: not-for-us (Ahnlab Anti virus)
+ NOT-FOR-US: Ahnlab Anti virus
CAN-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build
6.0.0.383, V3 ...)
- NOTE: not-for-us (Ahnlab Anti virus)
+ NOT-FOR-US: Ahnlab Anti virus
CAN-2005-3028
NOTE: rejected
CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages,
which ...)
- NOTE: not-for-us (Sybari Antigen anti spam solution)
+ NOT-FOR-US: Sybari Antigen anti spam solution
CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft
Epay Pro ...)
- NOTE: not-for-us (Epay Pro)
+ NOT-FOR-US: Epay Pro
CAN-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin
3.0.7 ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and
earlier ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin
3.0.9 ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and
earlier ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers
with ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin
...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9
allow ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-3018 (Apple Safari allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web
1.0.1 ...)
- NOTE: not-for-us (Content2Web)
+ NOT-FOR-US: Content2Web
CAN-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in
PHP-Nuke ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino
6.5.2 ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance
allows ...)
- NOTE: not-for-us (Ensim webppliance)
+ NOT-FOR-US: Ensim webppliance
CAN-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to
...)
- NOTE: not-for-us (YaST)
+ NOT-FOR-US: YaST
CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for
...)
- NOTE: not-for-us (SimpleCDR-X)
+ NOT-FOR-US: SimpleCDR-X
CAN-2005-3011 (texindex in texinfo 4.7 and earlier allows local users to
overwrite ...)
- texinfo <unfixed> (bug #328265; low)
CAN-2005-3010 (Direct static code injection vulnerability in the flood
protection ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows
remote ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python
code via ...)
- NOTE: not-for-us (Tofu)
+ NOT-FOR-US: Tofu
TODO: Please double-check, there''s a twisted, soya and other stuff,
it''s all a wild mix
CAN-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content
type of ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-3006 (The mail client in Opera before 8.50 opens attached files from
the ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...)
- NOTE: not-for-us (Helpdesk Software Hesk)
+ NOT-FOR-US: Helpdesk Software Hesk
CAN-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows
remote ...)
- NOTE: not-for-us (Interakt MX Shop)
+ NOT-FOR-US: Interakt MX Shop
CAN-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0
release ...)
- NOTE: not-for-us (NooTopList)
+ NOT-FOR-US: NooTopList
CAN-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers
to ...)
- NOTE: not-for-us (Multi-Computer Control System)
+ NOT-FOR-US: Multi-Computer Control System
CAN-2005-3001 (Unspecified vulnerability in the "tl" driver
in Solaris 10 allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in
viewers/txt.php ...)
- NOTE: not-for-us (PHP Advanced Transfer Manager)
+ NOT-FOR-US: PHP Advanced Transfer Manager
CAN-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to
obtain ...)
- NOTE: not-for-us (PHP Advanced Transfer Manager)
+ NOT-FOR-US: PHP Advanced Transfer Manager
CAN-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for
the ...)
- NOTE: not-for-us (PHP Advanced Transfer Manager)
+ NOT-FOR-US: PHP Advanced Transfer Manager
CAN-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced
Transfer ...)
- NOTE: not-for-us (PHP Advanced Transfer Manager)
+ NOT-FOR-US: PHP Advanced Transfer Manager
CAN-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain
DCOM ...)
- NOTE: not-for-us (VERITAS storage solutions)
+ NOT-FOR-US: VERITAS storage solutions
CAN-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read
...)
- bacula (bug #329271; low)
CAN-2005-2994 (Unspecified vulnerability in the web client for IBM Rational
...)
- NOTE: not-for-us (IBM Rational ClearQuest)
+ NOT-FOR-US: IBM Rational ClearQuest
CAN-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64
UNIX ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite
arbitrary ...)
- ncompress <unfixed> (bug #329052; unimportant)
CAN-2005-2992 [Another arc tempfile issue]
@@ -119,29 +119,29 @@
CAN-2005-XXXX [freeradius buffer overflows and SQL injection]
- freeradius 1.0.5-1 (medium)
CAN-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1
stores ...)
- NOTE: not-for-us (LineControl Java Client)
+ NOT-FOR-US: LineControl Java Client
CAN-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5
allow ...)
- NOTE: not-for-us (DeluxeBB)
+ NOT-FOR-US: DeluxeBB
CAN-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect
...)
- NOTE: not-for-us (HP printers)
+ NOT-FOR-US: HP printers
CAN-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4
allows ...)
- NOTE: not-for-us (Digital Scribe)
+ NOT-FOR-US: Digital Scribe
CAN-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3
...)
- NOTE: not-for-us (AhnLab antivirus and related products)
+ NOT-FOR-US: AhnLab antivirus and related products
CAN-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks
...)
- NOTE: not-for-us (aeDating script)
+ NOT-FOR-US: aeDating script
CAN-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows
remote ...)
- NOTE: not-for-us (Avocent hardware issue)
+ NOT-FOR-US: Avocent hardware issue
CAN-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1
...)
- NOTE: not-for-us (CompaqHTTPServer)
+ NOT-FOR-US: CompaqHTTPServer
CAN-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and
1.4.5 ...)
- NOTE: not-for-us (Orion)
+ NOT-FOR-US: Orion
CAN-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...)
- NOTE: not-for-us (phpoutsourcing Noah''s classifieds)
+ NOT-FOR-US: phpoutsourcing Noah''s classifieds
CAN-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing
Noah''s ...)
- NOTE: not-for-us (phpoutsourcing Noah''s classifieds)
+ NOT-FOR-US: phpoutsourcing Noah''s classifieds
CAN-2005-2978
NOTE: reserved
CAN-2005-2977
@@ -187,33 +187,33 @@
CAN-2005-2958
NOTE: reserved
CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows
1.00.00.68 ...)
- NOTE: not-for-us (AVIRA Desktop)
+ NOT-FOR-US: AVIRA Desktop
CAN-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive
data ...)
- NOTE: not-for-us (ATutor)
+ NOT-FOR-US: ATutor
CAN-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions,
uses an ...)
- NOTE: not-for-us (ATutor)
+ NOT-FOR-US: ATutor
CAN-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor
before ...)
- NOTE: not-for-us (ATutor)
+ NOT-FOR-US: ATutor
CAN-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA
...)
- NOTE: not-for-us (MIVA Merchant)
+ NOT-FOR-US: MIVA Merchant
CAN-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro
...)
- NOTE: not-for-us (Subscribe Me Pro)
+ NOT-FOR-US: Subscribe Me Pro
CAN-2005-2951 (Directory traversal vulnerability in security.inc.php in ...)
- NOTE: not-for-us (AzDGDating lite)
+ NOT-FOR-US: AzDGDating lite
CAN-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0
through ...)
- NOTE: not-for-us (Sawmill)
+ NOT-FOR-US: Sawmill
CAN-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes
...)
TODO: check
CAN-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill
list ...)
- NOTE: not-for-us (KillProcess)
+ NOT-FOR-US: KillProcess
CAN-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows
user-complicit ...)
- NOTE: not-for-us (KillProcess)
+ NOT-FOR-US: KillProcess
CAN-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for
...)
- openssl (bug #314465; unimportant)
NOTE: MD5 is still good enough for most applications, second preimage attacks
NOTE: haven''t been presented yet
CAN-2005-2944 (The perform_file_save function in GNOME Workstation Command
Center ...)
- NOTE: not-for-us (GNOME Workstation Command Center)
+ NOT-FOR-US: GNOME Workstation Command Center
CAN-2005-2943
NOTE: reserved
CAN-2005-2942
@@ -231,7 +231,7 @@
CAN-2005-2936
NOTE: reserved
CAN-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the
C ...)
- NOTE: not-for-us (Microsoft AntiSpyware)
+ NOT-FOR-US: Microsoft AntiSpyware
CAN-2005-2934
NOTE: reserved
CAN-2005-2933
@@ -261,15 +261,15 @@
CAN-2005-2921
NOTE: reserved
CAN-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other
versions ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6,
non-default ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6,
non-default ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2005-2913
NOTE: rejected
CAN-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2005-2911
NOTE: reserved
CAN-2005-2910
@@ -285,57 +285,57 @@
CAN-2005-2905
NOTE: reserved
CAN-2005-2904 (Zebedee 2.4.1, when "allowed redirection port"
is not set, allows ...)
- NOTE: not-for-us (Zebedee)
+ NOT-FOR-US: Zebedee
CAN-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033
build ...)
- NOTE: not-for-us (NOD32 Anti virus)
+ NOT-FOR-US: NOD32 Anti virus
CAN-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4
allows ...)
- NOTE: not-for-us (class-1 Forum)
+ NOT-FOR-US: class-1 Forum
CAN-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in
CjWeb2Mail 3.0 ...)
- NOTE: not-for-us (CjWeb2Mail)
+ NOT-FOR-US: CjWeb2Mail
CAN-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut
1.0 ...)
- NOTE: not-for-us (CjLinkOut)
+ NOT-FOR-US: CjLinkOut
CAN-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in
details.php in ...)
- NOTE: not-for-us (CjTagBoard)
+ NOT-FOR-US: CjTagBoard
CAN-2005-2898 (** DISPUTED ** ...)
- NOTE: not-for-us (Filezilla)
+ NOT-FOR-US: Filezilla
CAN-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (WEB//NEWS)
+ NOT-FOR-US: WEB//NEWS
CAN-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote
attackers ...)
- NOTE: not-for-us (WEB//NEWS)
+ NOT-FOR-US: WEB//NEWS
CAN-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions,
allows ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-2894 (Cross-site scripting (XSS) vulnerability in the user
registration in ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-2893 (Direct static code injection vulnerability in setcookie.php in
PBLang ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang
4.65, and ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is
...)
- NOTE: not-for-us (WebArchiveX)
+ NOT-FOR-US: WebArchiveX
CAN-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access
to ...)
- NOTE: not-for-us (SecureOL)
+ NOT-FOR-US: SecureOL
CAN-2005-2889 (Check Point NGX R60 does not properly verify packets against the
...)
- NOTE: not-for-us (Check Point)
+ NOT-FOR-US: Check Point
CAN-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB)
...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows
remote ...)
- NOTE: not-for-us (MAXDev MD-Pro)
+ NOT-FOR-US: MAXDev MD-Pro
CAN-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev
MD-Pro ...)
- NOTE: not-for-us (MAXDev MD-Pro)
+ NOT-FOR-US: MAXDev MD-Pro
CAN-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier
...)
- NOTE: not-for-us (MAXDev MD-Pro)
+ NOT-FOR-US: MAXDev MD-Pro
CAN-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land
Down ...)
- NOTE: not-for-us (Land Down Under)
+ NOT-FOR-US: Land Down Under
CAN-2005-2883 (Cross-site scripting (XSS) vulnerability in Unclassified
NewsBoard ...)
- NOTE: not-for-us (Unclassified News Board)
+ NOT-FOR-US: Unclassified News Board
CAN-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOTE: not-for-us (phpCommunityCalendar)
+ NOT-FOR-US: phpCommunityCalendar
CAN-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass
...)
- NOTE: not-for-us (phpCommunityCalendar)
+ NOT-FOR-US: phpCommunityCalendar
CAN-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar
4.0.3, ...)
- NOTE: not-for-us (phpCommunityCalendar)
+ NOT-FOR-US: phpCommunityCalendar
CAN-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak
...)
- NOTE: not-for-us (Advansysperu Software USB Lock Auto-Protect)
+ NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect
CAN-2005-2945 (arc 5.21j and earlier create temporary files with world-readable
...)
- arc 5.21m-1 (bug #329053; low)
CAN-2005-2917 [DoS vulnerability in squid''s NMTL auth code]
@@ -389,75 +389,75 @@
CAN-2005-2878 (Format string vulnerability in search.c in the imap4d server in
GNU ...)
- mailutils 1:0.6.90-3 (bug #327424; high)
CAN-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium)
CAN-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in
the ...)
- NOTE: not-for-us (ZipTorrent)
+ NOT-FOR-US: ZipTorrent
CAN-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote
attackers to ...)
- NOTE: not-for-us (BlueWhaleCRM)
+ NOT-FOR-US: BlueWhaleCRM
CAN-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in
plaintext in ...)
- NOTE: not-for-us (Mercora IMRadio)
+ NOT-FOR-US: Mercora IMRadio
CAN-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember
Pro ...)
- NOTE: not-for-us (aMember Pro)
+ NOT-FOR-US: aMember Pro
CAN-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files
via a ...)
- NOTE: not-for-us (URBAN)
+ NOT-FOR-US: URBAN
CAN-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl
in ...)
- NOTE: not-for-us (OpenWebmail)
+ NOT-FOR-US: OpenWebmail
CAN-2005-2862 (ADSL Road Runner modem in the Annex A family has a service
running on ...)
- NOTE: not-for-us (ADSL hardware)
+ NOT-FOR-US: ADSL hardware
CAN-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial
...)
- NOTE: not-for-us (N-Stealth)
+ NOT-FOR-US: N-Stealth
CAN-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and
earlier ...)
- nikto <unfixed> (bug #327339; medium)
CAN-2005-2859 (Savant Web Server stores user credentials in plaintext in the
...)
- NOTE: not-for-us (Savant Web Server)
+ NOT-FOR-US: Savant Web Server
CAN-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff
Bol ...)
- NOTE: not-for-us (Rediff BOL))
+ NOT-FOR-US: Rediff BOL)
CAN-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server
as an ...)
- NOTE: not-for-us (Free SMTP Server)
+ NOT-FOR-US: Free SMTP Server
CAN-2005-2856 (Stack-based buffer overflow in UNACEV2.DLL for ALZip 5.51
through 6.11 ...)
- NOTE: not-for-us (ALZip)
+ NOT-FOR-US: ALZip
CAN-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified
NewsBoard ...)
- NOTE: not-for-us (Unclassified Newsboard)
+ NOT-FOR-US: Unclassified Newsboard
CAN-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl
...)
- NOTE: not-for-us ()
+ NOT-FOR-US:
CAN-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY
4.5.3a ...)
- NOTE: not-for-us (GuppY)
+ NOT-FOR-US: GuppY
CAN-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and
SP3, ...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to
read ...)
- smb4k 0.6.3-1 (medium)
CAN-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (SlimFTPD)
+ NOT-FOR-US: SlimFTPD
CAN-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall
running ...)
- NOTE: not-for-us (Barracuda antispam solution)
+ NOT-FOR-US: Barracuda antispam solution
CAN-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam
Firewall ...)
- NOTE: not-for-us (Barracuda antispam solution)
+ NOT-FOR-US: Barracuda antispam solution
CAN-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and
3.1.17 ...)
- NOTE: not-for-us (Barracuda antispam solution)
+ NOT-FOR-US: Barracuda antispam solution
CAN-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made
Simple ...)
- NOTE: not-for-us (CMS Made Simple)
+ NOT-FOR-US: CMS Made Simple
CAN-2005-2845 (Ariba Spend Management System sends the username and password to
the ...)
- NOTE: not-for-us (Ariba Spend Management System)
+ NOT-FOR-US: Ariba Spend Management System
CAN-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0
allows ...)
- NOTE: not-for-us (Indiatimes Messenger)
+ NOT-FOR-US: Indiatimes Messenger
CAN-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames
and ...)
- NOTE: not-for-us (Hesk)
+ NOT-FOR-US: Hesk
CAN-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control
before ...)
- NOTE: not-for-us (DameWare Mini)
+ NOT-FOR-US: DameWare Mini
CAN-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or
Telnet ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and
earlier ...)
- NOTE: not-for-us (MAXdev)
+ NOT-FOR-US: MAXdev
CAN-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev
MD-Pro ...)
- NOTE: not-for-us (MAXdev)
+ NOT-FOR-US: MAXdev
CAN-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta
and ...)
- NOTE: not-for-us (myBloggie)
+ NOT-FOR-US: myBloggie
CAN-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software
WebGUI ...)
- NOTE: not-for-us (WebGUI)
+ NOT-FOR-US: WebGUI
CAN-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum
5.0.17a ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2005-2835
NOTE: reserved
CAN-2005-2834
@@ -491,36 +491,36 @@
CAN-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4
allows ...)
- courier 0.47-9 (bug #327181; medium)
CAN-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to
...)
- NOTE: not-for-us (DownFile)
+ NOT-FOR-US: DownFile
CAN-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows
remote ...)
- NOTE: not-for-us (DownFile)
+ NOT-FOR-US: DownFile
CAN-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use
of URLs ...)
- NOTE: not-for-us (Simple Machines Forum)
+ NOT-FOR-US: Simple Machines Forum
CAN-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows
remote ...)
- NOTE: not-for-us (Greymatter)
+ NOT-FOR-US: Greymatter
CAN-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain
...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6
allows ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly
...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2812 (man2web allows remote attackers to execute arbitrary commands
via -P ...)
- NOTE: not-for-us (man2web)
+ NOT-FOR-US: man2web
CAN-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and
earlier, ...)
NOTE: This looks like a Portage-specific configuration flaw to mee, but please
double-check
NOTE: double-checked
CAN-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3
allow ...)
- NOTE: not-for-us (urban game)
+ NOT-FOR-US: urban game
CAN-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing
(SILC) 1.0 ...)
- NOTE: not-for-us (silc daemon)
+ NOT-FOR-US: silc daemon
CAN-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny
ACLs, ...)
- frox 0.7.18-1 (medium)
CAN-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop
...)
- frox <not-affected> (does not run setuid root in the Debian package)
CAN-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier
allows ...)
- NOTE: not-for-us (BNBT EasyTracker)
+ NOT-FOR-US: BNBT EasyTracker
CAN-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to
...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2005-2804
NOTE: reserved
CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2
allows ...)
@@ -528,7 +528,7 @@
CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs
...)
- linux-2.6 2.6.12-6 (low)
CAN-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6,
and ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is
enabled, ...)
- openssh 1:4.2p1-1 (bug #326065; medium)
- openssh-krb5 <unfixed> (bug #327233; medium)
@@ -547,65 +547,65 @@
CAN-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin
0.9.6 ...)
- phpldapadmin 0.9.6c-7 (bug #325785; medium)
CAN-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and
earlier, and BFVCC ...)
- NOTE: not-for-us (BFCC)
+ NOT-FOR-US: BFCC
CAN-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and
earlier, and BFVCC ...)
- NOTE: not-for-us (BFCC)
+ NOT-FOR-US: BFCC
CAN-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and
earlier, and BFVCC ...)
- NOTE: not-for-us (BFCC)
+ NOT-FOR-US: BFCC
CAN-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU)
801 ...)
- NOTE: not-for-us (Land Down Under)
+ NOT-FOR-US: Land Down Under
CAN-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote
attackers to ...)
- NOTE: not-for-us (Simple PHP Blog)
+ NOT-FOR-US: Simple PHP Blog
CAN-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in
cosmoshop ...)
- NOTE: not-for-us (cosmoshop)
+ NOT-FOR-US: cosmoshop
CAN-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in
the ...)
- NOTE: not-for-us (cosmoshop)
+ NOT-FOR-US: cosmoshop
CAN-2005-2784 (SQL injection vulnerability in the login function for the ...)
- NOTE: not-for-us (cosmoshop)
+ NOT-FOR-US: cosmoshop
CAN-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107
and ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for
...)
- NOTE: not-for-us (AutoLinks Pro)
+ NOT-FOR-US: AutoLinks Pro
CAN-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not
properly ...)
TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are
affected
CAN-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under
(LDU) ...)
- NOTE: not-for-us (Land Down Under)
+ NOT-FOR-US: Land Down Under
CAN-2005-2779 (The iTAN Online-Banking Security System allows remote attackers
to ...)
- NOTE: not-for-us (iTAN)
+ NOT-FOR-US: iTAN
CAN-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard
(MyBB) ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-2777 (Looking Glass 20040427 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (Looking Glass)
+ NOT-FOR-US: Looking Glass
CAN-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking
Glass ...)
- NOTE: not-for-us (Looking Glass)
+ NOT-FOR-US: Looking Glass
CAN-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to
modify ...)
- NOTE: not-for-us (Looking Glass)
+ NOT-FOR-US: Looking Glass
CAN-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2
allows ...)
- NOTE: not-for-us (Litium Quake mod)
+ NOT-FOR-US: Litium Quake mod
CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote
...)
- NOTE: not-for-us (HP OpenView)
+ NOT-FOR-US: HP OpenView
CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota
...)
- gopher 3.0.11 (bug #327722; high)
CAN-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known
as ...)
- NOTE: not-for-us (Reflection for Secure IT)
+ NOT-FOR-US: Reflection for Secure IT
CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known
as ...)
- NOTE: not-for-us (Reflection for Secure IT)
+ NOT-FOR-US: Reflection for Secure IT
CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and
...)
- sqwebmail 0.47-9 (bug #327727; medium)
CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as
used by ...)
- NOTE: not-for-us (Sophos AntiVirus)
+ NOT-FOR-US: Sophos AntiVirus
CAN-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute
...)
- NOTE: not-for-us (LeapFTP)
+ NOT-FOR-US: LeapFTP
CAN-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel
2.6]
- linux-2.6 2.6.12-6 (low)
CAN-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and
possibly ...)
- NOTE: not-for-us (Symantec AntiVirus)
+ NOT-FOR-US: Symantec AntiVirus
CAN-2005-2765 (The user interface in the Windows Firewall does not properly
display ...)
- NOTE: not-for-us (Microsoft Windows)
+ NOT-FOR-US: Microsoft Windows
CAN-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow
attackers to ...)
- NOTE: not-for-us (OpenTTD)
+ NOT-FOR-US: OpenTTD
CAN-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1
allow ...)
- NOTE: not-for-us (OpenTTD)
+ NOT-FOR-US: OpenTTD
CAN-2005-2762
NOTE: reserved
CAN-2005-2760
@@ -655,47 +655,47 @@
CAN-2005-2738
NOTE: reserved
CAN-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro
5.1 ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and
earlier ...)
- NOTE: not-for-us (YaPig)
+ NOT-FOR-US: YaPig
CAN-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and
...)
- NOTE: not-for-us (phpGraphy)
+ NOT-FOR-US: phpGraphy
CAN-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2
and ...)
- gallery 1.5-2 (bug #325285; medium)
TODO: check gallery2
CAN-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not
properly ...)
- NOTE: not-for-us (Simple PHP Blog)
+ NOT-FOR-US: Simple PHP Blog
CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote
attackers to ...)
NOTE: path disclosure, so not very important on debian systems
- awstats <unfixed> (bug #327729; low)
CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0,
when ...)
- NOTE: not-for-us (Astato specific)
+ NOT-FOR-US: Astato specific
CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote
attackers to ...)
- NOTE: not-for-us (Astato specific)
+ NOT-FOR-US: Astato specific
CAN-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly
filter ...)
- NOTE: not-for-us (Astato specific)
+ NOT-FOR-US: Astato specific
CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote
...)
{DSA-805-1}
NOTE: The CVE description is wrong, this has been merged for 2.0.55
- apache2 2.0.54-5 (bug #326435; medium)
CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and
server ...)
- NOTE: not-for-us (Home Ftp Server)
+ NOT-FOR-US: Home Ftp Server
CAN-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7
allows ...)
- NOTE: not-for-us (Home Ftp Server)
+ NOT-FOR-US: Home Ftp Server
CAN-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly
earlier ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when
...)
- NOTE: not-for-us (PaFileDB)
+ NOT-FOR-US: PaFileDB
CAN-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive
...)
- NOTE: not-for-us (Foojan PHP Weblog)
+ NOT-FOR-US: Foojan PHP Weblog
CAN-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1)
index.php ...)
- NOTE: not-for-us (Foojan PHP Weblog)
+ NOT-FOR-US: Foojan PHP Weblog
CAN-2005-2720 (Stack-based buffer overflow in the ACE archive decompression
library ...)
- NOTE: not-for-us (HAURI Antivirus)
+ NOT-FOR-US: HAURI Antivirus
CAN-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (Ventrilo)
+ NOT-FOR-US: Ventrilo
CAN-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier
allows ...)
- NOTE: not-for-us (MPlayer)
+ NOT-FOR-US: MPlayer
CAN-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before
1.0.1 ...)
{DSA-799-1}
- webcalendar 0.9.45-7 (bug #326223; medium)
@@ -748,23 +748,23 @@
- libapache-mod-ssl 2.8.24-1 (medium)
- apache2 2.0.54-5 (bug #327210; medium)
CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
- NOTE: not-for-us (PHPKit)
+ NOT-FOR-US: PHPKit
CAN-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp
...)
- NOTE: not-for-us (Nephp Publisher Enterprise)
+ NOT-FOR-US: Nephp Publisher Enterprise
CAN-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard
(MyBB) ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-2696 (IBM Lotus Notes does not properly restrict access to password
hashes ...)
- NOTE: not-for-us (Notes)
+ NOT-FOR-US: Notes
CAN-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier
versions, ...)
- NOTE: not-for-us (WinAce)
+ NOT-FOR-US: WinAce
CAN-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly
...)
- NOTE: not-for-us (SunOS)
+ NOT-FOR-US: SunOS
CAN-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x,
possibly ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if
modload is ...)
- NOTE: not-for-us (SunOS)
+ NOT-FOR-US: SunOS
CAN-2005-XXXX [osh buffer overflow in handlers.c]
NOTE: This is not the same as -13
- osh 1.7-14 (bug #323424; bug #323482; medium)
@@ -800,63 +800,63 @@
- cvs 1:1.12.9-15 (bug #325106; unimportant)
- gcvs 1.0final-8 (bug #324969; low)
CAN-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier
allow ...)
- NOTE: not-for-us (RunCMS)
+ NOT-FOR-US: RunCMS
CAN-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract
...)
- NOTE: not-for-us (RunCMS)
+ NOT-FOR-US: RunCMS
CAN-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke
...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke
...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in
SaveWebPortal ...)
- NOTE: not-for-us (SaveWebPortal)
+ NOT-FOR-US: SaveWebPortal
CAN-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4
allows ...)
- NOTE: not-for-us (SaveWebPortal)
+ NOT-FOR-US: SaveWebPortal
CAN-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows
remote ...)
- NOTE: not-for-us (SaveWebPortal)
+ NOT-FOR-US: SaveWebPortal
CAN-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary
PHP ...)
- NOTE: not-for-us (SaveWebPortal)
+ NOT-FOR-US: SaveWebPortal
CAN-2005-XXXX [Insecure temp files in firehol]
- firehol 1.231-4 (low)
CAN-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers
to ...)
- NOTE: not-for-us (Virtual Edge Netquery)
+ NOT-FOR-US: Virtual Edge Netquery
CAN-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow
remote ...)
- NOTE: not-for-us (PHPKit)
+ NOT-FOR-US: PHPKit
CAN-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit
before ...)
- NOTE: not-for-us (DTLink AreaEdit)
+ NOT-FOR-US: DTLink AreaEdit
CAN-2005-2681 (Unspecified vulnerability in the command line processing (CLI)
logic ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through
SP4, when ...)
- NOTE: not-for-us (BEA WebLogic Portal)
+ NOT-FOR-US: BEA WebLogic Portal
CAN-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other
...)
- NOTE: not-for-us (Sysinternals Process Explorer)
+ NOT-FOR-US: Sysinternals Process Explorer
CAN-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the
...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-2677 (ACNews stores the database in a file under the web document root
with ...)
- NOTE: not-for-us (ACNews)
+ NOT-FOR-US: ACNews
CAN-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in
...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
- NOTE: not-for-us (Land Down Under)
+ NOT-FOR-US: Land Down Under
CAN-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
- NOTE: not-for-us (Land Down Under)
+ NOT-FOR-US: Land Down Under
CAN-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning
Board ...)
- NOTE: not-for-us (Burning Board)
+ NOT-FOR-US: Burning Board
CAN-2005-2671
NOTE: rejected
CAN-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products
...)
- NOTE: not-for-us (HAURI)
+ NOT-FOR-US: HAURI
CAN-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07
...)
- NOTE: not-for-us (Computer Associates)
+ NOT-FOR-US: Computer Associates
CAN-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message
Queuing ...)
- NOTE: not-for-us (Computer Associates)
+ NOT-FOR-US: Computer Associates
CAN-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message
Queuing (CAM ...)
- NOTE: not-for-us (Computer Associates)
+ NOT-FOR-US: Computer Associates
CAN-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other
...)
- openssh 1:4.0p1-1 (low)
CAN-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through
PL7, ...)
- NOTE: not-for-us (elm-me+ is no longer in unstable or testing)
+ NOT-FOR-US: elm-me+ is no longer in unstable or testing
CAN-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords
in ...)
- NOTE: not-for-us (Whisper)
+ NOT-FOR-US: Whisper
CAN-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary
files ...)
- masqmail <unfixed> (low; bug #329307)
CAN-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute
arbitrary ...)
@@ -888,25 +888,25 @@
{DTSA-17-1}
- lm-sensors 1:2.9.1-6etch1 (bug #324193; medium)
CAN-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows
remote ...)
- NOTE: not-for-us (BBCaffe)
+ NOT-FOR-US: BBCaffe
CAN-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full
installation path ...)
- NOTE: not-for-us (Zorum)
+ NOT-FOR-US: Zorum
CAN-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute
...)
- NOTE: not-for-us (Zorum)
+ NOT-FOR-US: Zorum
CAN-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa
...)
- NOTE: not-for-us (Emefa Guestbook)
+ NOT-FOR-US: Emefa Guestbook
CAN-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows
remote ...)
- NOTE: not-for-us (ATutor)
+ NOT-FOR-US: ATutor
CAN-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0
and ...)
- NOTE: not-for-us (W-Agora)
+ NOT-FOR-US: W-Agora
CAN-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer
Web ...)
- NOTE: not-for-us (Xerox MicroServer Web Server in Document Centre)
+ NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CAN-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in
Document ...)
- NOTE: not-for-us (Xerox MicroServer Web Server in Document Centre)
+ NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CAN-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in
Document ...)
- NOTE: not-for-us (Xerox MicroServer Web Server in Document Centre)
+ NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CAN-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket
JaguarControl ...)
- NOTE: not-for-us (JaguarControl)
+ NOT-FOR-US: JaguarControl
CAN-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions
0.1.1.4-alpha and ...)
- tor 0.1.0.14-1 (medium)
CAN-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c
for Mutt ...)
@@ -916,11 +916,11 @@
{DSA-785-1}
- libpam-ldap 178-1sarge1 (bug #324899; unknown)
CAN-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR
queries ...)
- NOTE: not-for-us (Kerio WinRoute Firewall)
+ NOT-FOR-US: Kerio WinRoute Firewall
CAN-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use
Microsoft Word ...)
- NOTE: not-for-us (Outlook)
+ NOT-FOR-US: Outlook
CAN-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab
to ...)
- NOTE: not-for-us (MyProxy)
+ NOT-FOR-US: MyProxy
CAN-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to
bypass ...)
TODO: check
CAN-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain
...)
@@ -928,27 +928,27 @@
CAN-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, which is
included in ...)
NOTE: "the original vendor report is too vague to know whether this issue
is already identified by another CVE name."
CAN-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable
the ...)
- NOTE: not-for-us (DiamondCS)
+ NOT-FOR-US: DiamondCS
CAN-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN
...)
- NOTE: not-for-us (Juniper)
+ NOT-FOR-US: Juniper
CAN-2005-2639 (Buffer overflow in Chris Moneymaker''s World Poker
Championship 1.0 ...)
- NOTE: not-for-us (World Poker Championship)
+ NOT-FOR-US: World Poker Championship
CAN-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPFreeNews ...)
- NOTE: not-for-us (PHPFreeNews not in Debian)
+ NOT-FOR-US: PHPFreeNews
CAN-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and
earlier ...)
- NOTE: not-for-us (PHPFreeNews not in Debian)
+ NOT-FOR-US: PHPFreeNews
CAN-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in
phpAdsNew ...)
- phpadsnew <itp> (bug #226636)
CAN-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and
phpPgAds ...)
- phpadsnew <itp> (bug #226636)
CAN-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to
Screen" feature ...)
- NOTE: not-for-us (WinFTP Server)
+ NOT-FOR-US: WinFTP Server
CAN-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php,
(2) ...)
- NOTE: not-for-us (PHPTB Topic Board not in Debian)
+ NOT-FOR-US: PHPTB Topic Board
CAN-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in
...)
- mediabox404 <itp> (bug #294397)
CAN-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and
3.5.0 to ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2630
NOTE: reserved
CAN-2005-2629
@@ -962,34 +962,34 @@
{DSA-788-1 DTSA-1-1}
- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause
a ...)
- NOTE: not-for-us (MS IE)
+ NOT-FOR-US: MS IE
CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar
2.0.114.1 ...)
- NOTE: not-for-us (Google Toolbar)
+ NOT-FOR-US: Google Toolbar
CAN-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote
attackers ...)
- NOTE: not-for-us (PHPNews not in Debian)
+ NOT-FOR-US: PHPNews
CAN-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite
arbitrary ...)
- NOTE: not-for-us (wmFrog not in Debian)
+ NOT-FOR-US: wmFrog
NOTE: sent info to RFP #294352
CAN-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to
cause a ...)
- NOTE: not-for-us (Outpost Pro)
+ NOT-FOR-US: Outpost Pro
CAN-2004-2471 (SQL injection vulnerability in the sloth TCL script in
QuoteEngine ...)
- NOTE: not-for-us (QuoteEngine not in Debian)
+ NOT-FOR-US: QuoteEngine
CAN-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown
impact ...)
- NOTE: not-for-us (MadBMS not in Debian)
+ NOT-FOR-US: MadBMS
CAN-2004-2469 (Unspecified vulnerability in Reservation.class.php for
phpScheduleIt ...)
- NOTE: not-for-us (phpScheduleIt not in Debian)
+ NOT-FOR-US: phpScheduleIt
CAN-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and
...)
- NOTE: not-for-us (SillySearch not in Debian)
+ NOT-FOR-US: SillySearch
CAN-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add
a ...)
- NOTE: not-for-us (Easy Chat Server)
+ NOT-FOR-US: Easy Chat Server
CAN-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to
cause a ...)
- NOTE: not-for-us (Easy Chat Server)
+ NOT-FOR-US: Easy Chat Server
CAN-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy
Chat ...)
- NOTE: not-for-us (Easy Chat Server)
+ NOT-FOR-US: Easy Chat Server
CAN-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr)
0.4 ...)
- NOTE: not-for-us (ADA Image Server)
+ NOT-FOR-US: ADA Image Server
CAN-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote
...)
- NOTE: not-for-us (ADA Image Server)
+ NOT-FOR-US: ADA Image Server
CAN-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary
files ...)
- cplay 1.49-3 (medium)
CAN-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows
attackers to ...)
@@ -999,117 +999,117 @@
CAN-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local
users ...)
- gnubiff 2.0.0 (medium)
CAN-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled
or ...)
- NOTE: not-for-us (Open WebMail)
+ NOT-FOR-US: Open WebMail
CAN-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router
allows ...)
- NOTE: not-for-us (3Com OfficeConnect ADSL 11g Router)
+ NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router
CAN-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and
earlier ...)
- NOTE: not-for-us (miniBB)
+ NOT-FOR-US: miniBB
CAN-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060)
allows ...)
- NOTE: not-for-us (Sweex Wireless Broadband Router/Accesspoint 802.11g)
+ NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g
CAN-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain
sensitive ...)
- NOTE: not-for-us (aMSN 0.90 for Microsoft Windows)
+ NOT-FOR-US: aMSN 0.90 for Microsoft Windows
CAN-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and
...)
- NOTE: not-for-us (Tutti Nova)
+ NOT-FOR-US: Tutti Nova
CAN-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework
01-00, ...)
- NOTE: not-for-us (Hitachi Cosminexus Portal Framework)
+ NOT-FOR-US: Hitachi Cosminexus Portal Framework
CAN-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station
0.30a or ...)
- NOTE: not-for-us (Roger Wilco)
+ NOT-FOR-US: Roger Wilco
CAN-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or
Roger ...)
- NOTE: not-for-us (Roger Wilco)
+ NOT-FOR-US: Roger Wilco
CAN-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station
0.30a and ...)
- NOTE: not-for-us (Roger Wilco)
+ NOT-FOR-US: Roger Wilco
CAN-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under
the web ...)
- NOTE: not-for-us (S-Mart Shopping Cart or RediCart)
+ NOT-FOR-US: S-Mart Shopping Cart or RediCart
CAN-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail
Server 4.01 ...)
- NOTE: not-for-us (*1st Class Mail Server)
+ NOT-FOR-US: *1st Class Mail Server
CAN-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01
allows ...)
- NOTE: not-for-us (*1st Class Mail Server)
+ NOT-FOR-US: *1st Class Mail Server
CAN-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA
allows ...)
- NOTE: not-for-us (Jaws)
+ NOT-FOR-US: Jaws
CAN-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws
0.3 ...)
- NOTE: not-for-us (Jaws)
+ NOT-FOR-US: Jaws
CAN-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and
via an ...)
- NOTE: not-for-us (Jaws)
+ NOT-FOR-US: Jaws
CAN-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus
products, ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has
unknown ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and
...)
- NOTE: not-for-us (proxytunnel)
+ NOT-FOR-US: proxytunnel
CAN-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300
printers ...)
- NOTE: not-for-us (HP printers)
+ NOT-FOR-US: HP printers
CAN-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01
allows ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote
attackers ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier
stores ...)
- NOTE: not-for-us (Computer Associates Unicenter Common Services)
+ NOT-FOR-US: Computer Associates Unicenter Common Services
CAN-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human
Resources ...)
- NOTE: not-for-us (PeopleSoft Human Resources Management System (HRMS))
+ NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS)
CAN-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist
function in ...)
- NOTE: not-for-us (CPAINT ajax toolkit)
+ NOT-FOR-US: CPAINT ajax toolkit
CAN-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote
attackers ...)
- NOTE: not-for-us (CPAINT ajax toolkit)
+ NOT-FOR-US: CPAINT ajax toolkit
CAN-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost
of ...)
- NOTE: not-for-us (ECW Shop)
+ NOT-FOR-US: ECW Shop
CAN-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in
ECW-Shop ...)
- NOTE: not-for-us (ECW Shop)
+ NOT-FOR-US: ECW Shop
CAN-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain
...)
- NOTE: not-for-us (ECW Shop)
+ NOT-FOR-US: ECW Shop
CAN-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores
the ...)
- NOTE: not-for-us (Novell GroupWise)
+ NOT-FOR-US: Novell GroupWise
CAN-2005-2619
NOTE: reserved
CAN-2005-2618
NOTE: reserved
CAN-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to
cause a ...)
- NOTE: not-for-us (MS IE)
+ NOT-FOR-US: MS IE
CAN-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX
control ...)
- NOTE: not-for-us (ADM ActiveX control)
+ NOT-FOR-US: ADM ActiveX control
CAN-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (WinAgents TFTP Server not in Debian)
+ NOT-FOR-US: WinAgents TFTP Server
CAN-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer
0.1.2 ...)
- NOTE: not-for-us (ignitionServer not in Debian)
+ NOT-FOR-US: ignitionServer
CAN-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does
not ...)
- NOTE: not-for-us (Trend OfficeScan)
+ NOT-FOR-US: Trend OfficeScan
CAN-2004-2429 (Multiple stack-based and heap-based buffer overflows in
EnderUNIX ...)
- NOTE: not-for-us (EnderUNIX spamGuard)
+ NOT-FOR-US: EnderUNIX spamGuard
CAN-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web
document ...)
- NOTE: not-for-us (WWWguestbook not in Debian)
+ NOT-FOR-US: WWWguestbook
CAN-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and
...)
- NOTE: not-for-us (Axis Network Camera)
+ NOT-FOR-US: Axis Network Camera
CAN-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40
and ...)
- NOTE: not-for-us (Axis Network Camera)
+ NOT-FOR-US: Axis Network Camera
CAN-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and
...)
- NOTE: not-for-us (Axis Network Camera)
+ NOT-FOR-US: Axis Network Camera
CAN-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2
allow ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2004-2423 (Unknown vulnerability in the Web calendaring component of
Ipswitch ...)
- NOTE: not-for-us (Ipswitch IMail Server)
+ NOT-FOR-US: Ipswitch IMail Server
CAN-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow
remote ...)
- NOTE: not-for-us (Ipswitch IMail Server)
+ NOT-FOR-US: Ipswitch IMail Server
CAN-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1)
JP1/File ...)
- NOTE: not-for-us (Hitachi Job Management Partner)
+ NOT-FOR-US: Hitachi Job Management Partner
CAN-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission
Server/FTP ...)
- NOTE: not-for-us (Hitachi Job Management Partner)
+ NOT-FOR-US: Hitachi Job Management Partner
CAN-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain
...)
- NOTE: not-for-us (Keene Digital Media Server)
+ NOT-FOR-US: Keene Digital Media Server
CAN-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users
to ...)
- NOTE: not-for-us (slimftpd not in debian)
+ NOT-FOR-US: slimftpd not in debian
CAN-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and
earlier ...)
- NOTE: not-for-us (smtp.proxy not in Debian)
+ NOT-FOR-US: smtp.proxy
CAN-2004-2416 (Buffer overflow in the logging component of CCProxy allows
remote ...)
- NOTE: not-for-us (ccproxy not in Debian)
+ NOT-FOR-US: ccproxy
CAN-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of
service ...)
- NOTE: not-for-us (Davenport not in Debian)
+ NOT-FOR-US: Davenport
CAN-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using
the ...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through
5.0 ...)
- NOTE: not-for-us (VP-ASP Shopping Cart)
+ NOT-FOR-US: VP-ASP Shopping Cart
CAN-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart
4.0 ...)
- NOTE: not-for-us (VP-ASP Shopping Cart)
+ NOT-FOR-US: VP-ASP Shopping Cart
CAN-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping
Cart ...)
- NOTE: not-for-us (VP-ASP Shopping Cart)
+ NOT-FOR-US: VP-ASP Shopping Cart
CAN-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9
through ...)
- samhain 2.0.2
CAN-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain
1.8.9 ...)
@@ -1121,23 +1121,23 @@
CAN-2004-2406 (Unknown "overflow" in the phpgw_config table
for phpGroupWare before ...)
- phpgroupware 0.9.14.002
CAN-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products,
including ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2004-2404 (blog.cgi in Leif Wright Web Blog 1.1.5 allows remote attackers
to ...)
- NOTE: not-for-us (Leif Wright Web Blog)
+ NOT-FOR-US: Leif Wright Web Blog
CAN-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD
SP ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1
GOLD SP ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web
Messaging ...)
- NOTE: not-for-us (Ipswitch IMail)
+ NOT-FOR-US: Ipswitch IMail
CAN-2004-2400 (WinFTP Server 1.6 stores username and password credentials in
...)
- NOTE: not-for-us (WinFTP Server)
+ NOT-FOR-US: WinFTP Server
CAN-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows
remote ...)
- NOTE: not-for-us (Sidewinder)
+ NOT-FOR-US: Sidewinder
CAN-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that
contain ...)
- NOTE: not-for-us (Netenberg Fantastico De Luxe)
+ NOT-FOR-US: Netenberg Fantastico De Luxe
CAN-2004-2397 (The web-based Management Console in Blue Coat Security Gateway
OS 3.0 ...)
- NOTE: not-for-us (Blue Coat)
+ NOT-FOR-US: Blue Coat
CAN-2004-2396 (passwd 0.68 does not check the return code for the pam_start
function, ...)
NOTE: shadow is a different code base, and does not have this problem
CAN-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial
of ...)
@@ -1145,115 +1145,115 @@
CAN-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the
--stdin ...)
NOTE: shadow is a different code base, and does not have this problem
CAN-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does
not ...)
- NOTE: not-for-us (Sun JSSE)
+ NOT-FOR-US: Sun JSSE
CAN-2004-2392 (libuser 0.51.7, as used in Mandrake Linux 9.1 through 10.0 and
...)
- NOTE: not-for-us (libuser)
+ NOT-FOR-US: libuser
CAN-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x
before ...)
- NOTE: not-for-us (jabber-gg-transport)
+ NOT-FOR-US: jabber-gg-transport
CAN-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport
...)
- NOTE: not-for-us (jabber-gg-transport)
+ NOT-FOR-US: jabber-gg-transport
CAN-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...)
- NOTE: not-for-us (jabber-gg-transport)
+ NOT-FOR-US: jabber-gg-transport
CAN-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in
ECW-Shop 5.5 ...)
- NOTE: not-for-us (ECW-Shop)
+ NOT-FOR-US: ECW-Shop
CAN-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5
through ...)
NOTE: old freebsd
CAN-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in
SDK and ...)
- NOTE: not-for-us (Sun JSSE and JRE)
+ NOT-FOR-US: Sun JSSE and JRE
CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux
kernel ...)
{DTSA-16-1}
NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html
NOTE: amd64 specific DOS
- linux-2.6 2.6.12-6
CAN-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow
remote ...)
- NOTE: not-for-us (ezUpload)
+ NOT-FOR-US: ezUpload
CAN-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has
unknown ...)
- NOTE: not-for-us (EQdkp)
+ NOT-FOR-US: EQdkp
CAN-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that
are ...)
- NOTE: not-for-us (Discuz)
+ NOT-FOR-US: Discuz
CAN-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP
allows ...)
- NOTE: not-for-us (CPAINT Ajax)
+ NOT-FOR-US: CPAINT Ajax
CAN-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and
earlier ...)
- wordpress 1.5.2-1 (bug #323040; high)
CAN-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup
Exec ...)
- NOTE: not-for-us (VERITAS Backup Exec for Windows Servers)
+ NOT-FOR-US: VERITAS Backup Exec for Windows Servers
CAN-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS
...)
- NOTE: not-for-us (VegaDNS)
+ NOT-FOR-US: VegaDNS
CAN-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions,
allows ...)
- NOTE: not-for-us (VegaDNS)
+ NOT-FOR-US: VegaDNS
CAN-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7
and CSS ...)
- NOTE: not-for-us (SafeHTML)
+ NOT-FOR-US: SafeHTML
CAN-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity
...)
- NOTE: not-for-us (PHPSimplicity)
+ NOT-FOR-US: PHPSimplicity
CAN-2005-2606 (Unknown vulnerability in the "frontend
authentication" in PHlyMail ...)
- NOTE: not-for-us (PHlyMail)
+ NOT-FOR-US: PHlyMail
CAN-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and
8.0.5 ...)
- NOTE: not-for-us (Lasso Professional Server)
+ NOT-FOR-US: Lasso Professional Server
CAN-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote
attackers to ...)
- NOTE: not-for-us (My Image Gallery (Mig))
+ NOT-FOR-US: My Image Gallery (Mig)
CAN-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My
Image ...)
- NOTE: not-for-us (My Image Gallery (Mig))
+ NOT-FOR-US: My Image Gallery (Mig)
CAN-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote
attackers to ...)
- mozilla-firefox <unfixed> (bug #324907; low)
TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird
CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers
to ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as
used in other products ...)
{DSA-798-1}
- egroupware-fudforum <unfixed> (bug #323928; medium)
- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption
(trivial ...)
- NOTE: not-for-us (Hummingbird FTP for Connectivity)
+ NOT-FOR-US: Hummingbird FTP for Connectivity
CAN-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly
...)
- NOTE: not-for-us (Dokeos)
+ NOT-FOR-US: Dokeos
CAN-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its
installation ...)
- NOTE: not-for-us (AOL Client)
+ NOT-FOR-US: AOL Client
CAN-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any
Admin ...)
- gallery 1.5-2 (medium)
CAN-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before
2.10 ...)
- NOTE: not-for-us (Dada Mail)
+ NOT-FOR-US: Dada Mail
CAN-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers
to ...)
- NOTE: not-for-us (Apple Safari)
+ NOT-FOR-US: Apple Safari
CAN-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption,
with ...)
- NOTE: not-for-us (MindAlign)
+ NOT-FOR-US: MindAlign
CAN-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later
versions ...)
- NOTE: not-for-us (MindAlign)
+ NOT-FOR-US: MindAlign
CAN-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers
to ...)
- NOTE: not-for-us (MindAlign)
+ NOT-FOR-US: MindAlign
CAN-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign
5.0 and ...)
- NOTE: not-for-us (MindAlign)
+ NOT-FOR-US: MindAlign
CAN-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with
firmware ...)
- NOTE: not-for-us (WRT54GS wireless router)
+ NOT-FOR-US: WRT54GS wireless router
CAN-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1
SP2 ...)
- NOTE: not-for-us (DVBBS)
+ NOT-FOR-US: DVBBS
CAN-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic
Boards ...)
- NOTE: not-for-us (PHPTB Topic Boards)
+ NOT-FOR-US: PHPTB Topic Boards
CAN-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the
web ...)
- NOTE: not-for-us (Mentor ADSL-FR4II router)
+ NOT-FOR-US: Mentor ADSL-FR4II router
CAN-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows
remote ...)
- NOTE: not-for-us (Mentor ADSL-FR4II router)
+ NOT-FOR-US: Mentor ADSL-FR4II router
CAN-2005-2584 (The web administration interface in Mentor ADSL-FR4II router
running ...)
- NOTE: not-for-us (Mentor ADSL-FR4II router)
+ NOT-FOR-US: Mentor ADSL-FR4II router
CAN-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an
undocumented ...)
- NOTE: not-for-us (Mentor ADSL-FR4II router)
+ NOT-FOR-US: Mentor ADSL-FR4II router
CAN-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...)
- NOTE: not-for-us (Kaspersky)
+ NOT-FOR-US: Kaspersky
CAN-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and
...)
- NOTE: not-for-us (Grandstream BudgeTone)
+ NOT-FOR-US: Grandstream BudgeTone
CAN-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB)
1.00 ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a
certificate ...)
- NOTE: not-for-us (Contivity)
+ NOT-FOR-US: Contivity
CAN-2005-2578
NOTE: rejected
CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows
remote ...)
- NOTE: not-for-us (Wyse Winterm)
+ NOT-FOR-US: Wyse Winterm
CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote
attackers ...)
- NOTE: not-for-us (CaLogic)
+ NOT-FOR-US: CaLogic
CAN-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1
allows ...)
- NOTE: not-for-us (XMB Forum)
+ NOT-FOR-US: XMB Forum
CAN-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided
...)
- NOTE: not-for-us (XMB Forum)
+ NOT-FOR-US: XMB Forum
CAN-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0
before ...)
- mysql <not-affected> (Windows specific mysql holes)
- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
@@ -1263,31 +1263,31 @@
- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CAN-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not
properly ...)
- NOTE: not-for-us (FunkBoard)
+ NOT-FOR-US: FunkBoard
CAN-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote
...)
- NOTE: not-for-us (FunkBoard)
+ NOT-FOR-US: FunkBoard
CAN-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard
...)
- NOTE: not-for-us (FunkBoard)
+ NOT-FOR-US: FunkBoard
CAN-2005-2568 (Eval injection vulnerability in the template engine for SysCP
1.2.10 ...)
- NOTE: not-for-us (SysCP)
+ NOT-FOR-US: SysCP
CAN-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and
earlier ...)
- NOTE: not-for-us (SysCP)
+ NOT-FOR-US: SysCP
CAN-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board
(OpenBB) ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (Gravity Board X (GBX))
+ NOT-FOR-US: Gravity Board X (GBX)
CAN-2005-2564 (Direct static code injection vulnerability in editcss.php in
Gravity ...)
- NOTE: not-for-us (Gravity Board X (GBX))
+ NOT-FOR-US: Gravity Board X (GBX)
CAN-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity
Board X ...)
- NOTE: not-for-us (Gravity Board X (GBX))
+ NOT-FOR-US: Gravity Board X (GBX)
CAN-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows
remote ...)
- NOTE: not-for-us (Gravity Board X (GBX))
+ NOT-FOR-US: Gravity Board X (GBX)
CAN-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote
...)
- NOTE: not-for-us (MYFAQ)
+ NOT-FOR-US: MYFAQ
CAN-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB
1.1.0 ...)
- NOTE: not-for-us (CFBB)
+ NOT-FOR-US: CFBB
CAN-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal
allows ...)
- NOTE: not-for-us (e107 portal)
+ NOT-FOR-US: e107 portal
CAN-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL
4.0 ...)
- mysql-dfsg-4.1 4.1.13 (medium)
- mysql-dfsg-5.0 5.0.7beta-1 (medium)
@@ -1304,177 +1304,177 @@
- linux-2.6.12 2.6.12-6 (medium)
- kernel-source-2.4.27 2.4.27-12 (medium)
CAN-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the
pwd ...)
- NOTE: not-for-us (rexecd)
+ NOT-FOR-US: rexecd
CAN-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before
2.3.1 ...)
- NOTE: not-for-us (sercd)
+ NOT-FOR-US: sercd
CAN-2004-2386 (Format string vulnerability in the LogMsg function in sercd
before ...)
- NOTE: not-for-us (sercd)
+ NOT-FOR-US: sercd
CAN-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive
path ...)
- NOTE: not-for-us (EMU Webmail)
+ NOT-FOR-US: EMU Webmail
CAN-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote
attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows
remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows
remote ...)
- jetty 4.2.19-1 (medium)
CAN-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight
...)
- NOTE: not-for-us (Twilight Utilities Web Server)
+ NOT-FOR-US: Twilight Utilities Web Server
CAN-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail
3.64 for ...)
- NOTE: not-for-us (@Mail)
+ NOT-FOR-US: @Mail
CAN-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (@Mail)
+ NOT-FOR-US: @Mail
CAN-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to
cause a ...)
- NOTE: not-for-us (Alcatel OmniSwitch)
+ NOT-FOR-US: Alcatel OmniSwitch
CAN-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web
Server ...)
- NOTE: not-for-us (Twilight Utilities Web Server)
+ NOT-FOR-US: Twilight Utilities Web Server
CAN-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0
allows ...)
- NOTE: not-for-us (1st Class Mail Server)
+ NOT-FOR-US: 1st Class Mail Server
CAN-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of
the ...)
- NOTE: not-for-us (BadBlue)
+ NOT-FOR-US: BadBlue
CAN-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through
5.5 is ...)
- NOTE: not-for-us (AIM)
+ NOT-FOR-US: AIM
CAN-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid,
allows ...)
- bochs 2.1.1-1
CAN-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4
and ...)
- NOTE: not-for-us (Red Storm Games)
+ NOT-FOR-US: Red Storm Games
CAN-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and
...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus
Domino R6 ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X
0.7.2 ...)
- NOTE: not-for-us (Opt-X)
+ NOT-FOR-US: Opt-X
CAN-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2
allows ...)
- NOTE: not-for-us (WFTPD)
+ NOT-FOR-US: WFTPD
CAN-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0
B03.11.2004.2 ...)
- NOTE: not-for-us (GlobalScape Secure FTP Server)
+ NOT-FOR-US: GlobalScape Secure FTP Server
CAN-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003
allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0
through ...)
- NOTE: not-for-us (PHPX CMS)
+ NOT-FOR-US: PHPX CMS
CAN-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI
function in ...)
- NOTE: not-for-us (PHPX CMS)
+ NOT-FOR-US: PHPX CMS
CAN-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the
physical ...)
- NOTE: not-for-us (PHPX CMS)
+ NOT-FOR-US: PHPX CMS
CAN-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through
1.0.7 ...)
- NOTE: not-for-us (Digital Reality game engine, as used in Haegemonia 1.0
through 1.0.7 and Desert Rats vs. Afrika Korps 1.0)
+ NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through
1.0.7 and Desert Rats vs. Afrika Korps 1.0
CAN-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Targem Battle Mages)
+ NOT-FOR-US: Targem Battle Mages
CAN-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
3.10.39.0 does ...)
- NOTE: not-for-us (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet)
+ NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
CAN-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for
phpBB ...)
- phpbb2 2.0.6c (low)
CAN-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server
does ...)
- NOTE: not-for-us (roofpoint Protection Server)
+ NOT-FOR-US: roofpoint Protection Server
CAN-2004-2356 (Fizmez Web Server 1.0 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Fizmez)
+ NOT-FOR-US: Fizmez
CAN-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live
Help ...)
- NOTE: not-for-us (Crafty Syntax Live Help)
+ NOT-FOR-US: Crafty Syntax Live Help
CAN-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5
...)
- NOTE: not-for-us (4nGuestbook)
+ NOT-FOR-US: 4nGuestbook
CAN-2004-2353 (BugPort before 1.099 stores its configuration file
(conf/config.conf) ...)
- NOTE: not-for-us (BugPort)
+ NOT-FOR-US: BugPort
CAN-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke
1.0 ...)
- NOTE: not-for-us (GBook)
+ NOT-FOR-US: GBook
CAN-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke
1.0 ...)
- NOTE: not-for-us (GBook)
+ NOT-FOR-US: GBook
CAN-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through
2.0.6 ...)
- phpbb2 2.0.8 (low)
CAN-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2
allow ...)
- NOTE: not-for-us (Tunez)
+ NOT-FOR-US: Tunez
CAN-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote
attackers to ...)
- NOTE: not-for-us (Sybari AntiGen for Domino)
+ NOT-FOR-US: Sybari AntiGen for Domino
CAN-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote
...)
- NOTE: not-for-us (Leif M. Wright Web Blog)
+ NOT-FOR-US: Leif M. Wright Web Blog
CAN-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web
...)
- NOTE: not-for-us (Forum Web Server )
+ NOT-FOR-US: Forum Web Server
CAN-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server
9.0.1.4, ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec
...)
- NOTE: not-for-us (VocalTec)
+ NOT-FOR-US: VocalTec
CAN-2004-2343 (** DISPUTED ** ...)
NOTE: apache disputes this and I agree -- joeyh
CAN-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (ChatterBox)
+ NOT-FOR-US: ChatterBox
CAN-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for
...)
- NOTE: not-for-us (iSearch)
+ NOT-FOR-US: iSearch
CAN-2004-2340 (** UNVERIFIABLE ** ...)
- NOTE: not-for-us (PunkBuster Screenshot Database)
+ NOT-FOR-US: PunkBuster Screenshot Database
CAN-2004-2339 (** DISPUTED ** ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny
rules ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is
installed ...)
- NOTE: not-for-us (inlook)
+ NOT-FOR-US: inlook
CAN-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise
WebAccess 6.0 ...)
- NOTE: not-for-us (Novel Groupwise)
+ NOT-FOR-US: Novel Groupwise
CAN-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as
used ...)
- NOTE: not-for-us (Macromedia installers and e-licensing client on Mac OS X)
+ NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X
CAN-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU
Webmail ...)
- NOTE: not-for-us (EMU Webmail)
+ NOT-FOR-US: EMU Webmail
CAN-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload
area, ...)
- NOTE: not-for-us (Bodington)
+ NOT-FOR-US: Bodington
CAN-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN
WWW::Form ...)
- NOTE: not-for-us (WWW::Form)
+ NOT-FOR-US: WWW::Form
CAN-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass
sandbox ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause
a ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to
execute ...)
- NOTE: not-for-us (Kerio Personal Firewal)
+ NOT-FOR-US: Kerio Personal Firewal
CAN-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote
attackers ...)
- NOTE: not-for-us (Clearswift MAILsweeper )
+ NOT-FOR-US: Clearswift MAILsweeper
CAN-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Vizer)
+ NOT-FOR-US: Vizer
CAN-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance
before ...)
- NOTE: not-for-us (IP3 Networks NetAccess)
+ NOT-FOR-US: IP3 Networks NetAccess
CAN-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for
...)
- NOTE: not-for-us (DotNetNuke)
+ NOT-FOR-US: DotNetNuke
CAN-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy
Workshop) ...)
- NOTE: not-for-us (DotNetNuke)
+ NOT-FOR-US: DotNetNuke
CAN-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d
allows ...)
- NOTE: not-for-us (DotNetNuke)
+ NOT-FOR-US: DotNetNuke
CAN-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes
modules ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CAN-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local
users ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1
SP2 ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local
users ...)
- NOTE: not-for-us (IBM Informatik Dynamic Server)
+ NOT-FOR-US: IBM Informatik Dynamic Server
CAN-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP
Server ...)
- NOTE: not-for-us (SurgeFTP Server)
+ NOT-FOR-US: SurgeFTP Server
CAN-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through
1.1.2 ...)
- NOTE: not-for-us (AppWeb HTTP server)
+ NOT-FOR-US: AppWeb HTTP server
CAN-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers
to ...)
- NOTE: not-for-us (AppWeb HTTP server)
+ NOT-FOR-US: AppWeb HTTP server
CAN-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers
to ...)
- NOTE: not-for-us (AppWeb HTTP server)
+ NOT-FOR-US: AppWeb HTTP server
CAN-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field
Patch 3b ...)
- NOTE: not-for-us (Novell iChain Server)
+ NOT-FOR-US: Novell iChain Server
CAN-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error
...)
TODO: check
NOTE: Did not find reference to fix in upstream changelog or any other hint
that it is fixed
NOTE: pinged Maintainer
CAN-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed
setgid, ...)
- NOTE: not-for-us (AIX only)
+ NOT-FOR-US: AIX only
CAN-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus
Domino R6 ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in
Lotus ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1
allows ...)
- NOTE: not-for-us (Crob FTP Server)
+ NOT-FOR-US: Crob FTP Server
CAN-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and
possibly ...)
- NOTE: not-for-us (cPanel; see www.cpanel.net; has nothing to do with Debian
package cpanel)
+ NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package
cpanel
CAN-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote
...)
- NOTE: not-for-us (MS IE)
+ NOT-FOR-US: MS IE
CAN-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is
enabled ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows
remote ...)
- NOTE: not-for-us (Computer Associates)
+ NOT-FOR-US: Computer Associates
CAN-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro
2.01 ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates
files ...)
- mtools 3.9.9
CAN-2003-1228 (Buffer overflow in the prepare_reply function in request.c for
Mathopd ...)
@@ -1482,61 +1482,61 @@
CAN-2003-1227 (PHP remote file include vulnerability in index.php for Gallery
1.4 and ...)
- gallery 1.4.1
CAN-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain
secrets ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express
7.0 ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and
7.0.0.1 ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through
8.1 ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using
a ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under
certain ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and
Server ...)
- NOTE: not-for-us (BEA)
+ NOT-FOR-US: BEA
CAN-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php
for ...)
- gallery 1.3.3
CAN-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
- clamav 0.86.2-1 (low)
CAN-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent
3.5.0 ...)
- NOTE: not-for-us (Network Associated ePolicy Orchestrator Agent)
+ NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CAN-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x
...)
- kernel-source-2.4.27 <unfixed> (bug #323363; medium)
CAN-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running
Integrated ...)
- NOTE: not-for-us (Integrated Light Out in HP servers)
+ NOT-FOR-US: Integrated Light Out in HP servers
CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory
8.7.3 ...)
- NOTE: not-for-us (Novell eDirectory)
+ NOT-FOR-US: Novell eDirectory
CAN-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote
...)
{DSA-782-1 DTSA-9-1}
- bluez-utils 2.19-0.1etch1 (bug #323365; medium)
CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (Arab Portal)
+ NOT-FOR-US: Arab Portal
CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPOpenChat ...)
- NOTE: not-for-us (PHPOpenChat)
+ NOT-FOR-US: PHPOpenChat
CAN-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev
...)
- NOTE: not-for-us (Comdev eCommerce)
+ NOT-FOR-US: Comdev eCommerce
CAN-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev
...)
- NOTE: not-for-us (Comdev eCommerce)
+ NOT-FOR-US: Comdev eCommerce
CAN-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to
inject ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting
setuid or ...)
NOTE: This is intended behaviour, after all tar is an archiving tool and you
NOTE: need to give -p as a command line flag
- tar <unfixed> (bug #328228; unimportant)
CAN-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly
earlier ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke
2.5.5 ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote
attackers ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote
attackers ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-2536 (pstotext before 1.8g does not properly use the
"-dSAFER" option when ...)
{DSA-792-1}
- pstotext 1.9-2 (medium)
CAN-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve
Backup ...)
- NOTE: not-for-us (ARCserve Backup)
+ NOT-FOR-US: ARCserve Backup
CAN-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is
not ...)
- openvpn 2.0.2-1 (bug #324167; high)
CAN-2005-2533 (OpenVPN before 2.0.1, when running in "dev
tap" Ethernet bridging ...)
@@ -1554,57 +1554,57 @@
CAN-2005-2527
NOTE: reserved
CAN-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to
cause a ...)
- NOTE: not-for-us (MacOS X)
+ NOT-FOR-US: MacOS X
CAN-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file
...)
- NOTE: not-for-us (MacOS X)
+ NOT-FOR-US: MacOS X
CAN-2005-2524
NOTE: reserved
CAN-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog
Server ...)
- NOTE: not-for-us (Weblog Server in Mac OS X)
+ NOT-FOR-US: Weblog Server in Mac OS X
CAN-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses
URLs ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local
users to ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to
create ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure
...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2
allows ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL
...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text
Format ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local
users to ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to
...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows
...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or
forwarding an ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using
...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to
...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and
earlier, ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local
users ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and
10.4.2 ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS
X ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows
attackers ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device
with ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with
physical ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as
used in ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows
...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in
Linux ...)
NOTE: Does not affect 2.6.8 or 2.4.27, fixed in current 2.6.12 kernels
- linux-2.6 2.6.12-1 (medium)
@@ -1674,45 +1674,45 @@
CAN-2005-XXXX [Unspecified buffer overflow in metar]
- metar 20050807.1-1 (unknown)
CAN-2005-2489 (Web Content Management News System allows remote attackers to
create ...)
- NOTE: not-for-us (Web Content Management News System)
+ NOT-FOR-US: Web Content Management News System
CAN-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content
Management ...)
- NOTE: not-for-us (Web Content Management News System)
+ NOT-FOR-US: Web Content Management News System
CAN-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300,
4500, ...)
- NOTE: not-for-us (Sun switches)
+ NOT-FOR-US: Sun switches
CAN-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in
...)
- NOTE: not-for-us (PortailPHP)
+ NOT-FOR-US: PortailPHP
CAN-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in
Logicampus ...)
- NOTE: not-for-us (Logicampus)
+ NOT-FOR-US: Logicampus
CAN-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats
1.0 ...)
- NOTE: not-for-us (Denora IRC stats)
+ NOT-FOR-US: Denora IRC stats
CAN-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows
remote ...)
- NOTE: not-for-us (Karrigell)
+ NOT-FOR-US: Karrigell
CAN-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework
2.4 and ...)
- NOTE: not-for-us (Metasploit Framework)
+ NOT-FOR-US: Metasploit Framework
CAN-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (Fusebox)
+ NOT-FOR-US: Fusebox
CAN-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox
4.1.0 ...)
- NOTE: not-for-us (Fusebox)
+ NOT-FOR-US: Fusebox
CAN-2005-2479 (Quick ''n Easy FTP Server 3.0 allows remote attackers to
cause a denial ...)
- NOTE: not-for-us (Quick ''n Easy FTP Server)
+ NOT-FOR-US: Quick ''n Easy FTP Server
CAN-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote
...)
- NOTE: not-for-us (Silvernews)
+ NOT-FOR-US: Silvernews
CAN-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows
remote ...)
- NOTE: not-for-us (Naxtor Shopping Cart)
+ NOT-FOR-US: Naxtor Shopping Cart
CAN-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in
Naxtor ...)
- NOTE: not-for-us (Naxtor Shopping Cart)
+ NOT-FOR-US: Naxtor Shopping Cart
CAN-2005-2475 (Race condition in Unzip 5.52 allows local users to modify
permissions ...)
- unzip <unfixed> (bug #321927; low)
CAN-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive
...)
- NOTE: not-for-us (ChurchInfo)
+ NOT-FOR-US: ChurchInfo
CAN-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow
remote ...)
- NOTE: not-for-us (ChurchInfo)
+ NOT-FOR-US: ChurchInfo
CAN-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote
...)
- NOTE: not-for-us (BusinessMail)
+ NOT-FOR-US: BusinessMail
CAN-2005-2471 (pstopnm in netpbm does not properly use the
"-dSAFER" option when ...)
- netpbm 2:10.0-9 (bug #319757; low)
CAN-2005-2470 (Buffer overflow in a "core application
plug-in" for Adobe Reader 5.1 ...)
- NOTE: not-for-us (Adobe)
+ NOT-FOR-US: Adobe
CAN-2005-2469
NOTE: reserved
CAN-2005-2459 (The huft_build function in inflate.c in the zlib routines in the
Linux ...)
@@ -1726,102 +1726,102 @@
- linux-2.6 2.6.12-3 (bug #323173; medium)
- kernel-source-2.4.27 2.4.27-11 (medium)
CAN-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of
...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when
installed ...)
NOTE: snmpd is neither setuid nor setgid in Debian
CAN-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows
remote ...)
- NOTE: not-for-us (Omnicron)
+ NOT-FOR-US: Omnicron
CAN-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail
3.1 ...)
- NOTE: not-for-us (Novell Internet Messaging System)
+ NOT-FOR-US: Novell Internet Messaging System
CAN-2002-2122 (Pointsec before 1.2 for PalmOS stores a user''s PIN
number in memory in ...)
- NOTE: not-for-us (Pointsec)
+ NOT-FOR-US: Pointsec
CAN-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote
...)
- NOTE: not-for-us (SurfControl)
+ NOT-FOR-US: SurfControl
CAN-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers
to ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords,
which ...)
- NOTE: not-for-us (Novell eDirectory)
+ NOT-FOR-US: Novell eDirectory
CAN-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows
...)
- NOTE: not-for-us (Blue World Lasso Web Data Engine)
+ NOT-FOR-US: Blue World Lasso Web Data Engine
CAN-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote
attackers ...)
- NOTE: not-for-us (Netgear RM-356 and RT-338 series SOHO routers)
+ NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers
CAN-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System
(HNS) ...)
NOTE: nor-for-us (Hyper NIKKI System (HNS) Lite)
CAN-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to
execute ...)
- netjuke 1.0b7
CAN-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to
execute ...)
- NOTE: not-for-us (HTMLsearch)
+ NOT-FOR-US: HTMLsearch
CAN-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems
that must ...)
- NOTE: not-for-us (RCA Digital Cable Modem)
+ NOT-FOR-US: RCA Digital Cable Modem
CAN-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of
...)
- NOTE: not-for-us (Fwmon)
+ NOT-FOR-US: Fwmon
CAN-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote
attackers ...)
- NOTE: not-for-us (RCA Digital Cable Modems DCM225 and DCM225E)
+ NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E
CAN-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to
bypass ...)
NOTE: debian''s nms-formmail is a reimplementation of old formmail
CAN-2002-2108 (Unknown vulnerability in the "VAIO Manual"
software in certain Sony ...)
- NOTE: not-for-us (Sony VAIO)
+ NOT-FOR-US: Sony VAIO
CAN-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in
...)
- NOTE: not-for-us (OpenKeyServer)
+ NOT-FOR-US: OpenKeyServer
CAN-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before
0.21 ...)
- NOTE: not-for-us (WikkiTikkiTavi)
+ NOT-FOR-US: WikkiTikkiTavi
CAN-2002-2105 (Microsoft Windows XP allows local users to prevent the system
from ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote
attackers ...)
- NOTE: not-for-us (Ganglia PHP RRD Web Client)
+ NOT-FOR-US: Ganglia PHP RRD Web Client
NOTE: not ganglia-monitor
CAN-2002-2103 (Apache before 1.3.24, when writing to the log file, records a
spoofed ...)
- apache 1.3.24 (low)
CAN-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote
attackers to ...)
- libjzlib-java 0.0.7 (low)
CAN-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass
the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1
allows ...)
NOTE: ddd is not setuid/gid so not exploitable
CAN-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows
...)
- NOTE: not-for-us (Axspawn-pam)
+ NOT-FOR-US: Axspawn-pam
CAN-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote
attackers ...)
- maradns 0.9.01 (low)
CAN-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in
...)
- NOTE: not-for-us (Netware)
+ NOT-FOR-US: Netware
CAN-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files
that ...)
- NOTE: not-for-us (Joe Testa hellbent 01 webserver)
+ NOT-FOR-US: Joe Testa hellbent 01 webserver
CAN-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the
full ...)
- NOTE: not-for-us (Joe Testa hellbent 01 webserver)
+ NOT-FOR-US: Joe Testa hellbent 01 webserver
CAN-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default
Input is ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2
and ...)
- NOTE: not-for-us (OpenBSD/NetBSD/FreeBSD)
+ NOT-FOR-US: OpenBSD/NetBSD/FreeBSD
CAN-2002-2091 (Format string vulnerability in Deception Finger Daemon,
decfingerd, ...)
- NOTE: not-for-us (decfingerd)
+ NOT-FOR-US: decfingerd
CAN-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote
attackers ...)
- NOTE: not-for-us (aucho Technology Resin server)
+ NOT-FOR-US: aucho Technology Resin server
CAN-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to
execute ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account
without a ...)
- NOTE: not-for-us (clump/os)
+ NOT-FOR-US: clump/os
CAN-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to
execute ...)
TODO: check firebird as it''s based on InterBase 6.0
CAN-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for
...)
- NOTE: not-for-us (ScriptEase)
+ NOT-FOR-US: ScriptEase
CAN-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0
does not ...)
- NOTE: not-for-us (UnixWare/OpenUnix)
+ NOT-FOR-US: UnixWare/OpenUnix
CAN-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows
local ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1,
and 8.0 ...)
- NOTE: not-for-us (CDE)
+ NOT-FOR-US: CDE
CAN-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users
to ...)
NOTE: insufficient info to check, but not same code base
CAN-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web
Sharing ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll
in ...)
- NOTE: not-for-us (Trend Micro InterScan VirusWall)
+ NOT-FOR-US: Trend Micro InterScan VirusWall
CAN-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan
VirusWall ...)
- NOTE: not-for-us (Trend Micro InterScan VirusWall)
+ NOT-FOR-US: Trend Micro InterScan VirusWall
CAN-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
- wine <unfixed> (bug #321470; low)
CAN-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension]
@@ -1877,21 +1877,21 @@
- linux-2.6 2.6.12-2 (bug #321401; medium)
- kernel-source-2.4.27 2.4.27-11 (medium)
CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read
...)
- NOTE: not-for-us (Greasemonkey)
+ NOT-FOR-US: Greasemonkey
CAN-2005-2454
NOTE: reserved
CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web
Server ...)
- NOTE: not-for-us (NetworkActiv Web Server)
+ NOT-FOR-US: NetworkActiv Web Server
CAN-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of
...)
NOTE: CVE description is broken, this only affects 3.6, it''s been
fixed in 3.7
- tiff 3.7.0-1
CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6
enabled, ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG
file ...)
{DSA-776-1 DTSA-3-1}
- clamav 0.86.2-1 (medium)
CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to
create ...)
- NOTE: not-for-us (sandbox)
+ NOT-FOR-US: sandbox
CAN-2005-2448 (Multiple "endianness errors" in libgadu in ekg
before 1.6rc2 allow ...)
{DSA-813-1 DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
@@ -1901,31 +1901,31 @@
CAN-2005-2446
NOTE: rejected
CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6
allows ...)
- NOTE: not-for-us (Product Cart)
+ NOT-FOR-US: Product Cart
CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores
the ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document
root ...)
- NOTE: not-for-us (KShout)
+ NOT-FOR-US: KShout
CAN-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics
...)
- NOTE: not-for-us (SPI Dynamics Web Inspect)
+ NOT-FOR-US: SPI Dynamics Web Inspect
CAN-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom
allow ...)
- NOTE: not-for-us (VBzoom)
+ NOT-FOR-US: VBzoom
CAN-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill
Vantage ...)
- NOTE: not-for-us (Thomson Web Skill Vantage Manager)
+ NOT-FOR-US: Thomson Web Skill Vantage Manager
CAN-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when
...)
- NOTE: not-for-us (UseBB)
+ NOT-FOR-US: UseBB
CAN-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and
earlier ...)
- NOTE: not-for-us (UseBB)
+ NOT-FOR-US: UseBB
CAN-2005-2436 (browse.php in Website Baker Project allows remote attackers to
obtain ...)
- NOTE: not-for-us (Website Baker)
+ NOT-FOR-US: Website Baker
CAN-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in
Website ...)
- NOTE: not-for-us (Website Baker)
+ NOT-FOR-US: Website Baker
CAN-2005-2434 (Linksys WRT54G router uses the same private key and certificate
for ...)
- NOTE: not-for-us (Linksys hardware)
+ NOT-FOR-US: Linksys hardware
CAN-2005-2433 (PhpList allows remote attackers to obtain sensitive information
via a ...)
- NOTE: not-for-us (PhpList)
+ NOT-FOR-US: PhpList
CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers
to ...)
- NOTE: not-for-us (PhpList)
+ NOT-FOR-US: PhpList
CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge
4.5 ...)
NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in
Debian
- gforge (bug #328224; unimportant)
@@ -1935,88 +1935,88 @@
- gforge (bug #328224; medium)
NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in
Debian
CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not
properly set ...)
- NOTE: not-for-us (Firefox on Windows)
+ NOT-FOR-US: Firefox on Windows
CAN-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for
all fields" ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in
CartWIZ ...)
- NOTE: not-for-us (CartWIZ)
+ NOT-FOR-US: CartWIZ
CAN-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause
a ...)
- NOTE: not-for-us (FTPshell Server)
+ NOT-FOR-US: FTPshell Server
CAN-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote
...)
- NOTE: not-for-us (Ares FileShare)
+ NOT-FOR-US: Ares FileShare
CAN-2005-2424 (The management interface for Siemens SANTIS 50 running firmware
...)
- NOTE: not-for-us (Siemens hardware)
+ NOT-FOR-US: Siemens hardware
CAN-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (Beehive)
+ NOT-FOR-US: Beehive
CAN-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive
Forum ...)
- NOTE: not-for-us (Beehive)
+ NOT-FOR-US: Beehive
CAN-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other
pages in ...)
- NOTE: not-for-us (Beehive)
+ NOT-FOR-US: Beehive
CAN-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute
...)
- NOTE: not-for-us (FtpLocate)
+ NOT-FOR-US: FtpLocate
CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass
authentication ...)
- NOTE: not-for-us (hardware issue)
+ NOT-FOR-US: hardware issue
CAN-2005-2418
NOTE: rejected
- NOTE: not-for-us (Realchat)
+ NOT-FOR-US: Realchat
CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (Contrexx)
+ NOT-FOR-US: Contrexx
CAN-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx
before ...)
- NOTE: not-for-us (Contrexx)
+ NOT-FOR-US: Contrexx
CAN-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5
allow ...)
- NOTE: not-for-us (Contrexx)
+ NOT-FOR-US: Contrexx
CAN-2005-2414 (Race condition in the xpcom library, as used by web browsers
such as ...)
- mozilla-firefox (bug #327549; medium)
- mozilla (bug #327550; medium)
TODO: check more Mozilla-based browsers
CAN-2005-2413 (PHP remote file inclusion vulnerability in
apa_phpinclude.inc.php in ...)
- NOTE: not-for-us (Atomic Photo Album)
+ NOT-FOR-US: Atomic Photo Album
CAN-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP
FirstPost ...)
- NOTE: not-for-us (First Post)
+ NOT-FOR-US: First Post
CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1,
and ...)
{DSA-808-1}
- tdiary 2.0.2-1 (medium)
CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in
Network ...)
- NOTE: not-for-us (Network Manager)
+ NOT-FOR-US: Network Manager
CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and
earlier, ...)
- NOTE: not-for-us (nbsmtp)
+ NOT-FOR-US: nbsmtp
CAN-2005-2408
NOTE: reserved
CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform
"link ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site
scripting ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font
(ARIALUNI.TTF) is ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote
attackers to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke
6.0 to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke
6.0 to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-2294 (Canonicalize-before-filter error in the send_review function in
the ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke
6.0 to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers
to ...)
- NOTE: not-for-us (Alt-N Technologies Mdaemon)
+ NOT-FOR-US: Alt-N Technologies Mdaemon
CAN-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute
arbitrary ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2289 (Microsoft Windows XP Explorer allows local users to execute
arbitrary ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft
...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light
Web ...)
- NOTE: not-for-us (Light Web File Manager)
+ NOT-FOR-US: Light Web File Manager
CAN-2004-2286 (Integer overflow in the duplication operator in ActivePerl
allows ...)
- NOTE: not-for-us (ActivePerl)
+ NOT-FOR-US: ActivePerl
CAN-2004-2285
NOTE: rejected
- NOTE: not-for-us (Perl on Windows)
+ NOT-FOR-US: Perl on Windows
CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link
function ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2005-XXXX [DoS against rsync in embedded zlib copy]
NOTE: This is distinct from CAN-2005-2096, please see rsync''s 2.6.6
announcement
NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3
@@ -2025,76 +2025,76 @@
NOTE: zlib 1.2 are affected as well
- rsync 2.6.6-1 (low)
CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3
allows ...)
- NOTE: not-for-us (Sendcard)
+ NOT-FOR-US: Sendcard
CAN-2005-2403 (The login protocol in RealChat 3.5.1b does not use
authentication, ...)
- NOTE: not-for-us (RealChat)
+ NOT-FOR-US: RealChat
CAN-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...)
- NOTE: not-for-us (PHPSiteSearch)
+ NOT-FOR-US: PHPSiteSearch
CAN-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading
Style ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote
attackers to ...)
- NOTE: not-for-us (PHPFinance)
+ NOT-FOR-US: PHPFinance
CAN-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors
via ...)
- NOTE: not-for-us (PHP Surveyor)
+ NOT-FOR-US: PHP Surveyor
CAN-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98
allows ...)
- NOTE: not-for-us (PHP Surveyor)
+ NOT-FOR-US: PHP Surveyor
CAN-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in
phpBook ...)
- NOTE: not-for-us (phpBook)
+ NOT-FOR-US: phpBook
CAN-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and
...)
- mediawiki <itp> (bug #276057)
CAN-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge
with the ...)
- mozilla-firefox <unfixed> (bug #320539; medium)
- mozilla <unfixed> (bug #320538; medium)
CAN-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to
obtain the ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6
allows ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for
CMSimple 2.4 ...)
- NOTE: not-for-us (CMSimple)
+ NOT-FOR-US: CMSimple
CAN-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access
Point ...)
- NOTE: not-for-us (3Com OfficeConnect Wireless 11g AP)
+ NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
CAN-2005-2390 (Multiple format string vulnerabilities in ProFTPD before
1.3.0rc2 ...)
{DSA-795-2}
- proftpd 1.2.10-20 (low)
NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CAN-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a
...)
- NOTE: not-for-us (Veritas NetBackup)
+ NOT-FOR-US: Veritas NetBackup
CAN-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft
Windows, ...)
- NOTE: not-for-us (some windows USB driver)
+ NOT-FOR-US: some windows USB driver
CAN-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server
5.16 ...)
- NOTE: not-for-us (GoodTech SMTP server)
+ NOT-FOR-US: GoodTech SMTP server
CAN-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in
CartWIZ ...)
- NOTE: not-for-us (CartWIZ)
+ NOT-FOR-US: CartWIZ
CAN-2005-2385 (Buffer overflow in a third-party compression library
(UNACEV2.DLL), as ...)
- NOTE: not-for-us (UNACEV2.DLL)
+ NOT-FOR-US: UNACEV2.DLL
CAN-2005-2384 (Directory traversal vulnerability in a third-party compression
library ...)
- NOTE: not-for-us (UNACEV2.DLL)
+ NOT-FOR-US: UNACEV2.DLL
CAN-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows
remote ...)
- NOTE: not-for-us (PHPNews)
+ NOT-FOR-US: PHPNews
CAN-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop
SYSTEM ...)
- NOTE: not-for-us (Oray PeanutHull)
+ NOT-FOR-US: Oray PeanutHull
CAN-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive
...)
- NOTE: not-for-us (PHP Surveyor)
+ NOT-FOR-US: PHP Surveyor
CAN-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor
0.98 ...)
- NOTE: not-for-us (PHP Surveyor)
+ NOT-FOR-US: PHP Surveyor
CAN-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle
Reports ...)
- NOTE: not-for-us (Oracle Reports)
+ NOT-FOR-US: Oracle Reports
CAN-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files
via an ...)
- NOTE: not-for-us (Oracle Reports)
+ NOT-FOR-US: Oracle Reports
CAN-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake
Corporate ...)
NOTE: appears to be Mandrake specfic
CAN-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote
...)
- NOTE: not-for-us (Race Driver)
+ NOT-FOR-US: Race Driver
CAN-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier
allows ...)
- NOTE: not-for-us (Race Driver)
+ NOT-FOR-US: Race Driver
CAN-2005-2374 (Belkin 54g wireless routers do not properly set an
administrative ...)
- NOTE: not-for-us (Belkin 54g wireless routers)
+ NOT-FOR-US: Belkin 54g wireless routers
CAN-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote
authenticated ...)
- NOTE: not-for-us (SlimFTPd)
+ NOT-FOR-US: SlimFTPd
CAN-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from
arbitrary ...)
- NOTE: not-for-us (Oracle Forms)
+ NOT-FOR-US: Oracle Forms
CAN-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g
allows ...)
- NOTE: not-for-us (Oracle Reports)
+ NOT-FOR-US: Oracle Reports
CAN-2005-2370 (Multiple "memory alignment errors" in libgadu,
as used in ekg before ...)
{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
- gaim 1:1.4.0-5 (low)
@@ -2125,9 +2125,9 @@
CAN-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when
used ...)
- kfreebsd-5 5.3-1 (medium)
CAN-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list
...)
- NOTE: not-for-us (EMC Navisphere Manager)
+ NOT-FOR-US: EMC Navisphere Manager
CAN-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager
6.4.1.0.0 ...)
- NOTE: not-for-us (EMC Navisphere Manager)
+ NOT-FOR-US: EMC Navisphere Manager
CAN-2005-2355
NOTE: rejected
NOTE: see CAN-2005-2356
@@ -2135,7 +2135,7 @@
NOTE: reserved
- xsupplicant 1.0.1-5 (bug #317703; low)
CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote
attackers ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-2345
NOTE: reserved
CAN-2005-2344
@@ -2157,37 +2157,37 @@
CAN-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2
allows ...)
- hiki 0.8.2-1
CAN-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via
shell ...)
- NOTE: not-for-us (Y.SAK)
+ NOT-FOR-US: Y.SAK
CAN-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in
...)
- NOTE: not-for-us (smilies_popup.php)
+ NOT-FOR-US: smilies_popup.php
CAN-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect
1.0.0a ...)
- NOTE: not-for-us (PHPPageProtect)
+ NOT-FOR-US: PHPPageProtect
CAN-2005-2331 (PHP remote file inclusion vulnerability in display.php in
MooseGallery ...)
- NOTE: not-for-us (MooseGallery)
+ NOT-FOR-US: MooseGallery
CAN-2005-2330 (Directory traversal vulnerability in update.php in osCommerce
2.2 ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
3.5.0, ...)
- NOTE: not-for-us (MRV Communications In-Reach LX-8000S, LX-4000S, and
LX-1000S)
+ NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
CAN-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer
0.3.2.6 ...)
- NOTE: not-for-us (Laffer)
+ NOT-FOR-US: Laffer
CAN-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and
earlier ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and
2.0a ...)
- NOTE: not-for-us (Clever Copy)
+ NOT-FOR-US: Clever Copy
CAN-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the
full ...)
- NOTE: not-for-us (Clever Copy)
+ NOT-FOR-US: Clever Copy
CAN-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and
2.0a ...)
- NOTE: not-for-us (Clever Copy)
+ NOT-FOR-US: Clever Copy
CAN-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4
and ...)
- NOTE: not-for-us (Class-1 Forum)
+ NOT-FOR-US: Class-1 Forum
CAN-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4
and ...)
- NOTE: not-for-us (Class-1 Forum)
+ NOT-FOR-US: Class-1 Forum
CAN-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows
remote ...)
- NOTE: not-for-us (CaLogic)
+ NOT-FOR-US: CaLogic
CAN-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and
...)
- NOTE: not-for-us (Yawp)
+ NOT-FOR-US: Yawp
CAN-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS
7.1 ...)
- NOTE: not-for-us (DVBBS)
+ NOT-FOR-US: DVBBS
CAN-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x
before ...)
- shorewall 2.4.1-2 (bug #318946; medium)
CAN-2005-2316
@@ -2195,31 +2195,31 @@
CAN-2005-2315
NOTE: reserved
CAN-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote
attackers to ...)
- NOTE: not-for-us (PHPsFTPd)
+ NOT-FOR-US: PHPsFTPd
CAN-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54
allows ...)
- NOTE: not-for-us (Check Point SecuRemote NG with Application Intelligence)
+ NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence
CAN-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows
remote ...)
- NOTE: not-for-us (Realnode Emilda)
+ NOT-FOR-US: Realnode Emilda
CAN-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary
files ...)
- sms-pl <unfixed> (bug #320540; unimportant)
NOTE: vulnerable contrib file only in source package
CAN-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote
...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service
(CPU ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote
...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library
allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and
7.0, when ...)
- NOTE: not-for-us (Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0)
+ NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0
CAN-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause
a ...)
- NOTE: not-for-us (DG Remote Control Server)
+ NOT-FOR-US: DG Remote Control Server
CAN-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows
remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2303
NOTE: rejected
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted
range ...)
{DSA-771-1}
- pdns 2.9.18-1 (medium; bug #318798)
@@ -2227,94 +2227,94 @@
{DSA-771-1}
- pdns 2.9.18-1 (medium; bug #318798)
CAN-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite
arbitrary ...)
- NOTE: not-for-us (Skype)
+ NOT-FOR-US: Skype
CAN-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple
Message ...)
- NOTE: not-for-us (Simple Message Board)
+ NOT-FOR-US: Simple Message Board
CAN-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all
...)
NOTE: BitDefender can be used by AMaViS but is not shipped in Debian
CAN-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer
4.2.5 ...)
- NOTE: not-for-us (Sybase EAServer)
+ NOT-FOR-US: Sybase EAServer
CAN-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (YabbSE)
+ NOT-FOR-US: YabbSE
CAN-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a
denial of ...)
- netpanzer <unfixed> (bug #318329; medium)
CAN-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number
of ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and
passwords in a ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext
passwords ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote
attackers to ...)
- NOTE: not-for-us (WPS)
+ NOT-FOR-US: WPS
CAN-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (PHPCounter)
+ NOT-FOR-US: PHPCounter
CAN-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2
allows ...)
- NOTE: not-for-us (PHPCounter)
+ NOT-FOR-US: PHPCounter
CAN-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to
cause a ...)
- NOTE: not-for-us (SoftiaCom wMailServer)
+ NOT-FOR-US: SoftiaCom wMailServer
CAN-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization,
which ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations
such as ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2
allow ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an
uploaded ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC
before ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords,
which ...)
- NOTE: not-for-us (WebEOC)
+ NOT-FOR-US: WebEOC
CAN-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause
a ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running
firmware ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in
MailEnable ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0
allows ...)
{DSA-762-1}
- affix 2.1.2-2 (medium)
CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise
WebAccess ...)
- NOTE: not-for-us (Novell Groupwise WebAccess)
+ NOT-FOR-US: Novell Groupwise WebAccess
CAN-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail
before ...)
- NOTE: not-for-us (OpenWebmail)
+ NOT-FOR-US: OpenWebmail
CAN-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows
remote ...)
- dansguardian 2.6.1-13 (medium)
CAN-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass
URL ...)
- dansguardian 2.7.7-2
CAN-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before
6.5.4 ...)
- NOTE: not-for-us (IBM Lotus Notes)
+ NOT-FOR-US: IBM Lotus Notes
CAN-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x
before ...)
- NOTE: not-for-us (IBM Lotus Notes)
+ NOT-FOR-US: IBM Lotus Notes
CAN-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board
1.3 ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI
in ...)
- NOTE: not-for-us (vHost)
+ NOT-FOR-US: vHost
CAN-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life
...)
- NOTE: not-for-us (aGSM Half-Life)
+ NOT-FOR-US: aGSM Half-Life
CAN-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security
5.50 and ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute
...)
- NOTE: not-for-us (I-Mall Commerce)
+ NOT-FOR-US: I-Mall Commerce
CAN-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact
and ...)
- NOTE: not-for-us (w3m Jigsaw)
+ NOT-FOR-US: w3m Jigsaw
CAN-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (efFingerD)
+ NOT-FOR-US: efFingerD
CAN-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in
efFingerD ...)
- NOTE: not-for-us (efFingerD)
+ NOT-FOR-US: efFingerD
CAN-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote
attackers ...)
- NOTE: not-for-us (MiniShare)
+ NOT-FOR-US: MiniShare
CAN-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and
4.1 ...)
- NOTE: not-for-us (IBM Parallel Environment)
+ NOT-FOR-US: IBM Parallel Environment
CAN-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection
...)
- pads 1.1.1 (high)
CAN-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the
database ...)
- NOTE: not-for-us (PimenGest2)
+ NOT-FOR-US: PimenGest2
CAN-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and
earlier ...)
- NOTE: not-for-us (Ansel)
+ NOT-FOR-US: Ansel
CAN-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows
remote ...)
- NOTE: not-for-us (Ansel)
+ NOT-FOR-US: Ansel
CAN-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely
during ...)
- uudeview <unfixed> (bug #320541; medium)
TODO: check libconvert-uulib-perl
@@ -2322,53 +2322,53 @@
CAN-2004-2264 (** DISPUTED ** ...)
NOTE: less is not suid, explotability unlikely
CAN-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php
in ...)
- NOTE: not-for-us (PlaySMS)
+ NOT-FOR-US: PlaySMS
CAN-2004-2262 (ImageManager in e107 before 0.617 does not properly check the
types of ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote
...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the
...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to
cause ...)
- vsftpd 2.0.1-1 (low)
CAN-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen
...)
- NOTE: not-for-us (Hummingbird Exceed)
+ NOT-FOR-US: Hummingbird Exceed
CAN-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image
Manager to ...)
- NOTE: not-for-us (phpMyFAQ)
+ NOT-FOR-US: phpMyFAQ
CAN-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows
...)
- NOTE: not-for-us (phpMyFAQ)
+ NOT-FOR-US: phpMyFAQ
CAN-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows
remote ...)
- NOTE: not-for-us (phpMyFAQ)
+ NOT-FOR-US: phpMyFAQ
CAN-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before
1.0h, ...)
- NOTE: not-for-us (SurgeLDAP)
+ NOT-FOR-US: SurgeLDAP
CAN-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g
and ...)
- NOTE: not-for-us (SurgeLDAP)
+ NOT-FOR-US: SurgeLDAP
CAN-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends
responses to ...)
- NOTE: not-for-us (Astaro suite)
+ NOT-FOR-US: Astaro suite
CAN-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides
...)
- NOTE: not-for-us (Astaro suite)
+ NOT-FOR-US: Astaro suite
CAN-2004-2250 (Unknown vulnerability in the "access code" in
RemoteEditor before ...)
- NOTE: not-for-us (RemoteEditor)
+ NOT-FOR-US: RemoteEditor
CAN-2004-2249 (Unknown vulnerability in the "access code" in
SecureEditor before ...)
- NOTE: not-for-us (SecureEditor)
+ NOT-FOR-US: SecureEditor
CAN-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown
impact ...)
- NOTE: not-for-us (RemoteEditor)
+ NOT-FOR-US: RemoteEditor
CAN-2004-2247 (Unknown vulnerability in the "admin of paypal email
addresses" in ...)
- NOTE: not-for-us (AudienceConnect)
+ NOT-FOR-US: AudienceConnect
CAN-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before
0.04b ...)
- NOTE: not-for-us (Goollery)
+ NOT-FOR-US: Goollery
CAN-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows
...)
- NOTE: not-for-us (Goollery)
+ NOT-FOR-US: Goollery
CAN-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0
and ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-2243 (Phorum allows remote attackers to hijack sessions of other users
by ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in
Phorum, ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and
earlier ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and
earlier ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might
allow ...)
- vpopmail <unfixed> (bug #320608; low)
CAN-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
@@ -2389,13 +2389,13 @@
CAN-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in
...)
- moodle 1.4.2-1
CAN-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows
local ...)
- NOTE: not-for-us (InstallAnywhere)
+ NOT-FOR-US: InstallAnywhere
CAN-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6
...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...)
- NOTE: not-for-us (Firefox on MacOS)
+ NOT-FOR-US: Firefox on MacOS
CAN-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file
...)
- mozilla-firefox 1.0-1
CAN-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when
...)
@@ -2404,29 +2404,29 @@
CAN-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete
...)
- mozilla-firefox 0.99+1.0RC1-1
CAN-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to
cause ...)
- NOTE: not-for-us (Message Foundry)
+ NOT-FOR-US: Message Foundry
CAN-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (FsPHPGallery)
+ NOT-FOR-US: FsPHPGallery
CAN-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery
before ...)
- NOTE: not-for-us (FsPHPGallery)
+ NOT-FOR-US: FsPHPGallery
CAN-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b
allows ...)
- NOTE: not-for-us (SoftCart)
+ NOT-FOR-US: SoftCart
CAN-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does
not ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof
the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4
and ...)
- NOTE: not-for-us (PHPMyWebHosting)
+ NOT-FOR-US: PHPMyWebHosting
CAN-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7
allow ...)
- NOTE: not-for-us (yChat)
+ NOT-FOR-US: yChat
CAN-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and
...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file
descriptors, ...)
- rxvt-unicode 3.8-1
CAN-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers
to ...)
- NOTE: not-for-us (AppWeb HTTP server)
+ NOT-FOR-US: AppWeb HTTP server
CAN-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers
to ...)
- NOTE: not-for-us (AppWeb HTTP server)
+ NOT-FOR-US: AppWeb HTTP server
CAN-2005-XXXX [Multiple security problems in ethereal]
- ethereal 0.10.12-1 (medium)
CAN-2005-XXXX [strobe reads file from unsafe directory]
@@ -2449,7 +2449,7 @@
{DSA-766-1}
- webcalendar 0.9.45-7 (bug #315671; medium)
CAN-2005-2437 (Website Baker Project does not properly verify the file
extensions of ...)
- NOTE: not-for-us (Website Baker)
+ NOT-FOR-US: Website Baker
CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access
definitions]
NOTE: This doesn''t look like a real security issue as cron.daily
should only be
NOTE: writable by root, but lets include it as the maintainer considers it an
issue
@@ -2457,13 +2457,13 @@
CAN-2005-2275
NOTE: reserved
CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a
...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a
Javascript ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript
...)
- NOTE: not-for-us (Sfari)
+ NOT-FOR-US: Sfari
CAN-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box
with the ...)
- NOTE: not-for-us (iCab)
+ NOT-FOR-US: iCab
CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly
clone ...)
{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (high)
@@ -2511,56 +2511,56 @@
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge2 (medium)
CAN-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML
of ...)
- NOTE: not-for-us (magicHTML)
+ NOT-FOR-US: magicHTML
CAN-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum
3.82 ...)
- NOTE: not-for-us (WWWeBBB forum)
+ NOT-FOR-US: WWWeBBB forum
CAN-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02
allows ...)
- NOTE: not-for-us (Portix)
+ NOT-FOR-US: Portix
CAN-2002-2083 (The Novell Netware client running on Windows 95 allows local
users to ...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before
authentication ...)
- NOTE: not-for-us (FTGate)
+ NOT-FOR-US: FTGate
CAN-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers
to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (FTGate)
+ NOT-FOR-US: FTGate
CAN-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX
...)
- kernel-patch-openmosix <unfixed> (bug #319621; low)
NOTE: filed bug with ftp.debian.org for removal (#319817)
CAN-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and
(2) ...)
- NOTE: not-for-us (FTGate)
+ NOT-FOR-US: FTGate
CAN-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly
clear ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2076 (Directory traversal vulnerability in Lil'' HTTP server
2.1 and 2.2 ...)
- NOTE: not-for-us (Lil'' HTTP server)
+ NOT-FOR-US: Lil'' HTTP server
CAN-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of
...)
- NOTE: not-for-us (ICQ)
+ NOT-FOR-US: ICQ
CAN-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows
remote ...)
- NOTE: not-for-us (Mailidx)
+ NOT-FOR-US: Mailidx
CAN-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP
pages on ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM)
in ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of
...)
- NOTE: not-for-us (Tru64)
+ NOT-FOR-US: Tru64
CAN-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data
streams ...)
- NOTE: not-for-us (SecureClean)
+ NOT-FOR-US: SecureClean
CAN-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams
that are ...)
- NOTE: not-for-us (Proprietary PGP)
+ NOT-FOR-US: Proprietary PGP
CAN-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that
are ...)
- NOTE: not-for-us (Eraser)
+ NOT-FOR-US: Eraser
CAN-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data
streams ...)
- NOTE: not-for-us (Eraser)
+ NOT-FOR-US: Eraser
CAN-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear
Windows ...)
- NOTE: not-for-us (BCWipe)
+ NOT-FOR-US: BCWipe
CAN-2002-2065 (WebCalendar 0.9.34 and earlier with ''browsing in
includes directory'' ...)
- NOTE: not-for-us (WebCalender)
+ NOT-FOR-US: WebCalender
CAN-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain
...)
- NOTE: not-for-us (PhpWebGallery)
+ NOT-FOR-US: PhpWebGallery
CAN-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters
and ...)
- NOTE: not-for-us (AtGuard)
+ NOT-FOR-US: AtGuard
CAN-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and
...)
NOTE: fixed in upstream 1.0.1
NOTE: see
http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
@@ -2568,21 +2568,21 @@
CAN-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to
crash ...)
- links2 2.1pre16-2 (low)
CAN-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards
does not ...)
- NOTE: not-for-us (Intel)
+ NOT-FOR-US: Intel
CAN-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage
...)
- NOTE: not-for-us (TeeKai)
+ NOT-FOR-US: TeeKai
CAN-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in
...)
- NOTE: not-for-us (TeeKai)
+ NOT-FOR-US: TeeKai
CAN-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2
allows ...)
- NOTE: not-for-us (TeeKai)
+ NOT-FOR-US: TeeKai
CAN-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in
TeeKai ...)
- NOTE: not-for-us (TeeKai)
+ NOT-FOR-US: TeeKai
CAN-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the
...)
- NOTE: not-for-us (TeeKai)
+ NOT-FOR-US: TeeKai
CAN-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as
implemented ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim
release, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when
used ...)
NOTE: fixed in 0.7.12-1
- modlogan 0.7.12-1 (low)
@@ -2592,153 +2592,153 @@
CAN-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6,
when ...)
TODO: check
CAN-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers
to ...)
- NOTE: not-for-us (PFinger)
+ NOT-FOR-US: PFinger
CAN-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier
allows ...)
NOTE: fixed in 0.6.13-1
- sketch 0.6.13-1 (low)
CAN-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote
attackers ...)
- NOTE: not-for-us (X-News)
+ NOT-FOR-US: X-News
CAN-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote
attackers to ...)
- NOTE: not-for-us (x-stat)
+ NOT-FOR-US: x-stat
CAN-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in
x-stat ...)
- NOTE: not-for-us (x-stat)
+ NOT-FOR-US: x-stat
CAN-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication
patch ...)
TODO: check
CAN-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and
6.1.0 ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS)
6.1.0 ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime
...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0
allows ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a
filesystem-based ...)
- NOTE: not-for-us (NGPT)
+ NOT-FOR-US: NGPT
NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html
NOTE: NPTL does not have this problem.
CAN-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility
(NSCM) ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0
and ...)
- NOTE: not-for-us (RealityScape)
+ NOT-FOR-US: RealityScape
CAN-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote
attackers ...)
- NOTE: not-for-us (Email Sanitizer)
+ NOT-FOR-US: Email Sanitizer
CAN-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote
attackers ...)
- NOTE: not-for-us (FAQManager)
+ NOT-FOR-US: FAQManager
CAN-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict
access to ...)
- NOTE: not-for-us (PHPNuke)
+ NOT-FOR-US: PHPNuke
CAN-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution
enabled ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0
allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for
/php/ ...)
- NOTE: not-for-us (PHP, Mircrosoft)
+ NOT-FOR-US: PHP, Mircrosoft
CAN-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not
verify ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not
...)
- NOTE: not-for-us (DOOW)
+ NOT-FOR-US: DOOW
CAN-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP
servers to ...)
- NOTE: not-for-us (BrowseFTP)
+ NOT-FOR-US: BrowseFTP
CAN-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers
to ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web
root ...)
NOTE: fixed in 3:2.2.6-5
- imp 3:2.2.6-5 (high)
CAN-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0,
1.1 and ...)
- NOTE: not-for-us (We use the OTHER beep program :P)
+ NOT-FOR-US: We use the OTHER beep program :P
CAN-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier
allows ...)
NOTE: only affects old-stable
CAN-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning
Board ...)
- NOTE: not-for-us (wbboard)
+ NOT-FOR-US: wbboard
CAN-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a
default ...)
- NOTE: not-for-us (Netgear hardware)
+ NOT-FOR-US: Netgear hardware
CAN-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in
...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain
privileges by ...)
- NOTE: not-for-us (SAS/Base)
+ NOT-FOR-US: SAS/Base
CAN-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary
code ...)
- NOTE: not-for-us (SAS/Base)
+ NOT-FOR-US: SAS/Base
CAN-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to
kernel ...)
TODO: check
CAN-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703
allows ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages
when a ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows
remote ...)
- NOTE: not-for-us (Mozilla)
+ NOT-FOR-US: Mozilla
CAN-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS
for ...)
- NOTE: not-for-us (Apache)
+ NOT-FOR-US: Apache
CAN-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program
...)
- NOTE: not-for-us (faqomatic)
+ NOT-FOR-US: faqomatic
CAN-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in
htdig ...)
- NOTE: not-for-us (faqomatic)
+ NOT-FOR-US: faqomatic
CAN-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web
root ...)
- NOTE: not-for-us (Tomcat)
+ NOT-FOR-US: Tomcat
CAN-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to
obtain the ...)
- NOTE: not-for-us (Tomcat)
+ NOT-FOR-US: Tomcat
CAN-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4
allows ...)
- NOTE: not-for-us (Tomcat)
+ NOT-FOR-US: Tomcat
CAN-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and
3.0 ...)
- NOTE: not-for-us (Tomcat)
+ NOT-FOR-US: Tomcat
CAN-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and
...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers
to ...)
- NOTE: not-for-us (Compaq)
+ NOT-FOR-US: Compaq
CAN-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows
remote ...)
- NOTE: not-for-us (Compaq)
+ NOT-FOR-US: Compaq
CAN-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A
allows ...)
- NOTE: not-for-us (Compaq)
+ NOT-FOR-US: Compaq
CAN-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with
predictable ...)
- NOTE: not-for-us (jmcce)
+ NOT-FOR-US: jmcce
CAN-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly
use ...)
- NOTE: not-for-us (OpenVMS)
+ NOT-FOR-US: OpenVMS
CAN-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could
allow ...)
- NOTE: not-for-us (VVOS)
+ NOT-FOR-US: VVOS
CAN-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX
8.0.0 ...)
- NOTE: not-for-us (UnixWare)
+ NOT-FOR-US: UnixWare
CAN-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass
filtering ...)
- NOTE: not-for-us (ZoneAlarm)
+ NOT-FOR-US: ZoneAlarm
CAN-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and
earlier ...)
- NOTE: not-for-us (Postnuke)
+ NOT-FOR-US: Postnuke
CAN-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for
PHP-Nuke ...)
- NOTE: not-for-us (Postnuke)
+ NOT-FOR-US: Postnuke
CAN-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional
1.030000 ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to
execute ...)
- NOTE: not-for-us (WebBBS)
+ NOT-FOR-US: WebBBS
CAN-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS
4 or ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute
arbitrary ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal
physical ...)
- NOTE: not-for-us (Resin)
+ NOT-FOR-US: Resin
CAN-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service
...)
- NOTE: not-for-us (Resin)
+ NOT-FOR-US: Resin
CAN-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service
...)
- NOTE: not-for-us (Resin)
+ NOT-FOR-US: Resin
CAN-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin
2.1.2 ...)
- NOTE: not-for-us (Resin)
+ NOT-FOR-US: Resin
CAN-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through
2.4.11, when ...)
NOTE: presumably fixed in linux 2.4.12
CAN-2001-1571 (The Remote Desktop client in Windows XP sends the most recent
user ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1570 (Windows XP with fast user switching and account lockout enabled
allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain
name ...)
- NOTE: not-for-us (Openwave WAP gateway)
+ NOT-FOR-US: Openwave WAP gateway
CAN-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name
URL ...)
- NOTE: not-for-us (CMG WAP gateway)
+ NOT-FOR-US: CMG WAP gateway
CAN-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers
to ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in
Perdition ...)
- vanessa-logger 0.0.2
CAN-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1
through ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and
11.11 ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS
for ...)
- NOTE: not-for-us (Tomcat 3.2.1 running on HP Secure OS)
+ NOT-FOR-US: Tomcat 3.2.1 running on HP Secure OS
CAN-2001-1562 (Format string vulnerability in nvi before 1.79 allows local
users to ...)
- nvi 1.79-16a.1
NOTE: was DSA 085
@@ -2746,62 +2746,62 @@
NOTE: DSA 082
- xvt 2.1-13
CAN-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000
and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0
provide ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before
1.8.3 ...)
- snort 1.8.3
CAN-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers
to ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2001-1556 (The log files in Apache web server contain information directly
...)
NOTE: documented issue in apache, unlikely to be changed
NOTE: see http://httpd.apache.org/docs/logs.html
CAN-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows
remote ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed
setuid, ...)
NOTE: not suid in debian
CAN-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid
processes, ...)
NOTE: no info in CVE db about fix
TODO: check with current kernel on a system with quotas
CAN-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled
creates ...)
- NOTE: not-for-us (Centra)
+ NOT-FOR-US: Centra
CAN-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass
...)
- NOTE: not-for-us (Tiny Personal Firewall)
+ NOT-FOR-US: Tiny Personal Firewall
CAN-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows
local ...)
- NOTE: not-for-us (Tiny Personal Firewall)
+ NOT-FOR-US: Tiny Personal Firewall
CAN-2001-1547 (Outlook Express 6.0, with "Do not allow attachments to
be saved or ...)
- NOTE: not-for-us (Outlook)
+ NOT-FOR-US: Outlook
CAN-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and
...)
- NOTE: not-for-us (Pathways Homecare)
+ NOT-FOR-US: Pathways Homecare
CAN-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL
requests ...)
- NOTE: not-for-us (Macromedia JRun)
+ NOT-FOR-US: Macromedia JRun
CAN-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server
(JWS) ...)
- NOTE: not-for-us (Macromedia JRun)
+ NOT-FOR-US: Macromedia JRun
CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a
default ...)
- NOTE: not-for-us (Axis network camera)
+ NOT-FOR-US: Axis network camera
CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter
...)
- NOTE: not-for-us (NAI WebShield SMTP)
+ NOT-FOR-US: NAI WebShield SMTP
CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI
BSD/OS ...)
- NOTE: not-for-us (BSDI UUCP)
+ NOT-FOR-US: BSDI UUCP
CAN-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a
...)
- NOTE: not-for-us (IPRoute router software)
+ NOT-FOR-US: IPRoute router software
NOTE: This is not for iproute/iproute2.
NOTE: From Chris Gragsone''s message on BUGTRAQ:
NOTE: "IPRoute, by David F. Mischler, is PC-based router software
NOTE: "for networks running the Internet Protocol (IP)."
CAN-2001-1539 (The JavaScript settimeout function in Internet Explorer allows
remote ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2001-1538 (SpeedXess HA-120 DSL router has a default administrative
password of ...)
- NOTE: not-for-us (SpeedXess HA-120 DSL router)
+ NOT-FOR-US: SpeedXess HA-120 DSL router
CAN-2001-1537 (The default "basic" security setting''
in config.php for TWIG webmail ...)
NOTE: current twig package seems to have secure cookies enabled
NOTE: still uses "basic" security setting.
CAN-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in
cookies, ...)
- NOTE: not-for-us (Autogalaxy)
+ NOT-FOR-US: Autogalaxy
CAN-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random
...)
- slash (bug #328927; unfixed; low)
CAN-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session
ID''s ...)
@@ -2810,120 +2810,120 @@
NOTE: Cookies are only used for invading user privacy,
NOTE: not for authentication, so apache and apache2 should be fine.
CAN-2001-1533 (** DISPUTED * ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1532 (WebX stores authentication information in the HTTP_REFERER
variable, ...)
- NOTE: not-for-us (WebX)
+ NOT-FOR-US: WebX
CAN-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers
to ...)
- NOTE: not-for-us (Claris Emailer)
+ NOT-FOR-US: Claris Emailer
CAN-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with
...)
NOTE: verified current webmin is ok
CAN-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows
...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2001-1528 (AmTote International homebet program returns different error
messages ...)
- NOTE: not-for-us (AmTote International homebet)
+ NOT-FOR-US: AmTote International homebet
CAN-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in
cleartext ...)
- NOTE: not-for-us (easynews)
+ NOT-FOR-US: easynews
CAN-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action
in ...)
- NOTE: not-for-us (easynews)
+ NOT-FOR-US: easynews
CAN-2001-1525 (Directory traversal vulnerability in the comments action in
easyNews ...)
- NOTE: not-for-us (easynews)
+ NOT-FOR-US: easynews
CAN-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and
earlier ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway
module for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger
for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke
0.64 ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by
...)
- NOTE: not-for-us (Xircom REX)
+ NOT-FOR-US: Xircom REX
CAN-2001-1519 (** DISPUTED ** ...)
- NOTE: not-for-us (RunAs)
+ NOT-FOR-US: RunAs
CAN-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session
instance at ...)
- NOTE: not-for-us (RunAs)
+ NOT-FOR-US: RunAs
CAN-2001-1517 (** DISPUTED ** ...)
- NOTE: not-for-us (RunAs)
+ NOT-FOR-US: RunAs
CAN-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2
and ...)
- NOTE: not-for-us (phpReview)
+ NOT-FOR-US: phpReview
CAN-2001-1515 (Macintosh clients, when using NT file system volumes on Windows
2000 ...)
- NOTE: not-for-us (Macintosh clients, when using NT file system volumes on
Windows)
+ NOT-FOR-US: Macintosh clients, when using NT file system volumes on Windows
CAN-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced
...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain
...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote
attackers to ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows
...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0,
iPlanet, ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does
not ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a
allows ...)
NOTE: lpstat not suid in lprng or cupsys-client in Debian
CAN-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly
...)
- openssh 1:3.0.1
CAN-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving
an ...)
- NOTE: not-for-us (FTGate)
+ NOT-FOR-US: FTGate
CAN-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet
Application ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2000-1235 (The default configurations of (1) the port listener and (2)
modplsql ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send
e-mails ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in
Phorum ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to
modify ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read
arbitrary ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to
...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote
Phorum ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator
...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple
USANet ...)
- NOTE: not-for-us (USANet)
+ NOT-FOR-US: USANet
CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in
Squito ...)
- NOTE: not-for-us (Squito Gallery)
+ NOT-FOR-US: Squito Gallery
CAN-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote
attackers to ...)
- NOTE: not-for-us (PhpSlash)
+ NOT-FOR-US: PhpSlash
CAN-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to
3.5.3 ...)
{DSA-759-1}
- phppgadmin 3.5.4-1 (medium)
CAN-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows
remote ...)
- NOTE: not-for-us (PhpAuction)
+ NOT-FOR-US: PhpAuction
CAN-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in
PhpAuction 2.5 ...)
- NOTE: not-for-us (PhpAuction)
+ NOT-FOR-US: PhpAuction
CAN-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote
attackers ...)
- NOTE: not-for-us (PhpAuction)
+ NOT-FOR-US: PhpAuction
CAN-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication
and ...)
- NOTE: not-for-us (PhpAuction)
+ NOT-FOR-US: PhpAuction
CAN-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...)
- NOTE: not-for-us (PHPSecurePages (phpSP))
+ NOT-FOR-US: PHPSecurePages (phpSP)
CAN-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix
2.1.2 ...)
{DSA-762-1}
- affix 2.1.2-2 (medium)
CAN-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown
impact ...)
- jinzora <itp> (bug #289487)
CAN-2005-2248 (Directory traversal vulnerability in DownloadProtect before
1.0.3 ...)
- NOTE: not-for-us (DownloadProtect)
+ NOT-FOR-US: DownloadProtect
CAN-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have
unknown ...)
NOTE: no details available
- moodle 1.5.1-1
CAN-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in
iPhotoAlbum 1.1 ...)
- NOTE: not-for-us (iPhotoAlbum)
+ NOT-FOR-US: iPhotoAlbum
CAN-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows
attackers ...)
- NOTE: not-for-us (BIG-IP)
+ NOT-FOR-US: BIG-IP
CAN-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2
and ...)
- NOTE: not-for-us (Cisco CallManager)
+ NOT-FOR-US: Cisco CallManager
CAN-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and
...)
- NOTE: not-for-us (Cisco CallManager)
+ NOT-FOR-US: Cisco CallManager
CAN-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0
before ...)
- NOTE: not-for-us (Cisco CallManager)
+ NOT-FOR-US: Cisco CallManager
CAN-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0
before ...)
- NOTE: not-for-us (Cisco CallManager)
+ NOT-FOR-US: Cisco CallManager
CAN-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary
files ...)
- xpvm 1.2.5-8 (bug #318285; medium)
CAN-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service
via a ...)
@@ -2932,19 +2932,19 @@
- oftpd <unfixed> (bug #307957; low)
NOTE: CVE id requested from mitre
CAN-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated
users to ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2237 (Format string vulnerability in the swcons command in IBM AIX
5.3, and ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2236 (Format string vulnerability in the paginit command in IBM AIX
5.3, and ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1,
5.2 and ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and
5.3, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2233 (Buffer overflow in multiple "p" commands in
IBM AIX 5.1, 5.2 and 5.3 ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might
allow ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local
users to ...)
{DSA-761-2}
- heartbeat 1.2.3-12 (medium)
@@ -2952,116 +2952,116 @@
- elmo <unfixed> (bug #318291; medium)
NOTE: upload to unstable still hasn''t occurred (2005-09-18)
CAN-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the
web ...)
- NOTE: not-for-us (Blog Torrent)
+ NOT-FOR-US: Blog Torrent
CAN-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view
message ...)
- NOTE: not-for-us (Web Wiz Forums)
+ NOT-FOR-US: Web Wiz Forums
CAN-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the
...)
- NOTE: not-for-us (Softiacom wMailserver)
+ NOT-FOR-US: Softiacom wMailserver
CAN-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server
account ...)
- NOTE: not-for-us (Outlook)
+ NOT-FOR-US: Outlook
CAN-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard
...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable
Professional ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-2221 (** DISPUTED ** Multiple SQL injection vulnerabilities in
Dragonfly ...)
- NOTE: not-for-us (Dragonfly)
+ NOT-FOR-US: Dragonfly
CAN-2005-2220 (** DISPUTED ** Dragonfly Commerce allows remote attackers to
change a ...)
- NOTE: not-for-us (Dragonfly)
+ NOT-FOR-US: Dragonfly
CAN-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated
users to ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly
check ...)
- kfreebsd5-source 5.3-17 (medium)
CAN-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root
with ...)
- NOTE: not-for-us (Dansie Shopping Cart)
+ NOT-FOR-US: Dansie Shopping Cart
CAN-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal
Photo ...)
- NOTE: not-for-us (PhotoGal)
+ NOT-FOR-US: PhotoGal
CAN-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.4.x ...)
- NOTE: not-for-us (MediaWiki)
+ NOT-FOR-US: MediaWiki
CAN-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with
insecure ...)
- base-config <unfixed> (bug #305142; low)
CAN-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in
MMS ...)
- NOTE: not-for-us (MMS Ripper)
+ NOT-FOR-US: MMS Ripper
CAN-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world
...)
- backup-manager 0.5.8-2 (low)
CAN-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which
allows ...)
- backup-manager 0.5.8-2 (low)
CAN-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05
allows ...)
- NOTE: not-for-us (Internet Down)
+ NOT-FOR-US: Internet Down
CAN-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information
such as ...)
- NOTE: not-for-us (ScanShare)
+ NOT-FOR-US: ScanShare
CAN-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (PrivaShare)
+ NOT-FOR-US: PrivaShare
CAN-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in
CartWIZ ...)
- NOTE: not-for-us (CartWIZ)
+ NOT-FOR-US: CartWIZ
CAN-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote
...)
- NOTE: not-for-us (CartWIZ)
+ NOT-FOR-US: CartWIZ
CAN-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote
attackers ...)
- NOTE: not-for-us (kaiseki.cgi)
+ NOT-FOR-US: kaiseki.cgi
CAN-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates
(CA) ...)
- NOTE: not-for-us (SiteMinder)
+ NOT-FOR-US: SiteMinder
CAN-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers
to ...)
- NOTE: not-for-us (phpWishlist)
+ NOT-FOR-US: phpWishlist
CAN-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web
Server ...)
- NOTE: not-for-us (Xerox Hardware issue)
+ NOT-FOR-US: Xerox Hardware issue
CAN-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox
...)
- NOTE: not-for-us (Xerox hardware)
+ NOT-FOR-US: Xerox hardware
CAN-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server
for ...)
- NOTE: not-for-us (Xerox hardware)
+ NOT-FOR-US: Xerox hardware
CAN-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php
in ...)
- NOTE: not-for-us (PPA web photo gallery)
+ NOT-FOR-US: PPA web photo gallery
CAN-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD
before ...)
- NOTE: not-for-us (SPiD)
+ NOT-FOR-US: SPiD
CAN-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3
allows ...)
- NOTE: not-for-us (Id Board)
+ NOT-FOR-US: Id Board
CAN-2005-2196 (The Apple AirPort card uses a default WEP key when not connected
to a ...)
- NOTE: not-for-us (Apple Airport)
+ NOT-FOR-US: Apple Airport
CAN-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote
attackers ...)
- NOTE: not-for-us (Apple Darwin Streaming Server)
+ NOT-FOR-US: Apple Darwin Streaming Server
CAN-2005-2194
NOTE: reserved
CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in
...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in
config/password.txt with ...)
- NOTE: not-for-us (SimplePHPBlog)
+ NOT-FOR-US: SimplePHPBlog
CAN-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus
...)
- NOTE: not-for-us (Comersus)
+ NOT-FOR-US: Comersus
CAN-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart
allow ...)
- NOTE: not-for-us (Comersus)
+ NOT-FOR-US: Comersus
CAN-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0
...)
- NOTE: not-for-us (Lantronix SecureLinx)
+ NOT-FOR-US: Lantronix SecureLinx
CAN-2005-2188 (McAfee IntruShield Security Management System obtains the user
ID from ...)
- NOTE: not-for-us (McAfee IntruShield)
+ NOT-FOR-US: McAfee IntruShield
CAN-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
- NOTE: not-for-us (McAfee IntruShield)
+ NOT-FOR-US: McAfee IntruShield
CAN-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee
...)
- NOTE: not-for-us (McAfee IntruShield)
+ NOT-FOR-US: McAfee IntruShield
CAN-2005-2185 (eRoom does not set an expiration for Cookies, which allows
remote ...)
- NOTE: not-for-us (eRoom)
+ NOT-FOR-US: eRoom
CAN-2005-2184 (eRoom 6.x does not properly restrict files that can be attached,
which ...)
- NOTE: not-for-us (eRoom)
+ NOT-FOR-US: eRoom
CAN-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly
handle ...)
- NOTE: not-for-us (PhpXmail)
+ NOT-FOR-US: PhpXmail
CAN-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do
not ...)
- NOTE: not-for-us (PhpXmail)
+ NOT-FOR-US: PhpXmail
CAN-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly
check the ...)
- NOTE: not-for-us (SIP phone hardware issue)
+ NOT-FOR-US: SIP phone hardware issue
CAN-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions,
when ...)
- gnats 4.0 (bug #318481; high)
CAN-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws
0.5.2 ...)
- NOTE: not-for-us (Jaws)
+ NOT-FOR-US: Jaws
CAN-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands
via ...)
NOTE: How bizarre, they assign a CVE Id without knowing which product contains
NOTE: the affected probe.cgi
CAN-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x
before ...)
- net-snmp 5.2.1.2-1 (medium)
CAN-2005-2176 (Novell NetMail automatically processes HTML in an attachment
without ...)
- NOTE: not-for-us (Novell NetMail)
+ NOT-FOR-US: Novell NetMail
CAN-2005-2175 (The web interface for Lotus Notes mail automatically processes
HTML in ...)
- NOTE: not-for-us (Notes)
+ NOT-FOR-US: Notes
CAN-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before
2.20rc1 ...)
- bugzilla 2.18.3-1 (low)
CAN-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1
to ...)
@@ -3071,58 +3071,58 @@
CAN-2005-2171
NOTE: reserved
CAN-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework
Endpoint ...)
- NOTE: not-for-us (Tivoli)
+ NOT-FOR-US: Tivoli
CAN-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums
2.0 ...)
- NOTE: not-for-us (AliveSites)
+ NOT-FOR-US: AliveSites
CAN-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums
2.0 ...)
- NOTE: not-for-us (AliveSites)
+ NOT-FOR-US: AliveSites
CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in
Express-Web ...)
- NOTE: not-for-us (Express-Web)
+ NOT-FOR-US: Express-Web
CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9
through ...)
- NOTE: not-for-us (IdealBB)
+ NOT-FOR-US: IdealBB
CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9
through ...)
- NOTE: not-for-us (IdealBB)
+ NOT-FOR-US: IdealBB
CAN-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science
IdealBB ...)
- NOTE: not-for-us (IdealBB)
+ NOT-FOR-US: IdealBB
CAN-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote
attackers ...)
- NOTE: not-for-us (NatterChat)
+ NOT-FOR-US: NatterChat
CAN-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through
4.0 ...)
- NOTE: not-for-us (Veritas)
+ NOT-FOR-US: Veritas
CAN-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when
running ...)
- NOTE: not-for-us (Cold Fusion)
+ NOT-FOR-US: Cold Fusion
CAN-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which
allows ...)
- NOTE: not-for-us (Ansel)
+ NOT-FOR-US: Ansel
CAN-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows
remote ...)
- NOTE: not-for-us (DUclassified)
+ NOT-FOR-US: DUclassified
CAN-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1
allows ...)
- NOTE: not-for-us (DUforum)
+ NOT-FOR-US: DUforum
CAN-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0
through ...)
- NOTE: not-for-us (DUforum)
+ NOT-FOR-US: DUforum
CAN-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified
4.0 ...)
- NOTE: not-for-us (DUclassified)
+ NOT-FOR-US: DUclassified
CAN-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote
...)
- NOTE: not-for-us (DUclassmate)
+ NOT-FOR-US: DUclassmate
CAN-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check
the ...)
- NOTE: not-for-us (kdocker)
+ NOT-FOR-US: kdocker
CAN-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full
path of ...)
- NOTE: not-for-us (Zanfi)
+ NOT-FOR-US: Zanfi
CAN-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi
CMS lite ...)
- NOTE: not-for-us (Zanfi)
+ NOT-FOR-US: Zanfi
CAN-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise
Edition ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for
CJOverkill ...)
- NOTE: not-for-us (CJOverkill)
+ NOT-FOR-US: CJOverkill
CAN-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo
Traffic ...)
- NOTE: not-for-us (Turbo Traffic Trader)
+ NOT-FOR-US: Turbo Traffic Trader
CAN-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in
Turbo ...)
- NOTE: not-for-us (Turbo Traffic Trader)
+ NOT-FOR-US: Turbo Traffic Trader
CAN-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown
impact ...)
NOTE: absolutely no useful information, garbage report
NOTE: compare with #306164
CAN-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager
allows ...)
- NOTE: not-for-us (DMXReady)
+ NOT-FOR-US: DMXReady
CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site
Chassis ...)
- NOTE: not-for-us (DMXReady)
+ NOT-FOR-US: DMXReady
CAN-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related
to ...)
- mediawiki <itp> (bug #276057)
CAN-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote
attackers ...)
@@ -3130,49 +3130,49 @@
CAN-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki
1.3.5 ...)
- mediawiki <itp> (bug #276057)
CAN-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0
through ...)
- NOTE: not-for-us (Digicraft Yak!)
+ NOT-FOR-US: Digicraft Yak!
CAN-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers
to ...)
- NOTE: not-for-us (WeHelpBUS)
+ NOT-FOR-US: WeHelpBUS
CAN-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows
remote ...)
- NOTE: not-for-us (Macromedia JRun)
+ NOT-FOR-US: Macromedia JRun
CAN-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61
allows ...)
- NOTE: not-for-us (WowBB Forum)
+ NOT-FOR-US: WowBB Forum
CAN-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB
Forum ...)
- NOTE: not-for-us (WowBB Forum)
+ NOT-FOR-US: WowBB Forum
CAN-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page
97 and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows
remote ...)
- NOTE: not-for-us (DevoyBB)
+ NOT-FOR-US: DevoyBB
CAN-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum
1.0.0 ...)
- NOTE: not-for-us (DevoyBB)
+ NOT-FOR-US: DevoyBB
CAN-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP
SP2 is ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro
allow ...)
- NOTE: not-for-us (ReviewPost)
+ NOT-FOR-US: ReviewPost
CAN-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in
EarlyImpact ...)
- NOTE: not-for-us (EarlyImpact)
+ NOT-FOR-US: EarlyImpact
CAN-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact
...)
- NOTE: not-for-us (EarlyImpact)
+ NOT-FOR-US: EarlyImpact
CAN-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt
...)
- NOTE: not-for-us (EarlyImpact)
+ NOT-FOR-US: EarlyImpact
CAN-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before
0.4.8 ...)
- cherokee 0.4.8
CAN-2004-2170 (Directory traversal vulnerability in sample_showcode.html in
Caravan ...)
- NOTE: not-for-us (Caravan)
+ NOT-FOR-US: Caravan
CAN-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows
remote ...)
- NOTE: not-for-us (Application Access Server (A-A-S))
+ NOT-FOR-US: Application Access Server (A-A-S)
CAN-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (BaSoMail)
+ NOT-FOR-US: BaSoMail
CAN-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly
other ...)
- latex2rtf 1.9.16
CAN-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i
and ...)
- NOTE: not-for-us (Canon ImageRUNNER)
+ NOT-FOR-US: Canon ImageRUNNER
CAN-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby
stage, ...)
- NOTE: not-for-us (Lords of the Realm)
+ NOT-FOR-US: Lords of the Realm
CAN-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database
...)
- NOTE: not-for-us (VP-ASP)
+ NOT-FOR-US: VP-ASP
CAN-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions
does not ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command
Line ...)
- xmlstarlet 1.0.0-1
CAN-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit
0.9.3 ...)
@@ -3182,54 +3182,54 @@
CAN-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in
Serendipity ...)
- serendipity <itp> (bug #312413)
CAN-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency
1.0 have ...)
- NOTE: not-for-us (Online Recruitment Agency)
+ NOT-FOR-US: Online Recruitment Agency
CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass
its ...)
- NOTE: not-for-us (Online-bookmarks)
+ NOT-FOR-US: Online-bookmarks
CAN-2005-2348 [base-config log should not be world readable]
NOTE: reserved
- base-config 2.68 (low)
CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick
& Dirty ...)
- NOTE: not-for-us (PHPSource Printer)
+ NOT-FOR-US: PHPSource Printer
CAN-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote
...)
- NOTE: not-for-us (Plague)
+ NOT-FOR-US: Plague
CAN-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague
News ...)
- NOTE: not-for-us (Plague)
+ NOT-FOR-US: Plague
CAN-2005-2166 (SQL injection vulnerability in index.php in Plague News System
0.6 and ...)
- NOTE: not-for-us (Plague)
+ NOT-FOR-US: Plague
CAN-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute
...)
- NOTE: not-for-us (GlobalNoteScript)
+ NOT-FOR-US: GlobalNoteScript
CAN-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows
remote ...)
- NOTE: not-for-us (Covide)
+ NOT-FOR-US: Covide
CAN-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in
AutoIndex PHP ...)
- NOTE: not-for-us (AutoIndex PHP Script)
+ NOT-FOR-US: AutoIndex PHP Script
CAN-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...)
- NOTE: not-for-us (MyGuestbook)
+ NOT-FOR-US: MyGuestbook
CAN-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows
remote ...)
{DSA-768-1}
- phpbb2 2.0.13-6sarge1 (bug #317739; high)
CAN-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie,
which ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote
...)
- NOTE: not-for-us (PlanetDNS)
+ NOT-FOR-US: PlanetDNS
CAN-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0
allows ...)
- NOTE: not-for-us (JBoss)
+ NOT-FOR-US: JBoss
CAN-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for
nabopoll ...)
- NOTE: not-for-us (nabopoll)
+ NOT-FOR-US: nabopoll
CAN-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows
remote ...)
- NOTE: not-for-us (PHPNews)
+ NOT-FOR-US: PHPNews
CAN-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5
and ...)
- NOTE: not-for-us (EasyPHPCalender)
+ NOT-FOR-US: EasyPHPCalender
CAN-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2)
...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket
1.3.1 beta ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows
remote ...)
- NOTE: not-for-us (Geeklog)
+ NOT-FOR-US: Geeklog
CAN-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS
failures ...)
{DSA-784-1}
- courier 0.47-6 (low)
CAN-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4
does ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers
to set ...)
{DSA-764-1}
- cacti 0.8.6f-1 (high)
@@ -3240,35 +3240,35 @@
TODO: Check, whether this was covered by DSA-739 as well
- trac 0.8.4-1
CAN-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for
Windows ...)
- NOTE: not-for-us (SSH Tectia Server)
+ NOT-FOR-US: SSH Tectia Server
CAN-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the
source of ...)
- NOTE: not-for-us (Prevx Pro)
+ NOT-FOR-US: Prevx Pro
CAN-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection
and ...)
- NOTE: not-for-us (Prevx Pro)
+ NOT-FOR-US: Prevx Pro
CAN-2005-2143 (Microsoft Front Page allows attackers to cause a denial of
service ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60
allows ...)
- NOTE: not-for-us (Golden FTP Server)
+ NOT-FOR-US: Golden FTP Server
CAN-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (TCP Chat)
+ NOT-FOR-US: TCP Chat
CAN-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0
...)
- NOTE: not-for-us (FSboard)
+ NOT-FOR-US: FSboard
CAN-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for
Pavsta ...)
- NOTE: not-for-us (Pavsta)
+ NOT-FOR-US: Pavsta
CAN-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev
...)
- NOTE: not-for-us (Comdev eCommerce)
+ NOT-FOR-US: Comdev eCommerce
CAN-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote
attackers ...)
- NOTE: not-for-us (NateOn Messenger)
+ NOT-FOR-US: NateOn Messenger
CAN-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4,
DSX8, ...)
- NOTE: not-for-us (Raritan Dominion SX)
+ NOT-FOR-US: Raritan Dominion SX
CAN-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz
...)
- NOTE: not-for-us (EtoShop)
+ NOT-FOR-US: EtoShop
CAN-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2
allow ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CAN-2005-1915.
Reason: ...)
- NOTE: not-for-us (log4sh)
+ NOT-FOR-US: log4sh
CAN-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5,
and ...)
- NOTE: not-for-us (SCO UnixWare)
+ NOT-FOR-US: SCO UnixWare
CAN-2005-2131
NOTE: reserved
CAN-2005-2130
@@ -3278,7 +3278,7 @@
CAN-2005-2128
NOTE: reserved
CAN-2005-2127 (The Microsoft DDS Library Shape Control (Msdds.dll) COM object
allows ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-2126
NOTE: reserved
CAN-2005-2125
@@ -3305,17 +3305,17 @@
NOTE: rejected
{DSA-745-1}
CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to
cause ...)
- NOTE: not-for-us (Soldier of Fortune)
+ NOT-FOR-US: Soldier of Fortune
CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and
...)
NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits
NOTE: did work for mozilla
- mozilla 2:1.7.10-1 (bug #318723; medium)
CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the
XMLRPC ...)
- NOTE: not-for-us (XOOPS)
+ NOT-FOR-US: XOOPS
CAN-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
2.0.11 ...)
- NOTE: not-for-us (XOOPS)
+ NOT-FOR-US: XOOPS
CAN-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote
attackers to ...)
- NOTE: not-for-us (Community Link Pro Web Editor)
+ NOT-FOR-US: Community Link Pro Web Editor
CAN-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain
...)
- wordpress 1.5.1.3-1
CAN-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote
attackers ...)
@@ -3328,7 +3328,7 @@
{DSA-745-1}
- drupal 4.5.4-1 (bug #316362)
CAN-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass
...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2005-2104
NOTE: reserved
CAN-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0
allows ...)
@@ -3386,94 +3386,94 @@
{DSA-756-1}
- squirrelmail 2:1.4.4-6
CAN-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison
the ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison
the web ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to
poison ...)
- NOTE: not-for-us (Websphere)
+ NOT-FOR-US: Websphere
CAN-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24
(Coyote/1.0) ...)
- tomcat4 4.1.28-1
NOTE: tomcat5 in experimental has this fix as well
CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the
web ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows
remote ...)
{DSA-805-1 DSA-803-1}
- apache 1.3.33-8 (bug #322607; medium)
- apache2 2.0.54-5 (bug #316173; medium)
CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote
attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in
phpBB ...)
NOTE: phpbb versions in Debian not affected
CAN-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0
through 6.7 ...)
- NOTE: not-for-us (Inframail)
+ NOT-FOR-US: Inframail
CAN-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx
in ...)
- NOTE: not-for-us (Community Forum)
+ NOT-FOR-US: Community Forum
CAN-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate
...)
- NOTE: not-for-us (IA eMailServer)
+ NOT-FOR-US: IA eMailServer
CAN-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (imTRSET)
+ NOT-FOR-US: imTRSET
CAN-2005-2081 (Stack-based buffer overflow in the function that parses commands
in ...)
- asterisk 1:1.0.9.dfsg-1 (bug #315532; medium)
CAN-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS)
in ...)
- NOTE: not-for-us (Veritas Backup)
+ NOT-FOR-US: Veritas Backup
CAN-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for
VERITAS ...)
- NOTE: not-for-us (Veritas Backup)
+ NOT-FOR-US: Veritas Backup
CAN-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows
...)
- NOTE: not-for-us (Lpanel)
+ NOT-FOR-US: Lpanel
CAN-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (GoodTech SMTP Server)
+ NOT-FOR-US: GoodTech SMTP Server
CAN-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management
Software ...)
- NOTE: not-for-us (Real Estate Management Software)
+ NOT-FOR-US: Real Estate Management Software
CAN-2004-2152 (Cross-site scripting (XSS) vulnerability in
''raw'' page output mode for ...)
- mediawiki <itp> (bug #276057)
CAN-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a
...)
- NOTE: not-for-us (Chatman)
+ NOT-FOR-US: Chatman
CAN-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays
different ...)
- NOTE: not-for-us (INTELLIPEER Email Server)
+ NOT-FOR-US: INTELLIPEER Email Server
CAN-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient
for ...)
- mysql-dfsg-4.1 4.1.5-1
CAN-2004-2148 (Unknown local vulnerability in the "change
user" feature of Slava ...)
- fprobe-ng 1.1-1
TODO: Check, whether fprobe is affected as well
CAN-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft
Outlook ...)
- NOTE: not-for-us (Symantec Antivirus)
+ NOT-FOR-US: Symantec Antivirus
CAN-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1
allows ...)
- NOTE: not-for-us (MegaBBS)
+ NOT-FOR-US: MegaBBS
CAN-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1
allows ...)
- NOTE: not-for-us (MegaBBS)
+ NOT-FOR-US: MegaBBS
CAN-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass
...)
- NOTE: not-for-us (Baal Smart Forms)
+ NOT-FOR-US: Baal Smart Forms
CAN-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on
module to ...)
- NOTE: not-for-us (Mambo Portal)
+ NOT-FOR-US: Mambo Portal
CAN-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in
the RMT ...)
- sdd 1.52-1
CAN-2004-2141
NOTE: rejected
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows
remote ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2
allows ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
- NOTE: not-for-us (MySQLGuest)
+ NOT-FOR-US: MySQLGuest
CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause
a ...)
- NOTE: not-for-us (BisonFTP Server)
+ NOT-FOR-US: BisonFTP Server
CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for
Hosting ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730
does not ...)
- NOTE: not-for-us (HP Version Control Repository Manager)
+ NOT-FOR-US: HP Version Control Repository Manager
CAN-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a
predictable ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105
allows ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0
through ...)
- NOTE: not-for-us (DB2)
+ NOT-FOR-US: DB2
CAN-2005-2072 (ld.so in Solaris 9 and 10 trusts the LD_AUDIT environment
variable in ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users
to ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when
used ...)
{DSA-737-1 DTSA-3-1}
- clamav 0.86.1 (medium)
@@ -3486,101 +3486,101 @@
CAN-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote
attackers ...)
- kfreebsd-source (unfixed)
CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions
of ...)
- NOTE: not-for-us (ASP Nuke)
+ NOT-FOR-US: ASP Nuke
CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80
...)
- NOTE: not-for-us (ASP Nuke)
+ NOT-FOR-US: ASP Nuke
CAN-2005-2065 (HTTP response splitting vulnerability in language_select.asp in
ASP ...)
- NOTE: not-for-us (ASP Nuke)
+ NOT-FOR-US: ASP Nuke
CAN-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80
allow ...)
- NOTE: not-for-us (ASP Nuke)
+ NOT-FOR-US: ASP Nuke
CAN-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOTE: not-for-us (ActiveBuyAndSell)
+ NOT-FOR-US: ActiveBuyAndSell
CAN-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2
allow ...)
- NOTE: not-for-us (ActiveBuyAndSell)
+ NOT-FOR-US: ActiveBuyAndSell
CAN-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to
include ...)
- NOTE: not-for-us (Infopop UBB.Threads)
+ NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...)
- NOTE: not-for-us (Infopop UBB.Threads)
+ NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in
(1) ...)
- NOTE: not-for-us (Infopop UBB.Threads)
+ NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads
before ...)
- NOTE: not-for-us (Infopop UBB.Threads)
+ NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop
...)
- NOTE: not-for-us (Infopop UBB.Threads)
+ NOT-FOR-US: Infopop UBB.Threads
CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV)
before ...)
{DSA-737-1 DTSA-3-1}
- clamav 0.86.1-1 (medium)
CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and
RealOne ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5
(6.0.12.1040-1069) and ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers
to ...)
- NOTE: not-for-us (Perception LiteServe)
+ NOT-FOR-US: Perception LiteServe
CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service
via a ...)
- NOTE: not-for-us (iSMTP)
+ NOT-FOR-US: iSMTP
CAN-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to
cause ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-1982 (Directory traversal vulnerability in the list_directory function
in ...)
NOTE: verified current version is not vulnerable to exploit
CAN-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris
2.5.1 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and
...)
- NOTE: not-for-us (Watchguard SOHO)
+ NOT-FOR-US: Watchguard SOHO
CAN-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass
...)
- NOTE: not-for-us (IPFilter)
+ NOT-FOR-US: IPFilter
CAN-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according
to ...)
- NOTE: not-for-us (Proprietary PGP)
+ NOT-FOR-US: Proprietary PGP
CAN-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not
report ...)
- net-tools <unfixed> (unimportant)
NOTE: This seems to be a misunderstanding of what the PROMISC flag
NOTE: is about. ifconfig reports properly when it is set using
NOTE: "ifconfig promisc".
CAN-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of
"A0" to encrypt ...)
- NOTE: not-for-us (Zaurus hardware)
+ NOT-FOR-US: Zaurus hardware
CAN-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not
require ...)
- NOTE: not-for-us (Zaurus hardware)
+ NOT-FOR-US: Zaurus hardware
CAN-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI
extension ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...)
- NOTE: not-for-us (pp_powerSwitch)
+ NOT-FOR-US: pp_powerSwitch
CAN-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...)
- NOTE: not-for-us (Sourcecraft Networking Utils)
+ NOT-FOR-US: Sourcecraft Networking Utils
CAN-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores
the ...)
- NOTE: not-for-us (SnortCenter)
+ NOT-FOR-US: SnortCenter
CAN-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (Magic Notebook)
+ NOT-FOR-US: Magic Notebook
CAN-2002-1968 (Com21 DOXport 1100 series cable modem running firmware
2.1.1.106, and ...)
- NOTE: not-for-us (Com21 hardware)
+ NOT-FOR-US: Com21 hardware
CAN-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to
cause ...)
- NOTE: not-for-us (XiRCON)
+ NOT-FOR-US: XiRCON
CAN-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My
Postcards ...)
- NOTE: not-for-us (My Postcards Platinum)
+ NOT-FOR-US: My Postcards Platinum
CAN-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix
...)
- NOTE: not-for-us (Imatix Xitami)
+ NOT-FOR-US: Imatix Xitami
CAN-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows
remote ...)
- NOTE: not-for-us (phpEventCalender)
+ NOT-FOR-US: phpEventCalender
CAN-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root''s
NR_RESERVED_FILES limit ...)
NOTE: No kernels in Sarge or sid affected
CAN-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers
to ...)
- NOTE: not-for-us (SurfinGate)
+ NOT-FOR-US: SurfinGate
CAN-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers
to ...)
- NOTE: not-for-us (SurfinGate)
+ NOT-FOR-US: SurfinGate
CAN-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1
allows ...)
- NOTE: not-for-us (Cybozu Share)
+ NOT-FOR-US: Cybozu Share
CAN-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute
...)
NOTE: Nagios was packaged for Debian after these vulnerable versions have been
released
CAN-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through
1.0b ...)
- NOTE: not-for-us (kmMail)
+ NOT-FOR-US: kmMail
CAN-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1
and ...)
NOTE: pen was introduced after this old vulnerability
CAN-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable
permissions, ...)
- rox 1.3.0-1
CAN-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when
mounting ...)
- NOTE: not-for-us (Iomega hardware issue)
+ NOT-FOR-US: Iomega hardware issue
CAN-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function
in ...)
NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
NOTE: php function that displays the PHP logo and version information. In the
bug
@@ -3588,9 +3588,9 @@
NOTE: function.
TODO: check, whether the mentioned XSS still affects current PHP versions in
Debian
CAN-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant
...)
- NOTE: not-for-us (AIM)
+ NOT-FOR-US: AIM
CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL
...)
- NOTE: not-for-us (phpRank)
+ NOT-FOR-US: phpRank
CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers
to ...)
NOTE: not-for-us
CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows
remote ...)
@@ -3649,11 +3649,11 @@
CAN-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute"
directory during ...)
NOTE: not-for-us
CAN-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when
...)
- NOTE: not-for-us (Windows specific)
+ NOT-FOR-US: Windows specific
CAN-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in
Jelsoft ...)
NOTE: not-for-us
CAN-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when
...)
- NOTE: not-for-us (Windows specific)
+ NOT-FOR-US: Windows specific
CAN-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a
denial ...)
NOTE: not-for-us
CAN-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0
allows ...)
@@ -3705,7 +3705,7 @@
CAN-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid
root, ...)
- alsaplayer 0.99.72-1
CAN-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when
using ...)
- NOTE: not-for-us (Windows specific)
+ NOT-FOR-US: Windows specific
CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in
phpBB ...)
NOTE: not-for-us
NOTE: fix before phpbb2 was in Debian.
@@ -3716,7 +3716,7 @@
CAN-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote
attackers to ...)
NOTE: not-for-us
CAN-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to
overwrite ...)
- NOTE: not-for-us (RedHat specific)
+ NOT-FOR-US: RedHat specific
CAN-2002-1889 (Off-by-one buffer overflow in the context_action function in
context.c ...)
NOTE: not-for-us
CAN-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name
requests to ...)
@@ -3842,123 +3842,123 @@
CAN-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial
of ...)
NOTE: not-for-us
CAN-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a
denial of ...)
- NOTE: not-for-us (Sendmail not in Debian before 8.13)
+ NOT-FOR-US: Sendmail not in Debian before 8.13
CAN-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to
bypass ...)
NOTE: kernel 2.4.18
CAN-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1,
7.2.0 ...)
- NOTE: not-for-us (WAD)
+ NOT-FOR-US: WAD
CAN-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired
CA-CERT in a ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP
server ...)
- NOTE: not-for-us (Zeroo)
+ NOT-FOR-US: Zeroo
CAN-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain
the ...)
- NOTE: not-for-us (IBM HTTP Server on AS/400)
+ NOT-FOR-US: IBM HTTP Server on AS/400
CAN-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote
authenticated ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an
...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows
remote ...)
- NOTE: not-for-us (TinyHTTPD)
+ NOT-FOR-US: TinyHTTPD
CAN-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to
read ...)
- NOTE: not-for-us (httpbench)
+ NOT-FOR-US: httpbench
CAN-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for
...)
- NOTE: not-for-us (Veritas)
+ NOT-FOR-US: Veritas
CAN-2002-1816 (Off-by-one buffer overflow in the sock_gets function in
sockhelp.c for ...)
- NOTE: not-for-us (ATPhttpd)
+ NOT-FOR-US: ATPhttpd
CAN-2002-1815 (Directory traversal vulnerability in source.php and source.cgi
in ...)
- NOTE: not-for-us (Aquonics)
+ NOT-FOR-US: Aquonics
CAN-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid,
allows ...)
NOTE: efstool not suid on debian
CAN-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM)
...)
- NOTE: not-for-us (AIM)
+ NOT-FOR-US: AIM
CAN-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to
...)
- NOTE: not-for-us (gdam123)
+ NOT-FOR-US: gdam123
CAN-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware
AP14G8 ...)
- NOTE: not-for-us (Belkin F5D6130 Wireless Network Access Point)
+ NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point
CAN-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote
attackers to ...)
- NOTE: not-for-us (D-Link DWL-900AP+ Access Point)
+ NOT-FOR-US: D-Link DWL-900AP+ Access Point
CAN-2002-1809 (The default configuration of the Windows binary release of MySQL
...)
- NOTE: not-for-us (MySQL windows binary)
+ NOT-FOR-US: MySQL windows binary
CAN-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community
System ...)
- NOTE: not-for-us (Meunity)
+ NOT-FOR-US: Meunity
CAN-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3
allows ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CAN-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows
remote ...)
- NOTE: not-for-us (Drupal)
+ NOT-FOR-US: Drupal
CAN-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows
remote ...)
- dacode <unfixed> (bug #322605; low)
CAN-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows
remote ...)
- NOTE: not-for-us (NPDS)
+ NOT-FOR-US: NPDS
CAN-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows
remote ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows
...)
- xoops <itp> (bug #207640)
CAN-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain
...)
- NOTE: not-for-us (ImageFolio)
+ NOT-FOR-US: ImageFolio
CAN-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on
the ...)
- NOTE: not-for-us (phpRank)
+ NOT-FOR-US: phpRank
CAN-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows
remote ...)
- NOTE: not-for-us (phpRank)
+ NOT-FOR-US: phpRank
CAN-2002-1798 (MidiCart PHP 1 allows remote attackers to (1) upload arbitrary
php ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100
and ...)
- NOTE: not-for-us (ChaiVM)
+ NOT-FOR-US: ChaiVM
CAN-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP
LaserJet ...)
- NOTE: not-for-us (ChaiVM)
+ NOT-FOR-US: ChaiVM
CAN-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in
Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration
product ...)
NOTE: not-fur us (HP ldapux-pamauthz)
CAN-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with
Virtualvault OS ...)
- NOTE: not-for-us (HP Virtualvault OS)
+ NOT-FOR-US: HP Virtualvault OS
CAN-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote
attackers ...)
- NOTE: not-for-us (Fake Identd)
+ NOT-FOR-US: Fake Identd
CAN-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with
...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2002-1790 (The SMTP service in Microsoft Internet Information Services
(IIS) 4.0 ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8
allows ...)
- newsx 1.4pl6.0-2
CAN-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn
6.6.0 ...)
- nn 6.6.4-1
CAN-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5
through ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core
dumps, ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration
Server ...)
- NOTE: not-for-us (Zeus Administration Server)
+ NOT-FOR-US: Zeus Administration Server
CAN-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through
5.1a ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when
...)
- php4 4:4.3.10-15
CAN-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to
cause ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote
...)
- NOTE: not-for-us (JAF CMS)
+ NOT-FOR-US: JAF CMS
CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and
10.5 ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration
Console ...)
- NOTE: not-for-us (BEWAC)
+ NOT-FOR-US: BEWAC
CAN-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote
attackers ...)
- tor 0.0.9.10-1 (medium)
CAN-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2
allow ...)
- NOTE: not-for-us (Duware)
+ NOT-FOR-US: Duware
CAN-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1
allow ...)
- NOTE: not-for-us (Duware)
+ NOT-FOR-US: Duware
CAN-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro
3.0 ...)
- NOTE: not-for-us (Duware)
+ NOT-FOR-US: Duware
CAN-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro
3.0 and ...)
- NOTE: not-for-us (Duware)
+ NOT-FOR-US: Duware
CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO
3.4.3 ...)
- NOTE: not-for-us (Duware)
+ NOT-FOR-US: Duware
CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor
1.4.3 ...)
- NOTE: not-for-us (ATutor)
+ NOT-FOR-US: ATutor
CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows
remote ...)
- NOTE: not-for-us (XAMPP)
+ NOT-FOR-US: XAMPP
CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before
1.8 ...)
- NOTE: not-for-us (ajax-spell)
+ NOT-FOR-US: ajax-spell
CAN-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly
other ...)
- NOTE: not-for-us (ViRobot)
+ NOT-FOR-US: ViRobot
CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in
telnetd ...)
{DSA-758-1}
TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived
from the same BSD code base
@@ -3966,99 +3966,99 @@
CAN-2005-2039 (Unknown vulnerability in "various plugins" for
NanoBlogger 3.2.1 and ...)
NOTE: The nanoblogger 3.1 version in Debian was not affected by this
vulnerability
CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information
of ...)
- NOTE: not-for-us (Fortibus CMS)
+ NOT-FOR-US: Fortibus CMS
CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0
allow ...)
- NOTE: not-for-us (Fortibus CMS)
+ NOT-FOR-US: Fortibus CMS
CAN-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers
to ...)
- NOTE: not-for-us (Cool Cafe Chat)
+ NOT-FOR-US: Cool Cafe Chat
CAN-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat
1.2.1 ...)
- NOTE: not-for-us (Cool Cafe Chat)
+ NOT-FOR-US: Cool Cafe Chat
CAN-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for
...)
- NOTE: not-for-us (iGallery)
+ NOT-FOR-US: iGallery
CAN-2005-2033 (Directory traversal vulnerability in folderview.asp for
BlueCollar ...)
- NOTE: not-for-us (iGallery)
+ NOT-FOR-US: iGallery
CAN-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9
allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote
...)
- NOTE: not-for-us (socialMPN)
+ NOT-FOR-US: socialMPN
CAN-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for
passwords ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the
web root ...)
- NOTE: not-for-us (external script that allow interaction between amarok and a
browser)
+ NOT-FOR-US: external script that allow interaction between amarok and a
browser
CAN-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4
and ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09
does ...)
- NOTE: not-for-us (Enterasys hardware issue)
+ NOT-FOR-US: Enterasys hardware issue
CAN-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09
has a ...)
- NOTE: not-for-us (Enterasys hardware issue)
+ NOT-FOR-US: Enterasys hardware issue
CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote
attackers to ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote
attackers ...)
{DSA-738-1}
NOTE: varying and apparently innacurate info about what versions fix it
- razor 2.720-1 (low)
CAN-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on
SUSE ...)
NOTE: insufficient info, possibly SuSE specific
- NOTE: not-for-us (only affects 1.9.14 of gpg2)
+ NOT-FOR-US: only affects 1.9.14 of gpg2
CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2
Patch ...)
- NOTE: not-for-us (iPlanet)
+ NOT-FOR-US: iPlanet
CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and
earlier ...)
- NOTE: not-for-us (cPanel)
+ NOT-FOR-US: cPanel
CAN-2005-2020 (Directory traversal vulnerability in the web server for 3Com
Network ...)
- NOTE: not-for-us (3com Network Supervisor)
+ NOT-FOR-US: 3com Network Supervisor
CAN-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor
(SMP) ...)
- NOTE: not-for-us (FreeBSD ipfw)
+ NOT-FOR-US: FreeBSD ipfw
CAN-2005-2018
NOTE: reserved
CAN-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to
gain ...)
- NOTE: not-for-us (Symantec AntiVirus)
+ NOT-FOR-US: Symantec AntiVirus
CAN-2005-2016
NOTE: reserved
CAN-2005-2015
NOTE: reserved
CAN-2005-2014 (The "upload a language pack" feature in paFAQ
1.0 Beta 4 allows remote ...)
- NOTE: not-for-us (paFAQ)
+ NOT-FOR-US: paFAQ
CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive
...)
- NOTE: not-for-us (paFAQ)
+ NOT-FOR-US: paFAQ
CAN-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0
Beta 4 ...)
- NOTE: not-for-us (paFAQ)
+ NOT-FOR-US: paFAQ
CAN-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0
Beta ...)
- NOTE: not-for-us (paFAQ)
+ NOT-FOR-US: paFAQ
CAN-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in
Ublog ...)
- NOTE: not-for-us (Ublog Reload)
+ NOT-FOR-US: Ublog Reload
CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5
allow ...)
- NOTE: not-for-us (Ublog Reload)
+ NOT-FOR-US: Ublog Reload
CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to
obtain the ...)
- yaws 1.56-1 (low)
CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and
earlier ...)
{DSA-739-1}
- trac 0.8.4-1
CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to
obtain ...)
- NOTE: not-for-us (JBOSS)
+ NOT-FOR-US: JBOSS
CAN-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the
users.dat ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP
Board ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to
obtain ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and
...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB
3.1 and ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and
earlier ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in
pafiledb.php in ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1
allows ...)
- NOTE: not-for-us (McGallery)
+ NOT-FOR-US: McGallery
CAN-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to
...)
- NOTE: not-for-us (McGallery)
+ NOT-FOR-US: McGallery
CAN-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix
Site ...)
- NOTE: not-for-us (Bitrix Site Manager)
+ NOT-FOR-US: Bitrix Site Manager
CAN-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (Bitrix Site Manager)
+ NOT-FOR-US: Bitrix Site Manager
CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to
download ...)
- NOTE: not-for-us (Finjan SurfinGate)
+ NOT-FOR-US: Finjan SurfinGate
CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
{DSA-735-2 DSA-735-1}
- sudo 1.6.8p9-1 (medium)
@@ -4069,11 +4069,11 @@
CAN-2005-1991
NOTE: reserved
CAN-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to
cause a ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0
allows ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0
allows ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-1987
NOTE: reserved
CAN-2005-1986
@@ -4081,13 +4081,13 @@
CAN-2005-1985
NOTE: reserved
CAN-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for
...)
- NOTE: not-for-us (Spoolsv.exe)
+ NOT-FOR-US: Spoolsv.exe
CAN-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service
for ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft
Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and
Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1980
NOTE: reserved
CAN-2005-1979
@@ -4101,72 +4101,72 @@
CAN-2002-1782 (The default configuration of University of Washington IMAP
daemon ...)
- uw-imapd <unfixed> (bug #315499; low)
CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow
remote ...)
- NOTE: not-for-us (DeleGate)
+ NOT-FOR-US: DeleGate
CAN-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that
allows a ...)
- NOTE: not-for-us (BPM Studio Pro)
+ NOT-FOR-US: BPM Studio Pro
CAN-2002-1779 (The "block fragmented IP Packets" option in
Symantec Norton Personal ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers
to ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2002-1777 (** DISPUTED ** ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2002-1776 (** DISPUTED ** ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2002-1775 (** DISPUTED ** ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2002-1774 (** DISPUTED ** ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2
allows ...)
- NOTE: not-for-us (ICQ for MacOS X)
+ NOT-FOR-US: ICQ for MacOS X
CAN-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain
"Domain ...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to
send ...)
- NOTE: not-for-us (FormMail)
+ NOT-FOR-US: FormMail
CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary
code ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user,
...)
- NOTE: not-for-us (Mirosoft)
+ NOT-FOR-US: Mirosoft
CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled,
allows ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5
for ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users
to ...)
- NOTE: not-for-us (Netscape)
+ NOT-FOR-US: Netscape
NOTE: didn''t check mozilla
CAN-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a
denial of ...)
- evolution 1.0.5
CAN-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local
users to ...)
- NOTE: not-for-us (acrobat)
+ NOT-FOR-US: acrobat
CAN-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the
"Shift" ...)
- NOTE: not-for-us (dtscreen Sun Solaris 8 CDE screensaver)
+ NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver
CAN-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security
scans ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1
allows ...)
- NOTE: not-for-us (PHProjekt)
+ NOT-FOR-US: PHProjekt
CAN-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through
3.1 ...)
- NOTE: not-for-us (PHProjekt)
+ NOT-FOR-US: PHProjekt
CAN-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not
properly ...)
- NOTE: not-for-us (PHProjekt)
+ NOT-FOR-US: PHProjekt
CAN-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or
modify ...)
- NOTE: not-for-us (PHProjekt)
+ NOT-FOR-US: PHProjekt
CAN-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for
...)
- NOTE: not-for-us (PHProjekt)
+ NOT-FOR-US: PHProjekt
CAN-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service
...)
- NOTE: not-for-us (ACDSee)
+ NOT-FOR-US: ACDSee
CAN-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded
packets, ...)
- tinc 1.0pre5
CAN-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83
allows ...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro)
allows ...)
- NOTE: not-for-us (csNews)
+ NOT-FOR-US: csNews
CAN-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote
attackers ...)
- NOTE: not-for-us (csChat-R-Box)
+ NOT-FOR-US: csChat-R-Box
CAN-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote
...)
- NOTE: not-for-us (csLiveSupport)
+ NOT-FOR-US: csLiveSupport
CAN-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote
...)
- NOTE: not-for-us (csGuestbook)
+ NOT-FOR-US: csGuestbook
CAN-2002-1749 (Windows 2000 Terminal Services, when using the disconnect
feature of ...)
- NOTE: not-for-us (Windows 2000 Terminal Services)
+ NOT-FOR-US: Windows 2000 Terminal Services
CAN-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as
used in ...)
- slash 2.2.3
CAN-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows
...)
@@ -4174,294 +4174,294 @@
CAN-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user
sessions ...)
- vtun 2.5b2
CAN-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft
IIS ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft
IIS 5.0 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (AOL ICQ)
+ NOT-FOR-US: AOL ICQ
CAN-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load
arbitrary ...)
- libsoap-lite-perl 0.55
CAN-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in
WorldClient ...)
- NOTE: not-for-us (WorldClient)
+ NOT-FOR-US: WorldClient
CAN-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
- NOTE: not-for-us (WorldClient)
+ NOT-FOR-US: WorldClient
CAN-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak
encryption ...)
- NOTE: not-for-us (Alt-N Technologies Mdaemon)
+ NOT-FOR-US: Alt-N Technologies Mdaemon
CAN-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default
...)
- NOTE: not-for-us (Alt-N Technologies Mdaemon)
+ NOT-FOR-US: Alt-N Technologies Mdaemon
CAN-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and
...)
- NOTE: not-for-us (Astaro Security Linux)
+ NOT-FOR-US: Astaro Security Linux
CAN-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote
attackers to ...)
- NOTE: not-for-us (CGINews)
+ NOT-FOR-US: CGINews
CAN-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain
...)
- NOTE: not-for-us (dlogin)
+ NOT-FOR-US: dlogin
CAN-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...)
- NOTE: not-for-us (NewsPro)
+ NOT-FOR-US: NewsPro
CAN-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based
message ...)
- NOTE: not-for-us (Prospero MessageBoards)
+ NOT-FOR-US: Prospero MessageBoards
CAN-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic
Catalog ...)
- NOTE: not-for-us (Actinic Catalog)
+ NOT-FOR-US: Actinic Catalog
CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list
valid ...)
- NOTE: not-for-us (IBM AS/400)
+ NOT-FOR-US: IBM AS/400
CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete
arbitrary ...)
NOTE: not-fot-us (ASPjar Guestbook)
CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook
1.00 ...)
- NOTE: not-for-us (ASPjar Guestbook)
+ NOT-FOR-US: ASPjar Guestbook
CAN-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to
determine ...)
- NOTE: not-for-us (askSam Web Publisher)
+ NOT-FOR-US: askSam Web Publisher
CAN-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and
(2) ...)
- NOTE: not-for-us (askSam Web Publisher)
+ NOT-FOR-US: askSam Web Publisher
CAN-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass
...)
- NOTE: not-for-us (PhotoDB)
+ NOT-FOR-US: PhotoDB
CAN-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to
obtain ...)
- NOTE: not-for-us (PHPImageView)
+ NOT-FOR-US: PHPImageView
CAN-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for
...)
- NOTE: not-for-us (PHPImageView)
+ NOT-FOR-US: PHPImageView
CAN-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path
to the ...)
- NOTE: not-for-us (Powerboards)
+ NOT-FOR-US: Powerboards
CAN-2002-1722 (Logitech iTouch keyboards allows attackers with physical access
to the ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote
...)
- NOTE: not-for-us (alterMIME)
+ NOT-FOR-US: alterMIME
TODO: track RFP: #289546
CAN-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5
allows ...)
- NOTE: not-for-us (Spooky Login)
+ NOT-FOR-US: Spooky Login
CAN-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to
modify ...)
- NOTE: not-for-us (Bavo)
+ NOT-FOR-US: Bavo
CAN-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1716 (The Host() function in the Microsoft spreadsheet component on
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users
to ...)
NOTE: "SecurityFocus staff have been unable to reproduce this
vulnerability with OpenSSH version 3.1p1."
CAN-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote
attackers to ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1713 (The Standard security setting for Mandrake-Security package
(msec) in ...)
- NOTE: not-for-us (msec)
+ NOT-FOR-US: msec
CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX
...)
- NOTE: not-for-us (BasiliX)
+ NOT-FOR-US: BasiliX
CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail
1.1.0 ...)
- NOTE: not-for-us (BasiliX)
+ NOT-FOR-US: BasiliX
CAN-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows
remote ...)
- NOTE: not-for-us (BasiliX)
+ NOT-FOR-US: BasiliX
CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10
...)
- NOTE: not-for-us (BasiliX)
+ NOT-FOR-US: BasiliX
CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when
"allow_url_fopen" and ...)
- phpbb2 2.0.6c-1
CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200
and ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote
attackers to ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and
"register_globals" ...)
- NOTE: not-for-us (Zeroboard)
+ NOT-FOR-US: Zeroboard
CAN-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for
Mewsoft ...)
- NOTE: not-for-us (NetAuction)
+ NOT-FOR-US: NetAuction
CAN-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP
...)
- NOTE: not-for-us (DeltaScripts PHP Classifieds)
+ NOT-FOR-US: DeltaScripts PHP Classifieds
CAN-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template
...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and
1.5 ...)
- NOTE: not-for-us (ASP Client Check)
+ NOT-FOR-US: ASP Client Check
CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through
4.6 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a
weak ...)
- vtun 2.6-1
CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4
silently ...)
- NOTE: not-for-us (Microsoft Outlook plugin)
+ NOT-FOR-US: Microsoft Outlook plugin
CAN-2002-1695 (Norton Internet Security 2001 opens log files with
FILE_SHARE_READ and ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files
with ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords
in the ...)
- NOTE: not-for-us (Alcatel hardware issue)
+ NOT-FOR-US: Alcatel hardware issue
CAN-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack
vectors ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0
could ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5
through ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local
users ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown
...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise
Edition ...)
- NOTE: not-for-us (BadBlue Enterprise Edition)
+ NOT-FOR-US: BadBlue Enterprise Edition
CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2
or (2) ...)
- NOTE: not-for-us (Deerfield D2Gfx)
+ NOT-FOR-US: Deerfield D2Gfx
CAN-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal
Edition ...)
- NOTE: not-for-us (BadBlue Personal Edition)
+ NOT-FOR-US: BadBlue Personal Edition
CAN-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow
local ...)
- NOTE: not-for-us (NewsReactor)
+ NOT-FOR-US: NewsReactor
CAN-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS
releases ...)
NOTE: Only present in intermediate CVS version, not released in Debian
CAN-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb
...)
- NOTE: not-for-us (COWS)
+ NOT-FOR-US: COWS
CAN-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin
2.2.0 ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in
Jelsoft ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to
determine ...)
- NOTE: not-for-us (mrtgconfig)
+ NOT-FOR-US: mrtgconfig
CAN-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows
local ...)
- NOTE: not-for-us (BindView NetInventory)
+ NOT-FOR-US: BindView NetInventory
CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of
cio_main.c ...)
- NOTE: not-for-us (Unreal IRCd)
+ NOT-FOR-US: Unreal IRCd
CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a
denial of ...)
NOTE: kfreebsd use a much more recent version of the freebsd kernel
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or
filter ...)
- webmin 0.93 (medium)
CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin
with ...)
NOTE: Packaging flaw of an unknown RPM based distro. Permissions of
Debian''s
NOTE: webmin package look sane and FHS compliant
CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote
attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory
with ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of
...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and
...)
NOTE: kfreebsd use a much more recent version of the freebsd kernel
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through
11i.6 ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in
HP ...)
- NOTE: not-for-us (HP Secure OS layer)
+ NOT-FOR-US: HP Secure OS layer
CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data
into ...)
- tinc 1.0pre5-1
CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (Lotus Notes)
+ NOT-FOR-US: Lotus Notes
CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and
SunOS ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows
remote ...)
- NOTE: not-for-us (WebCart)
+ NOT-FOR-US: WebCart
CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other
versions ...)
NOTE: Fix went into proftpd CVS on 2002-12-12
- proftpd 1.2.8-1
CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly
...)
- proftpd 1.2.4-1
CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different
error ...)
- NOTE: not-for-us (Check Point)
+ NOT-FOR-US: Check Point
CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute
arbitrary ...)
- NOTE: not-for-us (mod_bf)
+ NOT-FOR-US: mod_bf
CAN-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local
users to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs
thttpd ...)
- thttpd 2.21
CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote
attackers ...)
- NOTE: not-for-us (Network Query Tool)
+ NOT-FOR-US: Network Query Tool
CAN-2001-1494 (script command in the util-linux package before 2.11n allows
local ...)
- util-linux 2.11n-1
CAN-2001-1492
NOTE: rejected
CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service
(CPU ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of
service ...)
NOTE: mozilla is quite easily DOSable with all sorts of large html
NOTE: files, probably not worth following up on.
CAN-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon
u2.10.05.18 ...)
- NOTE: not-for-us (Open Projects ircd)
+ NOT-FOR-US: Open Projects ircd
CAN-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local
users ...)
NOTE: verified not present in 4.0.5-4sarge1
CAN-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial
File ...)
- NOTE: not-for-us (Alcatel hardware issue)
+ NOT-FOR-US: Alcatel hardware issue
CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4
allows ...)
- libpam-opie <unfixed> (bug #112279; low)
CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2
...)
NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in
...)
- NOTE: not-for-us (Xitami)
+ NOT-FOR-US: Xitami
CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04
allows ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8
allows ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open
Unix ...)
- NOTE: not-for-us (UnixWare)
+ NOT-FOR-US: UnixWare
CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or
IDS ...)
- snort 1.6.1-1
CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the
cgi-bin ...)
- NOTE: not-for-us (Xitami)
+ NOT-FOR-US: Xitami
CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire
1Two ...)
- NOTE: not-for-us (Annuaire)
+ NOT-FOR-US: Annuaire
CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition
(J2SE) 5.0 ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0
and 5.0 ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP
FusionBB .11 ...)
- NOTE: not-for-us (InteractivePHP FusionBB)
+ NOT-FOR-US: InteractivePHP FusionBB
CAN-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11
Beta ...)
- NOTE: not-for-us (InteractivePHP FusionBB)
+ NOT-FOR-US: InteractivePHP FusionBB
CAN-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with
"Launch with ...)
- NOTE: not-for-us (pcAnywhere)
+ NOT-FOR-US: pcAnywhere
CAN-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...)
- NOTE: not-for-us (Pragma Telnetserver)
+ NOT-FOR-US: Pragma Telnetserver
CAN-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart
Ecommerce ...)
- NOTE: not-for-us (ProductCart Ecommerce)
+ NOT-FOR-US: ProductCart Ecommerce
CAN-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce
before ...)
- NOTE: not-for-us (ProductCart Ecommerce)
+ NOT-FOR-US: ProductCart Ecommerce
CAN-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal
allows ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2005-1965 (PHP remote code injection vulnerability in siteframe.php for
Broadpool ...)
- NOTE: not-for-us (Broadpool Siteframe)
+ NOT-FOR-US: Broadpool Siteframe
CAN-2005-1964 (PHP remote code injection vulnerability in utilit.php for
Ovidentia ...)
- NOTE: not-for-us (Ovidentia Portal)
+ NOT-FOR-US: Ovidentia Portal
CAN-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (Cerberus Helpdesk)
+ NOT-FOR-US: Cerberus Helpdesk
CAN-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk
0.97.3 ...)
- NOTE: not-for-us (Cerberus Helpdesk)
+ NOT-FOR-US: Cerberus Helpdesk
CAN-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before
1.3.1 ...)
- NOTE: not-for-us (C-JDBC)
+ NOT-FOR-US: C-JDBC
CAN-2005-1960 (The getemails function in C.J. Steele Tattle allows remote
attackers ...)
- NOTE: not-for-us (C.J. Steele Tattle)
+ NOT-FOR-US: C.J. Steele Tattle
CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to
execute ...)
- NOTE: not-for-us (JamMail)
+ NOT-FOR-US: JamMail
CAN-2005-1958
NOTE: rejected
NOTE: see CAN-2005-1855
CAN-2005-1957 (File Upload Manager does not properly check user authentication
for ...)
- NOTE: not-for-us (File Upload Manager)
+ NOT-FOR-US: File Upload Manager
CAN-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary
files ...)
- NOTE: not-for-us (File Upload Manager)
+ NOT-FOR-US: File Upload Manager
CAN-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in
singapore ...)
- NOTE: not-for-us (singapore)
+ NOT-FOR-US: singapore
CAN-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive
...)
- NOTE: not-for-us (singapore)
+ NOT-FOR-US: singapore
CAN-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server
...)
- NOTE: not-for-us (Pico Server)
+ NOT-FOR-US: Pico Server
CAN-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3
allows ...)
- NOTE: not-for-us (Pico Server)
+ NOT-FOR-US: Pico Server
CAN-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce
2.2 ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (Webhints)
+ NOT-FOR-US: Webhints
CAN-2005-1949 (The eping_validaddr function in functions.php for the ePing
plugin for ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery
before ...)
- NOTE: not-for-us (Invision Gallery)
+ NOT-FOR-US: Invision Gallery
CAN-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision
Gallery ...)
- NOTE: not-for-us (Invision Gallery)
+ NOT-FOR-US: Invision Gallery
CAN-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before
1.1.2 ...)
- NOTE: not-for-us (Invision Blog)
+ NOT-FOR-US: Invision Blog
CAN-2005-1945 (Cross-site scripting (XSS) vulnerability in the
convert_highlite_words ...)
- NOTE: not-for-us (Invision Blog)
+ NOT-FOR-US: Invision Blog
CAN-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete
arbitrary ...)
- NOTE: not-for-us (xmysqladmin)
+ NOT-FOR-US: xmysqladmin
CAN-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager
2.0 ...)
- NOTE: not-for-us (Loki download manager)
+ NOT-FOR-US: Loki download manager
CAN-2005-1942 (Cisco switches that support 802.1x security allow remote
attackers to ...)
- NOTE: not-for-us (Cisco hardware issue)
+ NOT-FOR-US: Cisco hardware issue
CAN-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2)
...)
- NOTE: not-for-us (SilverCity)
+ NOT-FOR-US: SilverCity
CAN-2005-1940
NOTE: reserved
CAN-2005-1939
@@ -4473,13 +4473,13 @@
- mozilla-firefox 1.0.4-2sarge3 (medium)
- mozilla 2:1.7.8-1sarge1 (medium)
CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages
using the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network
...)
- NOTE: not-for-us (Xerox hardware issue)
+ NOT-FOR-US: Xerox hardware issue
CAN-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to
execute ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of
service ...)
{DSA-734-1}
- gaim 1:1.3.1-1 (low)
@@ -4520,13 +4520,13 @@
CAN-2005-1918
NOTE: reserved
CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and
overwrite ...)
- NOTE: not-for-us (kpopper)
+ NOT-FOR-US: kpopper
NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one
CAN-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to
overwrite ...)
{DSA-760-1 DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
CAN-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier
allows ...)
- NOTE: not-for-us (log4sh)
+ NOT-FOR-US: log4sh
CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with
predictable ...)
{DSA-754-1 DTSA-2-1}
- centericq 4.20.0-7 (medium)
@@ -4539,99 +4539,99 @@
CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can
hang ...)
- leafnode 1.11.3.rel-1 (low)
CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts
Events ...)
- NOTE: not-for-us (WWWeb Concepts Events System)
+ NOT-FOR-US: WWWeb Concepts Events System
CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote
...)
- NOTE: not-for-us (602LAN SUITE)
+ NOT-FOR-US: 602LAN SUITE
CAN-2005-1908 (Perception LiteWeb allows remote attackers to bypass access
controls ...)
- NOTE: not-for-us (Perception LiteWeb)
+ NOT-FOR-US: Perception LiteWeb
CAN-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3
allows ...)
- NOTE: not-for-us (livingmailing)
+ NOT-FOR-US: livingmailing
CAN-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227,
5.0.228, and ...)
- NOTE: not-for-us (Kaspersky)
+ NOT-FOR-US: Kaspersky
CAN-2005-1904 (SQL injection vulnerability in login.asp in JiRo''s
Upload System (JUS) ...)
- NOTE: not-for-us (JiRo''s Upload Systems)
+ NOT-FOR-US: JiRo''s Upload Systems
CAN-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon
4.00 ...)
- NOTE: not-for-us (SPA-PRO Mail)
+ NOT-FOR-US: SPA-PRO Mail
CAN-2005-1902 (Directory traversal vulnerability in the IMAP service for
SPA-PRO Mail ...)
- NOTE: not-for-us (SPA-PRO Mail)
+ NOT-FOR-US: SPA-PRO Mail
CAN-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill
before ...)
- NOTE: not-for-us (Sawmill)
+ NOT-FOR-US: Sawmill
CAN-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass
authentication ...)
- NOTE: not-for-us (Sawmill)
+ NOT-FOR-US: Sawmill
CAN-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when
released ...)
- NOTE: not-for-us (RakNet)
+ NOT-FOR-US: RakNet
CAN-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb()
before ...)
- NOTE: not-for-us (phpThumb)
+ NOT-FOR-US: phpThumb
CAN-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server
before ...)
- NOTE: not-for-us (FlexCast)
+ NOT-FOR-US: FlexCast
CAN-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3
...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3
allows ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows
remote ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of
service or ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM)
5.9.3797 ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to
access ...)
- NOTE: not-for-us (Mortiforo)
+ NOT-FOR-US: Mortiforo
CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.4.5 ...)
- mediawiki <itp> (bug #276057)
CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG
0.92b, ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers
to ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir
...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include
arbitrary ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in
YaPiG ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly
restrict ...)
- NOTE: not-for-us (YaPiG)
+ NOT-FOR-US: YaPiG
CAN-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite
arbitrary ...)
- NOTE: not-for-us (everybuddy)
+ NOT-FOR-US: everybuddy
CAN-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite
arbitrary ...)
- NOTE: not-for-us (LutelWall)
+ NOT-FOR-US: LutelWall
CAN-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to
overwrite ...)
- NOTE: not-for-us (GIPTables)
+ NOT-FOR-US: GIPTables
CAN-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in
Lpanel ...)
- NOTE: not-for-us (Lpanel)
+ NOT-FOR-US: Lpanel
CAN-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and
earlier ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit
Engine ...)
- NOTE: not-for-us (Exhibit Engine)
+ NOT-FOR-US: Exhibit Engine
CAN-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows
remote ...)
- NOTE: not-for-us (Dzip)
+ NOT-FOR-US: Dzip
CAN-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly
earlier ...)
- NOTE: not-for-us (Crob)
+ NOT-FOR-US: Crob
CAN-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere
...)
- NOTE: not-for-us (WebSphere)
+ NOT-FOR-US: WebSphere
CAN-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0
through ...)
- drupal 4.5.3-1
CAN-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php
in ...)
- NOTE: not-for-us (Popper)
+ NOT-FOR-US: Popper
CAN-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in
MWChat ...)
- NOTE: not-for-us (MWChat)
+ NOT-FOR-US: MWChat
CAN-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote
attackers to ...)
- NOTE: not-for-us (I-Man)
+ NOT-FOR-US: I-Man
CAN-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded
database ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in
Calendarix ...)
- NOTE: not-for-us (Calendarix)
+ NOT-FOR-US: Calendarix
CAN-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced
1.5 ...)
- NOTE: not-for-us (Calendarix)
+ NOT-FOR-US: Calendarix
CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in
...)
- NOTE: not-for-us (Calendarix)
+ NOT-FOR-US: Calendarix
CAN-2003-1218
NOTE: reserved
CAN-2003-1217
@@ -4645,7 +4645,7 @@
CAN-2005-1860
NOTE: reserved
CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd)
for SGI ...)
- NOTE: not-for-us (arshell)
+ NOT-FOR-US: arshell
CAN-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows
remote ...)
{DSA-786-1}
CAN-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses
a ...)
@@ -4679,19 +4679,19 @@
{DSA-750-1}
- dhcpcd 1:1.3.22pl4-22 (medium)
CAN-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers
to ...)
- NOTE: not-for-us (YaMT)
+ NOT-FOR-US: YaMT
CAN-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before
0.5_2 ...)
- NOTE: not-for-us (YaMT)
+ NOT-FOR-US: YaMT
CAN-2005-1845
NOTE: reserved
CAN-2005-1844
NOTE: reserved
CAN-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in
Creative ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in
Creative ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris,
...)
- NOTE: not-for-us (acroread)
+ NOT-FOR-US: acroread
CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used
memory ...)
{DSA-744-1}
- fuse 2.3.0-1
@@ -4705,150 +4705,150 @@
NOTE: could be used to compromise program somehow
NOTE: that is not covered by the CAN though due to vagueness
CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in
phpCMS ...)
- NOTE: not-for-us (phpCMS)
+ NOT-FOR-US: phpCMS
CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum
Help Desk ...)
- NOTE: not-for-us (Liberum)
+ NOT-FOR-US: Liberum
CAN-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp
in ...)
- NOTE: not-for-us (Liberum)
+ NOT-FOR-US: Liberum
CAN-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded
uername ...)
- NOTE: not-for-us (Fortinet firewall)
+ NOT-FOR-US: Fortinet firewall
CAN-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (NEXTWEB)
+ NOT-FOR-US: NEXTWEB
CAN-2005-1835 (NEXTWEB (i)Site stores databases under the web document root
with ...)
- NOTE: not-for-us (NEXTWEB)
+ NOT-FOR-US: NEXTWEB
CAN-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site
allows ...)
- NOTE: not-for-us (NEXTWEB)
+ NOT-FOR-US: NEXTWEB
CAN-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB)
1.00 ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in
MyBulletinBoard ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...)
NOTE: Unreproducable by SuSE security team, sudo contains code to circumvent
such
NOTE: behaviour, seems like a broken PAM setup on the submitter''s
side
CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and
3.2 ...)
- NOTE: not-for-us (SoftICE)
+ NOT-FOR-US: SoftICE
CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to
cause a ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in
the ...)
- NOTE: not-for-us (D-Link hardware issue)
+ NOT-FOR-US: D-Link hardware issue
CAN-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication
and ...)
- NOTE: not-for-us (D-Link hardware issue)
+ NOT-FOR-US: D-Link hardware issue
CAN-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by
...)
- NOTE: not-for-us (HP Radia)
+ NOT-FOR-US: HP Radia
CAN-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function
in HP ...)
- NOTE: not-for-us (HP Radia)
+ NOT-FOR-US: HP Radia
CAN-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils
SQL ...)
- mailutils 1:0.6.1-2
CAN-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam
...)
- NOTE: not-for-us (Qualiteam X-Cart)
+ NOT-FOR-US: Qualiteam X-Cart
CAN-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8
allow ...)
- NOTE: not-for-us (Qualiteam X-Cart)
+ NOT-FOR-US: Qualiteam X-Cart
CAN-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in
...)
- NOTE: not-for-us (PowerDownload)
+ NOT-FOR-US: PowerDownload
CAN-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote
...)
- NOTE: not-for-us (Zeroboard)
+ NOT-FOR-US: Zeroboard
CAN-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail
before ...)
- NOTE: not-for-us (NikoSoft WebMail)
+ NOT-FOR-US: NikoSoft WebMail
CAN-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before
3.3.1 ...)
- NOTE: not-for-us (NewLife Blogger)
+ NOT-FOR-US: NewLife Blogger
CAN-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote
attackers to ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root
admins to ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD
10.0.0.1 ...)
- NOTE: not-for-us (Hummingbird Connectivity)
+ NOT-FOR-US: Hummingbird Connectivity
CAN-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote
...)
- NOTE: not-for-us (PicoWebServer)
+ NOT-FOR-US: PicoWebServer
CAN-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server
Evaluation ...)
- NOTE: not-for-us (FutureSoft TFTP Server)
+ NOT-FOR-US: FutureSoft TFTP Server
CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server
...)
- NOTE: not-for-us (FutureSoft TFTP Server)
+ NOT-FOR-US: FutureSoft TFTP Server
CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php
in ...)
NOTE: Not in Sarge
- wordpress 1.5.1.2-1
CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Sony hardware issue)
+ NOT-FOR-US: Sony hardware issue
CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote
attackers ...)
- NOTE: not-for-us (Stronghold game)
+ NOT-FOR-US: Stronghold game
CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and
earlier ...)
- NOTE: not-for-us (PHPMailer)
+ NOT-FOR-US: PHPMailer
CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier
allows ...)
- NOTE: not-for-us (PeerCast)
+ NOT-FOR-US: PeerCast
CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product
by ...)
- NOTE: not-for-us (Online Solutions for Educators)
+ NOT-FOR-US: Online Solutions for Educators
CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic
System ...)
- NOTE: not-for-us (Net Portal Dynamic System)
+ NOT-FOR-US: Net Portal Dynamic System
CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net
Portal ...)
- NOTE: not-for-us (Net Portal Dynamic System)
+ NOT-FOR-US: Net Portal Dynamic System
CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to
cause a ...)
- NOTE: not-for-us (Nortel hardware)
+ NOT-FOR-US: Nortel hardware
CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a
denial of ...)
- NOTE: not-for-us (Nokia hardware)
+ NOT-FOR-US: Nokia hardware
CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget
0.4 ...)
- NOTE: not-for-us (Jaws glossary gadget)
+ NOT-FOR-US: Jaws glossary gadget
CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7
and ...)
- NOTE: not-for-us (FreeStyle Wiki)
+ NOT-FOR-US: FreeStyle Wiki
CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring
Software ...)
- NOTE: not-for-us (ServersCheck)
+ NOT-FOR-US: ServersCheck
CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael,
allows ...)
NOTE: Cryptographic attack on AES, cannot be fixed
CAN-2005-1796 (Format string vulnerability in the curses_msg function in the
Ncurses ...)
{DSA-749-1}
- ettercap 1:0.7.1-1.1
CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV)
before ...)
- NOTE: not-for-us (ClamAV on Mac OS X)
+ NOT-FOR-US: ClamAV on Mac OS X
CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP)
5.2 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other
operating ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service
allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when
the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and
6.0.2800.1106 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software
Solution ...)
- NOTE: not-for-us (India Software Solution shopping cart)
+ NOT-FOR-US: India Software Solution shopping cart
CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting
...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...)
- NOTE: not-for-us (phpStat)
+ NOT-FOR-US: phpStat
CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System
1.1 ...)
- NOTE: not-for-us (FunkyASP)
+ NOT-FOR-US: FunkyASP
CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows
remote ...)
- NOTE: not-for-us (ZonGG)
+ NOT-FOR-US: ZonGG
CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote
attackers ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path
of the ...)
- NOTE: not-for-us (BookReview)
+ NOT-FOR-US: BookReview
CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in
BookReview beta ...)
- NOTE: not-for-us (BookReview)
+ NOT-FOR-US: BookReview
CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable
allows ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News
Manager ...)
- NOTE: not-for-us (Active News Manager)
+ NOT-FOR-US: Active News Manager
CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal
1.35, ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in
PostNuke ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750
allows ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...)
- NOTE: not-for-us (C''Nedra)
+ NOT-FOR-US: C''Nedra
CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote
...)
- NOTE: not-for-us (Terminator game)
+ NOT-FOR-US: Terminator game
CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly
enforce ...)
- davfs2 0.2.4-1 (bug #310757; medium)
CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e,
and ...)
- NOTE: not-for-us (Listserv)
+ NOT-FOR-US: Listserv
CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War
of the ...)
- NOTE: not-for-us (Terminator game)
+ NOT-FOR-US: Terminator game
CAN-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through
B.11.23 ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast!
Antivirus 4.6 ...)
- NOTE: not-for-us (Avast)
+ NOT-FOR-US: Avast
CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in
SquirrelMail ...)
{DSA-756-1}
- squirrelmail 2:1.4.4-6 (bug #314374; medium)
@@ -4888,18 +4888,18 @@
- kernel-source-2.6.8 2.6.8-17
- kernel-source-2.4.27 <unfixed> (low)
CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date
file in ...)
- NOTE: not-for-us (sysreport)
+ NOT-FOR-US: sysreport
CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to
...)
- shtool 2.0.1-2 (low)
- mysql-ocaml 1.0.3-6 (low)
- php4 4:4.4.0-1 (low)
NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and
CAN-2005-1751
CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in
Novell ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52
before ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for
...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to
...)
{DSA-789-1 DTSA-15-1}
- shtool 2.0.1-2 (low)
@@ -4913,98 +4913,98 @@
NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether
this still applies
TODO: check, whether this still applies
CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption
algorithm for ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE
Linux, ...)
- NOTE: not-for-us (CVSup third party modules)
+ NOT-FOR-US: CVSup third party modules
CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI
Neo ...)
- NOTE: not-for-us (PJ CGI Nero)
+ NOT-FOR-US: PJ CGI Nero
CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic
Server ...)
- NOTE: not-for-us (Informix Dynamic Server)
+ NOT-FOR-US: Informix Dynamic Server
CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in
privmsg.php in ...)
- phpbb2 2.0.6d-2
CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service
...)
- NOTE: not-for-us (SurfNOW)
+ NOT-FOR-US: SurfNOW
CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07
allows ...)
- NOTE: not-for-us (WebWeaver)
+ NOT-FOR-US: WebWeaver
CAN-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote
...)
- NOTE: not-for-us (Web Blog)
+ NOT-FOR-US: Web Blog
CAN-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets
insecure ...)
- NOTE: not-for-us (BlackICE)
+ NOT-FOR-US: BlackICE
CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and
other ...)
- NOTE: not-for-us (BlackICE)
+ NOT-FOR-US: BlackICE
CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1
through ...)
- gallery 1.4.4-pl1-1
CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in
Nextplace.com ...)
- NOTE: not-for-us (Nextplace)
+ NOT-FOR-US: Nextplace
CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in
Intra ...)
- NOTE: not-for-us (Intra Forum)
+ NOT-FOR-US: Intra Forum
CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web
Server ...)
- NOTE: not-for-us (Borland Web Server)
+ NOT-FOR-US: Borland Web Server
CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of
...)
- NOTE: not-for-us (Reptile Web Server)
+ NOT-FOR-US: Reptile Web Server
CAN-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1
allows ...)
- NOTE: not-for-us (Tiny Server)
+ NOT-FOR-US: Tiny Server
CAN-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (Tiny Server)
+ NOT-FOR-US: Tiny Server
CAN-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (Tiny Server)
+ NOT-FOR-US: Tiny Server
CAN-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows
remote ...)
- NOTE: not-for-us (Tiny Server)
+ NOT-FOR-US: Tiny Server
CAN-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle
HTTP ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75
and ...)
- NOTE: not-for-us (ProxyNow!)
+ NOT-FOR-US: ProxyNow!
CAN-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4
allows ...)
- NOTE: not-for-us (BremsServer)
+ NOT-FOR-US: BremsServer
CAN-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows
remote ...)
- NOTE: not-for-us (BremsServer)
+ NOT-FOR-US: BremsServer
CAN-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U
FTP ...)
- NOTE: not-for-us (Serv-U FTP Server)
+ NOT-FOR-US: Serv-U FTP Server
CAN-2004-2110 (SQL injection vulnerability in register.php in Phorum before
3.4.6 ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- NOTE: not-for-us (Q-Shop)
+ NOT-FOR-US: Q-Shop
CAN-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow
remote ...)
- NOTE: not-for-us (Q-Shop)
+ NOT-FOR-US: Q-Shop
CAN-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does
not ...)
- NOTE: not-for-us (Finjan SurfinGate)
+ NOT-FOR-US: Finjan SurfinGate
CAN-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote
...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1
and 6.0 ...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote
...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare
Enterprise ...)
- NOTE: not-for-us (Novell NetWare)
+ NOT-FOR-US: Novell NetWare
CAN-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a
modified ...)
- NOTE: not-for-us (Freesco)
+ NOT-FOR-US: Freesco
CAN-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to
cause a ...)
- NOTE: not-for-us (GeoHttpServer)
+ NOT-FOR-US: GeoHttpServer
CAN-2004-2100 (GeoHttpServer, when configured to authenticate users, allows
remote ...)
- NOTE: not-for-us (GeoHttpServer)
+ NOT-FOR-US: GeoHttpServer
CAN-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client
(NFSHP2), ...)
- NOTE: not-for-us (Need for Speed game)
+ NOT-FOR-US: Need for Speed game
CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine
(TBE) ...)
- NOTE: not-for-us (Banner engine)
+ NOT-FOR-US: Banner engine
CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to
overwrite ...)
NOTE: fvwm: uses mktemp
NOTE: fvwm-gnome: same as fvwm
NOTE: x-base-clients: x11perfcomp uses mkdir atomically
NOTE: lvm10: does not contain lvmcreate_initrd
CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd
0.6.0 ...)
- NOTE: not-for-us (Mephistoles)
+ NOT-FOR-US: Mephistoles
CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST
flags ...)
- honeyd 0.8-1
CAN-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945
allows ...)
- NOTE: not-for-us (WebcamXP)
+ NOT-FOR-US: WebcamXP
CAN-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and
earlier ...)
- phpbb2 2.0.8a-1
CAN-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and
earlier ...)
- phpbb2 2.0.8a-1
CAN-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows
remote ...)
- NOTE: not-for-us (Yahoo Messenger)
+ NOT-FOR-US: Yahoo Messenger
CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to
add ...)
- NOTE: not-for-us (Yahoo Messenger)
+ NOT-FOR-US: Yahoo Messenger
CAN-2005-XXXX [Unspecified issue in moodle''s admin/delete.php]
- moodle 1.4.4.dfsg.1-3
CAN-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
@@ -5019,94 +5019,94 @@
CAN-2005-XXXX [xile buffer overrun in terminal code]
- zile 2.0.4-2
CAN-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz
3.0 ...)
- NOTE: not-for-us (ezwdc NewsletterEz)
+ NOT-FOR-US: ezwdc NewsletterEz
CAN-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1
...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1
...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA
WebLogic ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0
through ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service
Pack ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service
Pack 5 ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service
Pack 3 ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows
users ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote
attackers to ...)
- NOTE: not-for-us (Halo)
+ NOT-FOR-US: Halo
CAN-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files
...)
NOTE: fixproc not installed in Debian package
CAN-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and
GraphicsMagick ...)
- imagemagick 6:6.0.6.2-2.4
CAN-2005-1738 (Format string vulnerability in the logPrintBadfile function in
...)
- NOTE: not-for-us (Iron Bars Shell)
+ NOT-FOR-US: Iron Bars Shell
CAN-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow
"non-authorized ...)
- NOTE: not-for-us (PROMS)
+ NOT-FOR-US: PROMS
CAN-2005-1736 (PROMS 0.11 does not properly handle "certain
combinations of rights," ...)
- NOTE: not-for-us (PROMS)
+ NOT-FOR-US: PROMS
CAN-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS
before ...)
- NOTE: not-for-us (PROMS)
+ NOT-FOR-US: PROMS
CAN-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11
allow ...)
- NOTE: not-for-us (PROMS)
+ NOT-FOR-US: PROMS
CAN-2005-1733 (Cookie Cart stores the password file under the web document root
with ...)
- NOTE: not-for-us (Cookie Cart)
+ NOT-FOR-US: Cookie Cart
CAN-2005-1732 (Cookie Cart allows remote attackers to read the Order
Notification ...)
- NOTE: not-for-us (Cookie Cart)
+ NOT-FOR-US: Cookie Cart
CAN-2005-1731
NOTE: reserved
CAN-2005-1730
NOTE: reserved
CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely
logs ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1726
NOTE: reserved
CAN-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local
users ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey
the ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not
properly ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac
OS X ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1721 (Buffer overflow in the legacy client support for AFP Server for
Mac OS ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled
volume, does ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and
...)
- NOTE: not-for-us (avast! antivirus)
+ NOT-FOR-US: avast! antivirus
CAN-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows
remote ...)
- NOTE: not-for-us (War Times)
+ NOT-FOR-US: War Times
CAN-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1)
allows ...)
- NOTE: not-for-us (Zyxel hardware)
+ NOT-FOR-US: Zyxel hardware
CAN-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under
the ...)
- NOTE: not-for-us (TOPo)
+ NOT-FOR-US: TOPo
CAN-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo
2.2 ...)
- NOTE: not-for-us (TOPo)
+ NOT-FOR-US: TOPo
CAN-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail
3.0c2 ...)
- NOTE: not-for-us (SurgeMail)
+ NOT-FOR-US: SurgeMail
CAN-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in
Serendipity 0.8 ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with
multiple ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update
to ...)
- NOTE: not-for-us (Gibraltar Firewall)
+ NOT-FOR-US: Gibraltar Firewall
TODO: check, whether gibraltar-bootcd is in any way related/affected
CAN-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat
...)
- NOTE: not-for-us (Blue Coat)
+ NOT-FOR-US: Blue Coat
CAN-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows
remote ...)
- NOTE: not-for-us (Blue Coat)
+ NOT-FOR-US: Blue Coat
CAN-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter
...)
- NOTE: not-for-us (Blue Coat)
+ NOT-FOR-US: Blue Coat
CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before
1.10-r14 ...)
- NOTE: not-for-us (Gentoo)
+ NOT-FOR-US: Gentoo
CAN-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related
to ...)
- mailscanner <unfixed> (bug #310774; low)
CAN-2005-1705 (gdb before 6.3 searches the current working directory to load
the ...)
@@ -5114,31 +5114,31 @@
CAN-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for
gdb ...)
- gdb 6.3-6
CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (Warrior Kings: Battles)
+ NOT-FOR-US: Warrior Kings: Battles
CAN-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and
earlier ...)
- NOTE: not-for-us (Warrior Kings: Battles)
+ NOT-FOR-US: Warrior Kings: Battles
CAN-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote
attackers ...)
- NOTE: not-for-us (PortailPHP)
+ NOT-FOR-US: PortailPHP
CAN-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module
in ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the
Xanthia ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain
...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows
remote ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke
0.750 ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS
module ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the
Xanthia ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library,
as used ...)
- NOTE: not-for-us (CA Antivirus)
+ NOT-FOR-US: CA Antivirus
CAN-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and
other ...)
- gxine 0.4.7-0.1 (bug #310712; medium)
CAN-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in
SAP ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2005-1690
NOTE: rejected
CAN-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT
...)
@@ -5155,145 +5155,145 @@
NOTE: Only exploitable under rare circumstances
- gedit 2.10.3-1 (low)
CAN-2005-1685 (episodex guestbook allows remote attackers to bypass
authentication ...)
- NOTE: not-for-us (episodex)
+ NOT-FOR-US: episodex
CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for
episodex ...)
- NOTE: not-for-us (episodex)
+ NOT-FOR-US: episodex
CAN-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in
Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0,
does ...)
- NOTE: not-for-us (Solstice Internet Mail Server)
+ NOT-FOR-US: Solstice Internet Mail Server
CAN-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM
1.21, ...)
- NOTE: not-for-us (phpATM)
+ NOT-FOR-US: phpATM
CAN-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
- NOTE: not-for-us (D-Link hardware)
+ NOT-FOR-US: D-Link hardware
CAN-2005-1679 (Stack-based buffer overflow in the error directive in picasm
1.12b and ...)
- picasm 1.12c-1
CAN-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build
2364, ...)
- NOTE: not-for-us (Groove)
+ NOT-FOR-US: Groove
CAN-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build
2338, ...)
- NOTE: not-for-us (Groove)
+ NOT-FOR-US: Groove
CAN-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove
Mobile ...)
- NOTE: not-for-us (Groove)
+ NOT-FOR-US: Groove
CAN-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build
2364, ...)
- NOTE: not-for-us (Groove)
+ NOT-FOR-US: Groove
CAN-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center
Live ...)
- NOTE: not-for-us (Help Center Live)
+ NOT-FOR-US: Help Center Live
CAN-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow
...)
- NOTE: not-for-us (Help Center Live)
+ NOT-FOR-US: Help Center Live
CAN-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help
Center ...)
- NOTE: not-for-us (Help Center Live)
+ NOT-FOR-US: Help Center Live
CAN-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be
...)
- NOTE: not-for-us (Yahoo Messenger)
+ NOT-FOR-US: Yahoo Messenger
CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800
switches ...)
- NOTE: not-for-us (Extreme BlackDiamond hardware)
+ NOT-FOR-US: Extreme BlackDiamond hardware
CAN-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final
Build 1095 ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain
...)
- NOTE: not-for-us (YusASP Web Asset Manager)
+ NOT-FOR-US: YusASP Web Asset Manager
CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a
...)
- NOTE: not-for-us (DataTrac Activity Console)
+ NOT-FOR-US: DataTrac Activity Console
CAN-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow
...)
- NOTE: not-for-us (Orenosv)
+ NOT-FOR-US: Orenosv
CAN-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows
remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause
a ...)
- NOTE: not-for-us (Jeuce Personal Web Server)
+ NOT-FOR-US: Jeuce Personal Web Server
CAN-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server
2.13 ...)
- NOTE: not-for-us (Jeuce Personal Web Server)
+ NOT-FOR-US: Jeuce Personal Web Server
CAN-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a
...)
- NOTE: not-for-us (Jeuce Personal Web Server)
+ NOT-FOR-US: Jeuce Personal Web Server
CAN-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the
web ...)
- NOTE: not-for-us (EZGuestbook)
+ NOT-FOR-US: EZGuestbook
CAN-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in
...)
- NOTE: not-for-us (MyServer)
+ NOT-FOR-US: MyServer
CAN-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer
0.8 ...)
- NOTE: not-for-us (MyServer)
+ NOT-FOR-US: MyServer
CAN-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging
2005 ...)
- NOTE: not-for-us (Mercur Messaging)
+ NOT-FOR-US: Mercur Messaging
CAN-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the
source ...)
- NOTE: not-for-us (Mercur Messaging)
+ NOT-FOR-US: Mercur Messaging
CAN-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers
to ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote
attackers ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for
rsync ...)
- rsync 2.6.1-1
CAN-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for
...)
- NOTE: not-for-us (InoculateIT)
+ NOT-FOR-US: InoculateIT
CAN-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not
correctly ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote
attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (Matrix FTP Server)
+ NOT-FOR-US: Matrix FTP Server
CAN-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus
...)
- NOTE: not-for-us (Sophos)
+ NOT-FOR-US: Sophos
CAN-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote
...)
- NOTE: not-for-us (SandSurfer)
+ NOT-FOR-US: SandSurfer
CAN-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server
before ...)
- NOTE: not-for-us (Sambar)
+ NOT-FOR-US: Sambar
CAN-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad
Fears ...)
- NOTE: not-for-us (phpcodeCabinet)
+ NOT-FOR-US: phpcodeCabinet
CAN-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop
...)
- NOTE: not-for-us (JShop)
+ NOT-FOR-US: JShop
CAN-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to
trick ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote
...)
- NOTE: not-for-us (Sami FTP Server)
+ NOT-FOR-US: Sami FTP Server
CAN-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local
users to ...)
- NOTE: not-for-us (Sami FTP Server)
+ NOT-FOR-US: Sami FTP Server
CAN-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts
multiple ...)
- NOTE: not-for-us (Red-Alert)
+ NOT-FOR-US: Red-Alert
CAN-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds
authentication ...)
- NOTE: not-for-us (Red-Alert)
+ NOT-FOR-US: Red-Alert
CAN-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote
...)
- NOTE: not-for-us (Red-Alert)
+ NOT-FOR-US: Red-Alert
CAN-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper
3 ...)
- NOTE: not-for-us (Nadeo)
+ NOT-FOR-US: Nadeo
CAN-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for
Jelsoft ...)
- NOTE: not-for-us (Jelsoft Bulletin)
+ NOT-FOR-US: Jelsoft Bulletin
CAN-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Sophos)
+ NOT-FOR-US: Sophos
CAN-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users
to ...)
- NOTE: not-for-us (Dream FTP)
+ NOT-FOR-US: Dream FTP
CAN-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a
...)
- kernel-patch-vserver 1.9.4-1
CAN-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo
Open ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier
...)
- NOTE: not-for-us (Macallan)
+ NOT-FOR-US: Macallan
CAN-2003-1214 (Unknown vulnerability in the server login for VisualShapers
ezContents ...)
- NOTE: not-for-us (VisualShapers)
+ NOT-FOR-US: VisualShapers
CAN-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal
...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform
unauthorized ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module
for ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2
allows ...)
- NOTE: not-for-us (Monkey)
+ NOT-FOR-US: Monkey
CAN-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow
local ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause
a ...)
- NOTE: not-for-us (Crob)
+ NOT-FOR-US: Crob
CAN-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows
remote ...)
- NOTE: not-for-us (Crob)
+ NOT-FOR-US: Crob
CAN-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to
cause a ...)
- NOTE: not-for-us (Crob)
+ NOT-FOR-US: Crob
CAN-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo
Site ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo
Site ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon
before ...)
- NOTE: not-for-us (Monkey)
+ NOT-FOR-US: Monkey
CAN-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo
Site ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote
...)
- NOTE: not-for-us (Caucho Technology Resin)
+ NOT-FOR-US: Caucho Technology Resin
CAN-2005-XXXX [Two DoS condition in ekg]
- ekg 1:1.5+20050411-3
CAN-2005-XXXX [lcrash affected by libbfd integer overflows]
@@ -5301,142 +5301,142 @@
CAN-2005-XXXX [Multiple security problems in lbreakout2]
- lbreakout2 2.5.2-2
CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for
Woppoware ...)
- NOTE: not-for-us (Woppoware)
+ NOT-FOR-US: Woppoware
CAN-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows
remote ...)
- NOTE: not-for-us (Woppoware)
+ NOT-FOR-US: Woppoware
CAN-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware
...)
- NOTE: not-for-us (Woppoware)
+ NOT-FOR-US: Woppoware
CAN-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5)
...)
- NOTE: not-for-us (Woppoware)
+ NOT-FOR-US: Woppoware
CAN-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and
Longhorn, ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat
database ...)
- NOTE: not-for-us (GASoft)
+ NOT-FOR-US: GASoft
CAN-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database
file ...)
- NOTE: not-for-us (GASoft)
+ NOT-FOR-US: GASoft
CAN-2005-1646 (The default installation of Fastream NETFile FTP/Web Server
7.4.6, ...)
- NOTE: not-for-us (Fastream NETFile)
+ NOT-FOR-US: Fastream NETFile
CAN-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web
...)
- NOTE: not-for-us (Keyvan1 Gallery)
+ NOT-FOR-US: Keyvan1 Gallery
CAN-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for
1Two ...)
- NOTE: not-for-us (Livre d''Or)
+ NOT-FOR-US: Livre d''Or
CAN-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4
and ...)
- NOTE: not-for-us (Zoidcom)
+ NOT-FOR-US: Zoidcom
CAN-2005-1642 (SQL injection vulnerability in the verify_email function in
Woltlab ...)
- NOTE: not-for-us (Woltlab Burning Board)
+ NOT-FOR-US: Woltlab Burning Board
CAN-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to
0.3.6, and ...)
- NOTE: not-for-us (Ignition Project)
+ NOT-FOR-US: Ignition Project
CAN-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to
0.3.6, ...)
- NOTE: not-for-us (Ignition Project)
+ NOT-FOR-US: Ignition Project
CAN-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager
6.6 ...)
- NOTE: not-for-us (Sigma)
+ NOT-FOR-US: Sigma
CAN-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not
properly ...)
- NOTE: not-for-us (SafeHTML)
+ NOT-FOR-US: SafeHTML
CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow
...)
- NOTE: not-for-us (NPDS)
+ NOT-FOR-US: NPDS
CAN-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to
5.0.4 ...)
{DSA-783-1}
- mysql-dfsg 4.0.12-2 (bug #319526; low)
CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to
obtain ...)
- NOTE: not-for-us (JGS-Portal)
+ NOT-FOR-US: JGS-Portal
CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA
...)
- NOTE: not-for-us (JGS-Portal)
+ NOT-FOR-US: JGS-Portal
CAN-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal
3.0.2 and ...)
- NOTE: not-for-us (JGS-Portal)
+ NOT-FOR-US: JGS-Portal
CAN-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for
modules ...)
- cheetah 0.9.16-1
NOTE: testing approval is waiting on verification that the fix works.
NOTE: see http://lists.debian.org/debian-release/2005/05/msg01428.html
CAN-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to
view ...)
- NOTE: not-for-us (Booby)
+ NOT-FOR-US: Booby
CAN-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related
to a ...)
- NOTE: not-for-us (phpbb attachment mod)
+ NOT-FOR-US: phpbb attachment mod
CAN-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro
allows ...)
- NOTE: not-for-us (Photopost)
+ NOT-FOR-US: Photopost
CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary
commands ...)
- NOTE: not-for-us (WebAPP)
+ NOT-FOR-US: WebAPP
CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to
"a ...)
NOTE: The 1.x version in Sarge and sid is not vulnerable
CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ)
before ...)
- NOTE: not-for-us (Pico Server)
+ NOT-FOR-US: Pico Server
CAN-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform
function in ...)
- NOTE: not-for-us (Acrobat Reader)
+ NOT-FOR-US: Acrobat Reader
CAN-2005-1624
NOTE: reserved
CAN-2005-1623
NOTE: reserved
CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in
productsByCategory.asp in ...)
- NOTE: not-for-us (MetaCart)
+ NOT-FOR-US: MetaCart
CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in
...)
- NOTE: not-for-us (Postnuke mod)
+ NOT-FOR-US: Postnuke mod
CAN-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter
Guestbook ...)
- NOTE: not-for-us (Skull-Splitter Guestbook)
+ NOT-FOR-US: Skull-Splitter Guestbook
CAN-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...)
- NOTE: not-for-us (PHPMyChat)
+ NOT-FOR-US: PHPMyChat
CAN-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows
...)
- NOTE: not-for-us (Yahoo Messenger)
+ NOT-FOR-US: Yahoo Messenger
CAN-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the
password in ...)
- NOTE: not-for-us (Willings WebCAM)
+ NOT-FOR-US: Willings WebCAM
CAN-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6
allows ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may
allow ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in
Ultimate ...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open
...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board
...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing
5.x ...)
- NOTE: not-for-us (Web Crossing)
+ NOT-FOR-US: Web Crossing
CAN-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for
Tru-Zone ...)
- NOTE: not-for-us (Tru-Zone NukeET)
+ NOT-FOR-US: Tru-Zone NukeET
CAN-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with
serial ...)
- NOTE: not-for-us (Sun StorEdge 6130 Arrays)
+ NOT-FOR-US: Sun StorEdge 6130 Arrays
CAN-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean
...)
- NOTE: not-for-us (Spidean AutoTheme 1.7 and AT-Lite for PostNuke)
+ NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke
CAN-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote
Cart ...)
- NOTE: not-for-us (Remote Cart)
+ NOT-FOR-US: Remote Cart
CAN-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information
such ...)
- NOTE: not-for-us (H-Sphere Winbox)
+ NOT-FOR-US: H-Sphere Winbox
CAN-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for
...)
- NOTE: not-for-us (guestbook for SiteStudio)
+ NOT-FOR-US: guestbook for SiteStudio
CAN-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote
attackers to ...)
- NOTE: not-for-us (phpATM)
+ NOT-FOR-US: phpATM
CAN-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers
to ...)
- NOTE: not-for-us ( NiteEnterprises Remote File Manager)
+ NOT-FOR-US: NiteEnterprises Remote File Manager
CAN-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based
File ...)
- NOTE: not-for-us (Net56 Browser Based File Manager)
+ NOT-FOR-US: Net56 Browser Based File Manager
CAN-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under
the ...)
- NOTE: not-for-us ( MRO Maximo Self Service)
+ NOT-FOR-US: MRO Maximo Self Service
CAN-2005-1600 (A "mathematical flaw" in the implementation of
the El Gamal signature ...)
- NOTE: not-for-us (LibTomCrypt)
+ NOT-FOR-US: LibTomCrypt
CAN-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies
...)
- NOTE: not-for-us (Kryloff Technologies Subject Search Server)
+ NOT-FOR-US: Kryloff Technologies Subject Search Server
CAN-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3
and ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and
(2) ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use
the ...)
- NOTE: not-for-us (Fusion SBX)
+ NOT-FOR-US: Fusion SBX
CAN-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web
root, ...)
- NOTE: not-for-us (CodeThat ShoppingCart)
+ NOT-FOR-US: CodeThat ShoppingCart
CAN-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat
ShoppingCart ...)
- NOTE: not-for-us (CodeThat ShoppingCart)
+ NOT-FOR-US: CodeThat ShoppingCart
CAN-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for
CodeThat ...)
- NOTE: not-for-us (CodeThat ShoppingCart)
+ NOT-FOR-US: CodeThat ShoppingCart
CAN-2005-1592 (Multiple "javascript vulerabilities in BB
code" in BirdBlog before ...)
- NOTE: not-for-us (BirdBlog)
+ NOT-FOR-US: BirdBlog
CAN-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows
remote ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88
allows ...)
- NOTE: not-for-us (Altiris Client Service for Windows)
+ NOT-FOR-US: Altiris Client Service for Windows
CAN-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E
(5.6.181) ...)
- NOTE: not-for-us (Altiris Client Service for Windows)
+ NOT-FOR-US: Altiris Client Service for Windows
CAN-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...)
- NOTE: not-for-us (LedForums)
+ NOT-FOR-US: LedForums
CAN-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive
...)
- NOTE: not-for-us (HTTP Commander)
+ NOT-FOR-US: HTTP Commander
CAN-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header
lines]
- clamav 0.85.1-1
CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
@@ -5447,51 +5447,51 @@
NOTE: According to Horms from kernel team 2.6.8 not affected
- kernel-source-2.6.11 2.6.11-5
CAN-2005-1588 (** DISPUTED ** ...)
- NOTE: not-for-us (Quick.cart)
+ NOT-FOR-US: Quick.cart
CAN-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for
Quick.cart ...)
- NOTE: not-for-us (Quick.cart)
+ NOT-FOR-US: Quick.cart
CAN-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such
as ...)
- NOTE: not-for-us (Quick.Forum)
+ NOT-FOR-US: Quick.Forum
CAN-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6
allow ...)
- NOTE: not-for-us (Quick.Forum)
+ NOT-FOR-US: Quick.Forum
CAN-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for
Quick.Forum ...)
- NOTE: not-for-us (Quick.Forum)
+ NOT-FOR-US: Quick.Forum
CAN-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for
new ...)
- NOTE: not-for-us (1Two News)
+ NOT-FOR-US: 1Two News
CAN-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two
News ...)
- NOTE: not-for-us (1Two News)
+ NOT-FOR-US: 1Two News
CAN-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0
allows ...)
- NOTE: not-for-us (bug_list.php)
+ NOT-FOR-US: bug_list.php
CAN-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the
types ...)
- NOTE: not-for-us (BoastMachine)
+ NOT-FOR-US: BoastMachine
CAN-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote
attackers to ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1578 (EnCase Forensic Edition 4.18a does not support Device
Configuration ...)
- NOTE: not-for-us (EnCase)
+ NOT-FOR-US: EnCase
CAN-2005-1577 (APG Technology ClassMaster does not properly restrict access to
...)
- NOTE: not-for-us (APG Classmaster)
+ NOT-FOR-US: APG Classmaster
CAN-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for
Windows ...)
NOTE: appears windows specific
CAN-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for
Windows ...)
NOTE: appears windows specific
CAN-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content
...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual
News ...)
- NOTE: not-for-us (ASP Virtual News Manager)
+ NOT-FOR-US: ASP Virtual News Manager
CAN-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (ShowOff)
+ NOT-FOR-US: ShowOff
CAN-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4
allow ...)
- NOTE: not-for-us (ShowOff)
+ NOT-FOR-US: ShowOff
CAN-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain
full ...)
NOTE: for-for-us (bttlxeForum)
CAN-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and
2.2 ...)
- NOTE: not-for-us (DirectTopics)
+ NOT-FOR-US: DirectTopics
CAN-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to
...)
- NOTE: not-for-us (DirectTopics)
+ NOT-FOR-US: DirectTopics
CAN-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and
2.2 ...)
- NOTE: not-for-us (DirectTopics)
+ NOT-FOR-US: DirectTopics
CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to
bypass ...)
- NOTE: not-for-us (Acrowave AAP-3100AR wireless router)
+ NOT-FOR-US: Acrowave AAP-3100AR wireless router
CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is
...)
- bugzilla 2.18-7 (medium)
NOTE: only affects sid
@@ -5500,37 +5500,37 @@
CAN-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a
different ...)
- bugzilla 2.16.7-7sarge1
CAN-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and
...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp
in ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to
execute ...)
- NOTE: not-for-us (Nexusway)
+ NOT-FOR-US: Nexusway
CAN-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to
execute ...)
- NOTE: not-for-us (Nexusway)
+ NOT-FOR-US: Nexusway
CAN-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to
bypass ...)
- NOTE: not-for-us (Nexusway)
+ NOT-FOR-US: Nexusway
CAN-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp
...)
- NOTE: not-for-us (WebApp Guestbook PRO)
+ NOT-FOR-US: WebApp Guestbook PRO
CAN-2005-1556 (Gamespy cd-key validation system allows remote attackers to
cause a ...)
- NOTE: not-for-us (Gamespy cd-key validation system)
+ NOT-FOR-US: Gamespy cd-key validation system
CAN-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server
in ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61,
and ...)
- NOTE: not-for-us (WowBB)
+ NOT-FOR-US: WowBB
CAN-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0
uses a ...)
- NOTE: not-for-us (GeoVision Digital Video Surveillance System)
+ NOT-FOR-US: GeoVision Digital Video Surveillance System
CAN-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0,
when ...)
- NOTE: not-for-us (GeoVision Digital Video Surveillance System)
+ NOT-FOR-US: GeoVision Digital Video Surveillance System
CAN-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for
viruses ...)
- NOTE: not-for-us (Sophos Anti-Virus)
+ NOT-FOR-US: Sophos Anti-Virus
CAN-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to
execute ...)
- NOTE: not-for-us (easy message board)
+ NOT-FOR-US: easy message board
CAN-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message
Board ...)
- NOTE: not-for-us (easy message board)
+ NOT-FOR-US: easy message board
CAN-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook
2.3.1 ...)
- NOTE: not-for-us (Advanced Guestbook)
+ NOT-FOR-US: Advanced Guestbook
CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone
Netvault, ...)
- NOTE: not-for-us (Bakbone Netvault)
+ NOT-FOR-US: Bakbone Netvault
CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0
allows ...)
{DSA-743-1}
- ht 0.8.0-2
@@ -5543,7 +5543,7 @@
- tiff 3.7.2-3
NOTE: tiff3g not in testing
CAN-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote
...)
- NOTE: not-for-us (Novell Zenworks)
+ NOT-FOR-US: Novell Zenworks
CAN-2005-1542
NOTE: reserved
CAN-2005-1541
@@ -5573,7 +5573,7 @@
- mozilla-firefox 1.0.4
- mozilla 2:1.7.8
CAN-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive
files" enabled, ...)
- NOTE: not-for-us (Sophos)
+ NOT-FOR-US: Sophos
CAN-2005-1529
NOTE: reserved
CAN-2005-1528
@@ -5605,9 +5605,9 @@
{DSA-751-1}
- squid 2.5.9-9
CAN-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using
Federated ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM)
2.3.1 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-XXXX [Buffer overflow in libotr]
- libotr 2.0.2-1
CAN-2005-XXXX [vpnc: config file path security hole]
@@ -5626,77 +5626,77 @@
NOTE: Source package has been renamed from unrar to unrar-free
- unrar-free 1:0.0.1-2
CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify
uploaded ...)
- NOTE: not-for-us (PwsPHP)
+ NOT-FOR-US: PwsPHP
CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication
and post ...)
- NOTE: not-for-us (PwsPHP)
+ NOT-FOR-US: PwsPHP
CAN-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (PwsPHP)
+ NOT-FOR-US: PwsPHP
CAN-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows
...)
- NOTE: not-for-us (PwsPHP)
+ NOT-FOR-US: PwsPHP
CAN-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP
1.2.2 ...)
- NOTE: not-for-us (PwsPHP)
+ NOT-FOR-US: PwsPHP
CAN-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4
allows ...)
- NOTE: not-for-us (WebSTAR)
+ NOT-FOR-US: WebSTAR
CAN-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra)
Plus ...)
- NOTE: not-for-us (CJ Ultra Plus)
+ NOT-FOR-US: CJ Ultra Plus
CAN-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online
games, ...)
- NOTE: not-for-us (GameSpy SDK CD-Key Validation Toolkit)
+ NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit
CAN-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping
Cart ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP
Shopping Cart ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow
remote ...)
- NOTE: not-for-us (myBloggie)
+ NOT-FOR-US: myBloggie
CAN-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to
delete ...)
- NOTE: not-for-us (myBloggie)
+ NOT-FOR-US: myBloggie
CAN-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie
2.1.1 ...)
- NOTE: not-for-us (myBloggie)
+ NOT-FOR-US: myBloggie
CAN-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain
...)
- NOTE: not-for-us (myBloggie)
+ NOT-FOR-US: myBloggie
CAN-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with
CREATE ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA)
after the ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi
in ...)
- NOTE: not-for-us (MegaBook)
+ NOT-FOR-US: MegaBook
CAN-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote
...)
- NOTE: not-for-us (SimpleCam)
+ NOT-FOR-US: SimpleCam
CAN-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer
...)
- NOTE: not-for-us (Gossamer Threads Links)
+ NOT-FOR-US: Gossamer Threads Links
CAN-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows
remote ...)
- NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
+ NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CAN-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the
...)
- NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
+ NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CAN-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp
Web Mail ...)
- NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
+ NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CAN-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak
Mail ...)
- NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
+ NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CAN-2005-1487 (Multiple SQL injection vulnerabilities in FishCart 3.1 allow
remote ...)
- NOTE: not-for-us (FishCart)
+ NOT-FOR-US: FishCart
CAN-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1
allow ...)
- NOTE: not-for-us (FishCart)
+ NOT-FOR-US: FishCart
CAN-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to
obtain ...)
- NOTE: not-for-us (Golden FTP Server Pro)
+ NOT-FOR-US: Golden FTP Server Pro
CAN-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52
allows ...)
- NOTE: not-for-us (Golden FTP Server Pro)
+ NOT-FOR-US: Golden FTP Server Pro
CAN-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in
ArticleLive ...)
- NOTE: not-for-us (ArticleLive)
+ NOT-FOR-US: ArticleLive
CAN-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by
...)
- NOTE: not-for-us (ArticleLive)
+ NOT-FOR-US: ArticleLive
CAN-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP
Inline ...)
- NOTE: not-for-us (ASP Inline Corporate Calendar)
+ NOT-FOR-US: ASP Inline Corporate Calendar
CAN-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241
allows ...)
- NOTE: not-for-us (RaidenFTPD)
+ NOT-FOR-US: RaidenFTPD
CAN-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal
3.0.1 and ...)
- NOTE: not-for-us (JGS-Portal)
+ NOT-FOR-US: JGS-Portal
CAN-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a
allows ...)
- NOTE: not-for-us (DMail)
+ NOT-FOR-US: DMail
CAN-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to
bypass ...)
- NOTE: not-for-us (DMail)
+ NOT-FOR-US: DMail
CAN-2005-1515 (Integer signedness error in the qmail_put and substdio_put
functions ...)
NOTE: not in testing
NOTE: non-free
@@ -5707,21 +5707,21 @@
CAN-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail,
when ...)
- qmail-src 1.03-38
CAN-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4
allows ...)
- NOTE: not-for-us (JAWS)
+ NOT-FOR-US: JAWS
CAN-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4
allows ...)
- NOTE: not-for-us (LinPHA)
+ NOT-FOR-US: LinPHA
CAN-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass
the ...)
- dansguardian 2.5.2-0-0.1
CAN-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and
ealier ...)
- NOTE: not-for-us (lostBook)
+ NOT-FOR-US: lostBook
CAN-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in
AntiBoard ...)
- NOTE: not-for-us (AntiBoard)
+ NOT-FOR-US: AntiBoard
CAN-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2
and ...)
- NOTE: not-for-us (AntiBoard)
+ NOT-FOR-US: AntiBoard
CAN-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers
to use ...)
- NOTE: not-for-us (RiSearch)
+ NOT-FOR-US: RiSearch
CAN-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db
...)
- NOTE: not-for-us (ASPRunner)
+ NOT-FOR-US: ASPRunner
CAN-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4
allow ...)
NOTE: not-for-us
CAN-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive
information ...)
@@ -5739,272 +5739,272 @@
CAN-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier
...)
NOTE: not-for-us
CAN-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running
firmware ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier
allow ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier
store ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38
and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0
RC-1 for ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0
through ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL
router ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase
such ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow
remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php
in ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107
0.615 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive
information via ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under
(LDU) ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows
remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2036 (SQL injection vulnerability in the art_print function in
print.inc.php ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword
based URL ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp
for ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta
7.5 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote
attackers ...)
- icecast2 2.0.1.debian-1
CAN-2004-2026 (Format string vulnerability in the logmsg function in svc.c for
Pound ...)
- pound 1.7-1
CAN-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart
1.1.3 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes
certain ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d,
1.1.4 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall''s Perl
5.6.1 and others, ...)
- NOTE: not-for-us (various perls on Windows)
+ NOT-FOR-US: various perls on Windows
CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in
osCommerce ...)
- NOTE: not-for-us (osCommerce)
+ NOT-FOR-US: osCommerce
CAN-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke
6.x ...)
- NOTE: not-for-us (php-nuke)
+ NOT-FOR-US: php-nuke
CAN-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote
...)
- NOTE: not-for-us (php-nuke)
+ NOT-FOR-US: php-nuke
CAN-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke
6.x ...)
- NOTE: not-for-us (php-nuke)
+ NOT-FOR-US: php-nuke
CAN-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo
Traffic ...)
- NOTE: not-for-us (Turbo Traffic Trader C (TTT-C))
+ NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
CAN-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3
and ...)
- NOTE: not-for-us (netchat)
+ NOT-FOR-US: netchat
CAN-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition
...)
- NOTE: not-for-us (WebCT)
+ NOT-FOR-US: WebCT
CAN-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary
files via ...)
- wget 1.9.1-12
CAN-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket
option in ...)
NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok
CAN-2004-2012 (The systrace_exit function in the systrace utility for
NetBSD-current ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote
attackers to ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop
0.7.1 ...)
- NOTE: not-for-us (phpShop)
+ NOT-FOR-US: phpShop
CAN-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the
full ...)
- NOTE: not-for-us (NukeJokes)
+ NOT-FOR-US: NukeJokes
CAN-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and
2 Beta ...)
- NOTE: not-for-us (NukeJokes)
+ NOT-FOR-US: NukeJokes
CAN-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in
NukeJokes ...)
- NOTE: not-for-us (NukeJokes)
+ NOT-FOR-US: NukeJokes
CAN-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of
"Everyone ...)
- NOTE: not-for-us (OfficeScan)
+ NOT-FOR-US: OfficeScan
CAN-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1
allows ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured
without a ...)
- NOTE: not-for-us (SUSE Live CD)
+ NOT-FOR-US: SUSE Live CD
CAN-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter
...)
- NOTE: not-for-us (DeleGate)
+ NOT-FOR-US: DeleGate
CAN-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows
remote ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through
6.5.22m does not properly ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke
6.x ...)
- NOTE: not-for-us (Php-Nuke)
+ NOT-FOR-US: Php-Nuke
CAN-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module
in ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote
...)
- NOTE: not-for-us (php-nuke)
+ NOT-FOR-US: php-nuke
CAN-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf
file, ...)
- NOTE: not-for-us (kolab)
+ NOT-FOR-US: kolab
CAN-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines
Forum ...)
- NOTE: not-for-us (Simple Machines Forum)
+ NOT-FOR-US: Simple Machines Forum
CAN-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0
allows ...)
- NOTE: not-for-us (FuseTalk)
+ NOT-FOR-US: FuseTalk
CAN-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a
direct ...)
- NOTE: not-for-us (FuseTalk)
+ NOT-FOR-US: FuseTalk
CAN-2004-1993 (The patch to the checklogin function in omail.pl for omail
webmail ...)
- NOTE: not-for-us (omail)
+ NOT-FOR-US: omail
CAN-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows
remote ...)
- NOTE: not-for-us (Serv-U)
+ NOT-FOR-US: Serv-U
CAN-2004-1991 (Directory traversal vulnerability in Aldo''s Web Server
(aweb) 1.5 ...)
- NOTE: not-for-us (aweb)
+ NOT-FOR-US: aweb
CAN-2004-1990 (Aldo''s Web Server (aweb) 1.5 allows remote attackers to
gain sensitive ...)
- NOTE: not-for-us (aweb)
+ NOT-FOR-US: aweb
CAN-2004-1989 (PHP remote code injection vulnerability in theme.php in
Coppermine ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1988 (PHP remote code injection vulnerability in init.inc.php in
Coppermine ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and
1.2.0 RC4 ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine
Photo ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in
Coppermine ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote
attackers ...)
- NOTE: not-for-us (Coppermine)
+ NOT-FOR-US: Coppermine
CAN-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches
for ...)
NOTE: only affects pax for 2.6; kernel-patch-adamantix contains pax
NOTE: but only for 2.4.
CAN-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify
...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-1981 (The web interface for Crystal Reports allows remote attackers to
cause ...)
- NOTE: not-for-us (Crystal Reports)
+ NOT-FOR-US: Crystal Reports
CAN-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1
...)
- NOTE: not-for-us (PROPS)
+ NOT-FOR-US: PROPS
CAN-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in
PROPS ...)
- NOTE: not-for-us (PROPS)
+ NOT-FOR-US: PROPS
CAN-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle
before ...)
- moodle 1.3
CAN-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote
attackers ...)
- NOTE: not-for-us (3com NBX IP VOIP NetSet Configuration Manager)
+ NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager
CAN-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote
...)
- NOTE: not-for-us (SMC Barricade broadband router 7008ABR and 7004VBR)
+ NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR
CAN-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module
in ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive
information via ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (DiGi Web Server)
+ NOT-FOR-US: DiGi Web Server
CAN-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video
Gallery ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows
remote ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung
...)
- NOTE: not-for-us (Samsung SmartEther SS6215Sswitch)
+ NOT-FOR-US: Samsung SmartEther SS6215Sswitch
CAN-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB)
1.0.6 and ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB)
1.0.6 ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board
(OpenBB) ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Bulletin ...)
- NOTE: not-for-us (OpenBB)
+ NOT-FOR-US: OpenBB
CAN-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network
Query ...)
- NOTE: not-for-us (Network Query Tool (NQT))
+ NOT-FOR-US: Network Query Tool (NQT)
CAN-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers
to ...)
- NOTE: not-for-us (Network Query Tool (NQT))
+ NOT-FOR-US: Network Query Tool (NQT)
CAN-2004-1962 (SQL injection vulnerability in index.php in Protector System
1.15b1 ...)
- NOTE: not-for-us (Protector System)
+ NOT-FOR-US: Protector System
CAN-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers
to ...)
- NOTE: not-for-us (Protector System)
+ NOT-FOR-US: Protector System
CAN-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in
...)
- NOTE: not-for-us (Protector System)
+ NOT-FOR-US: Protector System
CAN-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows
...)
- NOTE: not-for-us (Protector System)
+ NOT-FOR-US: Protector System
CAN-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal
engine ...)
- NOTE: not-for-us (Unreal engine)
+ NOT-FOR-US: Unreal engine
CAN-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke
0.726 ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via
a ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5
allows ...)
- NOTE: not-for-us (phProfession)
+ NOT-FOR-US: phProfession
CAN-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
- NOTE: not-for-us (phProfession)
+ NOT-FOR-US: phProfession
CAN-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive
information ...)
- NOTE: not-for-us (phProfession)
+ NOT-FOR-US: phProfession
CAN-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows
remote ...)
- NOTE: not-for-us (Advanced Guestbook)
+ NOT-FOR-US: Advanced Guestbook
CAN-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui
...)
- xine-ui 0.99.1
CAN-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the
...)
- phpbb2 2.0.9
CAN-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows
...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are
...)
NOTE: nonsense, all command line passwords can be intercepted at least
sometimes
CAN-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in
BitDefender ...)
- NOTE: not-for-us (bitdefender)
+ NOT-FOR-US: bitdefender
CAN-2004-1946 (Format string vulnerability in the PRINT_ERROR function in
common.c ...)
- cherokee 0.4.21b01-1
CAN-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote
attackers to ...)
- NOTE: not-for-us (Kinesphere eXchange POP3 )
+ NOT-FOR-US: Kinesphere eXchange POP3
CAN-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to
cause a ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2004-1943 (PHP remote code injection vulnerability in album_portal.php in
phpBB ...)
- NOTE: not-for-us (phpbb as modified by przemo)
+ NOT-FOR-US: phpbb as modified by przemo
CAN-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote
attackers to ...)
- NOTE: not-for-us (Fastream NETFile FTP/Web Server)
+ NOT-FOR-US: Fastream NETFile FTP/Web Server
CAN-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote
attackers to ...)
- kphone 1:4.0.2
CAN-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0
allows ...)
- NOTE: not-for-us (Zaep)
+ NOT-FOR-US: Zaep
CAN-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7
allows ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b
and ...)
- NOTE: not-for-us (Nuked-KlaN)
+ NOT-FOR-US: Nuked-KlaN
CAN-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows
remote ...)
- NOTE: not-for-us (ZoneAlarm)
+ NOT-FOR-US: ZoneAlarm
CAN-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline
allows ...)
- NOTE: not-for-us (SCT Campus Pipeline)
+ NOT-FOR-US: SCT Campus Pipeline
CAN-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel
3.50 ...)
- NOTE: not-for-us (Gemitel)
+ NOT-FOR-US: Gemitel
CAN-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and
files ...)
- NOTE: not-for-us (Citadel)
+ NOT-FOR-US: Citadel
CAN-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in
...)
- NOTE: not-for-us (PhpNuke)
+ NOT-FOR-US: PhpNuke
CAN-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode
function ...)
- NOTE: not-for-us (PhpNuke)
+ NOT-FOR-US: PhpNuke
CAN-2004-1929 (SQL injection vulnerability in the bblogin function in
functions.php ...)
- NOTE: not-for-us (PhpNuke)
+ NOT-FOR-US: PhpNuke
CAN-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1
and ...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1927 (Directory traversal vulnerability in the map feature
(tiki-map.phtml) ...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote
...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware
...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote
...)
- NOTE: not-for-us (tikiwiki)
+ NOT-FOR-US: tikiwiki
CAN-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based
on the ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded
"1502" ...)
- NOTE: not-for-us (X-Micro WLAN 11b Broadband Router)
+ NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CAN-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and
1.6.0.0 ...)
- NOTE: not-for-us (X-Micro WLAN 11b Broadband Router)
+ NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CAN-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows
remote ...)
- NOTE: not-for-us (Crackalaka)
+ NOT-FOR-US: Crackalaka
CAN-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service
...)
- NOTE: not-for-us (rsniff)
+ NOT-FOR-US: rsniff
CAN-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1
and ...)
- lcdproc 0.4.5
CAN-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other
0.4.x ...)
@@ -6012,35 +6012,35 @@
CAN-2004-1915 (Buffer overflow in the parse_all_client_messages function in
LCDproc ...)
- lcdproc 0.4.5
CAN-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar
1.1.a, as ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3)
block-Calendar1.php, ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1
...)
- NOTE: not-for-us (AzDGDatingLite)
+ NOT-FOR-US: AzDGDatingLite
CAN-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to
cause ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote
attackers to ...)
- clamav 0.68.1
CAN-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan
allows ...)
- NOTE: not-for-us (Mcafee FreeScan)
+ NOT-FOR-US: Mcafee FreeScan
CAN-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF)
...)
- NOTE: not-for-us (Kerio Personal Firewall)
+ NOT-FOR-US: Kerio Personal Firewall
CAN-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (Mcafee FreeScan)
+ NOT-FOR-US: Mcafee FreeScan
CAN-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to
cause ...)
- NOTE: not-for-us (Panda ActiveScan)
+ NOT-FOR-US: Panda ActiveScan
CAN-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows
remote ...)
- NOTE: not-for-us (Panda ActiveScan)
+ NOT-FOR-US: Panda ActiveScan
CAN-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to
execute ...)
- NOTE: not-for-us (blaxxun)
+ NOT-FOR-US: blaxxun
CAN-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central
credential ...)
- NOTE: not-for-us (Citrix MetaFrame Password Manager)
+ NOT-FOR-US: Citrix MetaFrame Password Manager
CAN-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite
arbitrary ...)
- NOTE: not-for-us (gentoo portage)
+ NOT-FOR-US: gentoo portage
CAN-2004-1900 (Format string vulnerability in the logging function in IGI 2
Covert ...)
- NOTE: not-for-us (IGI 2 Covert Strike server)
+ NOT-FOR-US: IGI 2 Covert Strike server
CAN-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows
remote ...)
- monit 1:4.2.1
CAN-2004-1898 (Stack-based buffer overflow in the administration interface in
Monit ...)
@@ -6048,179 +6048,179 @@
CAN-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote
...)
- monit 1:4.2.1-1
CAN-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1895 (YaST Online Update (YOU) in SuSE 9.0 allows local users to
overwrite ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option,
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1893 (Dreamweaver MX, when "Using Driver On Testing
Server" or "Using DSN on ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in
the ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20
"doesn''t work with ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a
denial ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users
to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY
username with ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1)
allow ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp
in ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2)
payonline.asp ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and
earlier ...)
- openldap2 2.1.17-1
CAN-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication,
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1876 (The "%f" feature in the VirusEvent directive
in Clam AntiVirus daemon ...)
- clamav 0.70-1
CAN-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1)
deliver.asp ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and
A-CART ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost
PHP ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro
4.6.x and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh
Guest ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to
cause a ...)
- nstx 1.1-beta4-1
CAN-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration
panel ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9
beta ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1863 (Cross-site scripting (XSS) vulnerability in editprofile.php in
Extreme ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm
to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG
AI R54 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web
Jetadmin ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin
7.5.2546, when ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and
earlier ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows
remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random
data ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel
9.1.0 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users
to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass
authentication ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5
allow ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News
Manager ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management
System ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1843 (SQL injection vulnerability in Member Management System 2.1
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for
PHP-Nuke ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS
Analysis ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to
obtain ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote
attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x
before ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top
Site ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client
headers, ...)
- apache2 2.0.53-1
CAN-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default
world ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote
attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php
in ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1828 (Vcard 2.9 and possibly other versions does not require
authorization ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3)
and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source
4.5 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo
Open ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin
before ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum
3.1 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5
through ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1820 (PHP remote code injection vulnerability in displaycategory.php
in ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote
attackers to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in
4nalbum ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in
Php-Nuke ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0
Update ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun
4.0, when ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services
(1) ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0
through ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to
cause a ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and
earlier ...)
- phpbb2 2.0.10-1
NOTE: probably fixed in 2.0.6d-3
@@ -6228,219 +6228,219 @@
NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail
NOTE: see bug #308875
CAN-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in
CFWebstore ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1805 (Format string vulnerability in games using the Epic Games Unreal
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide
their ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows
remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly
earlier ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is
enabled, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for
FreznoShop ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1796 (PHP remote code injection vulnerability in HotNews 0.7.2 and
earlier ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1795 (Info Touch Surfnet kiosk allows local users to access the
underlying ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off
2.3 and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote
attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses
a ...)
- NOTE: not-for-us (Edimax Router)
+ NOT-FOR-US: Edimax Router
CAN-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management
...)
- NOTE: not-for-us (Edimax Router)
+ NOT-FOR-US: Edimax Router
CAN-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management
...)
- NOTE: not-for-us (ZyWALL)
+ NOT-FOR-US: ZyWALL
CAN-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web
...)
- NOTE: not-for-us (ASP-Nuke)
+ NOT-FOR-US: ASP-Nuke
CAN-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote
...)
- NOTE: not-for-us (PostCalendar)
+ NOT-FOR-US: PostCalendar
CAN-2004-1786 (PortalApp places user credentials under the web root with
insufficient ...)
- NOTE: not-for-us (PortalApp)
+ NOT-FOR-US: PortalApp
CAN-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power
Board ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows
...)
- NOTE: not-for-us (web server of Webcam Watchdog)
+ NOT-FOR-US: web server of Webcam Watchdog
CAN-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server
1.0 ...)
- NOTE: not-for-us (Net2Soft Flash FTP Server)
+ NOT-FOR-US: Net2Soft Flash FTP Server
CAN-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers
to ...)
- NOTE: not-for-us (Athena Web Registration)
+ NOT-FOR-US: Athena Web Registration
CAN-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and
...)
- NOTE: not-for-us (Info Touch Surfnet kiosk)
+ NOT-FOR-US: Info Touch Surfnet kiosk
CAN-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra
time into ...)
- NOTE: not-for-us (Info Touch Surfnet kiosk)
+ NOT-FOR-US: Info Touch Surfnet kiosk
CAN-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for
ThWboard ...)
- NOTE: not-for-us (ThWboard)
+ NOT-FOR-US: ThWboard
CAN-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and
...)
- NOTE: not-for-us (omail webmail)
+ NOT-FOR-US: omail webmail
CAN-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for
...)
- openldap2 2.1.17-1
CAN-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon
6.5.2 ...)
- NOTE: not-for-us (MDaemon)
+ NOT-FOR-US: MDaemon
CAN-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629
allows ...)
- NOTE: not-for-us (MyProxy)
+ NOT-FOR-US: MyProxy
CAN-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote
...)
- cherokee 0.4.21b01-1
CAN-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6
allows ...)
- NOTE: not-for-us (VieBoard)
+ NOT-FOR-US: VieBoard
CAN-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6
Beta 1 ...)
- NOTE: not-for-us (VieBoard)
+ NOT-FOR-US: VieBoard
CAN-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through
0.2.3 ...)
- NOTE: not-for-us (Booby)
+ NOT-FOR-US: Booby
CAN-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List
of ...)
- NOTE: not-for-us (Portal DB)
+ NOT-FOR-US: Portal DB
CAN-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows
remote ...)
- NOTE: not-for-us (IA WebMail Server)
+ NOT-FOR-US: IA WebMail Server
CAN-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to
cause a ...)
- NOTE: not-for-us (e107)
+ NOT-FOR-US: e107
CAN-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24
through ...)
- NOTE: not-for-us (PHPRecipeBook)
+ NOT-FOR-US: PHPRecipeBook
CAN-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP
Clusters, ...)
- NOTE: not-for-us (Nokia IPSO)
+ NOT-FOR-US: Nokia IPSO
CAN-2003-1188 (Unichat allows remote attackers to cause a denial of service
(crash) ...)
- NOTE: not-for-us (Unichat)
+ NOT-FOR-US: Unichat
CAN-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in
PHPKIT ...)
- NOTE: not-for-us (PHPKIT)
+ NOT-FOR-US: PHPKIT
CAN-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210
Build3285 ...)
- NOTE: not-for-us (TelCondex SimpleWebServer)
+ NOT-FOR-US: TelCondex SimpleWebServer
CAN-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta
2.8.2 ...)
- NOTE: not-for-us (ThWboard)
+ NOT-FOR-US: ThWboard
CAN-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard
Beta ...)
- NOTE: not-for-us (ThWboard)
+ NOT-FOR-US: ThWboard
CAN-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and
...)
- NOTE: not-for-us (Oracle Collaboration Suite)
+ NOT-FOR-US: Oracle Collaboration Suite
CAN-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2
allows ...)
- NOTE: not-for-us (MPM Guestbook)
+ NOT-FOR-US: MPM Guestbook
CAN-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive
...)
- NOTE: not-for-us (Advanced Poll)
+ NOT-FOR-US: Advanced Poll
CAN-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows
remote ...)
- NOTE: not-for-us (Advanced Poll)
+ NOT-FOR-US: Advanced Poll
CAN-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced
Poll ...)
- NOTE: not-for-us (Advanced Poll)
+ NOT-FOR-US: Advanced Poll
CAN-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to
execute ...)
- NOTE: not-for-us (Advanced Poll)
+ NOT-FOR-US: Advanced Poll
CAN-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2
before ...)
- NOTE: not-for-us (MERCUR Mailserver)
+ NOT-FOR-US: MERCUR Mailserver
CAN-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when
quote ...)
- NOTE: not-for-us (Web Wiz Forums)
+ NOT-FOR-US: Web Wiz Forums
CAN-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll
1.5 ...)
- NOTE: not-for-us (Sympoll)
+ NOT-FOR-US: Sympoll
CAN-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local
users ...)
- NOTE: not-for-us (NullSoft Shoutcast Server)
+ NOT-FOR-US: NullSoft Shoutcast Server
CAN-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access
sensitive ...)
- NOTE: not-for-us (Centrinity FirstClass)
+ NOT-FOR-US: Centrinity FirstClass
CAN-2003-1172 (Directory traversal vulnerability in the view-source sample file
in ...)
- NOTE: not-for-us (Apache Software Foundation Cocoon)
+ NOT-FOR-US: Apache Software Foundation Cocoon
CAN-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in
...)
- libapache-mod-security 1.8.4-1
CAN-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and
0.9.5pre2 ...)
- NOTE: not-for-us (kpopup)
+ NOT-FOR-US: kpopup
CAN-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write
permissions for ...)
- NOTE: not-for-us (DATEV Nutzungskontrolle)
+ NOT-FOR-US: DATEV Nutzungskontrolle
CAN-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing
...)
- NOTE: not-for-us (kpopup)
+ NOT-FOR-US: kpopup
CAN-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2)
...)
- NOTE: not-for-us (HTTP Commander)
+ NOT-FOR-US: HTTP Commander
CAN-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote
...)
- NOTE: not-for-us (BRS WebWeaver)
+ NOT-FOR-US: BRS WebWeaver
CAN-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4
allows ...)
- mldonkey 2.5.11-1
CAN-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a
...)
- NOTE: not-for-us (Ganglia gmond)
+ NOT-FOR-US: Ganglia gmond
CAN-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote
attackers to ...)
- NOTE: not-for-us (Tritanium Bulletin Board)
+ NOT-FOR-US: Tritanium Bulletin Board
CAN-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on
kernel.bkbits.net, ...)
NOTE: ancient and unreleased source code with backdoor
CAN-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to
bypass ...)
- NOTE: not-for-us (FlexWATCH)
+ NOT-FOR-US: FlexWATCH
CAN-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers
to ...)
- NOTE: not-for-us (Plug and Play Web Server)
+ NOT-FOR-US: Plug and Play Web Server
CAN-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play
Web ...)
- NOTE: not-for-us (Plug and Play Web Server)
+ NOT-FOR-US: Plug and Play Web Server
CAN-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix
...)
- NOTE: not-for-us (Citrix)
+ NOT-FOR-US: Citrix
CAN-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit
(SDK) ...)
- NOTE: not-for-us (Sun JRE/SDK)
+ NOT-FOR-US: Sun JRE/SDK
CAN-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to
...)
- xcdroast 0.98+0alpha15-1
NOTE: woody seems to be vulnerable (see bug #310046)
CAN-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus
...)
- NOTE: not-for-us (MAILsweeper)
+ NOT-FOR-US: MAILsweeper
CAN-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary
files ...)
- NOTE: not-for-us (byteHoard)
+ NOT-FOR-US: byteHoard
CAN-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary
directories via ...)
- NOTE: not-for-us (WebTide)
+ NOT-FOR-US: WebTide
CAN-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile
Server ...)
- NOTE: not-for-us (Fastream)
+ NOT-FOR-US: Fastream
CAN-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell
NetWare ...)
- NOTE: not-for-us (Novell portmapper)
+ NOT-FOR-US: Novell portmapper
CAN-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton
Internet ...)
- NOTE: not-for-us (Symantec Norton Internet Security)
+ NOT-FOR-US: Symantec Norton Internet Security
CAN-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php
and (2) ...)
- NOTE: not-for-us (Les Visiteurs)
+ NOT-FOR-US: Les Visiteurs
CAN-2003-1147
NOTE: rejected
CAN-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP
Photo ...)
- NOTE: not-for-us (Easy PHP Photo Album)
+ NOT-FOR-US: Easy PHP Photo Album
CAN-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in
...)
- NOTE: not-for-us (OpenAutoClassifieds)
+ NOT-FOR-US: OpenAutoClassifieds
CAN-2003-1144 (Buffer overflow in the log viewing interface in Perception
LiteServe ...)
- NOTE: not-for-us (Perception LiteServe)
+ NOT-FOR-US: Perception LiteServe
CAN-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First
Encounter ...)
- NOTE: not-for-us (Croteam Serious Sam demo)
+ NOT-FOR-US: Croteam Serious Sam demo
CAN-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes
Windows ...)
- NOTE: not-for-us (NIPrint LPD-LPR)
+ NOT-FOR-US: NIPrint LPD-LPR
CAN-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to
execute ...)
- NOTE: not-for-us (NIPrint LPD-LPR)
+ NOT-FOR-US: NIPrint LPD-LPR
CAN-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to
execute ...)
- NOTE: not-for-us (Musicqueue)
+ NOT-FOR-US: Musicqueue
CAN-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files
by ...)
- NOTE: not-for-us (Musicqueue)
+ NOT-FOR-US: Musicqueue
CAN-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red
Hat ...)
- apache2 <not-affected> (Red Hat specific default config)
CAN-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote
attackers to ...)
- NOTE: not-for-us (sh-httpd)
+ NOT-FOR-US: sh-httpd
CAN-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong
Guestbook ...)
- NOTE: not-for-us (Chi Kien Uong Guestbook)
+ NOT-FOR-US: Chi Kien Uong Guestbook
CAN-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers
to ...)
- NOTE: not-for-us (Yahoo! Messenger)
+ NOT-FOR-US: Yahoo! Messenger
CAN-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a
denial ...)
- NOTE: not-for-us (Sun JVM)
+ NOT-FOR-US: Sun JVM
CAN-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new
accounts ...)
- NOTE: not-for-us (The Bat!)
+ NOT-FOR-US: The Bat!
CAN-2002-1660 (calendar.php in vBulletin 2.0.3 and earlier allows remote
attackers to ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain
...)
- NOTE: not-for-us (PortalApp)
+ NOT-FOR-US: PortalApp
CAN-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform
authorization ...)
- NOTE: not-for-us (BEA Tuxedo)
+ NOT-FOR-US: BEA Tuxedo
CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on
the ...)
- mozilla-firefox 1.0.4-1
CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary
Javascript ...)
- mozilla-firefox 1.0.4-1
TODO: check mozilla too
CAN-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows
remote ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to
install ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with
physical ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly
enforce ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and
5.3 ...)
- NOTE: not-for-us (RSA SecurID Web Agent)
+ NOT-FOR-US: RSA SecurID Web Agent
CAN-2005-XXXX [race condition with a buffered temp file]
NOTE: no bug ever filed for this one
- pysvn 1.1.2-3
@@ -6507,9 +6507,9 @@
CAN-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other
versions, ...)
- openssh 1:3.8p1
CAN-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (Leafnode2 development branch)
+ NOT-FOR-US: Leafnode2 development branch
CAN-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote
...)
- NOTE: not-for-us (Leafnode2 development branch)
+ NOT-FOR-US: Leafnode2 development branch
CAN-2005-XXXX [Missing input validation in xtradius]
NOTE: not shipped in deb
- xtradius 1.2.1-beta2-2 (low)
@@ -6530,130 +6530,130 @@
CAN-2005-XXXX [Unspeficied security issue in ipsec-tool''s single DES
support]
- ipsec-tools 0.5.2-1
CAN-2005-1452 (Serendipity before 0.8 allows Chief users to "hide
plugins installed ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1451 (The media manager in Serendipity before 0.8 allows remote
attackers to ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1450 (Unknown vulnerability in "the function used to validate
path-names for ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for
...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin
for ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel
2.6.1 ...)
- NOTE: not-for-us (SitePanel)
+ NOT-FOR-US: SitePanel
CAN-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers
to ...)
- NOTE: not-for-us (SitePanel)
+ NOT-FOR-US: SitePanel
CAN-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1
and ...)
- NOTE: not-for-us (SitePanel)
+ NOT-FOR-US: SitePanel
CAN-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel
2.6.1 ...)
- NOTE: not-for-us (SitePanel)
+ NOT-FOR-US: SitePanel
CAN-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
for ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before
6.5.4 ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5
and ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt
Shop ...)
- NOTE: not-for-us (ViArt Shop)
+ NOT-FOR-US: ViArt Shop
CAN-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket
...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket
allows ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote
...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket
allow ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote
authenticated ...)
NOTE: Was once part of Debian, but has been removed
CAN-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node
Manager (OV ...)
- NOTE: not-for-us (HP OpenView)
+ NOT-FOR-US: HP OpenView
CAN-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation
...)
- NOTE: not-for-us (HP OpenView)
+ NOT-FOR-US: HP OpenView
CAN-2005-1432
NOTE: reserved
CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2
before 1.2.3 and 1.0 before ...)
NOTE: Sarge will get a different fix with only the security fix
- gnutls11 1.0.16-13.1
CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a
pseudo ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1
allows ...)
- NOTE: not-for-us (WWWguestbook)
+ NOT-FOR-US: WWWguestbook
CAN-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote
attackers ...)
- NOTE: not-for-us (Uapplication Uphotogallery)
+ NOT-FOR-US: Uapplication Uphotogallery
CAN-2005-1427 (Uapplication Uphotogallery stores the database under the web
document ...)
- NOTE: not-for-us (Uapplication Uphotogallery)
+ NOT-FOR-US: Uapplication Uphotogallery
CAN-2005-1426 (Uapplication Ublog Reload stores the database under the web
document ...)
- NOTE: not-for-us (Uapplication Ublog)
+ NOT-FOR-US: Uapplication Ublog
CAN-2005-1425 (Uapplication Uguestbook stores the database under the web
document ...)
- NOTE: not-for-us (Uapplication Uguestbook)
+ NOT-FOR-US: Uapplication Uguestbook
CAN-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail
address,and ...)
- NOTE: not-for-us (GoText)
+ NOT-FOR-US: GoText
CAN-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN
SUITE ...)
- NOTE: not-for-us (602 LAN SUITE)
+ NOT-FOR-US: 602 LAN SUITE
CAN-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote
attackers to ...)
- NOTE: not-for-us (Raysoft Video Cam Server)
+ NOT-FOR-US: Raysoft Video Cam Server
CAN-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam
Server ...)
- NOTE: not-for-us (Raysoft Video Cam Server)
+ NOT-FOR-US: Raysoft Video Cam Server
CAN-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote
attackers to ...)
- NOTE: not-for-us (Raysoft Video Cam Server)
+ NOT-FOR-US: Raysoft Video Cam Server
CAN-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12
...)
- NOTE: not-for-us (Ocean12 Mailing list manager)
+ NOT-FOR-US: Ocean12 Mailing list manager
CAN-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock
Password in ...)
- NOTE: not-for-us (Netleaf)
+ NOT-FOR-US: Netleaf
CAN-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x,
1.35, and ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows
remote ...)
- NOTE: not-for-us (04WebServer)
+ NOT-FOR-US: 04WebServer
CAN-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows
remote ...)
- NOTE: not-for-us (GlobalSCAPE Secure FTP Server)
+ NOT-FOR-US: GlobalSCAPE Secure FTP Server
CAN-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information,
...)
- NOTE: not-for-us (FilePocket)
+ NOT-FOR-US: FilePocket
CAN-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow
remote ...)
- NOTE: not-for-us (enVivo)
+ NOT-FOR-US: enVivo
CAN-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional
...)
- NOTE: not-for-us (ECommPro)
+ NOT-FOR-US: ECommPro
CAN-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...)
- NOTE: not-for-us (ICUII)
+ NOT-FOR-US: ICUII
CAN-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the
(1) ...)
- postgresql 7.4.7-6
CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to
certain ...)
- postgresql 7.4.7-6
CAN-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read
arbitrary ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to
bypass the ...)
- NOTE: not-for-us (Skype)
+ NOT-FOR-US: Skype
CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not
properly ...)
- kfreebsd5-source 5.3-10
CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader
function ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by
...)
- NOTE: not-for-us (MyPHP Forum)
+ NOT-FOR-US: MyPHP Forum
CAN-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in
JustWilliam''s ...)
- NOTE: not-for-us (JW Amazon Web Store)
+ NOT-FOR-US: JW Amazon Web Store
CAN-2005-1402 (Integer signedness error in certain older versions of the NeL
library, ...)
- NOTE: not-for-us (NeL libarary)
+ NOT-FOR-US: NeL libarary
CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2
and ...)
- NOTE: not-for-us (Mtp-Target)
+ NOT-FOR-US: Mtp-Target
CAN-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to
5.4 ...)
- kfreebsd5-source 5.3-10
CAN-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default
permissions ...)
- kfreebsd5-source 5.3-10
CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other
versions, ...)
- NOTE: not-for-us (Skype)
+ NOT-FOR-US: Skype
CAN-2004-1777 (A "range check error" in Skype for Windows
before 0.98.0.28 allows ...)
- NOTE: not-for-us (Skype)
+ NOT-FOR-US: Skype
CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change
product ...)
- NOTE: not-for-us (PHPCart)
+ NOT-FOR-US: PHPCart
CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar
before ...)
- NOTE: not-for-us (PHPCalender)
+ NOT-FOR-US: PHPCalender
CAN-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier
allows ...)
- NOTE: not-for-us (ARPUS Ceterm)
+ NOT-FOR-US: ARPUS Ceterm
CAN-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier
may ...)
- NOTE: not-for-us (ARPUS Ceterm)
+ NOT-FOR-US: ARPUS Ceterm
CAN-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo
Workstation 9.0 ...)
- NOTE: not-for-us (ArcGIS)
+ NOT-FOR-US: ArcGIS
CAN-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation
9.0 ...)
- NOTE: not-for-us (ArcGIS)
+ NOT-FOR-US: ArcGIS
CAN-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
NOTE: In Debian this is only part of the examples in share/doc, any admin will
NOTE: have to modify it for his purposes anyway, so there''s no
security problem
@@ -6664,43 +6664,43 @@
CAN-2005-1389
NOTE: rejected
CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before
0.9.6 ...)
- NOTE: not-for-us (SURVIVOR)
+ NOT-FOR-US: SURVIVOR
CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service
...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow
remote ...)
- NOTE: not-for-us (phpCoin)
+ NOT-FOR-US: phpCoin
CAN-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is
disabled, ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote
attackers ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle
Webcache ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console
8.1 ...)
- NOTE: not-for-us (BEA Weblogic)
+ NOT-FOR-US: BEA Weblogic
CAN-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on
...)
- NOTE: not-for-us (Mandrake specific packaging flaw)
+ NOT-FOR-US: Mandrake specific packaging flaw
CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes
module ...)
- NOTE: not-for-us (phpbb mod)
+ NOT-FOR-US: phpbb mod
CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline
(aka ...)
- NOTE: not-for-us (Claroline)
+ NOT-FOR-US: Claroline
CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php
or ...)
- NOTE: not-for-us (Claroline)
+ NOT-FOR-US: Claroline
CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos)
1.5.3 ...)
- NOTE: not-for-us (Claroline)
+ NOT-FOR-US: Claroline
CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
(aka ...)
- NOTE: not-for-us (Claroline)
+ NOT-FOR-US: Claroline
CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4
Koobi ...)
- NOTE: not-for-us (Koobi CMS)
+ NOT-FOR-US: Koobi CMS
CAN-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not
properly drop ...)
- NOTE: not-for-us (NetVault)
+ NOT-FOR-US: NetVault
CAN-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not
...)
- NOTE: not-for-us (NetVault)
+ NOT-FOR-US: NetVault
CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP
OpenView ...)
- NOTE: not-for-us (HP OpenView)
+ NOT-FOR-US: HP OpenView
CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x
before ...)
NOTE: does not affect 2.4.27 per horms
- kernel-source-2.6.8 2.6.8-16
@@ -6709,103 +6709,103 @@
NOTE: does not affect 2.6.8, 2.4.27 per horms
- kernel-source-2.6.11 2.6.11-4
CAN-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read
...)
- NOTE: not-for-us (pServ)
+ NOT-FOR-US: pServ
CAN-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to
obtain ...)
- NOTE: not-for-us (pServ)
+ NOT-FOR-US: pServ
CAN-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to
execute ...)
- NOTE: not-for-us (pServ)
+ NOT-FOR-US: pServ
CAN-2005-XXXX [Insecure mailbox generation in passwd''s useradd]
NOTE: Incorrect open() call was introduced after 4.0.3 (the version in Sarge,
fixed in 4.0.8)
CAN-2005-XXXX [Insecure tempfile generation in shadow''s vipw]
NOTE: Fixed in 4.0.3-33 for sid, Sarge would need an update through t-p-u
- shadow 4.0.3-33
CAN-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow
...)
- NOTE: not-for-us (MetaBid Auctions)
+ NOT-FOR-US: MetaBid Auctions
CAN-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for
PayFlow ...)
- NOTE: not-for-us (MetaCart)
+ NOT-FOR-US: MetaCart
CAN-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for
Paypal ...)
- NOTE: not-for-us (MetaCart)
+ NOT-FOR-US: MetaCart
CAN-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0
allow ...)
- NOTE: not-for-us (MetaCart)
+ NOT-FOR-US: MetaCart
CAN-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS
1.1 ...)
- NOTE: not-for-us (GrayCMS)
+ NOT-FOR-US: GrayCMS
CAN-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script
allows ...)
- NOTE: not-for-us (text.cgi)
+ NOT-FOR-US: text.cgi
CAN-2005-1358 (text.cgi script allows remote attackers to execute arbitrary
commands ...)
- NOTE: not-for-us (text.cgi)
+ NOT-FOR-US: text.cgi
CAN-2005-1357 (text.cgi script allows remote attackers to read arbitrary files
via a ...)
- NOTE: not-for-us (text.cgi)
+ NOT-FOR-US: text.cgi
CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script
in The ...)
- NOTE: not-for-us (includer.cgi)
+ NOT-FOR-US: includer.cgi
CAN-2005-1355 (includer.cgi in The Includer allows remote attackers to read
arbitrary ...)
- NOTE: not-for-us (includer.cgi)
+ NOT-FOR-US: includer.cgi
CAN-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary
...)
- NOTE: not-for-us (forum.pl)
+ NOT-FOR-US: forum.pl
CAN-2005-1353 (The forum.pl script allows remote attackers to read arbitrary
files ...)
- NOTE: not-for-us (forum.pl)
+ NOT-FOR-US: forum.pl
CAN-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script
allows ...)
- NOTE: not-for-us (ad.cgi)
+ NOT-FOR-US: ad.cgi
CAN-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary
...)
- NOTE: not-for-us (ad.cgi)
+ NOT-FOR-US: ad.cgi
CAN-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary
files via ...)
- NOTE: not-for-us (ad.cgi)
+ NOT-FOR-US: ad.cgi
CAN-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051
allows ...)
{DSA-727-1}
- libconvert-uulib-perl 1.0.5.1
CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and
earlier ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-1347 (** UNVERIFIABLE ** ...)
- NOTE: not-for-us (acrobat)
+ NOT-FOR-US: acrobat
CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus
2005 ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error
when it ...)
{DSA-721-1}
- squid 2.5.9-7
CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers
to ...)
- apache2 2.0.54-3
CAN-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS
X ...)
- NOTE: not-for-us (vpnd for Mac OS X)
+ NOT-FOR-US: vpnd for Mac OS X
CAN-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X
...)
- NOTE: not-for-us (Apple Terminal)
+ NOT-FOR-US: Apple Terminal
CAN-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary
commands ...)
- NOTE: not-for-us (Apple Terminal)
+ NOT-FOR-US: Apple Terminal
CAN-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does
not ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users
to ...)
NOTE: verified that our lukemftpd uses pw->pw_name when
NOTE: checking /etc/ftpchroot.
CAN-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use
...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows
remote ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9
allows ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to
gain ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1334
NOTE: rejected
CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and
object ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the
Bluetooth ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly
display ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of
...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to
obtain ...)
- NOTE: not-for-us (OneWorldStore)
+ NOT-FOR-US: OneWorldStore
CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (OneWorldStore)
+ NOT-FOR-US: OneWorldStore
CAN-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab
...)
- NOTE: not-for-us (Woltlab Burning Board)
+ NOT-FOR-US: Woltlab Burning Board
CAN-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows
remote ...)
- NOTE: not-for-us (VooDoo cIRCle BOTNET)
+ NOT-FOR-US: VooDoo cIRCle BOTNET
CAN-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read
and ...)
- NOTE: not-for-us (phpMyVisites)
+ NOT-FOR-US: phpMyVisites
CAN-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
for ...)
- NOTE: not-for-us (phpMyVisites)
+ NOT-FOR-US: phpMyVisites
CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows
remote ...)
- NOTE: not-for-us (NetTerm)
+ NOT-FOR-US: NetTerm
CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List
...)
- nag 1.1-3.1
CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation
module ...)
@@ -6819,7 +6819,7 @@
CAN-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards
E-Mail ...)
- sork-forwards 2.2.2-1
CAN-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module
before ...)
- NOTE: not-for-us (Hord Chora module)
+ NOT-FOR-US: Hord Chora module
CAN-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts
module ...)
- sork-accounts 2.1.2-1
CAN-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module
before ...)
@@ -6830,67 +6830,67 @@
CAN-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module
before ...)
- sork-passwd 2.2.2-1
CAN-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2
...)
- NOTE: not-for-us (Yappa-NG)
+ NOT-FOR-US: Yappa-NG
CAN-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before
2.3.2 ...)
- NOTE: not-for-us (Yappa-NG)
+ NOT-FOR-US: Yappa-NG
CAN-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote
attackers to ...)
- NOTE: not-for-us (bBlog)
+ NOT-FOR-US: bBlog
CAN-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows
remote ...)
- NOTE: not-for-us (bBlog)
+ NOT-FOR-US: bBlog
CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script
or ...)
NOTE: upstream says attack won''t work, see bug 307575
CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local
users to ...)
- NOTE: not-for-us (Adobe Version Cue)
+ NOT-FOR-US: Adobe Version Cue
CAN-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and
7.0.1 ...)
- NOTE: not-for-us (Adobe Reader 7)
+ NOT-FOR-US: Adobe Reader 7
CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary
files ...)
- NOTE: not-for-us (hyper.cgi)
+ NOT-FOR-US: hyper.cgi
CAN-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary
files ...)
- NOTE: not-for-us (citat.pl)
+ NOT-FOR-US: citat.pl
CAN-2005-1303 (The citat.pl script allows remote attackers to read arbitrary
files ...)
- NOTE: not-for-us (citat.pl)
+ NOT-FOR-US: citat.pl
CAN-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows
remote ...)
- NOTE: not-for-us (Confixx)
+ NOT-FOR-US: Confixx
CAN-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the
update ...)
- NOTE: not-for-us (nProtect:Netizen)
+ NOT-FOR-US: nProtect:Netizen
CAN-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi
script ...)
- NOTE: not-for-us (inserter.cgi)
+ NOT-FOR-US: inserter.cgi
CAN-2005-1299 (The inserter.cgi script allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (inserter.cgi)
+ NOT-FOR-US: inserter.cgi
CAN-2005-1298 (The inserter.cgi script allows remote attackers to read
arbitrary ...)
- NOTE: not-for-us (inserter.cgi)
+ NOT-FOR-US: inserter.cgi
CAN-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi
script ...)
- NOTE: not-for-us (include.cgi)
+ NOT-FOR-US: include.cgi
CAN-2005-1296 (include.cgi script allows remote attackers to execute arbitrary
...)
- NOTE: not-for-us (include.cgi)
+ NOT-FOR-US: include.cgi
CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary
files via ...)
- NOTE: not-for-us (include.cgi)
+ NOT-FOR-US: include.cgi
CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack
for ...)
- affix-kernel 2.1.1-1.1
CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in
StorePortal ...)
- NOTE: not-for-us (StorePortal)
+ NOT-FOR-US: StorePortal
CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ
ASP ...)
- NOTE: not-for-us (CartWIZ ASP Cart)
+ NOT-FOR-US: CartWIZ ASP Cart
CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow
...)
- NOTE: not-for-us (CartWIZ ASP Cart)
+ NOT-FOR-US: CartWIZ ASP Cart
CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB
2.0.14 ...)
- phpbb2 2.0.13-6sarge1 (low)
CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (E-Cart)
+ NOT-FOR-US: E-Cart
CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote
attackers ...)
- NOTE: not-for-us (ACS Blog)
+ NOT-FOR-US: ACS Blog
CAN-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow
remote ...)
- NOTE: not-for-us (BK Forum)
+ NOT-FOR-US: BK Forum
CAN-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from
starting ...)
- NOTE: not-for-us (Bitdefender)
+ NOT-FOR-US: Bitdefender
CAN-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in
WoltLab ...)
- NOTE: not-for-us (Woltlab Burning Board)
+ NOT-FOR-US: Woltlab Burning Board
CAN-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows
remote ...)
- NOTE: not-for-us (Argosoft Mail Server Pro)
+ NOT-FOR-US: Argosoft Mail Server Pro
CAN-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail
Server ...)
- NOTE: not-for-us (Argosoft Mail Server Pro)
+ NOT-FOR-US: Argosoft Mail Server Pro
CAN-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft
Mail ...)
- NOTE: not-for-us (Argosoft Mail Server Pro)
+ NOT-FOR-US: Argosoft Mail Server Pro
CAN-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a
denial ...)
- ethereal 0.10.10-2
CAN-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows
remote ...)
@@ -6912,11 +6912,11 @@
CAN-2005-1273
NOTE: reserved
CAN-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft
SQL ...)
- NOTE: not-for-us (Backup Agent for Microsoft SQL)
+ NOT-FOR-US: Backup Agent for Microsoft SQL
CAN-2005-1271
NOTE: rejected
CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit
Hunter ...)
- NOTE: not-for-us (Rootkit Hunter)
+ NOT-FOR-US: Rootkit Hunter
CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may
allow ...)
- apache 1.3.31-1
CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
@@ -6961,27 +6961,27 @@
CAN-2005-1257
NOTE: reserved
CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in
IMail ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in
IMail 8.12 ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch
IMail 8.12 ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-1253
NOTE: reserved
CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server
in ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-1251
NOTE: reserved
CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front
end ...)
- NOTE: not-for-us (IpSwitch)
+ NOT-FOR-US: IpSwitch
CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite
(ICS) ...)
- NOTE: not-for-us (IMail)
+ NOT-FOR-US: IMail
CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote
attackers to ...)
- NOTE: not-for-us (Apple iTunes)
+ NOT-FOR-US: Apple iTunes
CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers
to ...)
- NOTE: not-for-us (Novell Nsure Audit)
+ NOT-FOR-US: Novell Nsure Audit
CAN-2005-1246 (Format string vulnerability in the snmppd_log function in ...)
- NOTE: not-for-us (snmppd)
+ NOT-FOR-US: snmppd
CAN-2005-XXXX [Multiple security problems in Quake 2]
NOTE: this release added lots of warnings about the security problems
- quake2 1:0.3-1.1
@@ -6990,86 +6990,86 @@
CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.4.2, ...)
- mediawiki <itp> (bug #276057)
CAN-2005-1244 (Directory traversal vulnerability in the third party tool from
NetIQ, ...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1243 (Directory traversal vulnerability in the third party tool from
...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1242 (Directory traversal vulnerability in the third party tool from
Bsafe, ...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1241 (Directory traversal vulnerability in the third party tool from
...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1240 (Directory traversal vulnerability in the third party tool from
...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1239 (Directory traversal vulnerability in the third party tool from
...)
- NOTE: not-for-us (AS/400 FTP server addon)
+ NOT-FOR-US: AS/400 FTP server addon
CAN-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems
does not ...)
- NOTE: not-for-us (AS/400 FTP server)
+ NOT-FOR-US: AS/400 FTP server
CAN-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3
allows ...)
- NOTE: not-for-us (FlexPHPNews)
+ NOT-FOR-US: FlexPHPNews
CAN-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2
and ...)
- NOTE: not-for-us (DUPortal)
+ NOT-FOR-US: DUPortal
CAN-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows
...)
- NOTE: not-for-us (phpbb-Auction)
+ NOT-FOR-US: phpbb-Auction
CAN-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow
remote ...)
- NOTE: not-for-us (phpbb-Auction)
+ NOT-FOR-US: phpbb-Auction
CAN-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP
Labs ...)
- NOTE: not-for-us (PHP Labs proFile)
+ NOT-FOR-US: PHP Labs proFile
CAN-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE
Proxy ...)
- NOTE: not-for-us (Sun ONE Proxy Server)
+ NOT-FOR-US: Sun ONE Proxy Server
CAN-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function
in ...)
- NOTE: not-for-us (JAWS)
+ NOT-FOR-US: JAWS
CAN-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote
...)
- NOTE: not-for-us (Yawcan)
+ NOT-FOR-US: Yawcan
CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows
...)
- cpio <unfixed> (bug #306693; medium)
CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4
through ...)
{DSA-752-1}
- gzip 1.3.5-10
CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and
earlier ...)
- NOTE: not-for-us (PHPProjekt)
+ NOT-FOR-US: PHPProjekt
CAN-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext,
which ...)
- NOTE: not-for-us (Coppermine Photo Gallery)
+ NOT-FOR-US: Coppermine Photo Gallery
CAN-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2
allows ...)
- NOTE: not-for-us (Coppermine Photo Gallery)
+ NOT-FOR-US: Coppermine Photo Gallery
CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro
3.4 ...)
- NOTE: not-for-us (DUPortal)
+ NOT-FOR-US: DUPortal
CAN-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar
manager ...)
- NOTE: not-for-us (Ocean12 Calender manager)
+ NOT-FOR-US: Ocean12 Calender manager
CAN-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers
to ...)
- NOTE: not-for-us (Annuaire Netref)
+ NOT-FOR-US: Annuaire Netref
CAN-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts
EcommPro ...)
- NOTE: not-for-us (ECommPro)
+ NOT-FOR-US: ECommPro
CAN-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to
obtain ...)
- NOTE: not-for-us (Shoutbox)
+ NOT-FOR-US: Shoutbox
CAN-2005-1219 (Buffer overflow in the Microsoft Color Management Module for
Windows ...)
- NOTE: not-for-us (Microsoft Color Management Module)
+ NOT-FOR-US: Microsoft Color Management Module
CAN-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server,
Windows ...)
- NOTE: not-for-us (Microsoft Color Management Module)
+ NOT-FOR-US: Microsoft Color Management Module
CAN-2005-1217
NOTE: reserved
CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the
ISA ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted
Internet ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft
Outlook ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1211 (Buffer overflow in the PNG image rendering component of
Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1210
NOTE: reserved
CAN-2005-1209
NOTE: reserved
CAN-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and
earlier, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows
XP and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality
for ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003,
and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1657 (PostgreSQL uses the username for a salt when generating
passwords, ...)
NOTE: This is not a real world problem; it''s only applicable in rare
circurstances
NOTE: like someone analysing stolen user database information and even then
the gain
@@ -7077,23 +7077,23 @@
CAN-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security
implications]
- libpam-ssh 1.91.0-9
CAN-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote
...)
- NOTE: not-for-us (Desktop Rover)
+ NOT-FOR-US: Desktop Rover
CAN-2005-1203 (Multiple SQL injection vulnerabilities in index.php in
eGroupware ...)
- egroupware 1.0.0.007-2.dfsg-1
CAN-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in
eGroupware ...)
- egroupware 1.0.0.007-2.dfsg-1
CAN-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin
board ...)
- NOTE: not-for-us (AZbb)
+ NOT-FOR-US: AZbb
CAN-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ
...)
- NOTE: not-for-us (AZbb)
+ NOT-FOR-US: AZbb
CAN-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads
allows ...)
- NOTE: not-for-us (UBB.threads)
+ NOT-FOR-US: UBB.threads
CAN-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda
Foundation ...)
- NOTE: not-for-us (Anaconda Foundation Directory)
+ NOT-FOR-US: Anaconda Foundation Directory
CAN-2005-1197 (SQL injection vulnerability in the ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base
module for ...)
- NOTE: not-for-us (PHPBB Knowledgebase Mod)
+ NOT-FOR-US: PHPBB Knowledgebase Mod
CAN-2005-1195 (Multiple heap-based buffer overflows in the code used to handle
(1) ...)
NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in
Debian
- xine-lib 1.0.1-1
@@ -7102,19 +7102,19 @@
CAN-2005-1193 (The bbencode_second_pass and make_clickable functions in
bbcode.php ...)
- phpbb2 2.0.13-6sarge1 (medium)
CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11,
B.11.22, and ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read
and ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst
Operating ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and
11500, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2001-1476 (SSH before 2.0, with RC4 encryption and the "disallow
NULL passwords" ...)
- NOTE: not-for-us (Commercial SSH)
+ NOT-FOR-US: Commercial SSH
CAN-2001-1475 (SSH before 2.0, when using RC4 and password authentication,
allows ...)
- NOTE: not-for-us (Commercial SSH)
+ NOT-FOR-US: Commercial SSH
CAN-2001-1474 (SSH before 2.0 disables host key checking when connecting to the
...)
- NOTE: not-for-us (Commercial SSH)
+ NOT-FOR-US: Commercial SSH
CAN-2001-1473 (The SSH-1 protocol allows remote servers conduct
man-in-the-middle ...)
NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CAN-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and
1.4.1 ...)
@@ -7126,55 +7126,55 @@
CAN-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to
...)
NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CAN-2001-1468 (PHP remote code injection vulnerability in checklogin.php in
...)
- NOTE: not-for-us (phpSecurePages)
+ NOT-FOR-US: phpSecurePages
CAN-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through
7.0, ...)
NOTE: in expect 5.42.1, mkpasswd does not seed by pid; doesn''t seem
NOTE: to seed at all; my tests indicate it generates no dups in
NOTE: some 100000 passwords.
CAN-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using
the ...)
- NOTE: not-for-us (VanDyke SecureCRT)
+ NOT-FOR-US: VanDyke SecureCRT
CAN-2001-1465 (SurfControl SuperScout only filters packets containing both an
HTTP ...)
- NOTE: not-for-us (SurfControl SuperScout)
+ NOT-FOR-US: SurfControl SuperScout
CAN-2001-1464 (Crystal Reports, when displaying data for a password protected
...)
- NOTE: not-for-us (Crystal Reports)
+ NOT-FOR-US: Crystal Reports
CAN-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends
the ...)
- NOTE: not-for-us (RhinoSoft Serv-U)
+ NOT-FOR-US: RhinoSoft Serv-U
CAN-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for
Windows, ...)
- NOTE: not-for-us (RSA Security SecurID)
+ NOT-FOR-US: RSA Security SecurID
CAN-2001-1461 (Directory traversal vulnerability in WebID in RSA Security
SecurID 5.0 ...)
- NOTE: not-for-us (RSA Security SecurID)
+ NOT-FOR-US: RSA Security SecurID
CAN-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62
through ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable
Authentication ...)
- openssh 3.0.1p1-1
CAN-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and
6.0 ...)
- NOTE: not-for-us (Novell Groupwise)
+ NOT-FOR-US: Novell Groupwise
CAN-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows
remote ...)
- NOTE: not-for-us (CrazyWWWBoard)
+ NOT-FOR-US: CrazyWWWBoard
CAN-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for
...)
- NOTE: not-for-us (Gauntlet Firewall)
+ NOT-FOR-US: Gauntlet Firewall
CAN-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers
to ...)
- NOTE: not-for-us (Netegrity SiteMinder)
+ NOT-FOR-US: Netegrity SiteMinder
CAN-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers
to ...)
- mysql-dfsg 3.23.33-1
CAN-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and
earlier ...)
- mysql-dfsg 3.23.33-1
CAN-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000
Server ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for
...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to
cause ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake
Linux 7.1 ...)
- NOTE: not-for-us (Mandrake specific packaging flaw)
+ NOT-FOR-US: Mandrake specific packaging flaw
CAN-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows
local ...)
- NOTE: not-for-us (Magic eDeveloper)
+ NOT-FOR-US: Magic eDeveloper
CAN-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local
users to ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates
world-readable ...)
- NOTE: not-for-us (MacOS X)
+ NOT-FOR-US: MacOS X
CAN-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0
through ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV
and ...)
NOTE: Generic protocol flaw
CAN-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do
not ...)
@@ -7183,25 +7183,25 @@
- inn2 2.3.3+20020922-1
- innfeed 0.10.1.7-7
CAN-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java
3.5 ...)
- NOTE: not-for-us (VisualAge for Java)
+ NOT-FOR-US: VisualAge for Java
CAN-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable
...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01
...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard
module ...)
- NOTE: not-for-us (Handspring Visor)
+ NOT-FOR-US: Handspring Visor
CAN-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the
full ...)
- NOTE: not-for-us (easyScripts easyNews)
+ NOT-FOR-US: easyScripts easyNews
CAN-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values
when ...)
- NOTE: not-for-us (Dallas Semiconductor iButton DS1991)
+ NOT-FOR-US: Dallas Semiconductor iButton DS1991
CAN-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a
denial of ...)
- NOTE: not-for-us (Tru64 UNIX)
+ NOT-FOR-US: Tru64 UNIX
CAN-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to
read ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers
to ...)
- NOTE: not-for-us (Quikstore Shopping Cart)
+ NOT-FOR-US: Quikstore Shopping Cart
CAN-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and
execute ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple
Linux ...)
- lpr 0.48-1
CAN-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple
Linux ...)
@@ -7209,69 +7209,69 @@
CAN-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier
does not ...)
- gcc-3.3 3.3.4-1
CAN-2000-1218 (The default configuration for the domain name resolver for
Microsoft ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running
in a ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to
corrupt ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes
system ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to
execute ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-1999-1582 (By design, the "established" command on the
Cisco PIX firewall allows ...)
- NOTE: not-for-us (Cisco PIX)
+ NOT-FOR-US: Cisco PIX
CAN-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent
...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a
forwarding ...)
- NOTE: not-for-us (Sun''s sendmail)
+ NOT-FOR-US: Sun''s sendmail
CAN-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server
Editions ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-1999-1578 (Buffer overflow in Registration Wizard ActiveX control
(regwizc.dll, ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1
for ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...)
- NOTE: not-for-us (Acrobat Reader)
+ NOT-FOR-US: Acrobat Reader
CAN-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image
Annotation ...)
- NOTE: not-for-us (Kodak/Wang tools for IE)
+ NOT-FOR-US: Kodak/Wang tools for IE
CAN-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may
allow ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-1999-1573 (Multiple unknown vulnerabilities in the
"r-cmnds" (1) remshd, (2) ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on
Windows ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to
cause a ...)
- NOTE: not-for-us (WebcamXP)
+ NOT-FOR-US: WebcamXP
CAN-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO
v2.16.468 and ...)
- NOTE: not-for-us (WebcamXP)
+ NOT-FOR-US: WebcamXP
CAN-2005-1188 (Cross-site scripting (XSS) vulnerability in
comersus_searchItem.asp in ...)
- NOTE: not-for-us (ComersusCart)
+ NOT-FOR-US: ComersusCart
CAN-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly
other ...)
- NOTE: not-for-us (WinHex)
+ NOT-FOR-US: WinHex
CAN-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the
musicmatch.com ...)
- NOTE: not-for-us (Musicmatch)
+ NOT-FOR-US: Musicmatch
CAN-2005-1185 (MMFWLaunch.exe in Musicmatch Jukebox 10.00.2047 and earlier does
not ...)
- NOTE: not-for-us (Musicmatch)
+ NOT-FOR-US: Musicmatch
CAN-2005-1184 (The TCP/IP stack in multiple operating systems allows remote
attackers ...)
NOTE: This looks rather obscure -jmm
TODO: check
CAN-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4
allows ...)
- NOTE: not-for-us (mvnForum)
+ NOT-FOR-US: mvnForum
CAN-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access
for ...)
- NOTE: not-for-us (iSeries OS)
+ NOT-FOR-US: iSeries OS
CAN-2005-1181 (** DISPUTED ** ...)
- NOTE: not-for-us (Ariadne CMS)
+ NOT-FOR-US: Ariadne CMS
CAN-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in
...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for
various ...)
- NOTE: not-for-us (Xerox)
+ NOT-FOR-US: Xerox
CAN-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200
...)
NOTE: According to maintainer posting in debian-release this does only affect
1.190
NOTE: and not the version in Sarge
CAN-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file
while ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC)
in MIT ...)
{DSA-757-1}
TODO: check krb4
@@ -7281,33 +7281,33 @@
TODO: check krb4
- krb5 1.3.6-4 (medium)
CAN-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2
package ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows
remote ...)
- NOTE: not-for-us (PMSoftware Simple Web Server)
+ NOT-FOR-US: PMSoftware Simple Web Server
CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in
Coppermine ...)
- NOTE: not-for-us (Coppermine Photo Gallery)
+ NOT-FOR-US: Coppermine Photo Gallery
CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the
datenbank ...)
- NOTE: not-for-us (moddb phpbb2 add-on)
+ NOT-FOR-US: moddb phpbb2 add-on
CAN-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module
for ...)
- NOTE: not-for-us (moddb phpbb2 add-on)
+ NOT-FOR-US: moddb phpbb2 add-on
CAN-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin
directory, ...)
- NOTE: not-for-us (Mafia Blog)
+ NOT-FOR-US: Mafia Blog
CAN-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier
allows ...)
- NOTE: not-for-us (Musicmatch)
+ NOT-FOR-US: Musicmatch
CAN-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program
Files ...)
- NOTE: not-for-us (Musicmatch)
+ NOT-FOR-US: Musicmatch
CAN-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS
process in ...)
- NOTE: not-for-us (Dameware)
+ NOT-FOR-US: Dameware
CAN-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Yager game)
+ NOT-FOR-US: Yager game
CAN-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Yager game)
+ NOT-FOR-US: Yager game
CAN-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote
...)
- NOTE: not-for-us (Yager game)
+ NOT-FOR-US: Yager game
CAN-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in
OneWorldStore ...)
- NOTE: not-for-us (OneWorldStore)
+ NOT-FOR-US: OneWorldStore
CAN-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow
remote ...)
- NOTE: not-for-us (OneWorldStore)
+ NOT-FOR-US: OneWorldStore
CAN-2005-1160 (The privileged "chrome" UI code in Firefox
before 1.0.3 and Mozilla ...)
{DSA-781-1}
- mozilla-firefox 1.0.3-1
@@ -7342,64 +7342,64 @@
{DSA-728-1}
- qpopper 4.0.5-4sarge1
CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and
...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it
ACNews ...)
- NOTE: not-for-us (ACNews)
+ NOT-FOR-US: ACNews
CAN-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to
obtain ...)
- NOTE: not-for-us (CalenderScript)
+ NOT-FOR-US: CalenderScript
CAN-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to
obtain ...)
- NOTE: not-for-us (CalenderScript)
+ NOT-FOR-US: CalenderScript
CAN-2005-1146 (** DISPUTED ** ...)
- NOTE: not-for-us (CalenderScript)
+ NOT-FOR-US: CalenderScript
CAN-2005-1145 (** DISPUTED ** ...)
- NOTE: not-for-us (CalenderScript)
+ NOT-FOR-US: CalenderScript
CAN-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote
attackers to ...)
- NOTE: not-for-us (EasyPHPCalender)
+ NOT-FOR-US: EasyPHPCalender
CAN-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...)
- NOTE: not-for-us (EasyPHPCalender)
+ NOT-FOR-US: EasyPHPCalender
CAN-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for
GOCR ...)
- gocr 0.39-5
CAN-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40,
when ...)
- gocr 0.39-5
CAN-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1
allows ...)
- NOTE: not-for-us (MyBloggie)
+ NOT-FOR-US: MyBloggie
CAN-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before
6.0.9 ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to
obtain ...)
- NOTE: not-for-us (sphpBlog)
+ NOT-FOR-US: sphpBlog
CAN-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and
(2) ...)
- NOTE: not-for-us (sphpBlog)
+ NOT-FOR-US: sphpBlog
CAN-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for
Simple PHP ...)
- NOTE: not-for-us (sphpBlog)
+ NOT-FOR-US: sphpBlog
CAN-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and
...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error
messages ...)
- NOTE: not-for-us (AS/400 system software)
+ NOT-FOR-US: AS/400 system software
CAN-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (LG mobile phone)
+ NOT-FOR-US: LG mobile phone
CAN-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and
earlier ...)
- NOTE: not-for-us (Veritas Focalpoint Server)
+ NOT-FOR-US: Veritas Focalpoint Server
CAN-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in
Pinnacle Cart ...)
- NOTE: not-for-us (PinnacleCart)
+ NOT-FOR-US: PinnacleCart
CAN-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an
...)
- egroupware 1.0.0.007-2.dfsg-1
CAN-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier
allow ...)
- NOTE: not-for-us (VHCS)
+ NOT-FOR-US: VHCS
CAN-2005-1127 (Format string vulnerability in the log function in Net::Server
0.87 ...)
- NOTE: not-for-us (Free BSD)
+ NOT-FOR-US: Free BSD
CAN-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through
4.11 ...)
- NOTE: not-for-us (Free BSD)
+ NOT-FOR-US: Free BSD
CAN-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in
...)
NOTE: Has been removed from Sarge
- libsafe <unfixed> (bug #305070; medium)
CAN-2005-1124 (Unknown vulnerability in the libgss Generic Security Services
Library ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to
cause ...)
- NOTE: not-for-us (monkeyd)
+ NOT-FOR-US: monkeyd
CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd)
...)
- NOTE: not-for-us (monkeyd)
+ NOT-FOR-US: monkeyd
CAN-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for
Oops! ...)
{DSA-726-1}
NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
@@ -7409,119 +7409,119 @@
CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt
arbitrary ...)
- sudo <unfixed> (bug #283161; low)
CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in
the ...)
- NOTE: not-for-us (RSA authentication agent)
+ NOT-FOR-US: RSA authentication agent
CAN-2005-1117 (PHP remote code injection vulnerability in index.php in ...)
- NOTE: not-for-us (All4WWW Homepage creator)
+ NOT-FOR-US: All4WWW Homepage creator
CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module
for ...)
- NOTE: not-for-us (phpbb2 calendar addon)
+ NOT-FOR-US: phpbb2 calendar addon
CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo
Album ...)
- NOTE: not-for-us (Photo Album)
+ NOT-FOR-US: Photo Album
CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in
Photo ...)
- NOTE: not-for-us (Photo Album)
+ NOT-FOR-US: Photo Album
CAN-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB
Plus 1.52 ...)
- NOTE: not-for-us (PhpBB Plus)
+ NOT-FOR-US: PhpBB Plus
CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing
the ...)
- NOTE: not-for-us (IBM Websphere)
+ NOT-FOR-US: IBM Websphere
CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to
modify ...)
- cpio <unfixed> (bug #305372; low)
CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente
function in ...)
- NOTE: not-for-us (Sumus web server)
+ NOT-FOR-US: Sumus web server
CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows
remote ...)
{DSA-713-1}
NOTE: only part of Woody, has been removed from Sarge and sid
- NOTE: not-for-us (Junkbuster)
+ NOT-FOR-US: Junkbuster
NOTE: checked privoxy, is not vulnerable
CAN-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
{DSA-713-1}
NOTE: only part of Woody, has been removed from Sarge and sid
- NOTE: not-for-us (Junkbuster)
+ NOT-FOR-US: Junkbuster
NOTE: checked privoxy, is not vulnerable
CAN-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs
for ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2005-XXXX [Remote DoS vulnerabilities in postgrey]
- postgrey 1.21-1
CAN-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote
attackers ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-1105 (Directory traversal vulnerability in the
MimeBodyPart.getFileName ...)
NOTE: api vulnerablity
- libgnumail-java <unfixed> (bug #304712; low)
CAN-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7
...)
- NOTE: not-for-us (Centra)
+ NOT-FOR-US: Centra
CAN-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5
through ...)
- NOTE: not-for-us (Sygate Secure Enterprise)
+ NOT-FOR-US: Sygate Secure Enterprise
CAN-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOTE: Upstream developers don''t consider this an issue, see bug
#304468
CAN-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4
allow ...)
- NOTE: not-for-us (Lotus Domino Server)
+ NOT-FOR-US: Lotus Domino Server
CAN-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in
...)
- postfix-gld 1.5-1
CAN-2005-1099 (Multiple buffer overflows in the HandleChild function in
server.c in ...)
- postfix-gld 1.5-1
CAN-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in
...)
- NOTE: not-for-us (GetDataBack for NTFS (Windows))
+ NOT-FOR-US: GetDataBack for NTFS (Windows)
CAN-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext
in the ...)
- NOTE: not-for-us (Rebrand P2P Share Spy)
+ NOT-FOR-US: Rebrand P2P Share Spy
CAN-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership
Manager ...)
- NOTE: not-for-us (Ocean12 Membership Manager Pro)
+ NOT-FOR-US: Ocean12 Membership Manager Pro
CAN-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12
...)
- NOTE: not-for-us (Ocean12 Membership Manager Pro)
+ NOT-FOR-US: Ocean12 Membership Manager Pro
CAN-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in
...)
- NOTE: not-for-us (FTP Now)
+ NOT-FOR-US: FTP Now
CAN-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM,
with ...)
- NOTE: not-for-us (Miranda IM)
+ NOT-FOR-US: Miranda IM
CAN-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in
plaintext ...)
- NOTE: not-for-us (DeluxeFTP)
+ NOT-FOR-US: DeluxeFTP
CAN-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the
security ...)
- NOTE: not-for-us (Maxthon)
+ NOT-FOR-US: Maxthon
CAN-2005-1090 (Directory traversal vulnerability in the readFile and writeFile
API ...)
- NOTE: not-for-us (Maxthon)
+ NOT-FOR-US: Maxthon
CAN-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to
append ...)
- NOTE: not-for-us (DC++)
+ NOT-FOR-US: DC++
CAN-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier,
and ...)
- NOTE: not-for-us (DameWare NT Utilities and Mini Remote Control)
+ NOT-FOR-US: DameWare NT Utilities and Mini Remote Control
CAN-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN
HTTPD ...)
- NOTE: not-for-us (AN HTTPD)
+ NOT-FOR-US: AN HTTPD
CAN-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server
1.42n ...)
- NOTE: not-for-us (AN HTTPD)
+ NOT-FOR-US: AN HTTPD
CAN-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in
...)
- NOTE: not-for-us (aeDating)
+ NOT-FOR-US: aeDating
CAN-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2
allows ...)
- NOTE: not-for-us (aeDating)
+ NOT-FOR-US: aeDating
CAN-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include
arbitrary ...)
- NOTE: not-for-us (aeDating)
+ NOT-FOR-US: aeDating
CAN-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum
1.1.0 ...)
- NOTE: not-for-us (AtDGDatingPlatinum)
+ NOT-FOR-US: AtDGDatingPlatinum
CAN-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...)
- NOTE: not-for-us (AtDGDatingPlatinum)
+ NOT-FOR-US: AtDGDatingPlatinum
CAN-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar)
...)
- NOTE: not-for-us (JAR in J2SE SDK)
+ NOT-FOR-US: JAR in J2SE SDK
TODO: check jar extractors in Debian just to be safe
CAN-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery
2.1.2 ...)
- NOTE: not-for-us (zOOm Media Gallery)
+ NOT-FOR-US: zOOm Media Gallery
CAN-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows
...)
- NOTE: not-for-us (XAMPP Apache distribution specific issue)
+ NOT-FOR-US: XAMPP Apache distribution specific issue
CAN-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP
1.4.x ...)
- NOTE: not-for-us (XAMPP Apache distribution specific issue)
+ NOT-FOR-US: XAMPP Apache distribution specific issue
CAN-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board
...)
- NOTE: not-for-us (WebCT)
+ NOT-FOR-US: WebCT
CAN-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in
RadScripts ...)
- NOTE: not-for-us (RadScripts RadBids Gold)
+ NOT-FOR-US: RadScripts RadBids Gold
CAN-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids
Gold 2 ...)
- NOTE: not-for-us (RadScripts RadBids Gold)
+ NOT-FOR-US: RadScripts RadBids Gold
CAN-2005-1073 (Directory traversal vulnerability in index.php for RadScripts
RadBids ...)
- NOTE: not-for-us (RadScripts RadBids Gold)
+ NOT-FOR-US: RadScripts RadBids Gold
CAN-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5
allows ...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web
Portal ...)
- NOTE: not-for-us (JPortal)
+ NOT-FOR-US: JPortal
CAN-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board
1.3.1 ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown
...)
- NOTE: not-for-us (sCssBoard)
+ NOT-FOR-US: sCssBoard
CAN-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and
earlier ...)
- NOTE: not-for-us (sCssBoard)
+ NOT-FOR-US: sCssBoard
CAN-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local
users to ...)
- NOTE: not-for-us (Access_user class)
+ NOT-FOR-US: Access_user class
CAN-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local
users ...)
NOTE: the affected binary is not included in pine binary packages
NOTE: and the maintainer refuses to maintain code that is not
@@ -7532,44 +7532,44 @@
CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before
1.1.7 ...)
- rsnapshot 1.2.1-1
CAN-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up
to ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up
to ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to
prevent ...)
- logwatch 5.0-1
CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in
...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the
password ...)
- NOTE: not-for-us (Linksys WET11)
+ NOT-FOR-US: Linksys WET11
CAN-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP
profile ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server
XAUTH ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM)
6.2 ...)
- NOTE: not-for-us (HP OpenView Network Node Manager)
+ NOT-FOR-US: HP OpenView Network Node Manager
CAN-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the
web ...)
- NOTE: not-for-us (TowerBlog)
+ NOT-FOR-US: TowerBlog
CAN-2005-1054 (PHP remote code injection vulnerability in news.php in
ModernBill ...)
- NOTE: not-for-us (ModernBill)
+ NOT-FOR-US: ModernBill
CAN-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in
orderwiz.php in ...)
- NOTE: not-for-us (ModernBill)
+ NOT-FOR-US: ModernBill
CAN-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows
...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3
allows ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke
0.760-RC3 ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3
...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not
...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows
remote ...)
{DSA-714-1}
- kdelibs 3.3.2-6
CAN-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize
strings ...)
- NOTE: not-for-us (OpenText)
+ NOT-FOR-US: OpenText
CAN-2005-1044
NOTE: rejected
CAN-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a
denial ...)
@@ -7587,45 +7587,45 @@
CAN-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option,
allows ...)
NOTE: long fixed in Debian''s cron
CAN-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS
client, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO
...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown
attack ...)
- pavuk 0.9.32-1
CAN-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (SurgeFTP)
+ NOT-FOR-US: SurgeFTP
CAN-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (CubeCart)
+ NOT-FOR-US: CubeCart
CAN-2005-1032 (SQL injection vulnerability in cart.php in LiteCommerce allows
remote ...)
- NOTE: not-for-us (LiteCommerce)
+ NOT-FOR-US: LiteCommerce
CAN-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops
(exoops), ...)
- NOTE: not-for-us (exoops)
+ NOT-FOR-US: exoops
CAN-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active
Auction ...)
- NOTE: not-for-us (Active Auction House)
+ NOT-FOR-US: Active Auction House
CAN-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House
allow ...)
- NOTE: not-for-us (Active Auction House)
+ NOT-FOR-US: Active Auction House
CAN-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke
6.x ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB
2.0.x mods ...)
- NOTE: not-for-us (SnailSource phpBB mod)
+ NOT-FOR-US: SnailSource phpBB mod
CAN-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows
remote ...)
- NOTE: not-for-us (IBM)
+ NOT-FOR-US: IBM
CAN-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to
obtain ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke
6.x to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web
root ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through
12.3, when ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows
remote ...)
- NOTE: not-for-us (IOS)
+ NOT-FOR-US: IOS
CAN-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and
earlier ...)
- NOTE: not-for-us (Aeon)
+ NOT-FOR-US: Aeon
CAN-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates
(CA) ...)
- NOTE: not-for-us (CA ArcServe Backup)
+ NOT-FOR-US: CA ArcServe Backup
CAN-2005-XXXX [Some security issues in mod_security]
NOTE: I don''t understand mod_security fully, so I''m not
entirely sure which of
NOTE: the changelog entries matches the security criteria, but the changelog
@@ -7643,59 +7643,59 @@
CAN-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp
client]
- obexftp 0.10.7-3
CAN-2005-1017 (SQL injection vulnerability in the Update_Events function in
...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp
for ...)
- NOTE: not-for-us (MaxWebPortal)
+ NOT-FOR-US: MaxWebPortal
CAN-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote
...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise
1.04 and ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and
...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable
allows ...)
- NOTE: not-for-us (SiteEnable)
+ NOT-FOR-US: SiteEnable
CAN-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows
remote ...)
- NOTE: not-for-us (SiteEnable)
+ NOT-FOR-US: SiteEnable
CAN-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6
allows ...)
- NOTE: not-for-us (ComersusCart)
+ NOT-FOR-US: ComersusCart
CAN-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow
(1) ...)
- NOTE: not-for-us (NetVault)
+ NOT-FOR-US: NetVault
CAN-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for
ASP-DEv XM ...)
- NOTE: not-for-us (XM Forum)
+ NOT-FOR-US: XM Forum
CAN-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate
Pro ...)
- NOTE: not-for-us (CommuniGate Pro)
+ NOT-FOR-US: CommuniGate Pro
CAN-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL
SOHO ...)
- NOTE: not-for-us (SonicWALL)
+ NOT-FOR-US: SonicWALL
CAN-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...)
- NOTE: not-for-us (PayProCart)
+ NOT-FOR-US: PayProCart
CAN-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in
...)
- NOTE: not-for-us (PayProCart)
+ NOT-FOR-US: PayProCart
CAN-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode
...)
- NOTE: not-for-us (PayProCart)
+ NOT-FOR-US: PayProCart
CAN-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT)
allows ...)
- NOTE: not-for-us (LOG-FT File Transfer)
+ NOT-FOR-US: LOG-FT File Transfer
CAN-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke
7.6 ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x
through ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to
...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module
for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module
for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in
ProductCart 2.7 ...)
- NOTE: not-for-us (ProductCart)
+ NOT-FOR-US: ProductCart
CAN-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow
remote ...)
- NOTE: not-for-us (ProductCart)
+ NOT-FOR-US: ProductCart
CAN-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local
users ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in
phpMyAdmin ...)
- phpmyadmin 3:2.6.2-rc1-1
CAN-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a
secure location ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to
overwrite ...)
- sharutils 4.2.1-13
CAN-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine
for ...)
@@ -7708,45 +7708,45 @@
- gzip 1.3.5-10
NOTE: Essentially the same as CAN-2005-0953
CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before
5.0.50 ...)
- NOTE: not-for-us (IRC Services NickServ)
+ NOT-FOR-US: IRC Services NickServ
CAN-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server
6.5.1, ...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2005-0985
NOTE: reserved
CAN-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi
Knight: ...)
- NOTE: not-for-us (Star Wars game)
+ NOT-FOR-US: Star Wars game
CAN-2005-0983 (Quake 3 engine, as used in multiple games, allows remote
attackers to ...)
- NOTE: not-for-us (Quake 3 based games)
+ NOT-FOR-US: Quake 3 based games
CAN-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet
Another ...)
- NOTE: not-for-us (Yet Another Forum.net)
+ NOT-FOR-US: Yet Another Forum.net
CAN-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft EPay ...)
- NOTE: not-for-us (Alstrasoft EPay)
+ NOT-FOR-US: Alstrasoft EPay
CAN-2005-0980 (PHP remote code injection vulnerability in index.php in
AlstraSoft ...)
- NOTE: not-for-us (Alstrasoft EPay)
+ NOT-FOR-US: Alstrasoft EPay
CAN-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote
...)
- NOTE: not-for-us (Rumba)
+ NOT-FOR-US: Rumba
CAN-2005-0978 (Directory traversal vulnerability in the Object Push service in
IVT ...)
- NOTE: not-for-us (IVT BlueSoleil)
+ NOT-FOR-US: IVT BlueSoleil
CAN-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in
Linux ...)
- kernel-source-2.6.8 2.6.8-16
CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products
such as ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0975 (Integer signedness error in the parse_machfile function in the
mach-o ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9
and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X
10.3.9 ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9
and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X
...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and
...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0969 (Heap-based buffer overflow in the syscall emulation
functionality in ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows
remote ...)
- NOTE: not-for-us (CA eTrust IDS)
+ NOT-FOR-US: CA eTrust IDS
CAN-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service
...)
- gaim 1.2.1-1
CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
@@ -7756,28 +7756,28 @@
CAN-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly
...)
- gaim 1:1.2.1-1
CAN-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and
earlier ...)
- NOTE: not-for-us (Kerio firewall)
+ NOT-FOR-US: Kerio firewall
CAN-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only
examine ...)
- NOTE: not-for-us (ACPI BIOS hardware issue)
+ NOT-FOR-US: ACPI BIOS hardware issue
CAN-2005-0962 (SQL injection vulnerability in index.php for Lighthouse
Squirrelcart ...)
- NOTE: not-for-us (SquirrelCart)
+ NOT-FOR-US: SquirrelCart
CAN-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before
...)
- horde3 3.0.4-1
- horde2 2.2.8-1
CAN-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1)
tcp_input.c ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3
may ...)
- NOTE: not-for-us (YepYep mtftpd)
+ NOT-FOR-US: YepYep mtftpd
CAN-2005-0958 (Format string vulnerability in the log_do function in log.c for
YepYep ...)
- NOTE: not-for-us (YepYep mtftpd)
+ NOT-FOR-US: YepYep mtftpd
CAN-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote
...)
- NOTE: not-for-us (BayTech RPC)
+ NOT-FOR-US: BayTech RPC
CAN-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT
MX ...)
- NOTE: not-for-us (InterAKT MX Kart)
+ NOT-FOR-US: InterAKT MX Kart
CAN-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows
remote ...)
- NOTE: not-for-us (InterAKT MX Shop)
+ NOT-FOR-US: InterAKT MX Shop
CAN-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1
allows ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to
modify ...)
{DSA-730-1}
- bzip2 1.0.2-6
@@ -7787,33 +7787,33 @@
NOTE: file of the "attacked" user. Additionally the attacker needs
write permissions
NOTE: to the directory where the file is being uncompressed, ruling out /~
etc.
CAN-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB
3.1 ...)
- NOTE: not-for-us (PafileDB)
+ NOT-FOR-US: PafileDB
CAN-2005-0951
NOTE: rejected
CAN-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2
allows ...)
- NOTE: not-for-us (FastStone 4in1 Browser)
+ NOT-FOR-US: FastStone 4in1 Browser
CAN-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in
content.asp in ...)
- NOTE: not-for-us (PortalApp)
+ NOT-FOR-US: PortalApp
CAN-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows
...)
- NOTE: not-for-us (PortalApp)
+ NOT-FOR-US: PortalApp
CAN-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin
1.2.1b and ...)
- NOTE: not-for-us (phpCoin)
+ NOT-FOR-US: phpCoin
CAN-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows
...)
- NOTE: not-for-us (phpCoin)
+ NOT-FOR-US: phpCoin
CAN-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1
allows ...)
- NOTE: not-for-us (ACS Blog)
+ NOT-FOR-US: ACS Blog
CAN-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll),
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and
...)
- NOTE: not-for-us (Cisco Hardware issue)
+ NOT-FOR-US: Cisco Hardware issue
CAN-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server
Enterprise ...)
- NOTE: not-for-us (Sybase ASE)
+ NOT-FOR-US: Sybase ASE
CAN-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice
1.1.4 ...)
- openoffice.org 1.1.3-9
CAN-2005-0939
NOTE: reserved
CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the
web ...)
- NOTE: not-for-us (UBlog)
+ NOT-FOR-US: UBlog
CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform
...)
- kernel-source-2.6.8 2.6.8-16
CAN-2005-XXXX [Several DoS possibilities of clients against the server in
Freeciv]
@@ -7823,91 +7823,91 @@
CAN-2005-XXXX [KDE Kopete ICQ remote DoS]
- kdenetwork 4:3.3.2-2
CAN-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI
PayPal ...)
- NOTE: not-for-us (ESMI PayPal Storefront)
+ NOT-FOR-US: ESMI PayPal Storefront
CAN-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront
allow ...)
- NOTE: not-for-us (ESMI PayPal Storefront)
+ NOT-FOR-US: ESMI PayPal Storefront
CAN-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki
R4 ...)
- NOTE: not-for-us (WackoWiki)
+ NOT-FOR-US: WackoWiki
CAN-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN
1.2.1b ...)
- NOTE: not-for-us (phpCOIN)
+ NOT-FOR-US: phpCOIN
CAN-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and
earlier ...)
- NOTE: not-for-us (phpCOIN)
+ NOT-FOR-US: phpCOIN
CAN-2005-0931 (PHP remote code injection vulnerability in The Includer 1.0 and
1.1 ...)
- NOTE: not-for-us (The Includer)
+ NOT-FOR-US: The Includer
CAN-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in
Chatness ...)
- NOTE: not-for-us (Chatness)
+ NOT-FOR-US: Chatness
CAN-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow
remote ...)
- NOTE: not-for-us (PhotoPost PHP Pro)
+ NOT-FOR-US: PhotoPost PHP Pro
CAN-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost
PHP ...)
- NOTE: not-for-us (PhotoPost PHP Pro)
+ NOT-FOR-US: PhotoPost PHP Pro
CAN-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through
0.9.9.2 has ...)
- NOTE: not-for-us (WebAPP)
+ NOT-FOR-US: WebAPP
CAN-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers
to ...)
- sylpheed 1.0.4-1
- sylpheed-claws 1.0.4-1
CAN-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog
Reload ...)
- NOTE: not-for-us (Uapplication Ublog)
+ NOT-FOR-US: Uapplication Ublog
CAN-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0
allows ...)
- NOTE: not-for-us (Adventia E-Data)
+ NOT-FOR-US: Adventia E-Data
CAN-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec
Norton ...)
- NOTE: not-for-us (Norton AntiVirus)
+ NOT-FOR-US: Norton AntiVirus
CAN-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec
Norton ...)
- NOTE: not-for-us (Norton AntiVirus)
+ NOT-FOR-US: Norton AntiVirus
CAN-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows
local ...)
- NOTE: not-for-us (Lotus)
+ NOT-FOR-US: Lotus
CAN-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1
allow ...)
- NOTE: not-for-us (Bugtracker.NET)
+ NOT-FOR-US: Bugtracker.NET
CAN-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to
inject ...)
- NOTE: not-for-us (Adventia E-Data)
+ NOT-FOR-US: Adventia E-Data
CAN-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and
earlier, ...)
- NOTE: not-for-us (Adobe SVG Viewer)
+ NOT-FOR-US: Adobe SVG Viewer
CAN-2005-0917 (PHP remote code injection vulnerability in index_header.php for
...)
- NOTE: not-for-us (EncapsBB not in Debian)
+ NOT-FOR-US: EncapsBB
CAN-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64
architectures with ...)
- kernel-source-2.6.8 2.6.8-16
NOTE: 2.4 doesn''t seem to be vulnerable
CAN-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to
...)
- NOTE: not-for-us (Webmasters-Debutants WD Guestbook)
+ NOT-FOR-US: Webmasters-Debutants WD Guestbook
CAN-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG
Dragonfly ...)
- NOTE: not-for-us (CPG Dragonfly)
+ NOT-FOR-US: CPG Dragonfly
CAN-2005-0913 (Unknown vulnerability in the regex_replace modifier ...)
- smarty 2.6.8-1
CAN-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown
impact, ...)
- NOTE: not-for-us (deplate)
+ NOT-FOR-US: deplate
CAN-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow
remote ...)
- NOTE: not-for-us (exoops)
+ NOT-FOR-US: exoops
CAN-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops
allow ...)
- NOTE: not-for-us (exoops)
+ NOT-FOR-US: exoops
CAN-2005-0909 (PHP remote code injection vulnerability in shoutact.php for
TKai''s ...)
- NOTE: not-for-us (THai''s Shoutbox)
+ NOT-FOR-US: THai''s Shoutbox
CAN-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in
Valdersoft ...)
- NOTE: not-for-us (Valdersoft Shopping Cart)
+ NOT-FOR-US: Valdersoft Shopping Cart
CAN-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping
Cart 3.0 ...)
- NOTE: not-for-us (Valdersoft Shopping Cart)
+ NOT-FOR-US: Valdersoft Shopping Cart
CAN-2005-0906 (Buffer overflow in a player logging function in the Tincat
network ...)
- NOTE: not-for-us (Tincat network library)
+ NOT-FOR-US: Tincat network library
CAN-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain
potentially ...)
- NOTE: not-for-us (Maxthon)
+ NOT-FOR-US: Maxthon
CAN-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the
"Force shutdown ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote
...)
- NOTE: not-for-us (QuickTime PictureViewer)
+ NOT-FOR-US: QuickTime PictureViewer
CAN-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6
for ...)
- NOTE: not-for-us (NukeBookmarks for php-nuke)
+ NOT-FOR-US: NukeBookmarks for php-nuke
CAN-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in
NukeBookmarks ...)
- NOTE: not-for-us (NukeBookmarks for php-nuke)
+ NOT-FOR-US: NukeBookmarks for php-nuke
CAN-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote
attackers to ...)
- NOTE: not-for-us (NukeBookmarks for php-nuke)
+ NOT-FOR-US: NukeBookmarks for php-nuke
CAN-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default,
which ...)
- NOTE: not-for-us (AS/400 running OS400)
+ NOT-FOR-US: AS/400 running OS400
CAN-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in
...)
- NOTE: not-for-us (E-Store Kit-2 PayPal Edition)
+ NOT-FOR-US: E-Store Kit-2 PayPal Edition
CAN-2005-0897 (PHP remote code injection vulnerability in catalog.php in
E-Store ...)
- NOTE: not-for-us (E-Store Kit-2 PayPal Edition)
+ NOT-FOR-US: E-Store Kit-2 PayPal Edition
CAN-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in
review.php in ...)
- NOTE: not-for-us (phpMyDirectory)
+ NOT-FOR-US: phpMyDirectory
CAN-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Netcomm 1300NB DSL Modem)
+ NOT-FOR-US: Netcomm 1300NB DSL Modem
CAN-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow
local ...)
- openmosixview 1.5-7
CAN-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with
certain ...)
@@ -7925,18 +7925,18 @@
CAN-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1
allows ...)
- sharutils 1:4.2.1-11
CAN-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate
as ...)
- NOTE: not-for-us (X-News)
+ NOT-FOR-US: X-News
CAN-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and
...)
- NOTE: not-for-us (Netscape Enterprise Server)
+ NOT-FOR-US: Netscape Enterprise Server
CAN-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise
Server ...)
- NOTE: not-for-us (iPlanet Web Server Enterprise Edition and Netscape
Enterprise Server)
+ NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise
Server
CAN-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option,
does ...)
- cryptcat 20031202-2
NOTE: don''t know when it was fixed, verified above version is ok
CAN-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote
attackers ...)
- cgiemail 1.6-14
CAN-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97
allows ...)
- NOTE: not-for-us (Verity Search97)
+ NOT-FOR-US: Verity Search97
CAN-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail
before ...)
- squirrelmail 1:1.2.3
CAN-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in
...)
@@ -7946,45 +7946,45 @@
CAN-2002-1647 (The quick login feature in Slash Slashcode does not redirect the
user ...)
- slash <unfixed> (bug #160579; low)
CAN-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote
attackers to ...)
- NOTE: not-for-us (commercial ssh)
+ NOT-FOR-US: commercial ssh
CAN-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell
for ...)
- NOTE: not-for-us (commercial ssh)
+ NOT-FOR-US: commercial ssh
CAN-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for
Workstations ...)
- NOTE: not-for-us (commercial ssh)
+ NOT-FOR-US: commercial ssh
CAN-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server
9.0 ...)
- NOTE: not-for-us (RealNetworks Helix Universal Server)
+ NOT-FOR-US: RealNetworks Helix Universal Server
CAN-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete
transaction ...)
- postgresql 7.2.3
CAN-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows
remote ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL
package for ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i
Application ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1634 (Novell NetWare 5.1 installs sample applications that allow
remote ...)
- NOTE: not-for-us (NetWare)
+ NOT-FOR-US: NetWare
CAN-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to
execute ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample
pages ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1631 (SQL injection vulnerability in the query.xsql sample page in
Oracle 9i ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server
(9iAS) ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120,
MTPSR1-202ST, ...)
- NOTE: not-for-us (Multi-Tech ProxyServer)
+ NOT-FOR-US: Multi-Tech ProxyServer
CAN-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows
remote ...)
- NOTE: not-for-us (Dream4 Koobi CMS)
+ NOT-FOR-US: Dream4 Koobi CMS
CAN-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4
Koobi ...)
- NOTE: not-for-us (Dream4 Koobi CMS)
+ NOT-FOR-US: Dream4 Koobi CMS
CAN-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOTE: the hole was introduced in 0.9.4.3; I suppose that having
NOTE: this package be orphaned and not get updated for years from 0.9.2
@@ -7992,37 +7992,37 @@
CAN-2005-0887 (Code injection vulnerability in Double Choco Latte before
0.9.4.3 ...)
- dcl 1:0.9.4.4-1
CAN-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board
2.0.2 ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum
1.9.1 ...)
- NOTE: not-for-us (XMB Forum)
+ NOT-FOR-US: XMB Forum
CAN-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the
product by ...)
- NOTE: not-for-us (DigitalHive)
+ NOT-FOR-US: DigitalHive
CAN-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php
for ...)
- NOTE: not-for-us (DigitalHive)
+ NOT-FOR-US: DigitalHive
CAN-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before
1.2.0 ...)
- NOTE: not-for-us (BirdBlog)
+ NOT-FOR-US: BirdBlog
CAN-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment
for ...)
- NOTE: not-for-us (Interspire ArticleLive)
+ NOT-FOR-US: Interspire ArticleLive
CAN-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain
...)
- NOTE: not-for-us (Vortex Portal)
+ NOT-FOR-US: Vortex Portal
CAN-2005-0879 (PHP remote code injection vulnerability in (1) content.php and
(2) ...)
- NOTE: not-for-us (Vortex Portal)
+ NOT-FOR-US: Vortex Portal
CAN-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before
1.1.3 ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS
cache ...)
- dnsmasq 2.21
CAN-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow
attackers ...)
- dnsmasq 2.21
CAN-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0,
3.0, ...)
- NOTE: not-for-us (Trillian plugin)
+ NOT-FOR-US: Trillian plugin
CAN-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and
other ...)
- NOTE: not-for-us (Trillian plugin)
+ NOT-FOR-US: Trillian plugin
CAN-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp
in ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-0872 (Cross-site scripting (XSS) vulnerability in
calendar_scheduler.php in ...)
- NOTE: not-for-us (Topic Calendar phpbb2 plugin)
+ NOT-FOR-US: Topic Calendar phpbb2 plugin
CAN-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB,
when ...)
- NOTE: not-for-us (Topic Calendar phpbb2 plugin)
+ NOT-FOR-US: Topic Calendar phpbb2 plugin
CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in
phpSysInfo 2.3, ...)
{DSA-724-1}
- phpsysinfo 2.3-3
@@ -8038,112 +8038,112 @@
CAN-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users
to ...)
- cdrtools 2.01+01a01-4
CAN-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to
bypass ...)
- NOTE: not-for-us (Scalable OGo (SOGo))
+ NOT-FOR-US: Scalable OGo (SOGo)
CAN-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice
Mike''s ...)
- NOTE: not-for-us (Mike Spice Mike''s Vote CGI)
+ NOT-FOR-US: Mike Spice Mike''s Vote CGI
CAN-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice
Quiz Me! ...)
- NOTE: not-for-us (Mike Spice Quiz CGI)
+ NOT-FOR-US: Mike Spice Quiz CGI
CAN-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar
before 1.5 ...)
- NOTE: not-for-us (Mike Spice My Calendar)
+ NOT-FOR-US: Mike Spice My Calendar
CAN-2002-1625 (Macromedia Flash Player 6 does not terminate connections when
the user ...)
NOTE: fixed in macromedia flash shortly after discovery 3 years ago
NOTE: did not check the other flash players in debian for this
CAN-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when
...)
- NOTE: not-for-us (Lotus Domino)
+ NOT-FOR-US: Lotus Domino
CAN-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when
using ...)
- NOTE: not-for-us (General protocol flaw, cannot be fixed)
+ NOT-FOR-US: General protocol flaw, cannot be fixed
CAN-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow
...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX
4.3.x and ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support
Programs ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote
...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the
(1) ...)
- NOTE: not-for-us (Samsung ADSL modems)
+ NOT-FOR-US: Samsung ADSL modems
CAN-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2
and ...)
- NOTE: not-for-us (Samsung ASDL modems, Debian''s boa has been fixed
years ago)
+ NOT-FOR-US: Samsung ASDL modems, Debian''s boa has been fixed years
ago
CAN-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x
allows ...)
- NOTE: not-for-us (PHPOpenChat)
+ NOT-FOR-US: PHPOpenChat
CAN-2005-0862 (Multiple PHP remote code injection vulnerabilities in
PHPOpenChat ...)
- NOTE: not-for-us (PHPOpenChat)
+ NOT-FOR-US: PHPOpenChat
CAN-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow
...)
- NOTE: not-for-us (Delegate not in Debian)
+ NOT-FOR-US: Delegate
CAN-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0
allows ...)
- NOTE: not-for-us (TRG News Script)
+ NOT-FOR-US: TRG News Script
CAN-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b allows
...)
- NOTE: not-for-us (CzarNews)
+ NOT-FOR-US: CzarNews
CAN-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and
earlier ...)
- NOTE: not-for-us (CoolForum)
+ NOT-FOR-US: CoolForum
CAN-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for
CoolForum ...)
- NOTE: not-for-us (CoolForum)
+ NOT-FOR-US: CoolForum
CAN-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to
manipulate ...)
- NOTE: not-for-us (CoolForum)
+ NOT-FOR-US: CoolForum
CAN-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to
obtain ...)
- NOTE: not-for-us (CoolForum)
+ NOT-FOR-US: CoolForum
CAN-2005-0854 (betaparticle blog (bp blog) allows remote attackers to bypass
...)
- NOTE: not-for-us (betaparticle blog)
+ NOT-FOR-US: betaparticle blog
CAN-2005-0853 (betaparticle blog (bp blog) stores the database under the web
root, ...)
- NOTE: not-for-us (betaparticle blog)
+ NOT-FOR-US: betaparticle blog
CAN-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of
...)
- NOTE: not-for-us (Microsoft Windows)
+ NOT-FOR-US: Microsoft Windows
CAN-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...)
- NOTE: not-for-us (FileZilla FTP server)
+ NOT-FOR-US: FileZilla FTP server
CAN-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to
cause a ...)
- NOTE: not-for-us (FileZilla FTP server)
+ NOT-FOR-US: FileZilla FTP server
CAN-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road
Adventure ...)
- NOTE: not-for-us (Multiple commercial games by FUN Labs)
+ NOT-FOR-US: Multiple commercial games by FUN Labs
CAN-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road
Adventure ...)
- NOTE: not-for-us (Multiple commercial games by FUN Labs)
+ NOT-FOR-US: Multiple commercial games by FUN Labs
CAN-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Code Ocean FTP Server)
+ NOT-FOR-US: Code Ocean FTP Server
CAN-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does
not ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users
to ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a,
4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a,
4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute
...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g,
and 4.0f ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a,
4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g,
and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a,
4.0g, ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a,
4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a,
4.0g, ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a,
4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a,
4.0g, and ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f
...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and
possibly ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to
obtain ...)
- NOTE: not-for-us (GoAhead Web Server)
+ NOT-FOR-US: GoAhead Web Server
CAN-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11,
when ...)
NOTE: HAVE_BRAILLE not set in binary build
CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email
...)
- NOTE: not-for-us (SurgeMail)
+ NOT-FOR-US: SurgeMail
CAN-2005-0845 (Directory traversal vulnerability in the Webmail interface in
...)
- NOTE: not-for-us (SurgeMail)
+ NOT-FOR-US: SurgeMail
CAN-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the
memory or ...)
- NOTE: not-for-us (Nortel Contivity)
+ NOT-FOR-US: Nortel Contivity
CAN-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a
allows ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako
...)
- NOTE: not-for-us (Kayako eSupport)
+ NOT-FOR-US: Kayako eSupport
CAN-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php,
(3) ...)
- NOTE: not-for-us (phpmyfamily)
+ NOT-FOR-US: phpmyfamily
CAN-2005-0840
NOTE: rejected
CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the
N_MOUSE ...)
@@ -8153,39 +8153,39 @@
CAN-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser
and ...)
- icecast2 <unfixed> (bug #301368; low)
CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE
1.4.2 up ...)
- NOTE: not-for-us (Java Web Start for proprietary Sun Java)
+ NOT-FOR-US: Java Web Start for proprietary Sun Java
CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router
allows ...)
- NOTE: not-for-us (Belkin 54G router)
+ NOT-FOR-US: Belkin 54G router
CAN-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in
a ...)
- NOTE: not-for-us (Belkin 54G router)
+ NOT-FOR-US: Belkin 54G router
CAN-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to
access ...)
- NOTE: not-for-us (Belkin 54G router)
+ NOT-FOR-US: Belkin 54G router
CAN-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33
...)
- NOTE: not-for-us (PHP-Post)
+ NOT-FOR-US: PHP-Post
CAN-2005-0831 (PHP-Post allows remote attackers to spoof the names of other
users by ...)
- NOTE: not-for-us (PHP-Post)
+ NOT-FOR-US: PHP-Post
CAN-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and
earlier, ...)
- NOTE: not-for-us (Xzabite DynDNS Updater)
+ NOT-FOR-US: Xzabite DynDNS Updater
CAN-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the
...)
- NOTE: not-for-us (PHP-Fusion Addon)
+ NOT-FOR-US: PHP-Fusion Addon
CAN-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3)
e-Xoops ...)
- NOTE: not-for-us (e-Xoops based products)
+ NOT-FOR-US: e-Xoops based products
CAN-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops
1.05 ...)
- NOTE: not-for-us (e-Xoops based products)
+ NOT-FOR-US: e-Xoops based products
CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (OllyDbg MS Windows debugger)
+ NOT-FOR-US: OllyDbg MS Windows debugger
CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to
execute ...)
- ltris 1.0.6-1.1 (bug #291620)
CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x
before ...)
- mathopd 1.5p5-1
CAN-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root
...)
- NOTE: not-for-us (Cherokee not in Debian)
+ NOT-FOR-US: Cherokee
CAN-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows
remote ...)
- NOTE: not-for-us (Cherokee not in Debian)
+ NOT-FOR-US: Cherokee
CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1
4.1 ...)
- NOTE: not-for-us (Nokia Firewall appliances)
+ NOT-FOR-US: Nokia Firewall appliances
CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which
allows ...)
- NOTE: not-for-us (Cayman DSL router)
+ NOT-FOR-US: Cayman DSL router
CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows
local ...)
NOTE: I could track this down to this posting
NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html
@@ -8193,33 +8193,33 @@
NOTE: was triggered and even then it''s not a problem, as mcedit usage
does not
NOTE: have a remote impact and is not suid
CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are
shipped ...)
- NOTE: not-for-us (IPC@CHIP Embedded web server)
+ NOT-FOR-US: IPC@CHIP Embedded web server
CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2
...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132
through ...)
- NOTE: not-for-us (Alcatel Speed Touch)
+ NOT-FOR-US: Alcatel Speed Touch
CAN-2001-1425 (The challenge-response authentication of the EXPERT user for
Alcatel ...)
- NOTE: not-for-us (Alcatel Speed Touch)
+ NOT-FOR-US: Alcatel Speed Touch
CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...)
- NOTE: not-for-us (Alcatel Speed Touch)
+ NOT-FOR-US: Alcatel Speed Touch
CAN-2005-XXXX [Various /tmp related security issues in cernlib]
- cernlib 2004.11.04-3
CAN-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores
...)
- NOTE: not-for-us (iSnooker)
+ NOT-FOR-US: iSnooker
CAN-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a
password in ...)
- NOTE: not-for-us (Citrix)
+ NOT-FOR-US: Citrix
CAN-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager
3.0 ...)
- NOTE: not-for-us (Citrix)
+ NOT-FOR-US: Citrix
CAN-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive
information in ...)
- NOTE: not-for-us (MS Office)
+ NOT-FOR-US: MS Office
CAN-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote
...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows
remote ...)
- NOTE: not-for-us (Pun BB)
+ NOT-FOR-US: Pun BB
CAN-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec
Gateway ...)
- NOTE: not-for-us (Symantec Gateway)
+ NOT-FOR-US: Symantec Gateway
CAN-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local
users to ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0815 (Multiple "range checking flaws" in the ISO9660
filesystem handler in ...)
- kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 2.4.27-10
@@ -8227,90 +8227,90 @@
{DSA-717-1}
- lsh-utils 2.0.1-1
CAN-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1
and ...)
- NOTE: not-for-us (ir)
+ NOT-FOR-US: ir
CAN-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in
cleartext on ...)
- NOTE: not-for-us (NotifyLink)
+ NOT-FOR-US: NotifyLink
CAN-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict
access ...)
- NOTE: not-for-us (NotifyLink)
+ NOT-FOR-US: NotifyLink
CAN-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows
remote ...)
- NOTE: not-for-us (NotifyLink)
+ NOT-FOR-US: NotifyLink
CAN-2005-0809 (NotifyLink, when configured for client key retrieval, allows
remote ...)
- NOTE: not-for-us (NotifyLink)
+ NOT-FOR-US: NotifyLink
CAN-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Does not affect Tomcat 4.x according to
http://www.securityfocus.com/bid/12795/info/)
+ NOT-FOR-US: Does not affect Tomcat 4.x according to
http://www.securityfocus.com/bid/12795/info/
CAN-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67
allow remote ...)
- NOTE: not-for-us (Cain & Abel)
+ NOT-FOR-US: Cain & Abel
CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of
service ...)
- evolution 2.0.4-2
- evolution-data-server 1.2.2-1
CAN-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light,
when ...)
- NOTE: not-for-us (Subdreamer)
+ NOT-FOR-US: Subdreamer
CAN-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote
attackers ...)
- NOTE: not-for-us (MailEnable)
+ NOT-FOR-US: MailEnable
CAN-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows
2000 ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS
Blog 0.8 ...)
- NOTE: not-for-us (ACS Blog)
+ NOT-FOR-US: ACS Blog
CAN-2005-0801 (Directory traversal vulnerability in includer.cgi in The
Includer ...)
- NOTE: not-for-us (The Includer)
+ NOT-FOR-US: The Includer
CAN-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews
1.3 ...)
- NOTE: not-for-us (mcNews)
+ NOT-FOR-US: mcNews
CAN-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote
attackers ...)
- NOTE: not-for-us (MySQL on Windows)
+ NOT-FOR-US: MySQL on Windows
CAN-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier
versions, does ...)
- NOTE: not-for-us (Novell iChain)
+ NOT-FOR-US: Novell iChain
CAN-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error
messages ...)
- NOTE: not-for-us (Novell iChain)
+ NOT-FOR-US: Novell iChain
CAN-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows
remote ...)
- NOTE: not-for-us (Hola CMS)
+ NOT-FOR-US: Hola CMS
CAN-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes
...)
- NOTE: not-for-us (Hola CMS)
+ NOT-FOR-US: Hola CMS
CAN-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect
installation ...)
- NOTE: not-for-us (ZPanel not in Debian)
+ NOT-FOR-US: ZPanel
CAN-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel
allows ...)
- NOTE: not-for-us (ZPanel not in Debian)
+ NOT-FOR-US: ZPanel
CAN-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote
attackers to ...)
- NOTE: not-for-us (ZPanel not in Debian)
+ NOT-FOR-US: ZPanel
CAN-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in
phpAdsNew ...)
- NOTE: not-for-us (phpAdsNew not in Debian)
+ NOT-FOR-US: phpAdsNew
CAN-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
- NOTE: not-for-us (phpAdsNew not in Debian)
+ NOT-FOR-US: phpAdsNew
CAN-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows
remote ...)
- NOTE: not-for-us (SimpGB not in Debian)
+ NOT-FOR-US: SimpGB
CAN-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in
YaBB ...)
- NOTE: not-for-us (YaBB not in Debian)
+ NOT-FOR-US: YaBB
CAN-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum
before ...)
- NOTE: not-for-us (Phorum not in Debian)
+ NOT-FOR-US: Phorum
CAN-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before
5.0.14a ...)
- NOTE: not-for-us (Phorum not in Debian)
+ NOT-FOR-US: Phorum
CAN-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and
(2) ...)
- NOTE: not-for-us (paFileDB not in Debian)
+ NOT-FOR-US: paFileDB
CAN-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2)
category.php in ...)
- NOTE: not-for-us (paFileDB not in Debian)
+ NOT-FOR-US: paFileDB
CAN-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (paFileDB not in Debian)
+ NOT-FOR-US: paFileDB
CAN-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote
...)
- NOTE: not-for-us (PlatinumFTP not in Debian)
+ NOT-FOR-US: PlatinumFTP
CAN-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded
file is ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost
PHP ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify
...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does
not ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other
scripts ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent
9.0 ...)
- NOTE: not-for-us (VERITAS Backup Exec)
+ NOT-FOR-US: VERITAS Backup Exec
CAN-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and
9.0.4019 ...)
- NOTE: not-for-us (VERITAS Backup Exec)
+ NOT-FOR-US: VERITAS Backup Exec
CAN-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for
Windows ...)
- NOTE: not-for-us (VERITAS Backup Exec)
+ NOT-FOR-US: VERITAS Backup Exec
CAN-2005-0770 (Format string vulnerability in DataRescue Interactive
Disassembler and ...)
- NOTE: not-for-us (IDA Pro)
+ NOT-FOR-US: IDA Pro
CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech
Telnet ...)
- NOTE: not-for-us (GoodTech Telnet Server)
+ NOT-FOR-US: GoodTech Telnet Server
CAN-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1
...)
- kernel-source-2.6.8 2.6.8-15
CAN-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14
...)
@@ -8367,115 +8367,115 @@
- kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 2.4.27-10
CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
- NOTE: not-for-us (ActiveCampaign KnowledgeBuilder)
+ NOT-FOR-US: ActiveCampaign KnowledgeBuilder
CAN-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the
Adobe ...)
- NOTE: not-for-us (Adobe PhotoDeluxe)
+ NOT-FOR-US: Adobe PhotoDeluxe
CAN-2001-1423 (Advanced Poll before 1.61, when using a flat file database,
allows ...)
- NOTE: not-for-us (Advanced Poll not in Debian)
+ NOT-FOR-US: Advanced Poll
CAN-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for
...)
- NOTE: not-for-us (WinVNC)
+ NOT-FOR-US: WinVNC
CAN-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote
attackers to ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause
a ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote
...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause
a ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause
a ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log
...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
NOTE: Debian''s nvi recover script is very different
CAN-2005-XXXX [Connection related DoS possibility in OmniORB 4]
- omniorb4 4.0.5-2
CAN-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through
4.6.0 ...)
- NOTE: not-for-us (not part of Woody, has been removed from sarge/sid)
+ NOT-FOR-US: not part of Woody, has been removed from sarge/sid
CAN-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read
arbitrary ...)
- NOTE: not-for-us (Limewire has been removed from Sarge and sid, was never part
of stable)
+ NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of
stable
CAN-2005-0787 (Wine 20050211 and earlier creates temp files with world readable
...)
- wine 0.0.20050310-1.1
CAN-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote
...)
- openslp 1.0.11a-2
CAN-2005-0748 (PHP remote code injection vulnerability in initdb.php for
WEBInsta ...)
- NOTE: not-for-us (WEBInsta)
+ NOT-FOR-US: WEBInsta
CAN-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (ApplyYourself)
+ NOT-FOR-US: ApplyYourself
CAN-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier
...)
- NOTE: not-for-us (Novell iChain)
+ NOT-FOR-US: Novell iChain
CAN-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows
local ...)
- NOTE: not-for-us (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor)
+ NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor
CAN-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows
attackers ...)
- NOTE: not-for-us (Novell iChain)
+ NOT-FOR-US: Novell iChain
CAN-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS
2.0.9.2 ...)
- NOTE: not-for-us (XOOPS)
+ NOT-FOR-US: XOOPS
CAN-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
- NOTE: not-for-us (Sun Java System Application Server)
+ NOT-FOR-US: Sun Java System Application Server
CAN-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0
RC1 ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote
...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9
does ...)
{DSA-718-1}
- ethereal 0.9.10
CAN-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows
users to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to
execute ...)
- NOTE: not-for-us (Yahoo Messenger)
+ NOT-FOR-US: Yahoo Messenger
CAN-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux
kernel 2.6 ...)
NOTE: 2.6 through .11
NOTE: There is no epoll in 2.4
- kernel-source-2.6.8 2.6.8-14
CAN-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain
...)
- NOTE: not-for-us (newsscript)
+ NOT-FOR-US: newsscript
CAN-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
- NOTE: not-for-us (PY Software Active Webcam WebServer)
+ NOT-FOR-US: PY Software Active Webcam WebServer
CAN-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
- NOTE: not-for-us (PY Software Active Webcam WebServer)
+ NOT-FOR-US: PY Software Active Webcam WebServer
CAN-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
- NOTE: not-for-us (PY Software Active Webcam WebServer)
+ NOT-FOR-US: PY Software Active Webcam WebServer
CAN-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
- NOTE: not-for-us (PY Software Active Webcam WebServer)
+ NOT-FOR-US: PY Software Active Webcam WebServer
CAN-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
- NOTE: not-for-us (PY Software Active Webcam WebServer)
+ NOT-FOR-US: PY Software Active Webcam WebServer
CAN-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier
allows ...)
- NOTE: not-for-us (Xpand Rally)
+ NOT-FOR-US: Xpand Rally
CAN-2005-0728
NOTE: rejected
CAN-2005-0727
NOTE: rejected
CAN-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0
allows ...)
- NOTE: not-for-us (UBB.threads)
+ NOT-FOR-US: UBB.threads
CAN-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in
...)
- NOTE: not-for-us (wfsections)
+ NOT-FOR-US: wfsections
CAN-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain
sensitive ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu
function in ...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for
the ...)
- NOTE: not-for-us (eXPerience2)
+ NOT-FOR-US: eXPerience2
CAN-2005-0721 (PHP remote code injection vulnerability in modules.php in
eXPerience2 ...)
- NOTE: not-for-us (eXPerience2)
+ NOT-FOR-US: eXPerience2
CAN-2005-0720 (PHP remote code injection vulnerability in header.php in PHP
mcNews ...)
- NOTE: not-for-us (mcNews)
+ NOT-FOR-US: mcNews
CAN-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64
Unix ...)
- NOTE: not-for-us (Tru64)
+ NOT-FOR-US: Tru64
CAN-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a
...)
- squid 2.5.8
CAN-2005-0717
NOTE: reserved
CAN-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in
Mac OS X ...)
- NOTE: not-for-us (Mac OS)
+ NOT-FOR-US: Mac OS
CAN-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions
for ...)
- NOTE: not-for-us (Mac OS)
+ NOT-FOR-US: Mac OS
CAN-2005-0714
NOTE: rejected
CAN-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be
...)
- NOTE: not-for-us (Mac OS)
+ NOT-FOR-US: Mac OS
CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for
certain ...)
- NOTE: not-for-us (Mac OS)
+ NOT-FOR-US: Mac OS
CAN-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses
predictable ...)
{DSA-707-1}
- mysql-dfsg 4.0.24
@@ -8489,87 +8489,87 @@
- mysql-dfsg 4.0.24
- mysql-dfsg-4.1 4.1.10a
CAN-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5
through 5.4 ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2003-1130
NOTE: rejected
CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice
Chat) ...)
- NOTE: not-for-us (Yahoo Audio Conferencing ActiveX control)
+ NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server
between ...)
- NOTE: not-for-us (X2 XMMS Remote)
+ NOT-FOR-US: X2 XMMS Remote
CAN-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote
attackers ...)
- NOTE: not-for-us (e-Gap)
+ NOT-FOR-US: e-Gap
CAN-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through
SP5 on ...)
- NOTE: not-for-us (SunOne/iPlanet)
+ NOT-FOR-US: SunOne/iPlanet
CAN-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server
4.16, ...)
- NOTE: not-for-us (SunOne)
+ NOT-FOR-US: SunOne
CAN-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1,
3.0, and ...)
- NOTE: not-for-us (Sun Management Center)
+ NOT-FOR-US: Sun Management Center
CAN-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier
allows ...)
- NOTE: not-for-us (Sun JRE)
+ NOT-FOR-US: Sun JRE
CAN-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses
...)
- NOTE: not-for-us (ScriptLogic)
+ NOT-FOR-US: ScriptLogic
CAN-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before
4.14, ...)
- NOTE: not-for-us (ScriptLogic)
+ NOT-FOR-US: ScriptLogic
CAN-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix,
when the ...)
- NOTE: not-for-us (SSH Tectia Server)
+ NOT-FOR-US: SSH Tectia Server
CAN-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a
...)
NOTE: does not affect openssh
CAN-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions
allows ...)
- setiathome 3.04
CAN-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and
RealSystem ...)
- NOTE: not-for-us (RealSystem Server)
+ NOT-FOR-US: RealSystem Server
CAN-2003-1116 (The communications protocol for the Report Review Agent (RRA),
aka FND ...)
- NOTE: not-for-us (Oracle E-Business Suite)
+ NOT-FOR-US: Oracle E-Business Suite
CAN-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel
...)
- NOTE: not-for-us (Nortel Networks Succession Communication Server)
+ NOT-FOR-US: Nortel Networks Succession Communication Server
CAN-2003-1114 (The Session Initiation Protocol (SIP) implementation in
Mediatrix ...)
- NOTE: not-for-us (Mediatrix Telecom VoIP Access Devices and Gateways)
+ NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways
CAN-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel
SIP ...)
- NOTE: not-for-us (IPTel SIP Express Router)
+ NOT-FOR-US: IPTel SIP Express Router
CAN-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate
...)
- NOTE: not-for-us (Ingate Firewall and Ingate SIParator)
+ NOT-FOR-US: Ingate Firewall and Ingate SIParator
CAN-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple
...)
- NOTE: not-for-us (dynamicsoft)
+ NOT-FOR-US: dynamicsoft
CAN-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia
SIP ...)
- NOTE: not-for-us (Columbia SIP User Agent)
+ NOT-FOR-US: Columbia SIP User Agent
CAN-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple
Cisco ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel
...)
- NOTE: not-for-us (Alcatel)
+ NOT-FOR-US: Alcatel
CAN-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP)
6.4, 7.0, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows
remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0
SP1 ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows
...)
- NOTE: not-for-us (IBM Tivoli Firewall Toolbox)
+ NOT-FOR-US: IBM Tivoli Firewall Toolbox
CAN-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird
CyberDOCS ...)
- NOTE: not-for-us (Hummingbird CyberDOCS)
+ NOT-FOR-US: Hummingbird CyberDOCS
CAN-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS,
uses ...)
- NOTE: not-for-us (Hummingbird CyberDOCS)
+ NOT-FOR-US: Hummingbird CyberDOCS
CAN-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote
attackers to ...)
- NOTE: not-for-us (Hummingbird CyberDOCS)
+ NOT-FOR-US: Hummingbird CyberDOCS
CAN-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in
Hummingbird ...)
- NOTE: not-for-us (Hummingbird CyberDOCS)
+ NOT-FOR-US: Hummingbird CyberDOCS
CAN-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary
files ...)
- NOTE: not-for-us (shar on HP-UX)
+ NOT-FOR-US: shar on HP-UX
CAN-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which
introduced a ...)
- NOTE: not-for-us (HP-UX))
+ NOT-FOR-US: HP-UX)
CAN-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04,
when ...)
- NOTE: not-for-us (HP-UX))
+ NOT-FOR-US: HP-UX)
CAN-2002-1600 (Directory traversal vulnerability in Mike Spice''s My
Classifieds ...)
- NOTE: not-for-us (Mike Spice''s My Classifieds)
+ NOT-FOR-US: Mike Spice''s My Classifieds
CAN-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass
content ...)
- dansguardian 2.4.5-1
CAN-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and
...)
- NOTE: not-for-us (Computer Associates MLink)
+ NOT-FOR-US: Computer Associates MLink
CAN-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers
to ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid
on a ...)
NOTE: our pwck and grpck do not overflow and are not suid
CAN-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle
versioning ...)
@@ -8577,9 +8577,9 @@
CAN-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a
CGI ...)
- apache2 2.0.36
CAN-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the
Trusted ...)
- NOTE: not-for-us (AIM in MSIE)
+ NOT-FOR-US: AIM in MSIE
CAN-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch
...)
- NOTE: not-for-us (Ipswitch Collaboration Suite)
+ NOT-FOR-US: Ipswitch Collaboration Suite
CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to
cause a ...)
NOTE: Sarge version of gnome-vfs2 does not install the module with the
vulnerable code
NOTE: fixed in gnome-vfs2 2.10 long ago too.
@@ -8591,83 +8591,83 @@
CAN-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7
through ...)
- ethereal 0.10.10-1
CAN-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions,
allows ...)
- NOTE: not-for-us (not our cpanel)
+ NOT-FOR-US: not our cpanel
CAN-2004-1769 (The "Allow cPanel users to reset their password via
email" feature in ...)
- NOTE: not-for-us (not our cpanel)
+ NOT-FOR-US: not our cpanel
CAN-2004-1768 (The character converters in the Spamhunter and Language ID
modules for ...)
- NOTE: not-for-us (Symantec Brightmail AntiSpam)
+ NOT-FOR-US: Symantec Brightmail AntiSpam
CAN-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to
gain ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1766 (The default installation of NetScreen-Security Manager before
Feature ...)
- NOTE: not-for-us (NetScreen-Security Manager)
+ NOT-FOR-US: NetScreen-Security Manager
CAN-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4
for ...)
NOTE: only seems to affect 1.7.4, not the newer branch in debian
CAN-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04,
B.11.11, ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1
Patch 06 ...)
- NOTE: not-for-us (hsrun.exe)
+ NOT-FOR-US: hsrun.exe
CAN-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for
Linux ...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows
attackers to ...)
- ethereal 0.10.3
CAN-2004-1760 (The default installation of Cisco IBM Director agent does not
require ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1759 (The Cisco IBM Director agent allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2,
7.0 up ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the
...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier,
and 7.0 ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express
7.0 ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using
"memory" ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow
certain ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages
to a ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2003-1092 (Unknown vulnerability in the "Automatic File Content
Type Recognition ...)
- file 3.4.1
CAN-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin
...)
- NOTE: not-for-us (Apple QuickTime/Darwin Streaming Server)
+ NOT-FOR-US: Apple QuickTime/Darwin Streaming Server
CAN-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote
...)
- NOTE: not-for-us (AbsoluteTelnet)
+ NOT-FOR-US: AbsoluteTelnet
CAN-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products
including ...)
- NOTE: not-for-us (Xerox MicroServer Web Server)
+ NOT-FOR-US: Xerox MicroServer Web Server
CAN-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows
remote ...)
- NOTE: not-for-us (phpMyFAQ)
+ NOT-FOR-US: phpMyFAQ
CAN-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i
and 9i ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0
allows ...)
- NOTE: not-for-us (Aztek)
+ NOT-FOR-US: Aztek
CAN-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in
the ...)
- ethereal 0.10.9-2
CAN-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and
earlier ...)
- NOTE: not-for-us (PHPWebLog)
+ NOT-FOR-US: PHPWebLog
CAN-2005-0697 (SQL injection vulnerability in the process_picture function ...)
- NOTE: not-for-us (CopperExport)
+ NOT-FOR-US: CopperExport
CAN-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote
...)
- NOTE: not-for-us (ArGoSoft)
+ NOT-FOR-US: ArGoSoft
CAN-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting
...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files
under ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote
...)
- NOTE: not-for-us (JoWood Chaser (for Windows))
+ NOT-FOR-US: JoWood Chaser (for Windows)
CAN-2005-0692 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 5.x
allows ...)
- NOTE: not-for-us (PHP-Fusion not in Debian)
+ NOT-FOR-US: PHP-Fusion
CAN-2005-0691 (PHP remote code injection vulnerability in article mode for ...)
- NOTE: not-for-us (SocialMPN not in Debian)
+ NOT-FOR-US: SocialMPN
CAN-2005-0690 (Gene6 FTP Server does not properly restrict access to the
control ...)
- NOTE: not-for-us (Gene6 FTP Server for Win)
+ NOT-FOR-US: Gene6 FTP Server for Win
CAN-2005-0689 (includer.cgi in The Includer allows remote attackers to execute
...)
- NOTE: not-for-us (The Includer not in Debian)
+ NOT-FOR-US: The Includer
CAN-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned
off, ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote
attackers ...)
NOTE: hashcash 1.13 (which is in Debian) is not vulnerable
NOTE: hashcash 1.17 is also ok
@@ -8675,7 +8675,7 @@
- mlterm 2.9.2
NOTE: see bug #298621, was stalled in NEW, now accepted
CAN-2005-0685 (Multiple access validation errors in OutStart Participate
Enterprise ...)
- NOTE: not-for-us (OutStart Participate Enterprise)
+ NOT-FOR-US: OutStart Participate Enterprise
CAN-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before
...)
- maxdb-7.5.00 7.5.00.24-3
CAN-2005-0683
@@ -8683,91 +8683,91 @@
CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal
...)
- drupal 4.5.2
CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (Nokia)
+ NOT-FOR-US: Nokia
CAN-2005-0680 (PHP remote code injection vulnerability in ...)
- NOTE: not-for-us (Download Center Lite not in Debian)
+ NOT-FOR-US: Download Center Lite
CAN-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php
for ...)
- NOTE: not-for-us (Tell A Friend Script not in Debian)
+ NOT-FOR-US: Tell A Friend Script
CAN-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for
Form ...)
- NOTE: not-for-us (Form Mail Script not in Debian)
+ NOT-FOR-US: Form Mail Script
CAN-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform
certain ...)
- NOTE: not-for-us (Zorum not in Debian)
+ NOT-FOR-US: Zorum
CAN-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL
...)
- NOTE: not-for-us (Zorum not in Debian)
+ NOT-FOR-US: Zorum
CAN-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum
3.5 ...)
- NOTE: not-for-us (Zorum not in Debian)
+ NOT-FOR-US: Zorum
CAN-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for
paBox ...)
- NOTE: not-for-us (Pabox for PHPNuke not in Debian)
+ NOT-FOR-US: Pabox for PHPNuke
CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php
for ...)
- phpbb2 2.0.13-2
CAN-2005-0672 (Carsten''s 3D Engine (Ca3DE), March 2004 version and
earlier, allows ...)
- NOTE: not-for-us (Ca3DE)
+ NOT-FOR-US: Ca3DE
CAN-2005-0671 (Format string vulnerability in Carsten''s 3D Engine
(Ca3DE), March 2004 ...)
- NOTE: not-for-us (Ca3DE)
+ NOT-FOR-US: Ca3DE
CAN-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0
through ...)
- NOTE: not-for-us (phpCOIN)
+ NOT-FOR-US: phpCOIN
CAN-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN
1.2.0 ...)
- NOTE: not-for-us (phpCOIN)
+ NOT-FOR-US: phpCOIN
CAN-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before
0.51 ...)
- NOTE: not-for-us (HAVP)
+ NOT-FOR-US: HAVP
CAN-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions
before ...)
- sylpheed 1.0.3-1
- sylpheed-claws 1.0.3-1
CAN-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to
2.2 ...)
- kernel-patch-adamantix 1.7
CAN-2005-0665 (Format string vulnerability in xv before 3.10a allows remote
attackers ...)
- NOTE: not-for-us (XV)
+ NOT-FOR-US: XV
CAN-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not
properly ...)
{DSA-709-1}
- libexif 0.6.9-5
CAN-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2
allows ...)
- NOTE: not-for-us (Mercury Board)
+ NOT-FOR-US: Mercury Board
CAN-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for
MercuryBoard ...)
- NOTE: not-for-us (Mercury Board)
+ NOT-FOR-US: Mercury Board
CAN-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in
...)
- NOTE: not-for-us (Woltlab Burning Board)
+ NOT-FOR-US: Woltlab Burning Board
CAN-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum
1.11 ...)
- NOTE: not-for-us (D-Forum)
+ NOT-FOR-US: D-Forum
CAN-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain
sensitive ...)
NOTE: This is not a security issue as the installation path is known.
CAN-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3
allows ...)
- NOTE: not-for-us (Typo3)
+ NOT-FOR-US: Typo3
CAN-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x
and ...)
- NOTE: not-for-us (Computalynx CProxy)
+ NOT-FOR-US: Computalynx CProxy
CAN-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS
1.5 ...)
- NOTE: not-for-us (auraCMS)
+ NOT-FOR-US: auraCMS
CAN-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (auraCMS)
+ NOT-FOR-US: auraCMS
CAN-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows
remote ...)
NOTE: this is not a security issue according to maintainer
CAN-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables
with an ...)
- phpmyadmin 3:2.6.1-pl3-1
CAN-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS
Alpha ...)
- NOTE: not-for-us (OpenVMS)
+ NOT-FOR-US: OpenVMS
CAN-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1
allow ...)
- NOTE: not-for-us (ProjectBB)
+ NOT-FOR-US: ProjectBB
CAN-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB
...)
- NOTE: not-for-us (ProjectBB)
+ NOT-FOR-US: ProjectBB
CAN-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to
bypass ...)
- NOTE: not-for-us (Pixel-Apes SafeHTML)
+ NOT-FOR-US: Pixel-Apes SafeHTML
CAN-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0
allow ...)
- NOTE: not-for-us (Pixel-Apes SafeHTML)
+ NOT-FOR-US: Pixel-Apes SafeHTML
CAN-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to
inject ...)
- NOTE: not-for-us (paNews)
+ NOT-FOR-US: paNews
CAN-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows
remote ...)
- NOTE: not-for-us (paNews)
+ NOT-FOR-US: paNews
CAN-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in
cuteNews ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version
before ...)
- NOTE: not-for-us (McAfee Virus Scanners)
+ NOT-FOR-US: McAfee Virus Scanners
CAN-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version
before ...)
- NOTE: not-for-us (McAfee Virus Scanners)
+ NOT-FOR-US: McAfee Virus Scanners
CAN-2005-0642 (SQL injection vulnerability in the Query Designer for Computer
...)
- NOTE: not-for-us (Computer Associates UAM)
+ NOT-FOR-US: Computer Associates UAM
CAN-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for
Computer ...)
- NOTE: not-for-us (Computer Associates UAM)
+ NOT-FOR-US: Computer Associates UAM
CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0
does not ...)
- NOTE: not-for-us (Computer Associates UAM)
+ NOT-FOR-US: Computer Associates UAM
CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote
attackers ...)
{DSA-695-1 DSA-694-1}
- xloadimage 4.1-14.2
@@ -8777,34 +8777,34 @@
- xli 1.17.0-18
- xloadimage 4.1-14.1
CAN-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5
and 3.6, ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote
...)
- NOTE: not-for-us (Foxmail)
+ NOT-FOR-US: Foxmail
CAN-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to
...)
- NOTE: not-for-us (Foxmail)
+ NOT-FOR-US: Foxmail
CAN-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote
attackers to ...)
- NOTE: not-for-us (Golden FTP Server)
+ NOT-FOR-US: Golden FTP Server
CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote
attackers to ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews
1.2.4 ...)
- NOTE: not-for-us (PHPNews)
+ NOT-FOR-US: PHPNews
CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to
delete ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to
read ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in
profile.php in ...)
- NOTE: not-for-us (427BB)
+ NOT-FOR-US: 427BB
CAN-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa
1.0 ...)
- NOTE: not-for-us (Forumwa)
+ NOT-FOR-US: Forumwa
CAN-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could
be ...)
NOTE: We are not vulnerable to this since RPATH has been disable in QT3 ever
since
NOTE: Martin Loschwitz maintain it.
CAN-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security
products ...)
- NOTE: not-for-us (Symantec DNSd)
+ NOT-FOR-US: Symantec DNSd
CAN-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the
full ...)
- NOTE: not-for-us (Zorum not in Debian)
+ NOT-FOR-US: Zorum
CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum
3.4 ...)
- NOTE: not-for-us (Zorum not in Debian)
+ NOT-FOR-US: Zorum
CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using
the ...)
- squid 2.5.9-2
CAN-2005-0940
@@ -8814,41 +8814,41 @@
CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration
file with ...)
- reportbug 3.8
CAN-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other
versions ...)
- NOTE: not-for-us (RaidenHTTPD)
+ NOT-FOR-US: RaidenHTTPD
CAN-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34,
allows ...)
- NOTE: not-for-us (RaidenHTTPD)
+ NOT-FOR-US: RaidenHTTPD
CAN-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Scrapland)
+ NOT-FOR-US: Scrapland
CAN-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the
...)
- NOTE: not-for-us (Einstein)
+ NOT-FOR-US: Einstein
CAN-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames
and ...)
- NOTE: not-for-us (Einstein)
+ NOT-FOR-US: Einstein
CAN-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance
200/200R ...)
- NOTE: not-for-us (Symantec Firewall/VPN Appliance 200/200R firmware)
+ NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware
CAN-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750
and ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the
Download ...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2)
...)
- NOTE: not-for-us (PostNuke)
+ NOT-FOR-US: PostNuke
CAN-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers
to ...)
- phpbb2 2.0.13-1
CAN-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with
PHP-Nuke, ...)
- NOTE: not-for-us (FCKeditor)
+ NOT-FOR-US: FCKeditor
CAN-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530
contain ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CAN-2005-0610 (Multiple symlink vulnerabilities in portupgrade before
20041226_2 in ...)
- NOTE: not-for-us (FreeBSD portupgrade)
+ NOT-FOR-US: FreeBSD portupgrade
CAN-2005-0609
NOTE: reserved
CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows
remote ...)
- NOTE: not-for-us (Half Life WebMod)
+ NOT-FOR-US: Half Life WebMod
CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to
determine the ...)
- NOTE: not-for-us (CubeCert)
+ NOT-FOR-US: CubeCert
CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for
...)
- NOTE: not-for-us (CubeCert)
+ NOT-FOR-US: CubeCert
CAN-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code
via a ...)
{DSA-723-1}
NOTE: lesstif2
@@ -8862,29 +8862,29 @@
NOTE: openmotif is non-free
- openmotif 2.2.3-1.1 (medium)
CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the
...)
- NOTE: not-for-us (GFI Languard Network Security Scanner)
+ NOT-FOR-US: GFI Languard Network Security Scanner
CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote
attackers to ...)
- phpbb2 2.0.13-1
CAN-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when
extracting ...)
- unzip 5.52-1
NOTE: um, tar does this too, not really considered a security hole
CAN-2005-0601 (Cisco devices running Application and Content Networking System
(ACNS) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0600 (Cisco devices running Application and Content Networking System
(ACNS) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0599 (Cisco devices running Application and Content Networking System
(ACNS) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0598 (The RealServer RealSubscriber on Cisco devices running
Application and ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CAN-2005-0597 (Cisco devices running Application and Content Networking System
(ACNS) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service
(daemon ...)
NOTE: Fixed in CVS after 4.3.4 release; see
http://bugs.php.net/bug.php?id=27037
- php4 4.3.8-1
CAN-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote
attackers ...)
- NOTE: not-for-us (BadBlue)
+ NOT-FOR-US: BadBlue
CAN-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local
users to ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote
attackers ...)
- mozilla-firefox 1.0.1
- mozilla 2:1.7.6-1
@@ -8914,110 +8914,110 @@
- mozilla-firefox 1.0.1
- mozilla 2:1.7.6-1
CAN-2005-0583 (Directory traversal vulnerability in Computer Associates (CA)
License ...)
- NOTE: not-for-us (Computer Associates (CA) License Client)
+ NOT-FOR-US: Computer Associates (CA) License Client
CAN-2005-0582 (Buffer overflow in Computer Associates (CA) License Client
0.1.0.15 ...)
- NOTE: not-for-us (Computer Associates (CA) License Client)
+ NOT-FOR-US: Computer Associates (CA) License Client
CAN-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License
Client ...)
- NOTE: not-for-us (Computer Associates (CA) License Client)
+ NOT-FOR-US: Computer Associates (CA) License Client
CAN-2005-0580 (cmd5checkpw, when running setuid, does not properly drop
privileges ...)
- NOTE: not-for-us (cmd5checkpw)
+ NOT-FOR-US: cmd5checkpw
CAN-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the
...)
- NOTE: not-for-us (FreeNX)
+ NOT-FOR-US: FreeNX
CAN-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a
predictable ...)
- mozilla-firefox 1.0.1-1
CAN-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and
earlier ...)
- NOTE: not-for-us (MKBold-MKItalic)
+ NOT-FOR-US: MKBold-MKItalic
CAN-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF)
Font ...)
- NOTE: not-for-us (STSF in Solaris)
+ NOT-FOR-US: STSF in Solaris
CAN-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows
remote ...)
- NOTE: not-for-us (Stormy Studios Knet)
+ NOT-FOR-US: Stormy Studios Knet
CAN-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows
...)
- NOTE: not-for-us (CIS Webserver)
+ NOT-FOR-US: CIS Webserver
CAN-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a
...)
NOTE: don''t know if we are vulnerable, I''ve mailed
maintainers -- Djoume
TODO: check
CAN-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote
attackers to ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CAN-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read
...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow
remote ...)
- NOTE: not-for-us (PunBB)
+ NOT-FOR-US: PunBB
CAN-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause
a ...)
- NOTE: not-for-us (Soldier of Fortune II)
+ NOT-FOR-US: Soldier of Fortune II
CAN-2005-0567 (Multiple PHP remote code injection vulnerabilities in phpMyAdmin
2.6.1 ...)
- phpmyadmin 3:2.6.1-pl2-1
CAN-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote
attackers ...)
- NOTE: not-for-us (Golden FTP Server)
+ NOT-FOR-US: Golden FTP Server
CAN-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows
remote ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CAN-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word
2002, and ...)
- NOTE: not-for-us (Microsoft Word)
+ NOT-FOR-US: Microsoft Word
CAN-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook
Web ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote
attackers ...)
- NOTE: not-for-us (MSN Messenger)
+ NOT-FOR-US: MSN Messenger
CAN-2005-0561
NOTE: reserved
CAN-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk
function in ...)
- NOTE: not-for-us (Exchange server)
+ NOT-FOR-US: Exchange server
CAN-2005-0559
NOTE: reserved
CAN-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003
...)
- NOTE: not-for-us (Microsoft Word)
+ NOT-FOR-US: Microsoft Word
CAN-2005-0557
NOTE: reserved
CAN-2005-0556
NOTE: reserved
CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet
Explorer ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet
Explorer ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-0553 (Race condition in the memory management routines in the DHTML
object ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-0552
NOTE: reserved
CAN-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server
Runtime ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and
SP2, and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla
1.7.2, ...)
- NOTE: not-for-us (Apple Java plugin)
+ NOT-FOR-US: Apple Java plugin
CAN-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows
remote ...)
- NOTE: not-for-us (Gaucho)
+ NOT-FOR-US: Gaucho
CAN-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows
remote ...)
- NOTE: not-for-us (Ground Control II)
+ NOT-FOR-US: Ground Control II
CAN-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (RealVNC)
+ NOT-FOR-US: RealVNC
CAN-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions,
when ...)
- NOTE: not-for-us (Attack Mitigator IPS 5500)
+ NOT-FOR-US: Attack Mitigator IPS 5500
CAN-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of
service ...)
- NOTE: not-for-us (NtRegmon)
+ NOT-FOR-US: NtRegmon
CAN-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere
NR041 ...)
- NOTE: not-for-us (NetworkEverywhere NR041)
+ NOT-FOR-US: NetworkEverywhere NR041
CAN-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP
Code ...)
- NOTE: not-for-us (PHP Code Snippet Library)
+ NOT-FOR-US: PHP Code Snippet Library
CAN-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote
...)
- NOTE: not-for-us (Painkiller)
+ NOT-FOR-US: Painkiller
CAN-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers
to ...)
- NOTE: not-for-us (ESF Webserver)
+ NOT-FOR-US: ESF Webserver
CAN-2004-1743 (Easy File Sharing (ESF) Webserver 1.25 allows remote attackers
to view ...)
- NOTE: not-for-us (ESF Webserver)
+ NOT-FOR-US: ESF Webserver
CAN-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote
...)
- NOTE: not-for-us (WebAPP)
+ NOT-FOR-US: WebAPP
CAN-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (musicd)
+ NOT-FOR-US: musicd
CAN-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (musicd)
+ NOT-FOR-US: musicd
CAN-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (Bird Chat)
+ NOT-FOR-US: Bird Chat
CAN-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop
allows ...)
- NOTE: not-for-us (JShop)
+ NOT-FOR-US: JShop
CAN-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a
allows ...)
- cacti 0.8.5a-5
CAN-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive
information via ...)
@@ -9027,93 +9027,93 @@
CAN-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows
...)
- mantis 0.19.2-1
CAN-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other
versions ...)
- NOTE: not-for-us (MyDMS)
+ NOT-FOR-US: MyDMS
CAN-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS
before ...)
- NOTE: not-for-us (MyDMS)
+ NOT-FOR-US: MyDMS
CAN-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to
send ...)
- mantis 0.19.0-1
CAN-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker
allows ...)
- mantis 0.19.0-1
CAN-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log
Analyzer 1.6 ...)
- NOTE: not-for-us (Nihuo Web Log Analyzer)
+ NOT-FOR-US: Nihuo Web Log Analyzer
CAN-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows
remote ...)
- NOTE: not-for-us (sarad)
+ NOT-FOR-US: sarad
CAN-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service
...)
- NOTE: not-for-us (BadBlue)
+ NOT-FOR-US: BadBlue
CAN-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3)
...)
- NOTE: not-for-us (XV)
+ NOT-FOR-US: XV
CAN-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote
attackers ...)
- NOTE: not-for-us (XV)
+ NOT-FOR-US: XV
CAN-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to
set the ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in
PHP-Fusion ...)
- NOTE: not-for-us (PHP-Fusion)
+ NOT-FOR-US: PHP-Fusion
CAN-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail
Server ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak
Mail ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in
Merak ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak
Webmail ...)
- NOTE: not-for-us (Merak Webmail Server)
+ NOT-FOR-US: Merak Webmail Server
CAN-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD)
1.4 ...)
- NOTE: not-for-us (IPD)
+ NOT-FOR-US: IPD
CAN-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv
...)
- gv 1:3.6.1-1
CAN-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26
allows ...)
- NOTE: not-for-us (PForum)
+ NOT-FOR-US: PForum
CAN-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before
5.0.4 ...)
- NOTE: not-for-us (MIMEsweeper)
+ NOT-FOR-US: MIMEsweeper
CAN-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...)
- NOTE: not-for-us (BlackICE PC Protection)
+ NOT-FOR-US: BlackICE PC Protection
CAN-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...)
- NOTE: not-for-us (PRM on HP-UX)
+ NOT-FOR-US: PRM on HP-UX
CAN-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows
remote ...)
- NOTE: not-for-us (TypePad)
+ NOT-FOR-US: TypePad
CAN-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle
before ...)
- moodle 1.4-1
CAN-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands
via ...)
- NOTE: not-for-us (page.cgi)
+ NOT-FOR-US: page.cgi
CAN-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client
package, ...)
- NOTE: not-for-us (Datakey Rainbow iKey2032 USB token)
+ NOT-FOR-US: Datakey Rainbow iKey2032 USB token
CAN-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of
...)
- NOTE: not-for-us (Webbsyte)
+ NOT-FOR-US: Webbsyte
CAN-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote
...)
- NOTE: not-for-us (U.S. Robotics wireless access point)
+ NOT-FOR-US: U.S. Robotics wireless access point
CAN-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote
attackers ...)
- NOTE: not-for-us (Citadel/UX)
+ NOT-FOR-US: Citadel/UX
CAN-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain
...)
- NOTE: not-for-us (WpQuiz)
+ NOT-FOR-US: WpQuiz
CAN-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts,
if the ...)
- NOTE: not-for-us (Fusion News)
+ NOT-FOR-US: Fusion News
CAN-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password
...)
- NOTE: not-for-us (Lexar Safe Guard)
+ NOT-FOR-US: Lexar Safe Guard
CAN-2003-1087 (Unknown vulnerability in diagmond and possibly other
applications in ...)
- NOTE: not-for-us (diagmond on HP-UX)
+ NOT-FOR-US: diagmond on HP-UX
CAN-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04,
B.11.11, ...)
- NOTE: not-for-us (ftpd on HP-UX)
+ NOT-FOR-US: ftpd on HP-UX
CAN-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow
...)
- cyrus21-imapd 2.1.18-1
CAN-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running
...)
- NOTE: not-for-us (MS Office)
+ NOT-FOR-US: MS Office
CAN-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path
of ...)
- phpmyadmin 3:2.6.1-pl2-1
CAN-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1
allows ...)
- phpmyadmin 3:2.6.1-pl2-1
CAN-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server
1.2.1 ...)
- NOTE: not-for-us (Cyclades AlterPath Manager)
+ NOT-FOR-US: Cyclades AlterPath Manager
CAN-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console
Server ...)
- NOTE: not-for-us (Cyclades AlterPath Manager)
+ NOT-FOR-US: Cyclades AlterPath Manager
CAN-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows
remote ...)
- NOTE: not-for-us (Cyclades AlterPath Manager)
+ NOT-FOR-US: Cyclades AlterPath Manager
CAN-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC)
before ...)
- NOTE: not-for-us (IBM)
+ NOT-FOR-US: IBM
CAN-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java
and ...)
- NOTE: not-for-us (ginp)
+ NOT-FOR-US: ginp
CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric
(iG) ...)
- NOTE: not-for-us (iGeneric (iG) Shop)
+ NOT-FOR-US: iGeneric (iG) Shop
CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before
1.3.11 and ...)
- mediawiki <itp> (bug #276057)
CAN-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki
1.3.x ...)
@@ -9121,7 +9121,7 @@
CAN-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki
1.3.x ...)
- mediawiki <itp> (bug #276057)
CAN-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library
VSAPI ...)
- NOTE: not-for-us (Trend Micro AntiVirus)
+ NOT-FOR-US: Trend Micro AntiVirus
CAN-2005-0532 (The reiserfs_copy_from_user_to_file_region function in
reiserfs/file.c ...)
- kernel-source-2.6.8 2.6.8-14
NOTE: 2.4.27 seems to be unaffected
@@ -9141,7 +9141,7 @@
NOTE: didn''t other with YA mozilla-browser bug, it has enough for
1.7.6 already..
- mozilla 2:1.7.6
CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang
4.65 ...)
- NOTE: not-for-us (PBLang)
+ NOT-FOR-US: PBLang
CAN-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9,
4.3.10 ...)
{DSA-729-1 DSA-708-1}
- php4 4:4.3.10-10
@@ -9153,42 +9153,42 @@
{DSA-719-1}
- prozilla 1:1.3.7.4-1
CAN-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as
passwords in ...)
- NOTE: not-for-us (Chat Anywhere)
+ NOT-FOR-US: Chat Anywhere
CAN-2005-0521 (SendLink 1.5 stores sensitive information, possibly including
...)
- NOTE: not-for-us (SendLink)
+ NOT-FOR-US: SendLink
CAN-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read
arbitrary ...)
- NOTE: not-for-us (ArGoSoft)
+ NOT-FOR-US: ArGoSoft
CAN-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read
arbitrary ...)
- NOTE: not-for-us (ArGoSoft)
+ NOT-FOR-US: ArGoSoft
CAN-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in
plaintext ...)
- NOTE: not-for-us (eXeem)
+ NOT-FOR-US: eXeem
CAN-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in
plaintext ...)
- NOTE: not-for-us (PeerFTP)
+ NOT-FOR-US: PeerFTP
CAN-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows
remote ...)
- NOTE: not-for-us (ImageGalleryPlugin for Twiki)
+ NOT-FOR-US: ImageGalleryPlugin for Twiki
CAN-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other
...)
- NOTE: not-for-us (My Firewall Plus)
+ NOT-FOR-US: My Firewall Plus
CAN-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek
before ...)
- NOTE: not-for-us (Verity Ultraseek)
+ NOT-FOR-US: Verity Ultraseek
CAN-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in
...)
- NOTE: not-for-us (pMachine)
+ NOT-FOR-US: pMachine
CAN-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo
4.5.2 ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin
3.0.6 ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in
pMachine ...)
- NOTE: not-for-us (pMachine)
+ NOT-FOR-US: pMachine
CAN-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to
cause ...)
- NOTE: not-for-us (fallback-reboot)
+ NOT-FOR-US: fallback-reboot
CAN-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono
1.0.5 ...)
NOTE: default config of Mono not vulnerable
- mono 1.1.6-4 (medium)
CAN-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows
...)
- batik 1.5.1-1
CAN-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and
earlier ...)
- NOTE: not-for-us (SD Server)
+ NOT-FOR-US: SD Server
CAN-2005-0506 (The Avaya IP Office Phone Manager, and other products such as
the IP ...)
- NOTE: not-for-us (Avaya IP Office Phone Manager)
+ NOT-FOR-US: Avaya IP Office Phone Manager
CAN-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM)
before ...)
- irm 1.5.3.1-1
CAN-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa
serial ...)
@@ -9199,29 +9199,29 @@
CAN-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when
libUIM is ...)
- uim 1:0.4.6beta2-1
CAN-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier
allows ...)
- NOTE: not-for-us (Xinkaa)
+ NOT-FOR-US: Xinkaa
CAN-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote
attackers ...)
- NOTE: not-for-us (Bontago)
+ NOT-FOR-US: Bontago
CAN-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers
to ...)
- NOTE: not-for-us (MSIE6)
+ NOT-FOR-US: MSIE6
CAN-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option
enabled ...)
- NOTE: not-for-us (Gigafast router)
+ NOT-FOR-US: Gigafast router
CAN-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to
gain ...)
- NOTE: not-for-us (Gigafast router)
+ NOT-FOR-US: Gigafast router
CAN-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to
gain ...)
- NOTE: not-for-us (ADP Elite System)
+ NOT-FOR-US: ADP Elite System
CAN-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials
that ...)
- NOTE: not-for-us (Arkeia Network Backup)
+ NOT-FOR-US: Arkeia Network Backup
CAN-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows
remote ...)
- NOTE: not-for-us (ZeroBoard)
+ NOT-FOR-US: ZeroBoard
CAN-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690
cable ...)
- NOTE: not-for-us (Thomson TCW690 cable modem)
+ NOT-FOR-US: Thomson TCW690 cable modem
CAN-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form
before ...)
- NOTE: not-for-us (Biz Mail From)
+ NOT-FOR-US: Biz Mail From
CAN-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to
cause ...)
- NOTE: not-for-us (Acrobat Reader)
+ NOT-FOR-US: Acrobat Reader
CAN-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x
allows ...)
- NOTE: not-for-us (Arkeia Server Backup)
+ NOT-FOR-US: Arkeia Server Backup
CAN-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL
7.12.1, and ...)
- curl 7.13.0-2
CAN-2005-0489
@@ -9231,130 +9231,130 @@
CAN-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue
function in ...)
- cfengine2 2.1.8-1
CAN-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in
...)
- NOTE: not-for-us (Pinnacle ShowCenter)
+ NOT-FOR-US: Pinnacle ShowCenter
CAN-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote
attackers ...)
- NOTE: not-for-us (Pinnacle ShowCenter)
+ NOT-FOR-US: Pinnacle ShowCenter
CAN-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004)
and ...)
- NOTE: not-for-us (PopMessenger)
+ NOT-FOR-US: PopMessenger
CAN-2004-1697 (The "Forgot your Password" link in Computer
Associates (CA) Unicenter ...)
- NOTE: not-for-us (Computer Associates Unicenter Management Portal)
+ NOT-FOR-US: Computer Associates Unicenter Management Portal
CAN-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote
attackers to ...)
- NOTE: not-for-us (EmuLive Server4)
+ NOT-FOR-US: EmuLive Server4
CAN-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote
attackers to ...)
- NOTE: not-for-us (EmuLive Server4)
+ NOT-FOR-US: EmuLive Server4
CAN-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four
default ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo
4.5 ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo
4.5 ...)
- NOTE: not-for-us (Mambo)
+ NOT-FOR-US: Mambo
CAN-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to
cause a ...)
- NOTE: not-for-us (DNS4Me)
+ NOT-FOR-US: DNS4Me
CAN-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in
DNS4Me ...)
- NOTE: not-for-us (DNS4Me)
+ NOT-FOR-US: DNS4Me
CAN-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with
root ...)
- sudo 1.6.8p3-1
CAN-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to
cause a ...)
- NOTE: not-for-us (Pigeon Server)
+ NOT-FOR-US: Pigeon Server
CAN-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000
3.4.04 ...)
- NOTE: not-for-us (Snitz Forums)
+ NOT-FOR-US: Snitz Forums
CAN-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers
to ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR
EU ...)
- NOTE: not-for-us (SMC router)
+ NOT-FOR-US: SMC router
CAN-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory
in an ...)
- NOTE: not-for-us (Zyxel)
+ NOT-FOR-US: Zyxel
CAN-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users
to gain ...)
- NOTE: not-for-us (crrtrap)
+ NOT-FOR-US: crrtrap
CAN-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote
...)
- NOTE: not-for-us (QNX FTP)
+ NOT-FOR-US: QNX FTP
CAN-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3)
...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware
...)
- NOTE: not-for-us (Pingtel Xpressa)
+ NOT-FOR-US: Pingtel Xpressa
CAN-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows
remote ...)
- NOTE: not-for-us (TwinFTP)
+ NOT-FOR-US: TwinFTP
CAN-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk
allows ...)
- NOTE: not-for-us (PerlDesk)
+ NOT-FOR-US: PerlDesk
CAN-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive
...)
- NOTE: not-for-us (PerlDesk)
+ NOT-FOR-US: PerlDesk
CAN-2004-1676 (Heap-based buffer overflow in the image sending feature in
Gadu-Gadu ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a
...)
- NOTE: not-for-us (Serv-U FTP)
+ NOT-FOR-US: Serv-U FTP
CAN-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail
5.2.7 ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp
Web ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail
5.2.7 ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly
other ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server
7.4.5 ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server
7.4.5 ...)
- NOTE: not-for-us (Merak Mail Server)
+ NOT-FOR-US: Merak Mail Server
CAN-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects
2.0 ...)
- NOTE: not-for-us (Subjects)
+ NOT-FOR-US: Subjects
CAN-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows
remote ...)
- NOTE: not-for-us (Halo Combat Evolved)
+ NOT-FOR-US: Halo Combat Evolved
CAN-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows
remote MSN ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews
1.1 ...)
- NOTE: not-for-us (PsNews)
+ NOT-FOR-US: PsNews
CAN-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (Call of Duty)
+ NOT-FOR-US: Call of Duty
CAN-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such
as ...)
- NOTE: not-for-us (Engenio/LSI Logic storage controllers)
+ NOT-FOR-US: Engenio/LSI Logic storage controllers
CAN-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (YaBB)
+ NOT-FOR-US: YaBB
CAN-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
- NOTE: not-for-us (MailWorks)
+ NOT-FOR-US: MailWorks
CAN-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and
earlier ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in
CuteNews ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...)
- NOTE: not-for-us (Kerio Personal Firewall)
+ NOT-FOR-US: Kerio Personal Firewall
CAN-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and
Events ...)
- NOTE: not-for-us (DasBlog)
+ NOT-FOR-US: DasBlog
CAN-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991
allows ...)
- NOTE: not-for-us (Comersus Shopping Cart)
+ NOT-FOR-US: Comersus Shopping Cart
CAN-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4
and ...)
- NOTE: not-for-us (phpWebsite)
+ NOT-FOR-US: phpWebsite
CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite
...)
- NOTE: not-for-us (phpWebsite)
+ NOT-FOR-US: phpWebsite
CAN-2004-1653 (The default configuration for OpenSSH enables
AllowTcpForwarding, ...)
- NOTE: not-for-us (Documented SSH protocol behaviour, cannot be fixed)
+ NOT-FOR-US: Documented SSH protocol behaviour, cannot be fixed
NOTE: See bug #296547 for details
CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges
if ...)
- NOTE: not-for-us (phpScheduleIt)
+ NOT-FOR-US: phpScheduleIt
CAN-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- NOTE: not-for-us (phpScheduleIt)
+ NOT-FOR-US: phpScheduleIt
CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an
IP ...)
- NOTE: not-for-us (D-Link DCS-900)
+ NOT-FOR-US: D-Link DCS-900
CAN-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local
users to ...)
- NOTE: not-for-us (Msinfo32.exe)
+ NOT-FOR-US: Msinfo32.exe
CAN-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2)
...)
- NOTE: not-for-us (Password Protect)
+ NOT-FOR-US: Password Protect
CAN-2004-1647 (SQL injection vulnerability in Password Protect allows remote
...)
- NOTE: not-for-us (Password Protect)
+ NOT-FOR-US: Password Protect
CAN-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote
attackers ...)
- NOTE: not-for-us (Xedus)
+ NOT-FOR-US: Xedus
CAN-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows
remote ...)
- NOTE: not-for-us (Xedus)
+ NOT-FOR-US: Xedus
CAN-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service
(refuse ...)
- NOTE: not-for-us (Xedus)
+ NOT-FOR-US: Xedus
CAN-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial
of ...)
- NOTE: not-for-us (WS_FTP)
+ NOT-FOR-US: WS_FTP
CAN-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause
a ...)
- NOTE: not-for-us (WS_FTP)
+ NOT-FOR-US: WS_FTP
CAN-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows
remote ...)
- NOTE: not-for-us (Titan)
+ NOT-FOR-US: Titan
CAN-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
0.94 and ...)
- NOTE: not-for-us (XOOPS)
+ NOT-FOR-US: XOOPS
CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable
modem ...)
- NOTE: not-for-us (Thomson cable modem)
+ NOT-FOR-US: Thomson cable modem
CAN-2005-0488 (Certain BSD-based Telnet clients, including those used on
Solaris and ...)
TODO: check heimdal, netkit-telnet-ssl
- krb4 <unfixed> (low)
@@ -9371,11 +9371,11 @@
TODO: This is still a bug (maybe not a security one)
TODO: and needs fixing. (IMHO, fw)
CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to
execute ...)
- NOTE: not-for-us (mailcarrier)
+ NOT-FOR-US: mailcarrier
CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote
attackers ...)
- NOTE: not-for-us (Hawking Technologies HAR11A modem/router)
+ NOT-FOR-US: Hawking Technologies HAR11A modem/router
CAN-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection
...)
- NOTE: not-for-us (WvTftp)
+ NOT-FOR-US: WvTftp
CAN-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using
the ...)
NOTE: does not affect older 2.16.7 in sid.
CAN-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from
CVS, ...)
@@ -9385,40 +9385,40 @@
CAN-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki
1.0.8 ...)
- moniwiki 1.0.9
CAN-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to
...)
- NOTE: not-for-us (Open WorkFlow Engine)
+ NOT-FOR-US: Open WorkFlow Engine
CAN-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in
Open ...)
- NOTE: not-for-us (Open WorkFlow Engine)
+ NOT-FOR-US: Open WorkFlow Engine
CAN-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and
earlier ...)
- NOTE: not-for-us (Dwc_articles)
+ NOT-FOR-US: Dwc_articles
CAN-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows
...)
- rssh 2.2.2
CAN-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly
other ...)
- NOTE: not-for-us (ability server)
+ NOT-FOR-US: ability server
CAN-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other
versions, ...)
- NOTE: not-for-us (ability server)
+ NOT-FOR-US: ability server
CAN-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or
Shutdown ...)
- NOTE: not-for-us (pGina)
+ NOT-FOR-US: pGina
CAN-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when
opening ...)
- NOTE: not-for-us (Carbon Copy)
+ NOT-FOR-US: Carbon Copy
CAN-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x
...)
- NOTE: not-for-us (UBB.threads)
+ NOT-FOR-US: UBB.threads
CAN-2004-1621 (** DISPUTED ** ...)
- NOTE: not-for-us (Lotus Notes)
+ NOT-FOR-US: Lotus Notes
CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before
0.7rc1 ...)
- NOTE: not-for-us (Serendipity)
+ NOT-FOR-US: Serendipity
CAN-2004-1619 (Buffer overflow in Privateer''s Bounty: Age of Sail II
allows ...)
- NOTE: not-for-us (Privateer''s Bounty: Age of Sail II)
+ NOT-FOR-US: Privateer''s Bounty: Age of Sail II
CAN-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to
cause a ...)
- NOTE: not-for-us (Tonecast)
+ NOT-FOR-US: Tonecast
CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service
(infinite ...)
NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there
- lynx <unfixed> (bug #296340; low)
CAN-2004-1616 (Links allows remote attackers to cause a denial of service
(memory ...)
- links 0.99+1.00pre12-1
CAN-2004-1615 (Opera allows remote attackers to cause a denial of service
(invalid ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service
...)
NOTE: assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6
NOTE: mozilla-browser 1.7.5-1 also ok
@@ -9426,170 +9426,170 @@
NOTE: example page did not bother firefox 1.0+dfsg.1-6
NOTE: mozilla-browser 1.7.5-1 also ok
CAN-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows
remote ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before
...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing
certain ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other
sensitive ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote
attackers ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain
...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication
by ...)
- NOTE: not-for-us (SalesLogix)
+ NOT-FOR-US: SalesLogix
CAN-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to
chmod ...)
- NOTE: not-for-us (not our cpanel)
+ NOT-FOR-US: not our cpanel
CAN-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local
users ...)
- NOTE: not-for-us (not our cpanel)
+ NOT-FOR-US: not our cpanel
CAN-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a
different ...)
- proftpd 1.2.10-4
CAN-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP
1.0-stable ...)
- NOTE: not-for-us (coolphp)
+ NOT-FOR-US: coolphp
CAN-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain
...)
- NOTE: not-for-us (CoolPHP)
+ NOT-FOR-US: CoolPHP
CAN-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP
...)
- NOTE: not-for-us (CoolPHP)
+ NOT-FOR-US: CoolPHP
CAN-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to
read ...)
- NOTE: not-for-us (Acrobat)
+ NOT-FOR-US: Acrobat
CAN-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows
remote ...)
- NOTE: not-for-us (RIM Blackberry)
+ NOT-FOR-US: RIM Blackberry
CAN-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows
...)
- NOTE: not-for-us (3COM router)
+ NOT-FOR-US: 3COM router
CAN-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote
attackers ...)
- NOTE: not-for-us (ShixxNote)
+ NOT-FOR-US: ShixxNote
CAN-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows
remote ...)
- NOTE: not-for-us (FuseTalk)
+ NOT-FOR-US: FuseTalk
CAN-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
- NOTE: not-for-us (SCT email client)
+ NOT-FOR-US: SCT email client
CAN-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal
1.0.3 ...)
- NOTE: not-for-us (ocPortal)
+ NOT-FOR-US: ocPortal
CAN-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM
...)
- NOTE: not-for-us (Micronet Wireless Router)
+ NOT-FOR-US: Micronet Wireless Router
CAN-2004-1590 (Clientexec allows remote attackers to gain sensitive information
via ...)
- NOTE: not-for-us (clientexec)
+ NOT-FOR-US: clientexec
CAN-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message
Board ...)
- NOTE: not-for-us (GoSmart)
+ NOT-FOR-US: GoSmart
CAN-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows
remote ...)
- NOTE: not-for-us (GoSmart)
+ NOT-FOR-US: GoSmart
CAN-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus
Predator ...)
- NOTE: not-for-us (Monolith Games)
+ NOT-FOR-US: Monolith Games
CAN-2004-1586 (Flash Messaging clients can ignore disconnecting commands such
as ...)
- NOTE: not-for-us (Flash Messaging)
+ NOT-FOR-US: Flash Messaging
CAN-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote
attackers ...)
- NOTE: not-for-us (Flash Messaging)
+ NOT-FOR-US: Flash Messaging
CAN-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2
allows ...)
- wordpress 1.2.1-1.1
CAN-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm
1.3 ...)
- NOTE: not-for-us (FTP server in TriDComm)
+ NOT-FOR-US: FTP server in TriDComm
CAN-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1
allows ...)
- NOTE: not-for-us (BlackBoard)
+ NOT-FOR-US: BlackBoard
CAN-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
- NOTE: not-for-us (BlackBoard)
+ NOT-FOR-US: BlackBoard
CAN-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1
allows ...)
- NOTE: not-for-us (CubeCart)
+ NOT-FOR-US: CubeCart
CAN-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain
sensitive ...)
- NOTE: not-for-us (CubeCart)
+ NOT-FOR-US: CubeCart
CAN-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in
Invision ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive
...)
- NOTE: not-for-us (phplinks)
+ NOT-FOR-US: phplinks
CAN-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01
and ...)
- NOTE: not-for-us (Judge Dredd)
+ NOT-FOR-US: Judge Dredd
CAN-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to
cause a ...)
- xerces25 2.5.0-4
- xerces24 2.4.0-4
NOTE: maintainer believe that this CAN doesn''t apply to xerces23 (see
bug #296432)
NOTE: maintainer believe that this CAN doesn''t apply to xerces21 (see
bug #296466)
CAN-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows
remote ...)
- NOTE: not-for-us (Vypress)
+ NOT-FOR-US: Vypress
CAN-2004-1573 (The documentation for AJ-Fork 167 implies that users should set
...)
- NOTE: not-for-us (AJ-Fork)
+ NOT-FOR-US: AJ-Fork
CAN-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1)
data, ...)
- NOTE: not-for-us (AJ-Fork)
+ NOT-FOR-US: AJ-Fork
CAN-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive
information via ...)
- NOTE: not-for-us (AJ-Fork)
+ NOT-FOR-US: AJ-Fork
CAN-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows
remote ...)
- NOTE: not-for-us (bBlog)
+ NOT-FOR-US: bBlog
CAN-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and
(3) ...)
- NOTE: not-for-us (dbPowerAmp)
+ NOT-FOR-US: dbPowerAmp
CAN-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows
remote ...)
- NOTE: not-for-us (Parachat)
+ NOT-FOR-US: Parachat
CAN-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote
attackers ...)
- NOTE: not-for-us (Silent Storm Portal)
+ NOT-FOR-US: Silent Storm Portal
CAN-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent
Storm ...)
- NOTE: not-for-us (Silent Storm Portal)
+ NOT-FOR-US: Silent Storm Portal
CAN-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the
full ...)
- NOTE: not-for-us (w-Agora)
+ NOT-FOR-US: w-Agora
CAN-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora
4.1.6a ...)
- NOTE: not-for-us (w-Agora)
+ NOT-FOR-US: w-Agora
CAN-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora
4.1.6a allow ...)
- NOTE: not-for-us (w-Agora)
+ NOT-FOR-US: w-Agora
CAN-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a
allows ...)
- NOTE: not-for-us (w-Agora)
+ NOT-FOR-US: w-Agora
CAN-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote
attackers ...)
- icecast2 2.0.2.debian-1
CAN-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Microsoft SQL Server)
+ NOT-FOR-US: Microsoft SQL Server
CAN-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress
1.2 ...)
- wordpress 1.2.2-1.1
CAN-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through
0.6 ...)
- NOTE: not-for-us (YahooPOPS)
+ NOT-FOR-US: YahooPOPS
CAN-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass
authentication, ...)
- NOTE: not-for-us (MyWebServer)
+ NOT-FOR-US: MyWebServer
CAN-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (MyWebServer)
+ NOT-FOR-US: MyWebServer
CAN-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP
...)
- NOTE: not-for-us (BroadBoard Instant ASP Message Board)
+ NOT-FOR-US: BroadBoard Instant ASP Message Board
CAN-2004-1554 (PHP remote code injection vulnerability in livre_include.php in
@lex ...)
- NOTE: not-for-us (@lex GuestBook)
+ NOT-FOR-US: @lex GuestBook
CAN-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote
attackers to ...)
- NOTE: not-for-us (aspWebAlbum)
+ NOT-FOR-US: aspWebAlbum
CAN-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote
attackers ...)
- NOTE: not-for-us (aspWebCalendar)
+ NOT-FOR-US: aspWebCalendar
CAN-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2)
file ...)
- NOTE: not-for-us (PafileDB)
+ NOT-FOR-US: PafileDB
CAN-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows
remote ...)
- NOTE: not-for-us (Motorola Router)
+ NOT-FOR-US: Motorola Router
CAN-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords
of ...)
- NOTE: not-for-us (ActivePost)
+ NOT-FOR-US: ActivePost
CAN-2004-1548 (Directory traversal vulnerability in the file server in
ActivePost ...)
- NOTE: not-for-us (ActivePost)
+ NOT-FOR-US: ActivePost
CAN-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows
remote ...)
- NOTE: not-for-us (ActivePost)
+ NOT-FOR-US: ActivePost
CAN-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote
attackers to ...)
- NOTE: not-for-us (MDaemon)
+ NOT-FOR-US: MDaemon
CAN-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with
Apache ...)
- moniwiki 1.0.9-4
CAN-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako
...)
- NOTE: not-for-us (Kyako ESupport)
+ NOT-FOR-US: Kyako ESupport
CAN-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and
3.42, and ...)
- NOTE: not-for-us (Tarantella Secure Global Desktop)
+ NOT-FOR-US: Tarantella Secure Global Desktop
CAN-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for
paNews ...)
- NOTE: not-for-us (paNews)
+ NOT-FOR-US: paNews
CAN-2005-0484 (Format string vulnerability in gprostats for GProFTPD before
8.1.9 may ...)
- NOTE: not-for-us (GProFTPD)
+ NOT-FOR-US: GProFTPD
CAN-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...)
- NOTE: not-for-us (Glftpd)
+ NOT-FOR-US: Glftpd
CAN-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (TrackerCam)
+ NOT-FOR-US: TrackerCam
CAN-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log
files ...)
- NOTE: not-for-us (TrackerCam)
+ NOT-FOR-US: TrackerCam
CAN-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and
...)
- NOTE: not-for-us (TrackerCam)
+ NOT-FOR-US: TrackerCam
CAN-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for
TrackerCam ...)
- NOTE: not-for-us (TrackerCam)
+ NOT-FOR-US: TrackerCam
CAN-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow
remote ...)
- NOTE: not-for-us (TrackerCam)
+ NOT-FOR-US: TrackerCam
CAN-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for
Invision ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi
allows ...)
- NOTE: not-for-us (hpm_guestbook.cgi)
+ NOT-FOR-US: hpm_guestbook.cgi
CAN-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other
...)
- NOTE: not-for-us (paFAQ)
+ NOT-FOR-US: paFAQ
CAN-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in
...)
- webcalendar 0.9.45-3
CAN-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote
attackers ...)
@@ -9598,7 +9598,7 @@
{DSA-716-1}
- gaim 1:1.1.3-1
CAN-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with
long ...)
- NOTE: not-for-us (SUN JRE)
+ NOT-FOR-US: SUN JRE
CAN-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote
attackers ...)
- wpasupplicant 0.3.8-1
CAN-2005-0469 (Buffer overflow in the slc_add_reply function in various
BSD-based ...)
@@ -9616,77 +9616,77 @@
CAN-2005-0466
NOTE: reserved
CAN-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening
files, ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions,
does ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in
JSPWiki ...)
- jspwiki 2.0.52-8
CAN-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog
...)
- NOTE: not-for-us (KorWeblog)
+ NOT-FOR-US: KorWeblog
CAN-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier
allows ...)
- NOTE: not-for-us (Soldier of Fortune)
+ NOT-FOR-US: Soldier of Fortune
CAN-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote
...)
- NOTE: not-for-us (SecureCRT)
+ NOT-FOR-US: SecureCRT
CAN-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other
...)
- NOTE: not-for-us (ZyXEL Routers)
+ NOT-FOR-US: ZyXEL Routers
CAN-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers
to ...)
- NOTE: not-for-us (Halo: Combat Evolved)
+ NOT-FOR-US: Halo: Combat Evolved
CAN-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03
through ...)
- NOTE: not-for-us (PHPKIT)
+ NOT-FOR-US: PHPKIT
CAN-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT
1.6.03 ...)
- NOTE: not-for-us (PHPKIT)
+ NOT-FOR-US: PHPKIT
CAN-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade
module for ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for
the Cash ...)
- NOTE: not-for-us (Cash Mod module of phpbb2 not in Debian)
+ NOT-FOR-US: Cash Mod module of phpbb2
CAN-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking
enabled, ...)
- NOTE: not-for-us (ZoneAlarm)
+ NOT-FOR-US: ZoneAlarm
CAN-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier
...)
- NOTE: not-for-us (DMS POP3)
+ NOT-FOR-US: DMS POP3
CAN-2004-1532 (AppServ 2.5.x and earlier installs a default username and
password, ...)
- NOTE: not-for-us (AppServ)
+ NOT-FOR-US: AppServ
CAN-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board
(IPB) ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13
for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar
module ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote
attackers to ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle
certain ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how
game ...)
- NOTE: not-for-us (Hired Team)
+ NOT-FOR-US: Hired Team
CAN-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote
attackers to cause ...)
- NOTE: not-for-us (Hired Team)
+ NOT-FOR-US: Hired Team
CAN-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote
attackers to ...)
- NOTE: not-for-us (Hired Team)
+ NOT-FOR-US: Hired Team
CAN-2004-1523 (Format string vulnerability in the game console in Hired Team:
Trial ...)
- NOTE: not-for-us (Hired Team)
+ NOT-FOR-US: Hired Team
CAN-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote
...)
- NOTE: not-for-us (Army Men RTS)
+ NOT-FOR-US: Army Men RTS
CAN-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an
...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote
...)
- NOTE: not-for-us (IPSwitch IMail)
+ NOT-FOR-US: IPSwitch IMail
CAN-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1
allows ...)
- NOTE: not-for-us (phpBugTracker)
+ NOT-FOR-US: phpBugTracker
CAN-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and
earlier ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote
attackers ...)
- NOTE: not-for-us (Zone Labs IMsecure)
+ NOT-FOR-US: Zone Labs IMsecure
CAN-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4
allows ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CAN-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php
in ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (04Webserver)
+ NOT-FOR-US: 04Webserver
CAN-2004-1513 (04WebServer 1.42 does not adequately filter data that is written
to ...)
- NOTE: not-for-us (04Webserver)
+ NOT-FOR-US: 04Webserver
CAN-2004-1512 (Cross-site scripting (XSS) vulnerability in
Response_default.html in ...)
- NOTE: not-for-us (04Webserver)
+ NOT-FOR-US: 04Webserver
CAN-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web
...)
- NOTE: not-for-us (Hotfoon)
+ NOT-FOR-US: Hotfoon
CAN-2004-1510 (WebCalendar allows remote attackers to gain privileges by
modifying ...)
- webcalendar 0.9.45-1
CAN-2004-1509 (validate.php in WebCalendar allows remote attackers to gain
sensitive ...)
@@ -9698,69 +9698,69 @@
CAN-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in
WebCalendar ...)
- webcalendar 0.9.45-1
CAN-2004-1505 (Directory traversal vulnerability in index.php in Just Another
Flat ...)
- NOTE: not-for-us (JAF)
+ NOT-FOR-US: JAF
CAN-2004-1504 (The displaycontent function in config.php for Just Another Flat
file ...)
- NOTE: not-for-us (JAF)
+ NOT-FOR-US: JAF
CAN-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime
Environment ...)
- NOTE: not-for-us (Sun JRE)
+ NOT-FOR-US: Sun JRE
CAN-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier
allows ...)
- NOTE: not-for-us (602 Lan Suite)
+ NOT-FOR-US: 602 Lan Suite
CAN-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier
allows ...)
- NOTE: not-for-us (602 Lan Suite)
+ NOT-FOR-US: 602 Lan Suite
CAN-2004-1500 (Format string vulnerability in the Lithtech engine, as used in
...)
- NOTE: not-for-us (Lithtech)
+ NOT-FOR-US: Lithtech
CAN-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message
form ...)
- NOTE: not-for-us (HELM)
+ NOT-FOR-US: HELM
CAN-2004-1498 (SQL injection vulnerability in the compose message form in HELM
3.1.19 ...)
- NOTE: not-for-us (HELM)
+ NOT-FOR-US: HELM
CAN-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in
plaintext ...)
- NOTE: not-for-us (Web Forums Server)
+ NOT-FOR-US: Web Forums Server
CAN-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and
2.0 ...)
- NOTE: not-for-us (Web Forums Server)
+ NOT-FOR-US: Web Forums Server
CAN-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote
attackers to ...)
- NOTE: not-for-us (WinRAR)
+ NOT-FOR-US: WinRAR
CAN-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through
2005 ...)
- NOTE: not-for-us (XDICT)
+ NOT-FOR-US: XDICT
CAN-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to
cause ...)
- NOTE: not-for-us (Master of Orion)
+ NOT-FOR-US: Master of Orion
CAN-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to
cause ...)
- NOTE: not-for-us (Master of Orion)
+ NOT-FOR-US: Master of Orion
CAN-2005-0463 (Unknown "major security flaws" in Ulog-php
before 1.0, related to ...)
- NOTE: not-for-us (ulog-php)
+ NOT-FOR-US: ulog-php
CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x
and ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows
remote ...)
- NOTE: not-for-us (NewsBruiser)
+ NOT-FOR-US: NewsBruiser
CAN-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote
attackers to ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows
remote ...)
NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> :
NOTE: I think it is not a problem on Debian as far as everybody knows the full
NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
CAN-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in
...)
- NOTE: not-for-us (oscommerce)
+ NOT-FOR-US: oscommerce
CAN-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for
...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded
...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown
MIME ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file
types in ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an
applet''s access to ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-0455 (Stack-based buffer overflow in the
CSmil1Parser::testAttributeFailed ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and
earlier ...)
- NOTE: not-for-us (DCP-Portal)
+ NOT-FOR-US: DCP-Portal
CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does
not ...)
- NOTE: not-for-us (Lighttpd)
+ NOT-FOR-US: Lighttpd
CAN-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Sami HTTP Server)
+ NOT-FOR-US: Sami HTTP Server
CAN-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5
allows ...)
- NOTE: not-for-us (Sami HTTP Server)
+ NOT-FOR-US: Sami HTTP Server
CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows
remote ...)
NOTE: According to Herbert Xu, 2.4 is not vulnerable :
http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
NOTE: The vulnerable code has been removed from the kernel in favor of a
better
@@ -9772,9 +9772,9 @@
{DSA-696-1}
- perl 5.8.4-7
CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows
remote ...)
- NOTE: not-for-us (Quake3)
+ NOT-FOR-US: Quake3
CAN-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a
...)
{DSA-688-1}
- squid 2.5.8-3
@@ -9782,13 +9782,13 @@
NOTE: Not in testing, only sid
NOTE: Was once part of Debian, but has been removed
CAN-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared
libraries ...)
- NOTE: not-for-us (VMware)
+ NOT-FOR-US: VMware
CAN-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1)
obtain the ...)
- NOTE: not-for-us (CubeCart)
+ NOT-FOR-US: CubeCart
CAN-2005-0442 (Directory traversal vulnerability in index.php for CubeCart
2.0.4 ...)
- NOTE: not-for-us (CubeCart)
+ NOT-FOR-US: CubeCart
CAN-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server
...)
- NOTE: not-for-us (Sybase)
+ NOT-FOR-US: Sybase
CAN-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass
authentication and ...)
- elog 2.5.7+r1558-1
CAN-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7
...)
@@ -9802,59 +9802,59 @@
CAN-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to
read ...)
- awstats 6.3-1
CAN-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke
7.5 ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path
of the ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1
Service ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the
...)
- NOTE: not-for-us (Barracuda Spam Firewall)
+ NOT-FOR-US: Barracuda Spam Firewall
CAN-2005-0429 (Direct code injection vulnerability in forumdisplay.php in
vBulletin ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before
2.9.17 ...)
- pdns 2.9.16-6
CAN-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in
the ...)
- webmin 1.180-1
CAN-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers
to ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0,
5.1, ...)
- NOTE: not-for-us (Websphere)
+ NOT-FOR-US: Websphere
CAN-2005-0424 (Unknown vulnerability in the delete.asp program in certain
versions of ...)
- NOTE: not-for-us (ASPjar Guestbook)
+ NOT-FOR-US: ASPjar Guestbook
CAN-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook
allows ...)
- NOTE: not-for-us (ASPjar Guestbook)
+ NOT-FOR-US: ASPjar Guestbook
CAN-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores
usernames and ...)
- NOTE: not-for-us (DelphiTurk)
+ NOT-FOR-US: DelphiTurk
CAN-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the
profile.dat ...)
- NOTE: not-for-us (DelphiTurk)
+ NOT-FOR-US: DelphiTurk
CAN-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange,
allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow
remote ...)
- NOTE: not-for-us (3com)
+ NOT-FOR-US: 3com
CAN-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE
1.4.2 up ...)
- NOTE: not-for-us (Sun Java)
+ NOT-FOR-US: Sun Java
CAN-2005-0417 (Unknown "high risk" vulnerability in DB2
Universal Database 8.1 and ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT,
Windows ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22
allow ...)
- NOTE: not-for-us (Emdros)
+ NOT-FOR-US: Emdros
CAN-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1
allows ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow
remote ...)
- NOTE: not-for-us (MyPHP Forum)
+ NOT-FOR-US: MyPHP Forum
CAN-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap
allows ...)
- NOTE: not-for-us (Spidean PostWrap)
+ NOT-FOR-US: Spidean PostWrap
CAN-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB
0.3.6 and ...)
- NOTE: not-for-us (CitrusDB)
+ NOT-FOR-US: CitrusDB
CAN-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6
and ...)
- NOTE: not-for-us (CitrusDB)
+ NOT-FOR-US: CitrusDB
CAN-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the
(1) ...)
- NOTE: not-for-us (CitrusDB)
+ NOT-FOR-US: CitrusDB
CAN-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5
hashes of ...)
- NOTE: not-for-us (CitrusDB)
+ NOT-FOR-US: CitrusDB
CAN-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and
...)
- NOTE: not-for-us (Openconf)
+ NOT-FOR-US: Openconf
CAN-2005-0406 (A design flaw in image processing software that modifies JPEG
images ...)
TODO: check all softwares that modifies JPEG images in Debian...
- imagemagick <unfixed> (bug #298051; low)
@@ -9923,25 +9923,25 @@
CAN-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to
overwrite ...)
- wget 1.9.1-11
CAN-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote
...)
- NOTE: not-for-us (Trend Micro Control Manager)
+ NOT-FOR-US: Trend Micro Control Manager
CAN-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Breed game)
+ NOT-FOR-US: Breed game
CAN-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT
1.0 ...)
- NOTE: not-for-us (forumKIT)
+ NOT-FOR-US: forumKIT
CAN-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...)
- NOTE: not-for-us (ZeroBoard)
+ NOT-FOR-US: ZeroBoard
CAN-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5
and ...)
- NOTE: not-for-us (ZeroBoard)
+ NOT-FOR-US: ZeroBoard
CAN-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0
allow ...)
NOTE: horde 2.0 not vulnerable
CAN-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01
allows ...)
- NOTE: not-for-us (sgallery)
+ NOT-FOR-US: sgallery
CAN-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows
local ...)
- NOTE: not-for-us (sgallery)
+ NOT-FOR-US: sgallery
CAN-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain
...)
- NOTE: not-for-us (sgallery)
+ NOT-FOR-US: sgallery
CAN-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and
earlier ...)
- NOTE: not-for-us (bitboard)
+ NOT-FOR-US: bitboard
CAN-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred
to as ...)
NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
@@ -9956,23 +9956,23 @@
CAN-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0
earlier ...)
- armagetron 0.2.7.0-1
CAN-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote
...)
- NOTE: not-for-us (CMScore)
+ NOT-FOR-US: CMScore
CAN-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail
Server ...)
- NOTE: not-for-us (ArGoSoft Mail Server)
+ NOT-FOR-US: ArGoSoft Mail Server
CAN-2005-0366 (The integrity check feature in OpenPGP, when handling a message
that ...)
- gnupg 1.4.1-1
CAN-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11,
and ...)
- NOTE: not-for-us (bind on hp-ux)
+ NOT-FOR-US: bind on hp-ux
CAN-2005-0361
NOTE: reserved
CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is
marked ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice
Backup 6.0 ...)
- NOTE: not-for-us (EMC Legato)
+ NOT-FOR-US: EMC Legato
CAN-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge
...)
- NOTE: not-for-us (EMC Legato)
+ NOT-FOR-US: EMC Legato
CAN-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and
StorEdge ...)
- NOTE: not-for-us (EMC Legato)
+ NOT-FOR-US: EMC Legato
CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped
Sequence ...)
NOTE: linux is not vulnerable, see #310804
- kfreebsd5-source 5.3-15 (medium)
@@ -9981,21 +9981,21 @@
CAN-2005-0354
NOTE: reserved
CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the
Sentinel ...)
- NOTE: not-for-us (Sentinel License Manager)
+ NOT-FOR-US: Sentinel License Manager
CAN-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not
drop ...)
- NOTE: not-for-us (Servers Alive)
+ NOT-FOR-US: Servers Alive
CAN-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in
SCO ...)
- NOTE: not-for-us (SCO OpenServer)
+ NOT-FOR-US: SCO OpenServer
CAN-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and
...)
- NOTE: not-for-us (F-Secure Anti-Virus)
+ NOT-FOR-US: F-Secure Anti-Virus
CAN-2005-0349 (The production release of the UniversalAgent for UNIX in
BrightStor ...)
- NOTE: not-for-us (BrightStor ARCserve Backup)
+ NOT-FOR-US: BrightStor ARCserve Backup
CAN-2004-9999
NOTE: rejected
CAN-2004-9998
NOTE: rejected
CAN-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00
and ...)
- NOTE: not-for-us (Serviceguard and Cluster Object Manager on HP-UX, HP Linux)
+ NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
CAN-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows
remote ...)
NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is
not shipped
NOTE: atftp checks h_length
@@ -10005,36 +10005,36 @@
CAN-2004-1484 (Format string vulnerability in the _msg function in error.c in
socat ...)
- socat 1.4.0.3-1
CAN-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file
browsers ...)
- NOTE: not-for-us (Symantec Clientless VPN Gateway 4400 Series)
+ NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series
CAN-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace
...)
- NOTE: not-for-us (BNC irc proxy)
+ NOT-FOR-US: BNC irc proxy
CAN-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5
...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CAN-2004-1480 (Unknown vulnerability in the management station in HP
StorageWorks ...)
- NOTE: not-for-us (HP StorageWorks Command View XP)
+ NOT-FOR-US: HP StorageWorks Command View XP
CAN-2004-1479
NOTE: rejected
CAN-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID,
which ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management
Console in ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in
xine-lib ...)
- xine-lib 1-rc6
- libcdio 0.69
CAN-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through
1-rc5 ...)
- xine-lib 1-rc6
CAN-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R
running ...)
- NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances)
+ NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CAN-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R
running ...)
- NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances)
+ NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CAN-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R
running ...)
- NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances)
+ NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CAN-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through
1.12.8, ...)
- cvs 1.12.9
CAN-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other
versions ...)
- NOTE: not-for-us (snipsnap)
+ NOT-FOR-US: snipsnap
CAN-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2,
and ...)
- NOTE: not-for-us (SUS)
+ NOT-FOR-US: SUS
CAN-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows
remote ...)
- webmin 1.160
- usermin 1.090
@@ -10043,34 +10043,34 @@
CAN-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes
...)
- gallery 1.4.4-pl2
CAN-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow
...)
- NOTE: not-for-us (WinZip)
+ NOT-FOR-US: WinZip
CAN-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause
a ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and
earlier, ...)
- moin 1.2.3-1
CAN-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows
remote ...)
- moin 1.2.3-1
CAN-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier
spawns a ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier,
when ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as
a ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1457 (The Virtual Private Network (VPN) capability in Novell
Bordermanager ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary
...)
- cvstrac 1.1.4-1
CAN-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2
and ...)
- xine-lib 1-rc5-1.1
CAN-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First
(OSPF) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before
2.3.3.20040420, ...)
NOTE: according to GOTO Masanori this is not a security problem
NOTE: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272210
CAN-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default
permissions ...)
- NOTE: not-for-us (Gentoo specific)
+ NOT-FOR-US: Gentoo specific
CAN-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status
bar ...)
NOTE: mozilla 2:1.6-1
CAN-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows
remote ...)
@@ -10078,11 +10078,11 @@
CAN-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before
0.7 ...)
- mozilla 2:1.7-1
CAN-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote
attackers ...)
- NOTE: not-for-us (Jetbox One)
+ NOT-FOR-US: Jetbox One
CAN-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in
the ...)
- NOTE: not-for-us (Jetbox One)
+ NOT-FOR-US: Jetbox One
CAN-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen
...)
- NOTE: not-for-us (ScreenOS)
+ NOT-FOR-US: ScreenOS
CAN-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly
...)
- nessus-core 2.0.12-1
CAN-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier
allows ...)
@@ -10090,101 +10090,101 @@
CAN-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME
viewer in ...)
- imp3 3.2.5-1
CAN-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI
interpreter in ...)
- NOTE: not-for-us (db2www not in Debian)
+ NOT-FOR-US: db2www
CAN-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board
Power ...)
- NOTE: not-for-us (Board Power)
+ NOT-FOR-US: Board Power
CAN-2004-1440 (Multiple heap-based buffer overflows in the modpow function in
PuTTY ...)
- putty 0.56-1
CAN-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to
...)
- NOTE: not-for-us (BlackJumboDog)
+ NOT-FOR-US: BlackJumboDog
CAN-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and
earlier ...)
- subversion 1.0.6-1
CAN-2004-1437 (Multiple buffer overflows in the digest authentication
functionality ...)
- pavuk 0.9pl28-3.1
CAN-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS
15327 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454
SDH, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454
SDH, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454
SDH, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454
SDH, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote
attackers ...)
- NOTE: not-for-us (FormMail.php != nms-formmail)
+ NOT-FOR-US: FormMail.php != nms-formmail
CAN-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows
remote ...)
- NOTE: not-for-us (Arcade.php)
+ NOT-FOR-US: Arcade.php
CAN-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of
times ...)
- NOTE: not-for-us (ArGoSoft)
+ NOT-FOR-US: ArGoSoft
CAN-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the
user ...)
- NOTE: not-for-us (ArGoSoft)
+ NOT-FOR-US: ArGoSoft
CAN-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog
...)
- NOTE: not-for-us (KorWeblog)
+ NOT-FOR-US: KorWeblog
CAN-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog
1.6.2-cvs ...)
- NOTE: not-for-us (KorWeblog)
+ NOT-FOR-US: KorWeblog
CAN-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2
and ...)
- moodle 1.4.3-1
CAN-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and
earlier ...)
- moodle 1.4.3-1
CAN-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1)
calendar.php ...)
- NOTE: not-for-us (PHP-Calendar)
+ NOT-FOR-US: PHP-Calendar
CAN-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to
gain ...)
- NOTE: not-for-us (WHM AutoPilot)
+ NOT-FOR-US: WHM AutoPilot
CAN-2004-1421 (Multiple PHP remote code injection vulnerabilities (1)
step_one.php, ...)
- NOTE: not-for-us (WHM AutoPilot)
+ NOT-FOR-US: WHM AutoPilot
CAN-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in
header.php in ...)
- NOTE: not-for-us (WHM AutoPilot)
+ NOT-FOR-US: WHM AutoPilot
CAN-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and
...)
- NOTE: not-for-us (ZeroBoard)
+ NOT-FOR-US: ZeroBoard
CAN-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and
...)
- NOTE: not-for-us (WPKontakt)
+ NOT-FOR-US: WPKontakt
CAN-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in
PsychoStats ...)
- NOTE: not-for-us (PsychoStats)
+ NOT-FOR-US: PsychoStats
CAN-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin,
as ...)
- NOTE: not-for-us (RealOne IE plugin)
+ NOT-FOR-US: RealOne IE plugin
CAN-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly
(2) ...)
- NOTE: not-for-us (2Bgal)
+ NOT-FOR-US: 2Bgal
CAN-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x
allow ...)
- NOTE: not-for-us (Kayako)
+ NOT-FOR-US: Kayako
CAN-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako
...)
- NOTE: not-for-us (Kayako)
+ NOT-FOR-US: Kayako
CAN-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause
a ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155
and ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery
Web ...)
- NOTE: not-for-us (Image Gallery Web Application)
+ NOT-FOR-US: Image Gallery Web Application
CAN-2004-1408 (The addImage method for admin.class.php in Image Gallery Web
...)
- NOTE: not-for-us (Image Gallery Web Application)
+ NOT-FOR-US: Image Gallery Web Application
CAN-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image
...)
- NOTE: not-for-us (Image Gallery Web Application)
+ NOT-FOR-US: Image Gallery Web Application
CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0
...)
- NOTE: not-for-us (Ikonboard)
+ NOT-FOR-US: Ikonboard
CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime,
does not ...)
- mediawiki <itp> (bug #276057)
CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache
...)
- NOTE: not-for-us (Attachment Mod for phpBB)
+ NOT-FOR-US: Attachment Mod for phpBB
CAN-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard
3.39 ...)
- NOTE: not-for-us (GNUBoard)
+ NOT-FOR-US: GNUBoard
CAN-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers
to ...)
- NOTE: not-for-us (iWebNegar)
+ NOT-FOR-US: iWebNegar
CAN-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows
remote ...)
- NOTE: not-for-us (Asp-rider)
+ NOT-FOR-US: Asp-rider
CAN-2004-1400 (The control panel in ASP Calendar does not require
authentication to ...)
- NOTE: not-for-us (ASP Calendar)
+ NOT-FOR-US: ASP Calendar
CAN-2004-1399 (Directory traversal vulnerability in the Attachment module
2.3.10 and ...)
- NOTE: not-for-us (Attachment Mod for phpBB)
+ NOT-FOR-US: Attachment Mod for phpBB
CAN-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac
OS X ...)
- NOTE: not-for-us (MacOSX)
+ NOT-FOR-US: MacOSX
CAN-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0
allows ...)
- usemod-wiki 1.0-6
CAN-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers
to ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and
earlier, (2) ...)
- NOTE: not-for-us (Lithtech engine)
+ NOT-FOR-US: Lithtech engine
CAN-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of
service ...)
- monit 1:4.2.1-1
CAN-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote
...)
@@ -10199,183 +10199,183 @@
NOTE: http://patches.ubuntu.com/patches/awstats.more-CAN-2005-0016.diff
NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
CAN-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning
Book ...)
- NOTE: not-for-us (Woltlab Burning Book)
+ NOT-FOR-US: Woltlab Burning Book
CAN-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows
...)
- NOTE: not-for-us (RealArcade)
+ NOT-FOR-US: RealArcade
CAN-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows
remote ...)
- NOTE: not-for-us (RealArcade)
+ NOT-FOR-US: RealArcade
CAN-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password
(pre-shared key) ...)
- NOTE: not-for-us (SafeNet)
+ NOT-FOR-US: SafeNet
CAN-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id
or ...)
- NOTE: not-for-us (php-fusion)
+ NOT-FOR-US: php-fusion
CAN-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221
...)
- NOTE: not-for-us (602LAN SUITE)
+ NOT-FOR-US: 602LAN SUITE
CAN-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote
attackers to ...)
- NOTE: not-for-us (PerlDesk)
+ NOT-FOR-US: PerlDesk
CAN-2005-0342 (The Finder in Mac OS X and earlier allows local users to
overwrite ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the
HTTP ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0340 (Integer signedness error in Apple File Service (AFP Server)
allows ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause
a ...)
- NOTE: not-for-us (Foxmail)
+ NOT-FOR-US: Foxmail
CAN-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers
to ...)
- NOTE: not-for-us (Savant Web Server)
+ NOT-FOR-US: Savant Web Server
CAN-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...)
- postfix 2.1.4-5
CAN-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner
Web ...)
- NOTE: not-for-us (eMotion MediaPartner)
+ NOT-FOR-US: eMotion MediaPartner
CAN-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web
Server ...)
- NOTE: not-for-us (eMotion MediaPartner)
+ NOT-FOR-US: eMotion MediaPartner
CAN-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to
cause a ...)
- NOTE: not-for-us (Linksys)
+ NOT-FOR-US: Linksys
CAN-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (LanChat)
+ NOT-FOR-US: LanChat
CAN-2005-0332 (Directory traversal vulnerability in DeskNow Mail and
Collaboration ...)
- NOTE: not-for-us (DeskNow Mail server)
+ NOT-FOR-US: DeskNow Mail server
CAN-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier,
when the ...)
- NOTE: not-for-us (Winrar)
+ NOT-FOR-US: Winrar
CAN-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly
other ...)
- NOTE: not-for-us (Painkiller)
+ NOT-FOR-US: Painkiller
CAN-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier
allows ...)
- NOTE: not-for-us (ZipGenius)
+ NOT-FOR-US: ZipGenius
CAN-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the
latest ...)
- NOTE: not-for-us (Netgear)
+ NOT-FOR-US: Netgear
CAN-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to
execute ...)
- NOTE: not-for-us (PafileDB)
+ NOT-FOR-US: PafileDB
CAN-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain
sensitive ...)
- NOTE: not-for-us (PafileDB)
+ NOT-FOR-US: PafileDB
CAN-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious
game ...)
- NOTE: not-for-us (Xpand Rally)
+ NOT-FOR-US: Xpand Rally
CAN-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to
gain ...)
- NOTE: not-for-us (Infinite Mobile Delivery Webmail)
+ NOT-FOR-US: Infinite Mobile Delivery Webmail
CAN-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile
Delivery ...)
- NOTE: not-for-us (Infinite Mobile Delivery Webmail)
+ NOT-FOR-US: Infinite Mobile Delivery Webmail
CAN-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail
Server ...)
- NOTE: not-for-us (Merak Mail server)
+ NOT-FOR-US: Merak Mail server
CAN-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows
remote ...)
- NOTE: not-for-us (Merak Mail server)
+ NOT-FOR-US: Merak Mail server
CAN-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail
Server ...)
- NOTE: not-for-us (Merak Mail server)
+ NOT-FOR-US: Merak Mail server
CAN-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N
...)
- NOTE: not-for-us (Webadmin)
+ NOT-FOR-US: Webadmin
CAN-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly
...)
- NOTE: not-for-us (Webadmin)
+ NOT-FOR-US: Webadmin
CAN-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm
in ...)
- NOTE: not-for-us (Webadmin)
+ NOT-FOR-US: Webadmin
CAN-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode,
does not ...)
- NOTE: not-for-us (WebWasher)
+ NOT-FOR-US: WebWasher
CAN-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not
verify ...)
- NOTE: not-for-us (Magic Winmail)
+ NOT-FOR-US: Magic Winmail
CAN-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic
Winmail ...)
- NOTE: not-for-us (Magic Winmail)
+ NOT-FOR-US: Magic Winmail
CAN-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail
Server ...)
- NOTE: not-for-us (Magic Winmail)
+ NOT-FOR-US: Magic Winmail
CAN-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote
...)
- NOTE: not-for-us (WarFTPD under NT)
+ NOT-FOR-US: WarFTPD under NT
CAN-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP
session ...)
- NOTE: not-for-us (Ingate)
+ NOT-FOR-US: Ingate
CAN-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive
information ...)
- NOTE: not-for-us (Exponent)
+ NOT-FOR-US: Exponent
CAN-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1)
index.php ...)
- NOTE: not-for-us (Exponent)
+ NOT-FOR-US: Exponent
CAN-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and
earlier ...)
- NOTE: not-for-us (W32Dasm)
+ NOT-FOR-US: W32Dasm
CAN-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive
...)
- NOTE: not-for-us (MercuryBoard)
+ NOT-FOR-US: MercuryBoard
CAN-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and
...)
- NOTE: not-for-us (Siteman)
+ NOT-FOR-US: Siteman
CAN-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier
...)
- NOTE: not-for-us (DivX Player)
+ NOT-FOR-US: DivX Player
CAN-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- NOTE: not-for-us (BackOffice Lite)
+ NOT-FOR-US: BackOffice Lite
CAN-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite
6.0 and ...)
- NOTE: not-for-us (BackOffice Lite)
+ NOT-FOR-US: BackOffice Lite
CAN-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and
6.01 ...)
- NOTE: not-for-us (BackOffice Lite)
+ NOT-FOR-US: BackOffice Lite
CAN-2005-0300 (Directory traversal vulnerability in session.php in JSBoard
2.0.9 and ...)
- jsboard 2.0.10-1
CAN-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier
allows ...)
- gforge 3.1-26
CAN-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain
the ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2005-0296 (** DISPUTED ** ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to
any ...)
- NOTE: not-for-us (nProtect)
+ NOT-FOR-US: nProtect
CAN-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Minis)
+ NOT-FOR-US: Minis
CAN-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1
allows ...)
- NOTE: not-for-us (Minis)
+ NOT-FOR-US: Minis
CAN-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift
...)
- NOTE: not-for-us (phpGiftReg)
+ NOT-FOR-US: phpGiftReg
CAN-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in
NETGEAR ...)
- NOTE: not-for-us (NetGear)
+ NOT-FOR-US: NetGear
CAN-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other
versions, ...)
- NOTE: not-for-us (NetGear)
+ NOT-FOR-US: NetGear
CAN-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1,
...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2005-0288 (The change password functionality in Bottomline Webseries
Payment ...)
- NOTE: not-for-us (BottomLine WebSeries)
+ NOT-FOR-US: BottomLine WebSeries
CAN-2005-0287 (Bottomline Webseries Payment Application allows remote attackers
to ...)
- NOTE: not-for-us (BottomLine WebSeries)
+ NOT-FOR-US: BottomLine WebSeries
CAN-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote
attackers to ...)
- NOTE: not-for-us (eMotion MediaPartner)
+ NOT-FOR-US: eMotion MediaPartner
CAN-2005-0285 (Webseries Payment Application does not properly restrict
privileged ...)
- NOTE: not-for-us (BottomLine WebSeries)
+ NOT-FOR-US: BottomLine WebSeries
CAN-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki
allows ...)
- NOTE: not-for-us (QwikiWiki)
+ NOT-FOR-US: QwikiWiki
CAN-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard
(MyBB) ...)
- NOTE: not-for-us (MyBB)
+ NOT-FOR-US: MyBB
CAN-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in
...)
- NOTE: not-for-us (Soldner Secret)
+ NOT-FOR-US: Soldner Secret
CAN-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and
earlier ...)
- NOTE: not-for-us (Soldner Secret)
+ NOT-FOR-US: Soldner Secret
CAN-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle
the ...)
- NOTE: not-for-us (Soldner Secret)
+ NOT-FOR-US: Soldner Secret
CAN-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote
...)
- NOTE: not-for-us (3COM 3CDaemon)
+ NOT-FOR-US: 3COM 3CDaemon
CAN-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision
10 ...)
- NOTE: not-for-us (3COM 3CDaemon)
+ NOT-FOR-US: 3COM 3CDaemon
CAN-2005-0276 (Multiple format string vulnerabilities in the FTP service in
3Com ...)
- NOTE: not-for-us (3COM 3CDaemon)
+ NOT-FOR-US: 3COM 3CDaemon
CAN-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to
cause ...)
- NOTE: not-for-us (3COM 3CDaemon)
+ NOT-FOR-US: 3COM 3CDaemon
CAN-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in
showgallery.php ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in
PhotoPost ...)
- NOTE: not-for-us (PhotoPost)
+ NOT-FOR-US: PhotoPost
CAN-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload
and ...)
- NOTE: not-for-us (ReviewPost)
+ NOT-FOR-US: ReviewPost
CAN-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro
before ...)
- NOTE: not-for-us (ReviewPost)
+ NOT-FOR-US: ReviewPost
CAN-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in
ReviewPost PHP ...)
- NOTE: not-for-us (ReviewPost)
+ NOT-FOR-US: ReviewPost
CAN-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only
verifies ...)
- NOTE: not-for-us (GNUBoard)
+ NOT-FOR-US: GNUBoard
CAN-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows
remote ...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an
...)
- NOTE: not-for-us (FlatNuke)
+ NOT-FOR-US: FlatNuke
CAN-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in
SugarCRM 1.X ...)
- NOTE: not-for-us (SugerCRM)
+ NOT-FOR-US: SugerCRM
CAN-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7
and ...)
- NOTE: not-for-us (OWL intranet)
+ NOT-FOR-US: OWL intranet
CAN-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in
browse.php in ...)
- NOTE: not-for-us (OWL intranet)
+ NOT-FOR-US: OWL intranet
CAN-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local
users ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows
local ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not
drop ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0260 (Stack-based buffer overflow in the Discovery Service for
BrightStor ...)
- NOTE: not-for-us (ARCserve Backup)
+ NOT-FOR-US: ARCserve Backup
CAN-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars
and ...)
- phpbb2 2.0.12-1
CAN-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and
(2) ...)
@@ -10390,19 +10390,19 @@
NOTE: didn''t other with YA mozilla-browser bug, it has enough for
1.7.6 already..
- mozilla 2:1.7.6
CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly
enforce ...)
- NOTE: not-for-us (BibORB)
+ NOT-FOR-US: BibORB
CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2,
and ...)
- NOTE: not-for-us (BibORB)
+ NOT-FOR-US: BibORB
CAN-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly
earlier ...)
- NOTE: not-for-us (BibORB)
+ NOT-FOR-US: BibORB
CAN-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for
BibORB ...)
- NOTE: not-for-us (BibORB)
+ NOT-FOR-US: BibORB
CAN-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2,
and ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec
...)
- NOTE: not-for-us (Symantec AntiVirus Library)
+ NOT-FOR-US: Symantec AntiVirus Library
CAN-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9,
when ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and
earlier ...)
{DSA-683-1}
- postgresql 7.4.7-2
@@ -10414,102 +10414,102 @@
CAN-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the
EXECUTE ...)
- postgresql 7.4.7-1
CAN-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before
...)
- NOTE: not-for-us (Yahoo! Messenger)
+ NOT-FOR-US: Yahoo! Messenger
CAN-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750,
and ...)
- NOTE: not-for-us (Yahoo! Messenger)
+ NOT-FOR-US: Yahoo! Messenger
CAN-2005-0241 (The httpProcessReplyHeader function in http.c for Squid
2.5-STABLE7 ...)
- squid 2.5.7-7
CAN-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly
handle ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows
local ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary
files ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows
local ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d)
flag ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with
logging ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows
local ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris
2.6 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1073 (A race condition in the at command for Solaris 2.6 through 9
allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause
a ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local
users ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9
allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows
remote ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows
local ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used
in ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9
allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4)
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for
SPARC ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to
cause a ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers
to ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame
buffer in ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in
Direct ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users
to ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8
and 9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update
1/01 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST,
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote
attackers ...)
- NOTE: not-for-us (Mailtool for OpenWindows)
+ NOT-FOR-US: Mailtool for OpenWindows
CAN-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through
8 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8
does ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local
users ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail
allows ...)
- NOTE: not-for-us (S/MIME plugin not in Debian)
+ NOT-FOR-US: S/MIME plugin
CAN-2005-0238 (The International Domain Name (IDN) support in Epiphany allows
remote ...)
NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
- epiphany-browser 1.4.8-2
CAN-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1
on KDE ...)
- kdelibs 4:3.3.2-3
CAN-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows
remote ...)
- NOTE: not-for-us (Omniweb)
+ NOT-FOR-US: Omniweb
CAN-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows
...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5
allows ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0,
Camino ...)
NOTE: IDN is now disabled by default in firefox, but there may be a more
elegant
NOTE: solution in the future
@@ -10525,21 +10525,21 @@
NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by
the Windows batch file parser
NOTE: any interpretor would require the file to be +x to execute it and then
would spit if handed a GIF
NOTE: < vorlon> hacim: it''s specific to Windows, home to the
dumbest interpreter on the planet.
- NOTE: not-for-us (Firefox on Windows)
+ NOT-FOR-US: Firefox on Windows
CAN-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data
file ...)
- NOTE: not-for-us (CitrusDB)
+ NOT-FOR-US: CitrusDB
CAN-2005-0228
NOTE: rejected
CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local
users ...)
{DSA-668-1}
CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in
log.c for ...)
- NOTE: not-for-us (ngIRCd)
+ NOT-FOR-US: ngIRCd
CAN-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with
...)
- firehol 1.214-4
CAN-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5
...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2005-0223 (The Software Development Kit (SDK) and Run Time Environment
(RTE) ...)
- NOTE: not-for-us (Java SDK and RTE for Tru64 UNIX)
+ NOT-FOR-US: Java SDK and RTE for Tru64 UNIX
CAN-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain
...)
- gallery 1.4.4-pl5-1
CAN-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery
2.0 ...)
@@ -10549,17 +10549,17 @@
CAN-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery
...)
- gallery 1.4.4-pl5-1
CAN-2005-0217 (SQL injection vulnerability in index.php in Invision Community
Blog ...)
- NOTE: not-for-us (Invision Community Blog )
+ NOT-FOR-US: Invision Community Blog
CAN-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in
Woltlab ...)
- NOTE: not-for-us (Woltlab Burning Board Lite)
+ NOT-FOR-US: Woltlab Burning Board Lite
CAN-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers
to ...)
- NOTE: not-for-us (Mozilla 1.6 for Windows)
+ NOT-FOR-US: Mozilla 1.6 for Windows
CAN-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog)
0.3.7c ...)
- NOTE: not-for-us (SPHPBlog)
+ NOT-FOR-US: SPHPBlog
CAN-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote
...)
- NOTE: not-for-us (WinHKI)
+ NOT-FOR-US: WinHKI
CAN-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and
earlier ...)
- NOTE: not-for-us (The Amp II engine as used by Gore: Ultimate Soldier)
+ NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
CAN-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows
...)
{DSA-667-1}
CAN-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to
cause a ...)
@@ -10602,41 +10602,41 @@
CAN-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a
...)
- dbus 0.22
CAN-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have
been ...)
- NOTE: not-for-us (TikiWiki)
+ NOT-FOR-US: TikiWiki
CAN-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in
...)
- NOTE: not-for-us (ngIRCd)
+ NOT-FOR-US: ngIRCd
CAN-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi
Protocol ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the
bgp ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause
a ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2005-0194 (Squid 2.5, when processing the configuration file, parses empty
Access ...)
{DSA-667-1}
CAN-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in
iSync ...)
- NOTE: not-for-us (mRouter in iSync in OS X)
+ NOT-FOR-US: mRouter in iSync in OS X
CAN-2005-0192 (Directory traversal vulnerability in the parsing of Skin file
names in ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real
Metadata ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5
(6.0.12.1040) and ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-0189 (Stack-based buffer overflow in the HandleAction function in
RealPlayer ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc
...)
- NOTE: not-for-us (AtHoc toolbar)
+ NOT-FOR-US: AtHoc toolbar
CAN-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc
toolbar ...)
- NOTE: not-for-us (AtHoc toolbar)
+ NOT-FOR-US: AtHoc toolbar
CAN-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the
IOS ...)
- NOTE: not-for-us (CIsco)
+ NOT-FOR-US: CIsco
CAN-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00
allows ...)
- NOTE: not-for-us (NodeManager Professional)
+ NOT-FOR-US: NodeManager Professional
CAN-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation
plugin ...)
- NOTE: not-for-us (vacation plugin not in Debian)
+ NOT-FOR-US: vacation plugin
CAN-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail
...)
- NOTE: not-for-us (vacation plugin not in Debian)
+ NOT-FOR-US: vacation plugin
CAN-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates
temporary ...)
- NOTE: not-for-us (mod_dosevasive module for apache)
+ NOT-FOR-US: mod_dosevasive module for apache
CAN-2005-0181
NOTE: reserved
CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function
in ...)
@@ -10670,17 +10670,17 @@
CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass
the ...)
- php4 4:4.3.10-3
CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon
(PPPoEd) in ...)
- NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
+ NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CAN-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX
RTP 6.1 ...)
- NOTE: not-for-us (PPPoE daemon (PPPoEd) in QNX RTP)
+ NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CAN-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative
...)
- NOTE: not-for-us (Veritas NetBackup Administrative Assistant)
+ NOT-FOR-US: Veritas NetBackup Administrative Assistant
CAN-2004-1388 (Format string vulnerability in the gpsd_report function for
BerliOS ...)
- gpsd 2.7-4
CAN-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows
local ...)
- apache 1.3.33-3
CAN-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded
images, ...)
- NOTE: not-for-us (TikiWiki)
+ NOT-FOR-US: TikiWiki
CAN-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to
gain ...)
- phpgroupware 0.9.16.005-1
CAN-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in
phpGroupWare ...)
@@ -10744,14 +10744,14 @@
CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6
allows ...)
{DSA-662-1}
CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License
Management ...)
- NOTE: not-for-us (Adobe License Management Software)
+ NOT-FOR-US: Adobe License Management Software
CAN-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or
(2) ...)
- mozilla-firefox 1.0
CAN-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does
not ...)
- mozilla-thunderbird 0.7
- mozilla 2:1.7.4
CAN-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses
the ...)
- NOTE: not-for-us (thunderbird on windows)
+ NOT-FOR-US: thunderbird on windows
CAN-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to
use a ...)
- mozilla-firefox 1.0
- mozilla 2:1.7.5
@@ -10774,11 +10774,11 @@
- mozilla-firefox 1.0
- mozilla 2:1.7.5
CAN-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary
code via ...)
- NOTE: not-for-us (PeID)
+ NOT-FOR-US: PeID
CAN-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26,
and ...)
- NOTE: not-for-us (Irix)
+ NOT-FOR-US: Irix
CAN-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not
correctly ...)
- NOTE: not-for-us (Irix)
+ NOT-FOR-US: Irix
CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local
users to ...)
NOTE: Does not affect 2.6 based kernels in Debian
- kernel-source-2.4.27 2.4.27-10
@@ -10788,7 +10788,7 @@
CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64)
...)
- kernel-source-2.6.8 2.6.8-14
CAN-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not
properly ...)
- NOTE: not-for-us (SCO UnixWare)
+ NOT-FOR-US: SCO UnixWare
CAN-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
- mozilla-firefox 1.0
- mozilla 2:1.7.5
@@ -10808,11 +10808,11 @@
CAN-2005-0128
NOTE: reserved
CAN-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header,
...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to
execute ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2005-0125 (The "at" commands on Mac OS X 10.3.7 and
earlier do not properly drop ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c)
for ...)
- kernel-source-2.4.27 2.4.27-8
NOTE: 2.6.8 apparently ok
@@ -10821,29 +10821,29 @@
CAN-2005-0122
NOTE: rejected
CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local
users ...)
- NOTE: not-for-us (golddig)
+ NOT-FOR-US: golddig
CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete
arbitrary ...)
- NOTE: not-for-us (helvis)
+ NOT-FOR-US: helvis
CAN-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and
read the ...)
- NOTE: not-for-us (helvis)
+ NOT-FOR-US: helvis
CAN-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world
readable ...)
- NOTE: not-for-us (helvis)
+ NOT-FOR-US: helvis
CAN-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to
execute ...)
- xshisen 1.51-1-1.1
CAN-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote
attackers to ...)
- awstats 6.2-1.1
CAN-2005-0115 (Stack-based buffer overflow in DataRescue Interactive
Disassembler ...)
- NOTE: not-for-us (DataRescue Interactive Disassembler)
+ NOT-FOR-US: DataRescue Interactive Disassembler
CAN-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm
...)
- NOTE: not-for-us (ZoneAlarm)
+ NOT-FOR-US: ZoneAlarm
CAN-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary
commands ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2005-0112 (The web-based administrative interface for 3Com OfficeConnect
Wireless ...)
- NOTE: not-for-us (3Com OfficeConnect Wireless 11g Access Point)
+ NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
CAN-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL
MaxDB ...)
- maxdb-7.5.00 7.5.00.18
CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2005-0109 (Hyper-Threading technology, as used in FreeBSD other operating
systems ...)
NOTE: According to Linus Torvalds and others on linux-kernel this is a
theoretical
NOTE: attack, paranoid people should disable hyper threading
@@ -10902,7 +10902,7 @@
NOTE: debian does not have stack protection, but it''s fixed anyway
since 1.0.9
- alsa-lib 1.0.9-1
CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3
...)
- NOTE: not-for-us (redhat specific less bug)
+ NOT-FOR-US: redhat specific less bug
CAN-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig)
before ...)
{DSA-680-1}
- htdig 1:3.1.6-11
@@ -10924,7 +10924,7 @@
CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in)
...)
- a2ps 1:4.13b-4.3
CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (mod_access_referer)
+ NOT-FOR-US: mod_access_referer
CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute
...)
- xshisen 1.51-1-1
CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in
Ubuntu 4.10 ...)
@@ -10969,53 +10969,53 @@
NOTE: only affects source package, not used in binary
- cupsys <unfixed> (bug #324459; unimportant)
CAN-2005-0063 (The document processing application used by the Windows Shell in
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0062
NOTE: reserved
CAN-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2,
and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0060 (Buffer overflow in the font processing component of Microsoft
Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft
Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0058 (Buffer overflow in the Telephony Application Programming
Interface ...)
- NOTE: not-for-us (TAPI for Windows)
+ NOT-FOR-US: TAPI for Windows
CAN-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and
Server 2003 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate
certain ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate
buffers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to
spoof a ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to
execute ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0052
NOTE: reserved
CAN-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0050 (The License Logging service for Windows NT Server, Windows 2000
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0049 (Windows SharePoint Services and SharePoint Team Services for
Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server
2003, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0047 (Windows 2000, XP, and Server 2003 does not properly
"validate the use ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0046
NOTE: reserved
CAN-2005-0045 (The Server Message Block (SMB) implementation for Windows NT
4.0, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to
execute ...)
- NOTE: not-for-us (iTunes)
+ NOT-FOR-US: iTunes
CAN-2005-0042
NOTE: reserved
CAN-2005-0041
NOTE: reserved
CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in
DotNetNuke ...)
- NOTE: not-for-us (DotNetNuke)
+ NOT-FOR-US: DotNetNuke
CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating
Security ...)
NOTE: These are known issues of IPSEC and basically every VPN system using
NOTE: encryption without authentication.
@@ -11027,76 +11027,76 @@
CAN-2005-0036
NOTE: reserved
CAN-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0
and ...)
- NOTE: not-for-us (Adobe)
+ NOT-FOR-US: Adobe
CAN-2005-0034 (An "incorrect assumption" in the authvalidated
validator function in ...)
NOTE: only affects bind9 9.3.0, we have an earlier version
NOTE: fixed in 9.3.1
CAN-2005-0033 (Buffer overflow in the code for recursion and glue fetching in
BIND ...)
- bind 1:8.4.6-1
CAN-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer
5.01, ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in
HP-UX ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users
to ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote
attackers ...)
- NOTE: not-for-us (Shoutcast)
+ NOT-FOR-US: Shoutcast
CAN-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1
allow ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that
run ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause
a ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote
attackers to ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1367 (Oracle 10g Database Server, when installed with a password that
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN
account ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to
load a ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and
10g ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers
to ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle
Application ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000
through ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9,
when ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and
9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9
disable ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not
...)
- NOTE: not-for-us (ssh on Solaris)
+ NOT-FOR-US: ssh on Solaris
CAN-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8
and 9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and
9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9
generates ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using
Role ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9
may ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris
7 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server
...)
- NOTE: not-for-us (Sun Java System Web Proxy Server )
+ NOT-FOR-US: Sun Java System Web Proxy Server
CAN-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force
flags, ...)
- NOTE: not-for-us (gzip on Solaris)
+ NOT-FOR-US: gzip on Solaris
CAN-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote
attackers ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to
cause ...)
- NOTE: not-for-us (xdm on Solaris)
+ NOT-FOR-US: xdm on Solaris
CAN-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local
users ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager
(ESM) ...)
- NOTE: not-for-us (Sun StorEdge Enterprise Storage Manager)
+ NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
CAN-2004-1344
NOTE: reserved
CAN-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly
handle when ...)
@@ -11179,7 +11179,7 @@
- kernel-source-2.6.8 2.6.8-9
- kernel-source-2.6.9 2.6.9-3
CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password,
does not ...)
- NOTE: not-for-us (poppassd_pam)
+ NOT-FOR-US: poppassd_pam
CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux
kernel ...)
NOTE: i386 and smp specific
- kernel-source-2.6.8 2.6.8-13
@@ -11188,9 +11188,9 @@
- kernel-image-2.4.27-speakup 2.4.27-1.1
- kernel-patch-powerpc-2.6.8 2.6.8-10
CAN-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1
and ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain
privileges ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux
kernel 2.6 ...)
- kernel-source-2.6.8 2.6.8-14
- kernel-source-2.6.9 2.6.9-6
@@ -11214,33 +11214,33 @@
- kernel-source-2.4.27 2.4.27-9
NOTE: will be fixed in 2.4.27-9
CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i,
with ...)
- NOTE: not-for-us (hpux)
+ NOT-FOR-US: hpux
CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2
allows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local
users ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-1329 (Untrusted execution path vulnerability in the diag commands (1)
...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and
B.11.11 ...)
- NOTE: not-for-us (hpux)
+ NOT-FOR-US: hpux
CAN-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote
malicious ...)
- NOTE: not-for-us (Crystal FTP client)
+ NOT-FOR-US: Crystal FTP client
CAN-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to
execute ...)
- NOTE: not-for-us (Ultrix)
+ NOT-FOR-US: Ultrix
CAN-2004-1325 (The getItemInfoByAtom function in the ActiveX control for
Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0
allow ...)
- NOTE: not-for-us (Netbsd)
+ NOT-FOR-US: Netbsd
CAN-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft
...)
- NOTE: not-for-us (Microsoft/Cisco)
+ NOT-FOR-US: Microsoft/Cisco
CAN-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06
stores ...)
- NOTE: not-for-us (Asante FM2008)
+ NOT-FOR-US: Asante FM2008
CAN-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default
username ...)
- NOTE: not-for-us (Asante FM2008)
+ NOT-FOR-US: Asante FM2008
CAN-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to
inject ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for
Namazu ...)
{DSA-627-1}
- namazu2 2.0.14
@@ -11251,17 +11251,17 @@
CAN-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes
the ...)
- phpbb2 2.0.10-3
CAN-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites
by ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and
possibly ...)
- NOTE: not-for-us (My Firewall Plus)
+ NOT-FOR-US: My Firewall Plus
CAN-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as
used ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1311 (Integer overflow in the real_setup_and_get_header function in
real.c ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c
functionality ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in
...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for
libtiff ...)
{DSA-617-1}
- libtiff4 3.6.1-4
@@ -11269,23 +11269,23 @@
CAN-2004-1307 (Integer overflow in the TIFFFetchStripThing function in
tif_dirread.c ...)
- tiff 3.7.0 (low)
CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT,
Windows 2000 ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT,
Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in
file ...)
- file 4.12
CAN-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows
...)
- NOTE: not-for-us (Yanf)
+ NOT-FOR-US: Yanf
CAN-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote
...)
- NOTE: not-for-us (YAMT)
+ NOT-FOR-US: YAMT
CAN-2004-1301 (Buffer overflow in the book_format_sql function in format.c for
...)
- NOTE: not-for-us (xlreader)
+ NOT-FOR-US: xlreader
CAN-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c
for ...)
- xine-lib 1-rc8-1
CAN-2004-1299 (Buffer overflow in the get_attr function in html.c for
vilistextum ...)
- NOTE: not-for-us (vilistextum)
+ NOT-FOR-US: vilistextum
CAN-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02
allows ...)
- NOTE: not-for-us (vb2c)
+ NOT-FOR-US: vb2c
CAN-2004-1297 (Buffer overflow in the process_font_table function in convert.c
for ...)
- unrtf 0.19.3-1.1
CAN-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1
allow ...)
@@ -11296,58 +11296,58 @@
CAN-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP
...)
- tnftp <unfixed> (bug #285902; medium)
CAN-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
- NOTE: not-for-us (rtf2latex2e)
+ NOT-FOR-US: rtf2latex2e
CAN-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c
for ...)
- NOTE: not-for-us (ringtonetools)
+ NOT-FOR-US: ringtonetools
CAN-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the
...)
- NOTE: not-for-us (qwik-smtpd)
+ NOT-FOR-US: qwik-smtpd
CAN-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for
pgn2web ...)
- NOTE: not-for-us (pgn2web)
+ NOT-FOR-US: pgn2web
CAN-2004-1289 (Multiple buffer overflows in (1) the getline function in
pcalutil.c ...)
{DSA-625-1}
- pcal 4.8.0-1
CAN-2004-1288 (Buffer overflow in the parse_html function in o3read.c for
o3read ...)
- NOTE: not-for-us (o3read)
+ NOT-FOR-US: o3read
CAN-2004-1287 (Buffer overflow in the error function in preproc.c for NASM
0.98.38 ...)
{DSA-623-1}
- nasm 0.98.38-1.1
CAN-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for
...)
- NOTE: not-for-us (NapShare)
+ NOT-FOR-US: NapShare
CAN-2004-1285 (Buffer overflow in the get_header function in
asf_mmst_streaming.c for ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for
...)
NOTE: non-free
NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused
regressions
- mpg123 0.59r-20
CAN-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview
...)
- NOTE: not-for-us (mview)
+ NOT-FOR-US: mview
CAN-2004-1282 (Buffer overflow in the strexpand function in string.c for
LinPopUp ...)
{DSA-632-1}
- linpopup 1.2.0-7
CAN-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious
FTP ...)
- NOTE: not-for-us (junkie)
+ NOT-FOR-US: junkie
CAN-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie
0.3.1 ...)
- NOTE: not-for-us (junkie)
+ NOT-FOR-US: junkie
CAN-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi
1.5 ...)
- NOTE: not-for-us (jpegtoavi)
+ NOT-FOR-US: jpegtoavi
CAN-2004-1278 (Buffer overflow in the switch_voice function in parse.c for
jcabc2ps ...)
- NOTE: not-for-us (jcabc2ps)
+ NOT-FOR-US: jcabc2ps
CAN-2004-1277 (The download_selection_recursive() function in ftplist.c for
IglooFTP ...)
- NOTE: not-for-us (IglooFTP)
+ NOT-FOR-US: IglooFTP
CAN-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows
local ...)
- NOTE: not-for-us (IglooFTP)
+ NOT-FOR-US: IglooFTP
CAN-2004-1275 (Buffer overflow in the remove_quote function in convert.c for
...)
- NOTE: not-for-us (html2hdml)
+ NOT-FOR-US: html2hdml
CAN-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows
remote ...)
- NOTE: not-for-us (greed)
+ NOT-FOR-US: greed
NOTE: not the game in debian, the file download tool
CAN-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed
0.81p ...)
- NOTE: not-for-us (greed)
+ NOT-FOR-US: greed
NOTE: not the game in debian, the file download tool
CAN-2004-1272 (Buffer overflow in the save_embedded_address function in
filter.c for ...)
- filter 2.4.2-1.1
CAN-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2
allows ...)
- NOTE: not-for-us (dxfscope)
+ NOT-FOR-US: dxfscope
CAN-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not
ensure ...)
- cupsys 1.1.22-2
CAN-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if
it ...)
@@ -11357,32 +11357,32 @@
CAN-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in
the ...)
- cupsys 1.1.22-2
CAN-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp
for ...)
- NOTE: not-for-us (csv2xml)
+ NOT-FOR-US: csv2xml
CAN-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp
for the ...)
- NOTE: not-for-us (Convex)
+ NOT-FOR-US: Convex
CAN-2004-1264 (Buffer overflow in the simplify_path function in config.c for
ChBg 1.5 ...)
{DSA-644-1}
- chbg 1.5-4
CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid,
...)
- NOTE: not-for-us (ChangePassword)
+ NOT-FOR-US: ChangePassword
CAN-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for
bsb2ppm ...)
- NOTE: not-for-us (bsb2ppm)
+ NOT-FOR-US: bsb2ppm
CAN-2004-1261 (Multiple buffer overflows in the preparse function in asp2php
0.76.23 ...)
- NOTE: not-for-us (asp2php)
+ NOT-FOR-US: asp2php
CAN-2004-1260 (Multiple buffer overflows in the (1) write_heading function in
...)
- NOTE: not-for-us (abctab2ps)
+ NOT-FOR-US: abctab2ps
CAN-2004-1259 (Multiple buffer overflows in the handle_directive function in
abcpp.c ...)
- NOTE: not-for-us (abcpp)
+ NOT-FOR-US: abcpp
CAN-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps
3.7.20 ...)
- abcm2ps 4.8.5-1
CAN-2004-1257 (Buffer overflow in the process_abc function in abc.c for
abc2mtex ...)
- NOTE: not-for-us (abc2mtex)
+ NOT-FOR-US: abc2mtex
CAN-2004-1256 (Multiple buffer overflows in the (1) event_text and (2)
event_specific ...)
- abcmidi 20050101-1
CAN-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows
remote ...)
- NOTE: not-for-us (2fax)
+ NOT-FOR-US: 2fax
CAN-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote
attackers to ...)
- NOTE: not-for-us (WinRAR)
+ NOT-FOR-US: WinRAR
CAN-2004-1253
NOTE: reserved
CAN-2004-1252
@@ -11402,7 +11402,7 @@
CAN-2004-1245
NOTE: reserved
CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1243
NOTE: rejected
CAN-2004-1242
@@ -11418,7 +11418,7 @@
CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the
audit ...)
NOTE: apparently redhat specific
CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory
Server ...)
- NOTE: not-for-us (Netscape Directory Server on HP-UX)
+ NOT-FOR-US: Netscape Directory Server on HP-UX
CAN-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout
...)
- kernel-source-2.6.8 2.6.8-12
- kernel-image-2.6.8-2-386 2.6.8-12
@@ -11444,92 +11444,92 @@
CAN-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to
cause a ...)
NOTE: fixed after 2.4.25
CAN-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a
...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1232 (Stack-based buffer overflow in the code that sends images in
Gadu-Gadu ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote
attackers ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information
and ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu
allows ...)
- NOTE: not-for-us (Gadu-Gadu)
+ NOT-FOR-US: Gadu-Gadu
CAN-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier
are not ...)
- NOTE: not-for-us (SugarCRM Sugar Sales)
+ NOT-FOR-US: SugarCRM Sugar Sales
CAN-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c
and ...)
- NOTE: not-for-us (SugarCRM Sugar Sales)
+ NOT-FOR-US: SugarCRM Sugar Sales
CAN-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers
to ...)
- NOTE: not-for-us (SugarCRM Sugar Sales)
+ NOT-FOR-US: SugarCRM Sugar Sales
CAN-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before
2.0.1a ...)
- NOTE: not-for-us (SugarCRM Sugar Sales)
+ NOT-FOR-US: SugarCRM Sugar Sales
CAN-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr
0.55 ...)
- mtr 0.67-1
CAN-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows
...)
- NOTE: not-for-us (F-Secure Policy Manager)
+ NOT-FOR-US: F-Secure Policy Manager
CAN-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (weblibs.pl)
+ NOT-FOR-US: weblibs.pl
CAN-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0
allows ...)
- NOTE: not-for-us (weblibs.pl)
+ NOT-FOR-US: weblibs.pl
CAN-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2
and ...)
- NOTE: not-for-us (Battlefield 1942, Battlefield Vietnam)
+ NOT-FOR-US: Battlefield 1942, Battlefield Vietnam
CAN-2004-1219 (paFileDB 3.1, when using sessions authentication and while the
...)
- NOTE: not-for-us (paFileDB)
+ NOT-FOR-US: paFileDB
CAN-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of
...)
- NOTE: not-for-us (Remote Execute)
+ NOT-FOR-US: Remote Execute
CAN-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions,
allows ...)
- NOTE: not-for-us (Hosting Controller)
+ NOT-FOR-US: Hosting Controller
CAN-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow
remote ...)
- NOTE: not-for-us (Kreed)
+ NOT-FOR-US: Kreed
CAN-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Kreed)
+ NOT-FOR-US: Kreed
CAN-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows
remote ...)
- NOTE: not-for-us (Kreed)
+ NOT-FOR-US: Kreed
CAN-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in
Advanced ...)
- NOTE: not-for-us (Advanced Guestbook)
+ NOT-FOR-US: Advanced Guestbook
CAN-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog
Torrent ...)
- NOTE: not-for-us (Blog Torrent)
+ NOT-FOR-US: Blog Torrent
CAN-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...)
- NOTE: not-for-us (Mercury Mail)
+ NOT-FOR-US: Mercury Mail
CAN-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in
IPCop ...)
- NOTE: not-for-us (IpCop)
+ NOT-FOR-US: IpCop
CAN-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL
fields, ...)
- NOTE: not-for-us (Verisign Payflow Link)
+ NOT-FOR-US: Verisign Payflow Link
CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (Orbz)
+ NOT-FOR-US: Orbz
CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid
Protocol ...)
- NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, (2)
Nitro family, and (3) Serious Sam Second Encounter)
+ NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro
family, and (3) Serious Sam Second Encounter
CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
- NOTE: not-for-us (pnTresMailer)
+ NOT-FOR-US: pnTresMailer
CAN-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers
to ...)
- NOTE: not-for-us (pnTresMailer)
+ NOT-FOR-US: pnTresMailer
CAN-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause
a ...)
NOTE: at best a local DOS by the user running fluxbox.
NOTE: Where''s the security hole?
- fluxbox 0.9.11-1
CAN-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and
debug ...)
- NOTE: not-for-us (phpCMS)
+ NOT-FOR-US: phpCMS
CAN-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS
1.2.1 ...)
- NOTE: not-for-us (phpCMS)
+ NOT-FOR-US: phpCMS
CAN-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service
...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of
...)
NOTE: memory leak, doubt it''s usefully exploitable
NOTE: did not followup
CAN-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause
a ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite
inShop ...)
- NOTE: not-for-us (inShop)
+ NOT-FOR-US: inShop
CAN-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite
Inmail ...)
- NOTE: not-for-us (Insite Inmail)
+ NOT-FOR-US: Insite Inmail
CAN-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (Star Wars Battlefront)
+ NOT-FOR-US: Star Wars Battlefront
CAN-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows
...)
- NOTE: not-for-us (Star Wars Battlefront)
+ NOT-FOR-US: Star Wars Battlefront
CAN-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges
to ...)
- NOTE: not-for-us (Prevex Home)
+ NOT-FOR-US: Prevex Home
CAN-2004-1192 (Format string vulnerability in the lprintf function in
Citadel/UX 6.27 ...)
- NOTE: not-for-us (Citadel/UX)
+ NOT-FOR-US: Citadel/UX
CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP
systems ...)
NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
- kernel-source-2.6.8 2.6.8-16
@@ -11579,9 +11579,9 @@
CAN-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows
...)
{DSA-639-1}
CAN-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup
...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas
Backup ...)
- NOTE: not-for-us (Veritas Backup Exec)
+ NOT-FOR-US: Veritas Backup Exec
CAN-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that
are ...)
- kdelibs 4:3.3.1-2
- kdebase 4:3.3.1-3
@@ -11593,48 +11593,48 @@
CAN-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB
WebTools ...)
- maxdb-webtools 7.5.00.19-1
CAN-2004-1167 (mirrorselect before 0.89 creates temporary files in a
world-writable ...)
- NOTE: not-for-us (gentoo mirrorselect)
+ NOT-FOR-US: gentoo mirrorselect
CAN-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows
remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP
...)
{DSA-631-1}
CAN-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through
6.1.1.3 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1163 (Cisco CNS Network Registrar Central Configuration Management
(CCM) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1162 (The unison command in scponly before 4.0 does not properly
restrict ...)
- scponly 4.0-1
CAN-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that
can be ...)
- rssh 2.2.3-1
CAN-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote
...)
- NOTE: not-for-us (Netscape)
+ NOT-FOR-US: Netscape
CAN-2004-1159
NOTE: rejected
CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows
...)
- kdelibs 4:3.3.1-3
- kdebase 4:3.3.1-4
CAN-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote
...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote
...)
- mozilla 2:1.7.6-1
- mozilla-firefox 1.0.1
CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to
spoof ...)
- NOTE: not-for-us (Microsoft MSIE)
+ NOT-FOR-US: Microsoft MSIE
CAN-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and
3.0.x ...)
{DSA-701-1}
- samba 3.0.10-1
CAN-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0
through ...)
- NOTE: not-for-us (Adobe Acrobat Reader)
+ NOT-FOR-US: Adobe Acrobat Reader
CAN-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat
Reader ...)
- NOTE: not-for-us (Adobe Acrobat Reader)
+ NOT-FOR-US: Adobe Acrobat Reader
CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2)
...)
NOTE: Fixed in upstream 2.6.10
- kernel-source-2.6.8 2.6.8-11
- kernel-source-2.6.9 2.6.9-4
CAN-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp
5.0 ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4,
including ...)
- NOTE: not-for-us (Computer Associates eTrust EZ Antivirus)
+ NOT-FOR-US: Computer Associates eTrust EZ Antivirus
CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir
functionality, ...)
- phpmyadmin 2:2.6.1-rc1-1
CAN-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with
external ...)
@@ -11662,23 +11662,23 @@
CAN-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux
kernel ...)
- kernel-image-2.4.27-i386 2.4.27-7
CAN-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other
...)
- NOTE: not-for-us (CuteFTP)
+ NOT-FOR-US: CuteFTP
CAN-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow
...)
- NOTE: not-for-us (WS-Ftpd)
+ NOT-FOR-US: WS-Ftpd
CAN-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows
remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft
W3Who ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1132
NOTE: reserved
CAN-2004-1131 (Multiple buffer overflows in the enable command for SCO
OpenServer ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in
CMailServer ...)
- NOTE: not-for-us (CMailServer)
+ NOT-FOR-US: CMailServer
CAN-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2)
addressc.asp, and ...)
- NOTE: not-for-us (CMailServer)
+ NOT-FOR-US: CMailServer
CAN-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote
...)
- NOTE: not-for-us (CMailServer)
+ NOT-FOR-US: CMailServer
CAN-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers,
with ...)
- opendchub 0.7.14-1.1
CAN-2004-1126
@@ -11691,71 +11691,71 @@
- gpdf 2.8.2-1
- koffice 1:1.3.5-1
CAN-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through
7.1.4 ...)
- NOTE: not-for-us (UnixWare)
+ NOT-FOR-US: UnixWare
CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions,
allows ...)
- NOTE: not-for-us (Darwin Streaming Server)
+ NOT-FOR-US: Darwin Streaming Server
CAN-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows
inactive ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof
the ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3)
main.c ...)
{DSA-663-1}
- prozilla 1:1.3.7.3-1
CAN-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and
...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX
component ...)
- NOTE: not-for-us (WodFtpDLX.ocx ActiveX component)
+ NOT-FOR-US: WodFtpDLX.ocx ActiveX component
CAN-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute
user-owned ...)
- NOTE: not-for-us (ChessBrain)
+ NOT-FOR-US: ChessBrain
CAN-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS)
23.9 ...)
- NOTE: not-for-us (GIMPS)
+ NOT-FOR-US: GIMPS
CAN-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence
(SETI) ...)
NOTE: gentoo-specific permissions problems in setaiathome
CAN-2004-1114 (Buffer overflow in the handling of command line arguments in
Skype ...)
- NOTE: not-for-us (Skype)
+ NOT-FOR-US: Skype
CAN-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting
service ...)
- NOTE: not-for-us (SQLgrey Postfix greylisting serivce)
+ NOT-FOR-US: SQLgrey Postfix greylisting serivce
CAN-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before
4.0.3 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S,
12.2(18)SE, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows
local ...)
- mtink 1.0.5
NOTE: debian not vulnerable except in edge case
CAN-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and
earlier ...)
- NOTE: not-for-us (Kerio Personal Firewall)
+ NOT-FOR-US: Kerio Personal Firewall
CAN-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to
...)
- NOTE: not-for-us (Gentoolkit)
+ NOT-FOR-US: Gentoolkit
CAN-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local
users to ...)
- NOTE: not-for-us (Portage)
+ NOT-FOR-US: Portage
CAN-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3
and ...)
{DSA-642-1}
- gallery 1.4.4-pl4-1
CAN-2004-1105 (Nortel Networks Contivity VPN Client displays a different error
...)
- NOTE: not-for-us (Nortel Networks Contivity VPN Client)
+ NOT-FOR-US: Nortel Networks Contivity VPN Client
CAN-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to
spoof a ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode
is ...)
- NOTE: not-for-us (MailPost)
+ NOT-FOR-US: MailPost
CAN-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a
different ...)
- NOTE: not-for-us (MailPost)
+ NOT-FOR-US: MailPost
CAN-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions,
...)
- NOTE: not-for-us (MailPost)
+ NOT-FOR-US: MailPost
CAN-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in
MailPost ...)
- NOTE: not-for-us (MailPost)
+ NOT-FOR-US: MailPost
CAN-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and
Cisco ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass
virus ...)
- mime-tools 5.415-1
CAN-2004-1097 (Format string vulnerability in the
cherokee_logger_ncsa_write_string ...)
- NOTE: not-for-us (Cherokee)
+ NOT-FOR-US: Cherokee
CAN-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus
programs ...)
- libarchive-zip-perl 1.14-1
CAN-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3)
...)
{DSA-608-1}
- zgv 5.7-1.3
CAN-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through
RealPlayer ...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
{DSA-639-1}
CAN-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
@@ -11765,31 +11765,31 @@
CAN-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote
attackers to ...)
{DSA-639-1}
CAN-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when
using ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5,
allows ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that
"Secure Keyboard ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows
...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6
allows ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote
attackers to ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to
files ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and
...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server
does ...)
- NOTE: not-for-us (Apple MacOS)
+ NOT-FOR-US: Apple MacOS
CAN-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0,
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for
ncpfs ...)
- ncpfs 2.2.5-2
CAN-2004-1078 (Stack-based buffer overflow in the client for Citrix Program
...)
- NOTE: not-for-us (Citrix)
+ NOT-FOR-US: Citrix
CAN-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and
earlier and ...)
- NOTE: not-for-us (Citrix)
+ NOT-FOR-US: Citrix
CAN-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in
Atari800 ...)
{DSA-609-1}
- atari800 1.3.2-1
@@ -11819,7 +11819,7 @@
NOTE: to only affect 2.2 series.
NOTE: 1.5.19 also seems ok
CAN-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through
5.3, and ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2004-1065 (Buffer overflow in the exif_read_data function in PHP before
4.3.10 ...)
- php4 4:4.3.10-1
CAN-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2
truncate ...)
@@ -11856,9 +11856,9 @@
CAN-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- phpmyadmin 2:2.6.0-pl3-1
CAN-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX
5.1.0, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows
remote ...)
- NOTE: not-for-us (fetch on FreeBSD)
+ NOT-FOR-US: fetch on FreeBSD
CAN-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9,
and ...)
{DSA-595-1}
NOTE: bnc is not in sarge or unstable (is in woody)
@@ -11866,9 +11866,9 @@
{DSA-596-2 DSA-596-1}
- sudo 1.6.8p3-1
CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for
Microsoft ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-1048
NOTE: reserved
CAN-2004-1047
@@ -11880,7 +11880,7 @@
CAN-2004-1044
NOTE: reserved
CAN-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers
to ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-1042
NOTE: reserved
CAN-2004-1041
@@ -11888,9 +11888,9 @@
CAN-2004-1040
NOTE: reserved
CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and
7.0.1, ...)
- NOTE: not-for-us (SCO UnixWare)
+ NOT-FOR-US: SCO UnixWare
CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers
with ...)
- NOTE: not-for-us (IEEE1394 specification bug, physical security)
+ NOT-FOR-US: IEEE1394 specification bug, physical security
CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to
...)
- twiki 20030201-6
CAN-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of
encoded ...)
@@ -11909,9 +11909,9 @@
CAN-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions
...)
- fcron 2.9.5.1-1
CAN-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment
(JRE) ...)
- NOTE: not-for-us (Sun JRE)
+ NOT-FOR-US: Sun JRE
CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM
5.1.0, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-1027 (Directory traversal vulnerability in the -x (extract) command
line ...)
{DSA-652-1}
NOTE: sarge''s unarj is from a different code base, probably not
vulnerable
@@ -11926,11 +11926,11 @@
CAN-2004-1024
NOTE: reserved
CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before
1.0.1, and ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before
1.0.1, and ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions,
does ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-1020 (The addslashes function in PHP 4.3.6 through 4.3.9 and 5.0.0
through ...)
- php4 4:4.3.10-1
CAN-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to
5.0.2 ...)
@@ -11976,7 +11976,7 @@
CAN-2004-1004 (Multiple format string vulnerabilities in Midnight Commander
(mc) ...)
{DSA-639-1}
CAN-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially
sensitive ...)
- NOTE: not-for-us (Trend ScanMail)
+ NOT-FOR-US: Trend ScanMail
CAN-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote
...)
- ppp 2.4.2+20040428-3
CAN-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow
4.0.4.1, ...)
@@ -12007,7 +12007,7 @@
CAN-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to
cause ...)
{DSA-604-1}
CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in
...)
- NOTE: not-for-us (Proxytunnel)
+ NOT-FOR-US: Proxytunnel
CAN-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote
attackers to ...)
- mpg123 0.59r-19
CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2),
and ...)
@@ -12017,7 +12017,7 @@
CAN-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2),
and ...)
{DSA-582-1}
CAN-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running
on ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0987 (Buffer overflow in the process_menu function in yardradius
1.0.20 ...)
{DSA-598-1}
- yardradius 1.0.20-15
@@ -12025,7 +12025,7 @@
{DSA-580-1}
- iptables 1.2.11-4
CAN-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers
to ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils
...)
- mailutils 1:0.5-4
CAN-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2,
allows ...)
@@ -12042,9 +12042,9 @@
{DSA-592-1}
- ez-ipupdate 3.0.11b8-8
CAN-2004-0979 (Internet Explorer on Windows XP does not properly modify the
"Drag and ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat)
ActiveX ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier
allows local ...)
{DSA-577-1}
- postgresql 7.4.6-1
@@ -12082,16 +12082,16 @@
CAN-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext
...)
- gettext 0.14.1-6
CAN-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the
user-specified ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older
versions for ...)
{DSA-587-1}
NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
NOTE: DSA says zinf not vulnerable in sarge
- zinf 2.2.5
CAN-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and
...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as
root ...)
- NOTE: not-for-us (Apple Remote Desktop Client)
+ NOT-FOR-US: Apple Remote Desktop Client
CAN-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers
to ...)
- freeradius 1.0.1
CAN-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a
denial of ...)
@@ -12114,11 +12114,11 @@
CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x
server ...)
NOTE: jabber version 2 is vulnerable, we have an older version that seems not
CAN-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using
the ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX
before ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to
obtain ...)
- NOTE: not-for-us (NetOp Host)
+ NOT-FOR-US: NetOp Host
CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem
(smbfs) in ...)
NOTE: fixed in 2.4.28, 2.6.9
TODO: check with kernel people re 2.4.27
@@ -12131,9 +12131,9 @@
CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit
...)
NOTE: does not apply per maintainer
CAN-2004-0945 (The web management interface for Mitel 3300 Integrated
Communications ...)
- NOTE: not-for-us (Mitel 3300 Integrated Communications Platform)
+ NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CAN-2004-0944 (The web management interface for Mitel 3300 Integrated
Communications ...)
- NOTE: not-for-us (Mitel 3300 Integrated Communications Platform)
+ NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CAN-2004-0943
NOTE: reserved
CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to
cause a ...)
@@ -12146,22 +12146,22 @@
{DSA-594-1}
- apache 1.3.33-2
CAN-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE)
3.x and ...)
- NOTE: not-for-us (Neoteris Instant Virtual Extranet)
+ NOT-FOR-US: Neoteris Instant Virtual Extranet
CAN-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a
denial of ...)
- freeradius 1.0.1
CAN-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for
Windows 95, ...)
- NOTE: not-for-us (Sophos Anti-Virus)
+ NOT-FOR-US: Sophos Anti-Virus
CAN-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus
protection ...)
- NOTE: not-for-us (RAV antivirus)
+ NOT-FOR-US: RAV antivirus
CAN-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote
...)
- NOTE: not-for-us (Eset anti-virus)
+ NOT-FOR-US: Eset anti-virus
CAN-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus
...)
- NOTE: not-for-us (Kaspersky antivirus)
+ NOT-FOR-US: Kaspersky antivirus
NOTE: Kaspersky engine is supported by amavas-ng
CAN-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0
...)
- NOTE: not-for-us (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus)
+ NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus
CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on
Oct 13th ...)
- NOTE: not-for-us (McAfee Anti-Virus Engine DATS drivers)
+ NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers
CAN-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a
denial ...)
- maxdb-7.5.00 7.5.00.18
CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly
other ...)
@@ -12169,30 +12169,30 @@
CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in
...)
NOTE: tiff3g was removed from debian
CAN-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia
ColdFusion MX ...)
- NOTE: not-for-us (Macromedia)
+ NOT-FOR-US: Macromedia
CAN-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same
example ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8
through ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH
enabled, ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an
initial ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a
...)
{DSA-566-1}
CAN-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain
conditions, ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has
mounted an ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a
virus ...)
- NOTE: not-for-us (norton)
+ NOT-FOR-US: norton
CAN-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users
to ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for
Squid ...)
{DSA-576-1}
- squid 2.5.7
CAN-2004-0917 (The default installation of Vignette Application Portal installs
the ...)
- NOTE: not-for-us (Vignette Application Portal)
+ NOT-FOR-US: Vignette Application Portal
CAN-2004-0916 (Directory traversal vulnerability in cabextract before 1.1
allows ...)
{DSA-574-1}
- cabextract 1.1-1
@@ -12227,7 +12227,7 @@
- mozilla 2:1.7.3
- mozilla-thunderbird 0.8
CAN-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before
the ...)
- NOTE: not-for-us (non-debian package issue)
+ NOT-FOR-US: non-debian package issue
CAN-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview
Release, ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 2:1.7.3
@@ -12249,25 +12249,25 @@
- mozilla 2:1.7.3
- mozilla-thunderbird 0.8
CAN-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used
in ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0898
NOTE: reserved
CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003
does not ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0896
NOTE: reserved
CAN-2004-0895
NOTE: reserved
CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows
2000 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel
for ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which
is ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to
1.0.1 ...)
- gaim 1.0.2
CAN-2004-0890
@@ -12315,9 +12315,9 @@
CAN-2004-0874
NOTE: rejected
CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to
...)
- NOTE: not-for-us (apple)
+ NOT-FOR-US: apple
CAN-2004-0872 (Opera does not prevent cookies that are sent over an insecure
...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure
...)
NOTE: upstream knows about the problem, no fix expected
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
@@ -12331,13 +12331,13 @@
NOTE: fix doesn''t look likely any time soon
TODO: followup
CAN-2004-0869 (Internet Explorer does not prevent cookies that are sent over an
...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-0868
NOTE: rejected
CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
- mozilla-firefox 0.9.3
CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2004-0865
NOTE: reserved
CAN-2004-0864
@@ -12374,25 +12374,25 @@
NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
TODO: which radius daemon in debian is "GNU Radius" (if any)?
CAN-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers
to ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET
allows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for
Mac, and ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems
allows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other
versions, ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0841 (Internet Explorer 6.x allows remote attackers to install
arbitrary ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0839 (Internet Explorer in Windows XP SP2, and other versions
including 5.01 ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows
attackers to ...)
{DSA-562-2}
CAN-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x
before ...)
@@ -12406,9 +12406,9 @@
CAN-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in
Squid ...)
- squid 2.5.6-8
CAN-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before
allowing ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a
denial ...)
- samba 2.2.11
CAN-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX
5.2 and ...)
@@ -12417,21 +12417,21 @@
{DSA-547-1}
- imagemagick 5:6.0.7.1-1
CAN-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services
(NSS) ...)
- NOTE: not-for-us (netscape NSS)
+ NOT-FOR-US: netscape NSS
CAN-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4,
and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users
to ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and
10.3.5 ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0822 (Buffer overflow in The Core Foundation framework ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows
user ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary
...)
- NOTE: not-for-us (winamp)
+ NOT-FOR-US: winamp
CAN-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a
...)
- NOTE: not-for-us (openbsd)
+ NOT-FOR-US: openbsd
CAN-2004-0818
NOTE: reserved
NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
@@ -12455,7 +12455,7 @@
CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the
merging of the ...)
- apache2 2.0.52
CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote
attackers to ...)
- NOTE: not-for-us (Netopia Timbuktu)
+ NOT-FOR-US: Netopia Timbuktu
CAN-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote
...)
{DSA-558-1}
- apache2 2.0.51-1
@@ -12478,17 +12478,17 @@
CAN-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2
allows ...)
- foomatic-filters 3.0.2
CAN-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8
and 9 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1
allows ...)
- NOTE: not-for-us (Ipswitch WhatsUp Gold)
+ NOT-FOR-US: Ipswitch WhatsUp Gold
CAN-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch
WhatsUp ...)
- NOTE: not-for-us (Ipswitch WhatsUp Gold)
+ NOT-FOR-US: Ipswitch WhatsUp Gold
CAN-2004-0797 (The error handling in the (1) inflate and (2) inflateBack
functions in ...)
- zlib 1:1.2.1.1-6
CAN-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers
to ...)
- spamassassin 2.64
CAN-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the
db2rcmdc.exe ...)
- NOTE: not-for-us (IBM DB2 DB2RCMD.EXE)
+ NOT-FOR-US: IBM DB2 DB2RCMD.EXE
CAN-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd
...)
{DSA-551-1}
CAN-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not
drop ...)
@@ -12506,7 +12506,7 @@
CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf
before ...)
{DSA-549-1 DSA-546-1}
CAN-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in
OpenCA ...)
- NOTE: not-for-us (seems OpenCA is not in Debian)
+ NOT-FOR-US: seems OpenCA is
CAN-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache
...)
NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
- apache2 2.0.51
@@ -12533,9 +12533,9 @@
CAN-2004-0776
NOTE: reserved
CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as
used in ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3
for ...)
- NOTE: not-for-us (Real Helix server not in Debian)
+ NOT-FOR-US: Real Helix server
CAN-2004-0773
NOTE: reserved
CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d
for MIT ...)
@@ -12549,9 +12549,9 @@
CAN-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain
buffer ...)
{DSA-536}
CAN-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of
service ...)
- NOTE: not-for-us (NGSEC StackDefender)
+ NOT-FOR-US: NGSEC StackDefender
CAN-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of
service ...)
- NOTE: not-for-us (NGSEC StackDefender)
+ NOT-FOR-US: NGSEC StackDefender
CAN-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox
before ...)
- mozilla 2:1.7
- mozilla-firefox 0.9
@@ -12591,7 +12591,7 @@
CAN-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache
2.x, ...)
- apache2 2.0.50-11
CAN-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when
shares ...)
- NOTE: not-for-us (Red Hat specific)
+ NOT-FOR-US: Red Hat specific
CAN-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does
not ...)
- subversion 1.0.9-2
CAN-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to
cause ...)
@@ -12605,49 +12605,49 @@
CAN-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary
commands ...)
- lha 1.14i-10
CAN-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows
...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using
the ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows
remote ...)
- NOTE: not-for-us (Sun Java System Portal Server)
+ NOT-FOR-US: Sun Java System Portal Server
CAN-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers
to ...)
- NOTE: not-for-us (LionMax Software WWW File Share Pro)
+ NOT-FOR-US: LionMax Software WWW File Share Pro
CAN-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows
...)
- NOTE: not-for-us (Lexmark)
+ NOT-FOR-US: Lexmark
CAN-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP
servers ...)
- NOTE: not-for-us (Whisper FTP Surfer)
+ NOT-FOR-US: Whisper FTP Surfer
CAN-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in
...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in
the ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-0736 (The search module in Php-Nuke allows remote attackers to gain
...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and
...)
- NOTE: not-for-us (various windows games)
+ NOT-FOR-US: various windows games
CAN-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary
commands ...)
- NOTE: not-for-us (Web_Store.cgi)
+ NOT-FOR-US: Web_Store.cgi
CAN-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote
attackers to ...)
- NOTE: not-for-us (OllyDbg)
+ NOT-FOR-US: OllyDbg
CAN-2004-0732 (SQL injection vulnerability in index.php in the Search module
for ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the
Search ...)
- NOTE: not-for-us (phpnuke)
+ NOT-FOR-US: phpnuke
CAN-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB
2.0.8 ...)
- phpbb2 2.0.10
CAN-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive
information via ...)
- phpbb2 2.0.10
CAN-2004-0728 (The Remote Control Client service in Microsoft''s
Systems Management ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows
XP SP2, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0726 (The Windows Media Player control in Microsoft Windows 2000
allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle
1.3.2 ...)
- moodle 1.4
CAN-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers
to ...)
- NOTE: not-for-us (Half Life)
+ NOT-FOR-US: Half Life
CAN-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote
attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1)
...)
- mozilla 2:1.6
CAN-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not
properly ...)
@@ -12655,7 +12655,7 @@
- kdelibs 4:3.2.3-3.sarge.1
NOTE: in t-p-u; also fixed in 4.3.3 in unstable
CAN-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain
from ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows
XP, ...)
NOTE: not-fos-us (Microsoft)
CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4)
...)
@@ -12667,23 +12667,23 @@
- mozilla 2:1.7.8-1sarge1 (medium)
- mozilla-firefox 1.0.4-2sarge3 (medium)
CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly
prevent a ...)
- NOTE: not-for-us (opera 7.50)
+ NOT-FOR-US: opera 7.50
CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint
mapper ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and
...)
- NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
+ NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CAN-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T
attempts ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA
...)
- NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
+ NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CAN-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd
in ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x
matches ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500
Series ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly
decode ...)
- NOTE: not-for-us (HP OpenView Select Access)
+ NOT-FOR-US: HP OpenView Select Access
CAN-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain
privileges ...)
- moin 1.2.2
CAN-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x
before ...)
@@ -12699,19 +12699,19 @@
CAN-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database
password ...)
NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
CAN-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7
and 8 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-0700 (Format string vulnerability in the mod_proxy hook functions
function ...)
{DSA-532}
CAN-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check
Point ...)
- NOTE: not-for-us (Check Point VPN)
+ NOT-FOR-US: Check Point VPN
CAN-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and
modify ...)
- NOTE: not-for-us (WebSTAR)
+ NOT-FOR-US: WebSTAR
CAN-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows
remote ...)
- NOTE: not-for-us (WebSTAR)
+ NOT-FOR-US: WebSTAR
CAN-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier
allows ...)
- NOTE: not-for-us (WebSTAR)
+ NOT-FOR-US: WebSTAR
CAN-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR
5.3.2 ...)
- NOTE: not-for-us (WebSTAR)
+ NOT-FOR-US: WebSTAR
CAN-2004-0694
NOTE: reserved
- lha 1.14i-10
@@ -12743,58 +12743,58 @@
CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user
...)
NOTE: Fixed in upstream 2.4.27
CAN-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server
5.02, ...)
- NOTE: not-for-us (WebSphere Edge Server)
+ NOT-FOR-US: WebSphere Edge Server
CAN-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers
to ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly
other ...)
- NOTE: not-for-us (Comersus Cart)
+ NOT-FOR-US: Comersus Cart
CAN-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- NOTE: not-for-us (Comersus Cart)
+ NOT-FOR-US: Comersus Cart
CAN-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can
be ...)
- NOTE: not-for-us (Zoom DSL modem)
+ NOT-FOR-US: Zoom DSL modem
CAN-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and
possibly ...)
- NOTE: not-for-us (UnrealIRCd)
+ NOT-FOR-US: UnrealIRCd
CAN-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in
...)
- NOTE: not-for-us (12Planet Chat Server)
+ NOT-FOR-US: 12Planet Chat Server
CAN-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote
...)
- NOTE: not-for-us (Fastream NETFile FTP Server)
+ NOT-FOR-US: Fastream NETFile FTP Server
CAN-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web
Server ...)
- NOTE: not-for-us (Fastream NETFile FTP Server)
+ NOT-FOR-US: Fastream NETFile FTP Server
CAN-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or
(2) ...)
- NOTE: not-for-us (c32web.exe)
+ NOT-FOR-US: c32web.exe
CAN-2004-0674 (Enterasys XSR-1800 series Security Routers, when running
firmware ...)
- NOTE: not-for-us (Enterasys XSR-1800 series Security Routers)
+ NOT-FOR-US: Enterasys XSR-1800 series Security Routers
CAN-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat
Server ...)
- NOTE: not-for-us (SCI Photo Chat Server)
+ NOT-FOR-US: SCI Photo Chat Server
CAN-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the
primary and ...)
- NOTE: not-for-us (Netegrity IdentityMinder Web Edition)
+ NOT-FOR-US: Netegrity IdentityMinder Web Edition
CAN-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows
remote ...)
- NOTE: not-for-us (Brightmail Spamfilter)
+ NOT-FOR-US: Brightmail Spamfilter
CAN-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote
...)
- NOTE: not-for-us (Rompager)
+ NOT-FOR-US: Rompager
CAN-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote
...)
- NOTE: not-for-us (Lotus)
+ NOT-FOR-US: Lotus
CAN-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to
cause a ...)
- NOTE: not-for-us (Lotus)
+ NOT-FOR-US: Lotus
CAN-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows
...)
NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
- kernel-patch-adamantix 1.6
CAN-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6
...)
- NOTE: not-for-us (popclient not in Debian)
+ NOT-FOR-US: popclient
CAN-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive
...)
- NOTE: not-for-us (csFAQ not in Debian)
+ NOT-FOR-US: csFAQ
CAN-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal
1.x ...)
- NOTE: not-for-us (PowerPortal)
+ NOT-FOR-US: PowerPortal
CAN-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in
PowerPortal ...)
- NOTE: not-for-us (PowerPortal)
+ NOT-FOR-US: PowerPortal
CAN-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive
information ...)
- NOTE: not-for-us (PowerPortal)
+ NOT-FOR-US: PowerPortal
CAN-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running
firmware ...)
- NOTE: not-for-us (D-Link AirPlus DI-614+)
+ NOT-FOR-US: D-Link AirPlus DI-614+
CAN-2004-0660 (Cross-site scripting (XSS) vulnerability in (1)
show_archives.php, (2) ...)
- NOTE: not-for-us (CuteNews)
+ NOT-FOR-US: CuteNews
CAN-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer
1.0pre4 ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly
...)
NOTE: invalid according to www.osvdb.org/7253
CAN-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the
NTP ...)
@@ -12802,18 +12802,18 @@
CAN-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows
...)
- pure-ftpd 1.0.19-1
CAN-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to
create ...)
- NOTE: not-for-us (Gentoo specific)
+ NOT-FOR-US: Gentoo specific
CAN-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when
...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-0653 (Solaris 9, when configured as a Kerberos client with patch
112908-12 ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service
Pack ...)
- NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
+ NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CAN-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE)
1.4.2 ...)
NOTE: JRE is not in Debian, assuming the various wrappers handle
NOTE: the new version. Not worrying about upgrades.
CAN-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running
ServletExec ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow
...)
{DSA-530}
CAN-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and
Thunderbird ...)
@@ -12823,7 +12823,7 @@
CAN-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows
local ...)
- shorewall 2.0.3a
CAN-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through
4.0 ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CAN-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv
library ...)
{DSA-579-1 DSA-550-1}
CAN-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for
MIT ...)
@@ -12833,17 +12833,17 @@
CAN-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1
...)
{DSA-543-1}
CAN-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270,
and ...)
- NOTE: not-for-us (Thomson hardware ADSL router)
+ NOT-FOR-US: Thomson hardware ADSL router
CAN-2004-0640 (Format string vulnerability in the SSL_set_verify function in
...)
{DSA-529}
CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in
Squirrelmail ...)
{DSA-535}
CAN-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system
package ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local
users to ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI
handler ...)
- NOTE: not-for-us (AOL Instant Messenger)
+ NOT-FOR-US: AOL Instant Messenger
CAN-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows
remote ...)
{DSA-528}
CAN-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4
allows ...)
@@ -12851,13 +12851,13 @@
CAN-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows
remote ...)
- ethereal 0.10.5
CAN-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when
...)
- NOTE: not-for-us (adobe reader)
+ NOT-FOR-US: adobe reader
CAN-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat
Reader ...)
- NOTE: not-for-us (adobe acrobat)
+ NOT-FOR-US: adobe acrobat
CAN-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6
for ...)
- NOTE: not-for-us (adobe acrobat)
+ NOT-FOR-US: adobe acrobat
CAN-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe
Acrobat ...)
- NOTE: not-for-us (adobe acrobat)
+ NOT-FOR-US: adobe acrobat
CAN-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and
5.0, ...)
NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and
5.0, ...)
@@ -12865,56 +12865,56 @@
CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux
...)
NOTE: fixed after 2.6.6 kernel
CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote
...)
- NOTE: not-for-us (Infinity WEB)
+ NOT-FOR-US: Infinity WEB
CAN-2004-0624 (PHP remote code injection vulnerability in index.php for
Artmedic ...)
- NOTE: not-for-us (Artmedic links)
+ NOT-FOR-US: Artmedic links
CAN-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may
allow ...)
{DSA-590-1}
- gnats 4.0-6.1
CAN-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login,
...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
- NOTE: not-for-us (Newsletter ZWS)
+ NOT-FOR-US: Newsletter ZWS
CAN-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or
(2) ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux
Broadcom ...)
- NOTE: not-for-us (Linux Broadcom 5820 cryptonet driver)
+ NOT-FOR-US: Linux Broadcom 5820 cryptonet driver
NOTE: does not seem to be part of linux kernel or other package
CAN-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause
a ...)
- NOTE: not-for-us (freebsd)
+ NOT-FOR-US: freebsd
CAN-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6
allows ...)
- NOTE: not-for-us (ArbitroWeb)
+ NOT-FOR-US: ArbitroWeb
CAN-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public
SNMP ...)
- NOTE: not-for-us (BT Voyager 2000 Wireless ADSL Router)
+ NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router
CAN-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO
router ...)
- NOTE: not-for-us (D-Link DI-614+ SOHO router)
+ NOT-FOR-US: D-Link DI-614+ SOHO router
CAN-2004-0614 (osTicket trusts a hidden form field in the submit form to limit
the ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2004-0613 (osTicket allows remote attackers to view sensitive uploaded
files and ...)
- NOTE: not-for-us (osTicket)
+ NOT-FOR-US: osTicket
CAN-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not
filter ...)
- NOTE: not-for-us (ZoneAlarm Pro)
+ NOT-FOR-US: ZoneAlarm Pro
CAN-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows
remote ...)
- NOTE: not-for-us (Netgear FVS318 VPN Router)
+ NOT-FOR-US: Netgear FVS318 VPN Router
CAN-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless
Router ...)
- NOTE: not-for-us (Microsoft MN-500 Wireless Router)
+ NOT-FOR-US: Microsoft MN-500 Wireless Router
CAN-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before
entering ...)
- rssh 2.2.1
CAN-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier,
Devastation ...)
- NOTE: not-for-us (Unreal Engine)
+ NOT-FOR-US: Unreal Engine
CAN-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully
verifies ...)
- racoon 0.3.3-1
CAN-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One
running ...)
- NOTE: not-for-us (Infoblox DNS One)
+ NOT-FOR-US: Infoblox DNS One
CAN-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and
earlier, (2) ...)
NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
NOTE: Does not match posted patch. Mailed Debian maintainer.
CAN-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier
allows ...)
- NOTE: not-for-us (giFT-FastTrack not in debian)
+ NOT-FOR-US: giFT-FastTrack not in debian
CAN-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when
the ...)
- NOTE: not-for-us (Gentoo-specific bug in gzip introduced by botched security
fix)
+ NOT-FOR-US: Gentoo-specific bug in gzip introduced by botched security fix
CAN-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not
...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not
...)
- distcc 2.18.1-4
CAN-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in
Samba ...)
@@ -12932,7 +12932,7 @@
CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x
up to ...)
{DSA-669-1 DSA-531}
CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic
before ...)
- NOTE: not-for-us (Sygate Enforcer)
+ NOT-FOR-US: Sygate Enforcer
CAN-2004-0592
NOTE: reserved
CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc
...)
@@ -12941,13 +12941,13 @@
- freeswan 2.04-10
- openswan 2.2.0
CAN-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x),
when ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module
for ...)
- usermin 1.090-1
CAN-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file
in ...)
- qla2x00-source 7.01.01-1
CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0585
NOTE: rejected
CAN-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a
...)
@@ -12960,37 +12960,37 @@
{DSA-526}
- usermin 1.090-1
CAN-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and
Corporate ...)
- NOTE: not-for-us (Mandrake script)
+ NOT-FOR-US: Mandrake script
CAN-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31
Cable/DSL ...)
- NOTE: not-for-us (Linksys routers)
+ NOT-FOR-US: Linksys routers
CAN-2004-0579 (Format string vulnerability in super before 3.23 allows local
users to ...)
{DSA-522}
CAN-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other
versions ...)
- NOTE: not-for-us (Wingate)
+ NOT-FOR-US: Wingate
CAN-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other
versions ...)
- NOTE: not-for-us (Wingate)
+ NOT-FOR-US: Wingate
CAN-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled
with the ...)
- NOTE: not-for-us (GNU radius not in Debian)
+ NOT-FOR-US: GNU radius
CAN-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP,
Windows XP ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft
...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x
on ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0572 (Buffer overflow in the Windows Program Group Converter
(grpconv.exe) ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly
validate ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0570
NOTE: reserved
CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows
remote ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000,
Windows ...)
- NOTE: not-for-us (HyperTerminal)
+ NOT-FOR-US: HyperTerminal
CAN-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server
4.0 SP ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote
...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0565 (Floating point information leak in the context switch code for
Linux ...)
NOTE: ia64 only
NOTE: appears fixed in 2.4.27/2.6.8
@@ -13019,13 +13019,13 @@
CAN-2004-0553
NOTE: reserved
CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly
handle ...)
- NOTE: not-for-us (Sophos Small Business Suite)
+ NOT-FOR-US: Sophos Small Business Suite
CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote
attackers ...)
- NOTE: not-for-us (Real Player)
+ NOT-FOR-US: Real Player
CAN-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML
...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress
...)
- aspell 0.50.5-3
CAN-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1
allows ...)
@@ -13033,50 +13033,50 @@
CAN-2004-0546
NOTE: reserved
CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite
arbitrary ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local
users ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications
11.0 and ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all
shell ...)
- NOTE: not-for-us (php4 bug only affects Windows)
+ NOT-FOR-US: php4 bug only affects Windows
CAN-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication)
function ...)
- squid 2.5.5-5
CAN-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully
Qualified ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0539 (The "Show in Finder" button in the Safari web
browser in Mac OS X ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically
registers ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a
"Shortcut ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and
earlier, ...)
- tripwire 2.3.1.2.0-2.1
CAN-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not
properly ...)
NOTE: fixed in 2.4.27
CAN-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects
InfoView ...)
- NOTE: not-for-us (Business Objects WebIntelligence)
+ NOT-FOR-US: Business Objects WebIntelligence
CAN-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only
enforces ...)
- NOTE: not-for-us (Business Objects WebIntelligence)
+ NOT-FOR-US: Business Objects WebIntelligence
CAN-2004-0532
NOTE: reserved
CAN-2004-0531
NOTE: reserved
CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked
against a ...)
- NOTE: not-for-us (Slackware specific rpath issue)
+ NOT-FOR-US: Slackware specific rpath issue
CAN-2004-0529 (The modified suexec program in cPanel, when configured for
mod_php and ...)
- NOTE: not-for-us (cPanel is not our cpanel)
+ NOT-FOR-US: cPanel is not our cpanel
CAN-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a
legitimate ...)
- NOTE: not-for-us (Netscape Navigator 7.1)
+ NOT-FOR-US: Netscape Navigator 7.1
CAN-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a
...)
NOTE: konquror 2.2.2 and earlier, later should not be vulnerale
NOTE: but did not check in detail
CAN-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote
...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before
1.55 ...)
- NOTE: not-for-us (iLO)
+ NOT-FOR-US: iLO
CAN-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd
plugin ...)
- NOTE: not-for-us (Change_passwd SquirrelMail plugin not present in debian)
+ NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
CAN-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT
Kerberos ...)
{DSA-520}
CAN-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
@@ -13088,23 +13088,23 @@
CAN-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in
SquirrelMail ...)
{DSA-535}
CAN-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4,
related ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to
"handling of ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to
"package ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4,
related to ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4,
related to ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to
"logging when ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and
...)
- NOTE: not-for-us (SCO MMDF)
+ NOT-FOR-US: SCO MMDF
CAN-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and
...)
- NOTE: not-for-us (SCO MMDF)
+ NOT-FOR-US: SCO MMDF
CAN-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7,
and ...)
- NOTE: not-for-us (SCO MMDF)
+ NOT-FOR-US: SCO MMDF
CAN-2004-0509
NOTE: reserved
CAN-2004-0508
@@ -13118,17 +13118,17 @@
CAN-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of
service ...)
- ethereal 0.10.4
CAN-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the
default ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain
files ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2)
slp.c ...)
- gaim 1:0.81-3
CAN-2004-0499
NOTE: reserved
CAN-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and
...)
- NOTE: not-for-us (StoneSoft firewall engine)
+ NOT-FOR-US: StoneSoft firewall engine
CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users
to ...)
NOTE: linux kernel fchown hole, fixed in all current kernels
CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local
users ...)
@@ -13147,72 +13147,72 @@
CAN-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does
not ...)
NOTE: appears redhat specific
CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the
mod_phpsuexec ...)
- NOTE: not-for-us (cPanel is not our cpanel)
+ NOT-FOR-US: cPanel is not our cpanel
CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for
Safari on ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary
function ...)
{DSA-532}
- apache2 2.0.50-1
CAN-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004
allows ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that
it did ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3
and ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote
attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows
remote ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2004-0481 (The logging feature in kcms_configure in the KCMS package on
Solaris 8 ...)
- NOTE: not-for-us (the KCMS on Solaris)
+ NOT-FOR-US: the KCMS on Solaris
CAN-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and
6.5 ...)
- NOTE: not-for-us (Lotus Notes)
+ NOT-FOR-US: Lotus Notes
CAN-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a
denial ...)
NOTE: only a Mozilla DOS
TODO: not even fixed upstream
CAN-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL
Router ...)
- NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router)
+ NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CAN-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router
1.1.9.4 ...)
- NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router)
+ NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CAN-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro
allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or
...)
- NOTE: not-for-us (Help Center (HelpCtr.exe))
+ NOT-FOR-US: Help Center (HelpCtr.exe)
CAN-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not
...)
- NOTE: not-for-us (opera)
+ NOT-FOR-US: opera
CAN-2004-0472
NOTE: rejected
CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1
...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1
...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point
VPN-1 and ...)
- NOTE: not-for-us (Check Point VPN)
+ NOT-FOR-US: Check Point VPN
CAN-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE)
allows ...)
- NOTE: not-for-us (Juniper JUNOS)
+ NOT-FOR-US: Juniper JUNOS
CAN-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to
cause a ...)
- NOTE: not-for-us (Juniper JUNOS)
+ NOT-FOR-US: Juniper JUNOS
CAN-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows
remote ...)
- NOTE: not-for-us (WebConnect)
+ NOT-FOR-US: WebConnect
CAN-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect
6.5 ...)
- NOTE: not-for-us (WebConnect)
+ NOT-FOR-US: WebConnect
CAN-2004-0464
NOTE: reserved
CAN-2004-0463
NOTE: reserved
CAN-2004-0462 (The built-in web servers for multiple networking devices do not
set ...)
- NOTE: not-for-us (Multiple embedded hardware vendors)
+ NOT-FOR-US: Multiple embedded hardware vendors
CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13,
when ...)
NOTE: debian probably not vulnerable
- dhcp3 3.0.1
CAN-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon
(DHCPD) ...)
- dhcp3 3.0.1
CAN-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11
...)
- NOTE: not-for-us (DOS in 802.11 protocol)
+ NOT-FOR-US: DOS in 802.11 protocol
CAN-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial
of ...)
{DSA-503}
- mah-jong 1.6.2-1
@@ -13242,9 +13242,9 @@
CAN-2004-0446
NOTE: reserved
CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and
...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton
Internet ...)
- NOTE: not-for-us (Norton)
+ NOT-FOR-US: Norton
CAN-2004-0443
NOTE: reserved
CAN-2004-0442
@@ -13258,11 +13258,11 @@
CAN-2004-0438
NOTE: reserved
CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other
versions ...)
- NOTE: not-for-us (Titan FTP Server)
+ NOT-FOR-US: Titan FTP Server
CAN-2004-0436
NOTE: reserved
CAN-2004-0435 (Certain "programming errors" in the msync
system call for FreeBSD ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to
execute ...)
{DSA-504}
CAN-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol
(RTSP) ...)
@@ -13271,19 +13271,19 @@
CAN-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR
based ACL ...)
- proftpd 1.2.9-4
CAN-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1
...)
- NOTE: not-for-us (Apple QuickTime)
+ NOT-FOR-US: Apple QuickTime
CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X
10.3.3 and ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0429 (Unknown vulnerability related to "the handling of large
requests" in ...)
- NOTE: not-for-us (RAdmin for Mac OS X)
+ NOT-FOR-US: RAdmin for Mac OS X
CAN-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and
Mac OS ...)
- NOTE: not-for-us (Mac OS X))
+ NOT-FOR-US: Mac OS X)
CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x
before ...)
NOTE: fixed after 2.6.6/2.4.26 kernel
CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running
a ...)
{DSA-499}
CAN-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x
allows ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel
2.4.22 ...)
NOTE: fixed after 2.6.4/2.4.26 kernel
CAN-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local
users ...)
@@ -13295,7 +13295,7 @@
CAN-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and
earlier ...)
{DSA-498}
CAN-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows
NT ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
NOTE: reserved (baruch)
CAN-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through
1.11.16, ...)
@@ -13327,7 +13327,7 @@
CAN-2004-0408 (Buffer overflow in the child_service function in the ident2
ident ...)
{DSA-494}
CAN-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not
reclaim ...)
- NOTE: not-for-us (ColdFusion)
+ NOT-FOR-US: ColdFusion
CAN-2004-0406
NOTE: reserved
CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via
.. (dot ...)
@@ -13367,39 +13367,39 @@
CAN-2004-0392 (racoon before 20040407b allows remote attackers to cause a
denial of ...)
- apache 1.3.31-2
CAN-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and
Hosting ...)
- NOTE: not-for-us (Cisco Wireless LAN Solution Engine)
+ NOT-FOR-US: Cisco Wireless LAN Solution Engine
CAN-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority
style ...)
- NOTE: not-for-us (SCO OpenServer)
+ NOT-FOR-US: SCO OpenServer
CAN-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows
remote ...)
- NOTE: not-for-us (RealNetworks Helix Universal Server)
+ NOT-FOR-US: RealNetworks Helix Universal Server
CAN-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite
...)
{DSA-483}
CAN-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in
RealPlayer ...)
- NOTE: not-for-us (RealPlayer plugin)
+ NOT-FOR-US: RealPlayer plugin
CAN-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and
earlier, ...)
- NOTE: not-for-us (mplayer; not in the archive)
+ NOT-FOR-US: mplayer; not in the archive
CAN-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web
Cache ...)
- NOTE: not-for-us (Oracle 9i Application Server Web Cache)
+ NOT-FOR-US: Oracle 9i Application Server Web Cache
CAN-2004-0384
NOTE: reserved
CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8,
with ...)
- NOTE: not-for-us (Mail for Mac OS X)
+ NOT-FOR-US: Mail for Mac OS X
CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X
10.3.3 ...)
- NOTE: not-for-us (CUPS printing system in Mac OS X)
+ NOT-FOR-US: CUPS printing system in Mac OS X
CAN-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary
files via ...)
{DSA-483}
CAN-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2
...)
- NOTE: not-for-us (Microsoft Outlook Express)
+ NOT-FOR-US: Microsoft Outlook Express
CAN-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft
...)
- NOTE: not-for-us (Microsoft SharePoint Portal Server 2001)
+ NOT-FOR-US: Microsoft SharePoint Portal Server 2001
CAN-2004-0378
NOTE: reserved
CAN-2004-0377 (Buffer overflow in the win32_stat function for (1)
ActiveState''s ...)
- NOTE: not-for-us (perl; Win32 is affected, UNIX systems not)
+ NOT-FOR-US: perl; Win32 is affected, UNIX systems not
CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a
denial of ...)
{DSA-473}
CAN-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004,
Norton ...)
- NOTE: not-for-us (Symantec Norton Internet Security)
+ NOT-FOR-US: Symantec Norton Internet Security
CAN-2004-0374 (Interchange before 5.0.1 allows remote attackers to
"expose the ...)
{DSA-471}
CAN-2004-0373
@@ -13409,11 +13409,11 @@
CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not
properly ...)
{DSA-476}
CAN-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as
used ...)
- NOTE: not-for-us (KAME)
+ NOT-FOR-US: KAME
CAN-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by
Symantec ...)
- NOTE: not-for-us (Entrust LibKmp ISAKMP library)
+ NOT-FOR-US: Entrust LibKmp ISAKMP library
CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX,
and ...)
- NOTE: not-for-us (CDE)
+ NOT-FOR-US: CDE
CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a
denial of ...)
- ethereal 0.10.3
CAN-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before
0.5.2 ...)
@@ -13424,141 +13424,141 @@
CAN-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c
for ...)
- ethereal 0.10.3
CAN-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet
...)
- NOTE: not-for-us (WrapNISUM ActiveX)
+ NOT-FOR-US: WrapNISUM ActiveX
CAN-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX
component ...)
- NOTE: not-for-us (SymSpamHelper ActiveX)
+ NOT-FOR-US: SymSpamHelper ActiveX
CAN-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing
routines of ...)
- NOTE: not-for-us (ISS Protocol Analysis Module)
+ NOT-FOR-US: ISS Protocol Analysis Module
CAN-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote
...)
- NOTE: not-for-us (safari)
+ NOT-FOR-US: safari
CAN-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows
local ...)
- NOTE: not-for-us (solaris)
+ NOT-FOR-US: solaris
CAN-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for
Invision ...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin
Panel Pro ...)
- NOTE: not-for-us (VirtuaNews Admin Panel)
+ NOT-FOR-US: VirtuaNews Admin Panel
CAN-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote
...)
- NOTE: not-for-us (SL Mail Pro)
+ NOT-FOR-US: SL Mail Pro
CAN-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain
...)
- NOTE: not-for-us (Invision Power Board)
+ NOT-FOR-US: Invision Power Board
CAN-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0
through ...)
- NOTE: not-for-us (GNU Anubis)
+ NOT-FOR-US: GNU Anubis
CAN-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for
GNU ...)
- NOTE: not-for-us (GNU Anubis)
+ NOT-FOR-US: GNU Anubis
CAN-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2004-0351 (Spider Sales shopping cart stores the private key in the same
database ...)
- NOTE: not-for-us (Spider Sales)
+ NOT-FOR-US: Spider Sales
CAN-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for
the ...)
- NOTE: not-for-us (Spider Sales)
+ NOT-FOR-US: Spider Sales
CAN-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows
...)
- NOTE: not-for-us (GWeb HTTP Server)
+ NOT-FOR-US: GWeb HTTP Server
CAN-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales
shopping ...)
- NOTE: not-for-us (SpiderSales)
+ NOT-FOR-US: SpiderSales
CAN-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD
1.2.7 ...)
- proftpd 1.2.9
CAN-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows
remote ...)
- NOTE: not-for-us (Red Faction)
+ NOT-FOR-US: Red Faction
CAN-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB
SE ...)
- NOTE: not-for-us (YaBB SE)
+ NOT-FOR-US: YaBB SE
CAN-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through
1.5.5b ...)
- NOTE: not-for-us (YaBB SE)
+ NOT-FOR-US: YaBB SE
CAN-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option
...)
- NOTE: not-for-us (WFPTD)
+ NOT-FOR-US: WFPTD
CAN-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command
until a ...)
- NOTE: not-for-us (WFPTD)
+ NOT-FOR-US: WFPTD
CAN-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1,
Pro ...)
- NOTE: not-for-us (WFPTD)
+ NOT-FOR-US: WFPTD
CAN-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in
phpBB, ...)
- phpbb2 2.0.6d
CAN-2004-0338 (SQL injection vulnerability in search.php for Invision Board
Forum ...)
- NOTE: not-for-us (Invision Board Forum)
+ NOT-FOR-US: Invision Board Forum
CAN-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail
602Pro ...)
- NOTE: not-for-us (602LAN SUITE)
+ NOT-FOR-US: 602LAN SUITE
CAN-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the
"Directory ...)
- NOTE: not-for-us (602LAN SUITE)
+ NOT-FOR-US: 602LAN SUITE
CAN-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic
...)
- NOTE: not-for-us (AXIS 2100)
+ NOT-FOR-US: AXIS 2100
CAN-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2
through ...)
- uudeview 0.5.20 (medium)
CAN-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are
all ...)
- NOTE: not-for-us (extremail)
+ NOT-FOR-US: extremail
CAN-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0
allows ...)
- NOTE: not-for-us (Dell OpenManage Web Server)
+ NOT-FOR-US: Dell OpenManage Web Server
CAN-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...)
- NOTE: not-for-us (Serv-U)
+ NOT-FOR-US: Serv-U
CAN-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (FreeChat)
+ NOT-FOR-US: FreeChat
CAN-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware
1.003.00 ...)
- NOTE: not-for-us (Gigabyte Broadband Router)
+ NOT-FOR-US: Gigabyte Broadband Router
CAN-2004-0327 (Directory traversal vulnerability in functions.php in
PhpNewsManager ...)
- NOTE: not-for-us (PhpNewsManager)
+ NOT-FOR-US: PhpNewsManager
CAN-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows
remote ...)
- NOTE: not-for-us (GateKeeper Pro)
+ NOT-FOR-US: GateKeeper Pro
CAN-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to
cause a ...)
- NOTE: not-for-us (TypSoft)
+ NOT-FOR-US: TypSoft
CAN-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute
...)
- NOTE: not-for-us (confirm 0.70)
+ NOT-FOR-US: confirm 0.70
CAN-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2
allow ...)
- NOTE: not-for-us (xmb 1.8 final sp2)
+ NOT-FOR-US: xmb 1.8 final sp2
CAN-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8
Final ...)
- NOTE: not-for-us (xmb 1.8 final sp2)
+ NOT-FOR-US: xmb 1.8 final sp2
CAN-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (Team Factor)
+ NOT-FOR-US: Team Factor
CAN-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in
ezBoard ...)
- NOTE: not-for-us (ezBoard)
+ NOT-FOR-US: ezBoard
CAN-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the
LSF_EAUTH_UID ...)
- NOTE: not-for-us (Load Sharing Facility)
+ NOT-FOR-US: Load Sharing Facility
CAN-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and
6.x ...)
- NOTE: not-for-us (Load Sharing Facility)
+ NOT-FOR-US: Load Sharing Facility
CAN-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to
cause a ...)
- NOTE: not-for-us (Avirt)
+ NOT-FOR-US: Avirt
CAN-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to
cause a ...)
- NOTE: not-for-us (Avirt)
+ NOT-FOR-US: Avirt
CAN-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit
1.9 ...)
- NOTE: not-for-us (WebzEdit)
+ NOT-FOR-US: WebzEdit
CAN-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to
cause a ...)
- NOTE: not-for-us (PSOProxy)
+ NOT-FOR-US: PSOProxy
CAN-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an
SNMP ...)
- NOTE: not-for-us (LINKSYS)
+ NOT-FOR-US: LINKSYS
CAN-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot
Card 3.0 ...)
- NOTE: not-for-us (APC)
+ NOT-FOR-US: APC
CAN-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and
1.1 ...)
- NOTE: not-for-us (LiveJournal)
+ NOT-FOR-US: LiveJournal
CAN-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS
15454 ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in
WebCortex ...)
- NOTE: not-for-us (WebCortex WebStores)
+ NOT-FOR-US: WebCortex WebStores
CAN-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex
WebStores ...)
- NOTE: not-for-us (WebCortex WebStores)
+ NOT-FOR-US: WebCortex WebStores
CAN-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via
...)
- NOTE: not-for-us (OWLS 1.0)
+ NOT-FOR-US: OWLS 1.0
CAN-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote
attackers ...)
- NOTE: not-for-us (OWLS 1.0)
+ NOT-FOR-US: OWLS 1.0
CAN-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online
Store ...)
- NOTE: not-for-us (Online Store Kit)
+ NOT-FOR-US: Online Store Kit
CAN-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows
remote ...)
- NOTE: not-for-us (Online Store Kit)
+ NOT-FOR-US: Online Store Kit
CAN-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a
denial ...)
- NOTE: not-for-us (smallftpd; not in Debian)
+ NOT-FOR-US: smallftpd;
CAN-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (CesarFTP; Win32)
+ NOT-FOR-US: CesarFTP; Win32
CAN-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to
cause a ...)
- NOTE: not-for-us (Broker FTP 6.1.0.0; Win32)
+ NOT-FOR-US: Broker FTP 6.1.0.0; Win32
CAN-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to
cause a ...)
- NOTE: not-for-us (Broker FTP 6.1.0.0 again; Win32)
+ NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
CAN-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user
exists ...)
- NOTE: not-for-us (yabb; not in Debian)
+ NOT-FOR-US: yabb;
CAN-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows
remote ...)
- NOTE: not-for-us (ShopCartCGI 2.3; not in Debian)
+ NOT-FOR-US: ShopCartCGI 2.3;
CAN-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows
remote ...)
- NOTE: not-for-us (KarjaSoft Sami HTTP Server 1.0.4; Win32)
+ NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
CAN-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and
1.5.5 ...)
- NOTE: not-for-us (YaBB; not in Debian)
+ NOT-FOR-US: YaBB;
CAN-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote
game ...)
- NOTE: not-for-us (Purge Jihad; not in Debian)
+ NOT-FOR-US: Purge Jihad;
CAN-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local
users to ...)
- NOTE: not-for-us (SignatureDB; not in Debian)
+ NOT-FOR-US: SignatureDB;
CAN-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch
3.2.13 ...)
- mnogosearch 3.2.18
NOTE: it''s not quite clear which version exactly fixes the problem;
@@ -13567,111 +13567,111 @@
NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2)
NOTE: and I can confirm the buffer overflow is fixed there
CAN-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to
cause a ...)
- NOTE: not-for-us (Xlight FTP server 1.52; not in Debian)
+ NOT-FOR-US: Xlight FTP server 1.52;
CAN-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote
...)
- NOTE: not-for-us (RobotFTP; not in Debian)
+ NOT-FOR-US: RobotFTP;
CAN-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors,
(2) ...)
- NOTE: not-for-us (PHP scripts not in Debian)
+ NOT-FOR-US: PHP scripts
CAN-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003
allow ...)
- NOTE: not-for-us (MSIE bugs)
+ NOT-FOR-US: MSIE bugs
CAN-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files
via a ...)
- NOTE: not-for-us (mailmgr; not in Debian)
+ NOT-FOR-US: mailmgr;
CAN-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Crob FTP; not in Debian)
+ NOT-FOR-US: Crob FTP;
CAN-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain
...)
- NOTE: not-for-us (Caucho Technology Resin; not in Debian)
+ NOT-FOR-US: Caucho Technology Resin;
CAN-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view
JSP ...)
- NOTE: not-for-us (Caucho Technology Resin; not in Debian)
+ NOT-FOR-US: Caucho Technology Resin;
CAN-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite
arbitrary ...)
- NOTE: not-for-us (AIMSniff; not in Debian)
+ NOT-FOR-US: AIMSniff;
CAN-2004-0278 (Ratbag game engine, as used in products such as Dirt Track
Racing, ...)
- NOTE: not-for-us (Ratbag game engine; not in Debian)
+ NOT-FOR-US: Ratbag game engine;
CAN-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote
attackers ...)
- NOTE: not-for-us (Dream FTP; not in Debian)
+ NOT-FOR-US: Dream FTP;
CAN-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates
3.2 ...)
- NOTE: not-for-us (BosDates; not in Debian)
+ NOT-FOR-US: BosDates;
CAN-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote
attackers to ...)
- NOTE: not-for-us (MaxWebPortal; not in Debian)
+ NOT-FOR-US: MaxWebPortal;
CAN-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in
MaxWebPortal ...)
- NOTE: not-for-us (MaxWebPortal; not in Debian)
+ NOT-FOR-US: MaxWebPortal;
CAN-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and
possibly ...)
- NOTE: not-for-us (PHP-Nuke; not in Debian)
+ NOT-FOR-US: PHP-Nuke;
CAN-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow
remote ...)
- NOTE: not-for-us (EvolutionX; not in Debian)
+ NOT-FOR-US: EvolutionX;
CAN-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in
eTrust ...)
- NOTE: not-for-us (eTrust InoculateIT; not in Debian)
+ NOT-FOR-US: eTrust InoculateIT;
CAN-2004-0266 (SQL injection vulnerability in the "public
message" capability ...)
- NOTE: not-for-us (PHP-Nuke; not in Debian)
+ NOT-FOR-US: PHP-Nuke;
CAN-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for
Php-Nuke ...)
- NOTE: not-for-us (PHP-Nuke; not in Debian)
+ NOT-FOR-US: PHP-Nuke;
CAN-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (PalmOS)
+ NOT-FOR-US: PalmOS
CAN-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client
...)
- NOTE: not-for-us (The Palace; not in Debian)
+ NOT-FOR-US: The Palace;
CAN-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite
contains ...)
- NOTE: not-for-us (CactuShop; not in Debian)
+ NOT-FOR-US: CactuShop;
CAN-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier
allows ...)
- NOTE: not-for-us (formmail.php; not in Debian)
+ NOT-FOR-US: formmail.php;
CAN-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0,
...)
- NOTE: not-for-us (RealPlayer)
+ NOT-FOR-US: RealPlayer
CAN-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers
to ...)
- NOTE: not-for-us (Xlight; not in Debian)
+ NOT-FOR-US: Xlight;
CAN-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x
and 3.x ...)
- NOTE: not-for-us (Discuz; not in Debian)
+ NOT-FOR-US: Discuz;
CAN-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers
to ...)
- NOTE: not-for-us (IBM Cloudscape)
+ NOT-FOR-US: IBM Cloudscape
CAN-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (TYPSoft FTP Server)
+ NOT-FOR-US: TYPSoft FTP Server
CAN-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows
remote ...)
- NOTE: not-for-us (rxgoogle.cgi)
+ NOT-FOR-US: rxgoogle.cgi
CAN-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier
...)
- NOTE: not-for-us (PhotoPost PHP Pro)
+ NOT-FOR-US: PhotoPost PHP Pro
CAN-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to
other ...)
- NOTE: not-for-us (PHPX)
+ NOT-FOR-US: PHPX
CAN-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows
remote ...)
- NOTE: not-for-us (PHPX)
+ NOT-FOR-US: PHPX
CAN-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote
...)
- NOTE: not-for-us (Chaser)
+ NOT-FOR-US: Chaser
CAN-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
- NOTE: not-for-us (Les Commentaires)
+ NOT-FOR-US: Les Commentaires
CAN-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Web Crossing)
+ NOT-FOR-US: Web Crossing
CAN-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch
...)
- NOTE: not-for-us (Cisco Systems)
+ NOT-FOR-US: Cisco Systems
CAN-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled,
...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive
information via ...)
- NOTE: not-for-us (X-Cart 3.4.3)
+ NOT-FOR-US: X-Cart 3.4.3
CAN-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary
commands via ...)
- NOTE: not-for-us (X-Cart 3.4.3)
+ NOT-FOR-US: X-Cart 3.4.3
CAN-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote
...)
- NOTE: not-for-us (X-Cart 3.4.3)
+ NOT-FOR-US: X-Cart 3.4.3
CAN-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP
Pro 4.6 ...)
- NOTE: not-for-us (PhotoPost PHP Pro)
+ NOT-FOR-US: PhotoPost PHP Pro
CAN-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill
0.15pre3 ...)
- overkill 0.16-7
CAN-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP
Portal ...)
- NOTE: not-for-us (Aprox PHP Portal)
+ NOT-FOR-US: Aprox PHP Portal
CAN-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows
remote ...)
- NOTE: not-for-us (thePHOTOtool)
+ NOT-FOR-US: thePHOTOtool
CAN-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow
remote ...)
{DSA-515}
CAN-2004-0234 (Multiple stack-based buffer overflows in the get_header function
in ...)
{DSA-515}
CAN-2004-0233 (Utempter allows device names that contain .. (dot dot) directory
...)
- NOTE: not-for-us (utempter)
+ NOT-FOR-US: utempter
CAN-2004-0232 (Multiple format string vulnerabilities in Midnight Commander
(mc) ...)
{DSA-497}
CAN-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before
4.6.0, with ...)
{DSA-497}
CAN-2004-0230 (TCP, when using a large Window Size, makes it easier for remote
...)
- NOTE: not-for-us (famous TCP RST bug)
+ NOT-FOR-US: famous TCP RST bug
CAN-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly
use the ...)
- NOTE: not-for-us (Kernel 2.6 framebuffer bug)
+ NOT-FOR-US: Kernel 2.6 framebuffer bug
CAN-2004-0228 (Integer signedness error in the cpufreq proc handler
(cpufreq_procctl) ...)
NOTE: fixed in linux 2.4.27-pre3
CAN-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2
may ...)
- NOTE: not-for-us (ZoneMinder)
+ NOT-FOR-US: ZoneMinder
CAN-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before
4.6.0 may ...)
{DSA-497}
CAN-2004-0225
@@ -13681,63 +13681,63 @@
CAN-2004-0223
NOTE: reserved
CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier
allow ...)
- NOTE: not-for-us (isakmpd in OpenBSD)
+ NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to
cause a ...)
- NOTE: not-for-us (isakmpd in OpenBSD)
+ NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to
cause a ...)
- NOTE: not-for-us (isakmpd in OpenBSD)
+ NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to
cause a ...)
- NOTE: not-for-us (isakmpd in OpenBSD)
+ NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to
cause a ...)
- NOTE: not-for-us (isakmpd in OpenBSD)
+ NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus
Scan ...)
- NOTE: not-for-us (Symantec AntiVirus Scan Engine for Red Hat)
+ NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat
CAN-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet
...)
- NOTE: not-for-us (MSIE bug)
+ NOT-FOR-US: MSIE bug
CAN-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a
denial of ...)
- NOTE: not-for-us (MS-Outlook-Express)
+ NOT-FOR-US: MS-Outlook-Express
CAN-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on
Windows ...)
- NOTE: not-for-us (MSIE bug)
+ NOT-FOR-US: MSIE bug
CAN-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while
Utility ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows
2000 and ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset
certain ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000
allows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes
of ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT
4.0, ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0207 ("Shatter" style vulnerability in the Window
Management application ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft
Windows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS)
4.0 ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0204 (Directory traversal vulnerability in the web viewers for
Business ...)
- NOTE: not-for-us (Visual Studio bug)
+ NOT-FOR-US: Visual Studio bug
CAN-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
for ...)
- NOTE: not-for-us (Exchange bug)
+ NOT-FOR-US: Exchange bug
CAN-2004-0202 (IDirectPlay4 Application Programming Interface (API) of
Microsoft ...)
- NOTE: not-for-us (DirectX)
+ NOT-FOR-US: DirectX
CAN-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in
HTML ...)
- NOTE: not-for-us (Windows HTML Help)
+ NOT-FOR-US: Windows HTML Help
CAN-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the
Microsoft ...)
- NOTE: not-for-us (famous Windows GDI+ JPEG parsing bug)
+ NOT-FOR-US: famous Windows GDI+ JPEG parsing bug
CAN-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows
Server ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0198
NOTE: reserved
CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows
remote ...)
- NOTE: not-for-us (MSJet bug)
+ NOT-FOR-US: MSJet bug
CAN-2004-0196
NOTE: reserved
CAN-2004-0195
NOTE: reserved
CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management
Service for ...)
- NOTE: not-for-us (Symantec Gateway Security)
+ NOT-FOR-US: Symantec Gateway Security
CAN-2004-0187
NOTE: rejected
CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and
earlier ...)
@@ -13747,7 +13747,7 @@
{DSA-478}
- tcpdump 3.7.2-4
CAN-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (mailman; RedHat specific bug)
+ NOT-FOR-US: mailman; RedHat specific bug
CAN-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak
in ...)
NOTE: fixed in 2.4.26-pre5
CAN-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS
server to ...)
@@ -13772,24 +13772,24 @@
CAN-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using
...)
- apache 1.3.29.0.2-5
CAN-2004-0172 (Heap-based buffer overflow in the search_for_command function of
...)
- NOTE: not-for-us (ltrace; Debian (and no other distribution) installs this
SUID root)
+ NOT-FOR-US: ltrace; Debian (and no other distribution) installs this SUID root
CAN-2004-0170
NOTE: reserved
CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2,
related ...)
- NOTE: not-for-us (CoreFoundation for Mac OS X)
+ NOT-FOR-US: CoreFoundation for Mac OS X
CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8
...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values,
which ...)
- ipsec-tools 0.3.3-1
NOTE: not mentioned in the changelog, so I don''t know which version
exactly fixes
NOTE: the problem, but the patch that fixes the bug is applied:
NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
CAN-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not
change the ...)
- NOTE: not-for-us (Sygate Secure Enterprise)
+ NOT-FOR-US: Sygate Secure Enterprise
CAN-2004-0162 (Multiple content security gateway and antivirus products allow
remote ...)
- NOTE: not-for-us (general MIME bug with security gateways)
+ NOT-FOR-US: general MIME bug with security gateways
CAN-2004-0161 (Multiple content security gateway and antivirus products allow
remote ...)
- NOTE: not-for-us (general MIME bug with security gateways)
+ NOT-FOR-US: general MIME bug with security gateways
CAN-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain
''games'' group ...)
{DSA-445}
CAN-2004-0157 (xonix 1.4 and earlier invokes an external program while running
at ...)
@@ -13817,7 +13817,7 @@
CAN-2004-0144
NOTE: reserved
CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow
remote ...)
- NOTE: not-for-us (Nokia mobile phones)
+ NOT-FOR-US: Nokia mobile phones
CAN-2004-0142
NOTE: reserved
CAN-2004-0141
@@ -13825,41 +13825,41 @@
CAN-2004-0140
NOTE: reserved
CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI
IRIX ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2004-0138
NOTE: reserved
CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24
allows ...)
- NOTE: not-for-us (IRIX init)
+ NOT-FOR-US: IRIX init
CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24
allows ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24
...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to
gain ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak
in ...)
NOTE: fixed in 2.4.26-pre2
CAN-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents
2.0.2 ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (phpGedView)
+ NOT-FOR-US: phpGedView
CAN-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for
...)
- NOTE: not-for-us (phpGedView)
+ NOT-FOR-US: phpGedView
CAN-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not
...)
- NOTE: not-for-us (FreeBSD jail)
+ NOT-FOR-US: FreeBSD jail
CAN-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP,
and ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0123 (Double-free vulnerability in the ASN.1 library as used in
Windows NT ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in
Windows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0119 (The Negotiate Security Software Provider (SSP) interface in
Windows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in
Windows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in
Windows ...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0116 (An Activation function in the RPCSS Service involved with DCOM
...)
- NOTE: not-for-us (Windows bug)
+ NOT-FOR-US: Windows bug
CAN-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and
0.9.7c, ...)
- openssl 0.9.7d-1
CAN-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in
XMLSoft ...)
@@ -13888,19 +13888,19 @@
CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote
attackers ...)
{DSA-448}
CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8
and ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2004-0091 (** DISPUTED ** ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X
10.1.5 ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local
users ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2
allows ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X
10.3.2 has ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X
10.1.5 and ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0
to ...)
{DSA-443}
CAN-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0
...)
@@ -13915,55 +13915,55 @@
CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to
gain ...)
NOTE: turned out not to be vulnerable. See bug #278777
CAN-2004-0073 (PHP remote code injection vulnerability in (1) config.php and
(2) ...)
- NOTE: not-for-us (EasyDynamicPages)
+ NOT-FOR-US: EasyDynamicPages
CAN-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0
...)
- NOTE: not-for-us (Accipiter Direct Server 6.0)
+ NOT-FOR-US: Accipiter Direct Server 6.0
CAN-2004-0071 (Directory traversal vulnerability in buildManPage in ...)
- NOTE: not-for-us (PHP Man Page Lookup 1.2.0)
+ NOT-FOR-US: PHP Man Page Lookup 1.2.0
CAN-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6
and ...)
- NOTE: not-for-us (HD Soft Windows FTP Server 1.6)
+ NOT-FOR-US: HD Soft Windows FTP Server 1.6
CAN-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in
phpGedView ...)
- NOTE: not-for-us (phpGedView)
+ NOT-FOR-US: phpGedView
CAN-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the
absolute ...)
- NOTE: not-for-us (phpGedView)
+ NOT-FOR-US: phpGedView
CAN-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65
allow ...)
- NOTE: not-for-us (phpGedView)
+ NOT-FOR-US: phpGedView
CAN-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0
allows ...)
- NOTE: not-for-us (SuSE YaST)
+ NOT-FOR-US: SuSE YaST
CAN-2004-0062 (Integer overflow in the rnd arithmetic rounding function for
various ...)
- NOTE: not-for-us (FishCart)
+ NOT-FOR-US: FishCart
CAN-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to
bypass ...)
- NOTE: not-for-us (WWW File Share Pro 2.42)
+ NOT-FOR-US: WWW File Share Pro 2.42
CAN-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to
cause a ...)
- NOTE: not-for-us (WWW File Share Pro 2.42)
+ NOT-FOR-US: WWW File Share Pro 2.42
CAN-2004-0059 (Directory traversal vulnerability in upload capability of WWW
File ...)
- NOTE: not-for-us (WWW File Share Pro 2.42)
+ NOT-FOR-US: WWW File Share Pro 2.42
CAN-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows
local ...)
- NOTE: not-for-us (Antivir)
+ NOT-FOR-US: Antivir
CAN-2004-0057 (The rawprint function in the ISAKMP decoding routines
(print-isakmp.c) ...)
{DSA-425}
CAN-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation
for ...)
- NOTE: not-for-us (Nortel Networks products)
+ NOT-FOR-US: Nortel Networks products
CAN-2004-0055 (The print_attr_string function in print-radius.c for tcpdump
3.8.1 and ...)
{DSA-425}
CAN-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation
for ...)
- NOTE: not-for-us (Cisco IOS)
+ NOT-FOR-US: Cisco IOS
CAN-2004-0053 (Multiple content security gateway and antivirus products allow
remote ...)
- NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
+ NOT-FOR-US: Multiple security gateways MIME parsing stuff
CAN-2004-0052 (Multiple content security gateway and antivirus products allow
remote ...)
- NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
+ NOT-FOR-US: Multiple security gateways MIME parsing stuff
CAN-2004-0051 (Multiple content security gateway and antivirus products allow
remote ...)
- NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
+ NOT-FOR-US: Multiple security gateways MIME parsing stuff
CAN-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain
the ...)
- NOTE: not-for-us (Verity Ultraseek)
+ NOT-FOR-US: Verity Ultraseek
CAN-2004-0048
NOTE: reserved
CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges
before ...)
{DSA-430}
CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE
allows ...)
- NOTE: not-for-us (SnapStream PVS LITE)
+ NOT-FOR-US: SnapStream PVS LITE
CAN-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and
earlier ...)
- NOTE: not-for-us (Yahoo Instant Messenger)
+ NOT-FOR-US: Yahoo Instant Messenger
CAN-2004-0042 (vsftpd 1.1.3 generates different error messages depending on
whether ...)
- vsftpd 2.0.1-1
NOTE: can''t find any mention of the bug being fixed, but vsftpd
doesn''t
@@ -13971,17 +13971,17 @@
CAN-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the
...)
{DSA-421}
CAN-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
- NOTE: not-for-us (Check Point Firewall)
+ NOT-FOR-US: Check Point Firewall
CAN-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a
Patch 3 ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute
...)
- NOTE: not-for-us (FistClass Desktop Client)
+ NOT-FOR-US: FistClass Desktop Client
CAN-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum
3.4.5 ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2004-0030 (PHP remote code injection vulnerability in (1) functions.php,
(2) ...)
- NOTE: not-for-us (PHPGEDVIEW)
+ NOT-FOR-US: PHPGEDVIEW
CAN-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini
configuration ...)
- NOTE: not-for-us (Lotus Notes Domino)
+ NOT-FOR-US: Lotus Notes Domino
CAN-2004-0027
NOTE: reserved
CAN-2004-0026
@@ -14026,19 +14026,19 @@
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.26-rc4
CAN-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet
allows ...)
- NOTE: not-for-us (FreeBSD netinet)
+ NOT-FOR-US: FreeBSD netinet
CAN-2003-1565
NOTE: rejected
CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges
by ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal
Database ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may
allow ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain
DMS ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1047
NOTE: rejected
CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not
properly ...)
@@ -14052,51 +14052,51 @@
CAN-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla
2.16.3 and ...)
- bugzilla 2.16.4-1
CAN-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or
sgid to ...)
NOTE: linux kernel kmod local DoS, fixed in all current kernels
CAN-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP
allow ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS)
allows ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1037 (Format string vulnerability in the WGate component for SAP
Internet ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1036 (Multiple buffer overflows in the AGate component for SAP
Internet ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1035 (The default installation of SAP R/3 46C/D allows remote
attackers to ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2)
...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB
Development ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is
configured ...)
- NOTE: not-for-us (Pi3Web not in debian)
+ NOT-FOR-US: Pi3Web not in debian
CAN-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for
vBulletin ...)
- NOTE: not-for-us (VBulletin)
+ NOT-FOR-US: VBulletin
CAN-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73
allows ...)
- NOTE: not-for-us (Dameware)
+ NOT-FOR-US: Dameware
CAN-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows
remote ...)
{DSA-425}
CAN-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to
direct ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to
bypass ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to
spoof ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on
Solaris ...)
- NOTE: not-for-us (solaris)
+ NOT-FOR-US: solaris
CAN-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of
vfs/direntry.c ...)
{DSA-424}
CAN-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows
local ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before
0.8.9 ...)
- irssi-text 0.8.9-0.1
CAN-2003-1019
NOTE: reserved
CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and
5.2 ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file
in a ...)
- flashplugin-nonfree 7.0.25-1
CAN-2003-1016 (Multiple content security gateway and antivirus products allow
remote ...)
@@ -14114,38 +14114,38 @@
{DSA-407}
- ethereal 0.10.0-1
CAN-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB
...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2
and ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8,
10.3.2 ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local
users ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does
not ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through
10.3.2 ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows
remote ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and
7600 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in
Cisco ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service
...)
- xchat 2.0.7
NOTE: apparently only DOS
CAN-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the
libprint ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-0998 (Unknown "potential system security
vulnerability" in Computer ...)
- NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
+ NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CAN-2003-0997 (Unknown "Denial of Service Attack"
vulnerability in Computer ...)
- NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
+ NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CAN-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM)
allows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI
script for ...)
- mailman 2.1.3
CAN-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG
Plugin 1.1 ...)
@@ -14162,25 +14162,25 @@
CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and
earlier do ...)
NOTE: fixed in 2.4.24-rc1
CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that
...)
- NOTE: not-for-us (Cisco Unity on IBM servers)
+ NOT-FOR-US: Cisco Unity on IBM servers
CAN-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x
before ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS
name ...)
- NOTE: not-for-us (visitorbook.pl)
+ NOT-FOR-US: visitorbook.pl
CAN-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts
VisitorBook LE ...)
- NOTE: not-for-us (visitorbook.pl)
+ NOT-FOR-US: visitorbook.pl
CAN-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly
escape ...)
- NOTE: not-for-us (visitorbook.pl)
+ NOT-FOR-US: visitorbook.pl
CAN-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP
...)
- NOTE: not-for-us (gpgkeys_hkp)
+ NOT-FOR-US: gpgkeys_hkp
CAN-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS
server ...)
- cvs 1:1.11.10
CAN-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly
enforce ...)
- NOTE: not-for-us (netware)
+ NOT-FOR-US: netware
CAN-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X
10.2.8 ...)
NOTE: nor-for-us (MacOS)
CAN-2003-0974 (Applied Watch Command Center allows remote attackers to conduct
...)
- NOTE: not-for-us (Applied Watch Command Center)
+ NOT-FOR-US: Applied Watch Command Center
CAN-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and
2.7.x ...)
{DSA-452}
CAN-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and
earlier, ...)
@@ -14189,14 +14189,14 @@
CAN-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates
ElGamal ...)
{DSA-429}
CAN-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows
remote ...)
- NOTE: not-for-us (Sun Fire B1600)
+ NOT-FOR-US: Sun Fire B1600
CAN-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb
...)
NOTE: freeradius module in question is not built in debian package
NOTE: buffer overflow apparently fixed in freeradius 1.0.1
CAN-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote
attackers to ...)
- freeradius 0.9.2-4
CAN-2003-0996 (Unknown "System Security Vulnerability" in
Computer Associates (CA) ...)
- NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
+ NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CAN-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script
for ...)
{DSA-436}
CAN-2003-0964
@@ -14210,7 +14210,7 @@
NOTE: do_brk hole
NOTE: fixed in 2.4.23-pre7
CAN-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a
chain ...)
- NOTE: not-for-us (OpenCA)
+ NOT-FOR-US: OpenCA
CAN-2003-0959
NOTE: reserved
CAN-2003-0958
@@ -14220,17 +14220,17 @@
CAN-2003-0956
NOTE: reserved
CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial
of ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CAN-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local
users ...)
- NOTE: not-for-us (rcp)
+ NOT-FOR-US: rcp
CAN-2003-0953
NOTE: reserved
CAN-2003-0952
NOTE: reserved
CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly
validate ...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote
attackers to ...)
- NOTE: not-for-us (PeopleSoft PeopleTools)
+ NOT-FOR-US: PeopleSoft PeopleTools
CAN-2003-0949 (xsok 1.02 does not properly drop privileges before finding and
...)
{DSA-405}
CAN-2003-0948 (Buffer overflow in iwconfig allows local users to execute
arbitrary ...)
@@ -14240,41 +14240,41 @@
CAN-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus
0.60 ...)
- clamav 0.65
CAN-2003-0945 (The Web Database Manager in web-tools for SAP DB before
7.4.03.30 ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in
SAP DB ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services
that ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools
for ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to
access ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in
SAP DB ...)
- NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
+ NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CAN-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server
(SAP DB) ...)
- NOTE: not-for-us (SAP database server (SAP DB))
+ NOT-FOR-US: SAP database server (SAP DB)
CAN-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier
allows ...)
- NOTE: not-for-us (SAP database server (SAP DB))
+ NOT-FOR-US: SAP database server (SAP DB)
CAN-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local
users to ...)
- NOTE: not-for-us (UnixWare)
+ NOT-FOR-US: UnixWare
CAN-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service,
allows ...)
- NOTE: not-for-us (PCAnywhere)
+ NOT-FOR-US: PCAnywhere
CAN-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data
in MIB ...)
- net-snmp 5.0.9
CAN-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide
the ...)
- NOTE: not-for-us (Symbol Access Portable Data Terminal)
+ NOT-FOR-US: Symbol Access Portable Data Terminal
CAN-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local
user to ...)
{DSA-398}
CAN-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute
...)
{DSA-400}
CAN-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (Sygate Enforcer)
+ NOT-FOR-US: Sygate Enforcer
CAN-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect
...)
- NOTE: not-for-us (Clearswift MAILsweeper)
+ NOT-FOR-US: Clearswift MAILsweeper
CAN-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect
and ...)
- NOTE: not-for-us (Clearswift MAILsweeper)
+ NOT-FOR-US: Clearswift MAILsweeper
CAN-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect
and ...)
- NOTE: not-for-us (Clearswift MAILsweeper)
+ NOT-FOR-US: Clearswift MAILsweeper
CAN-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows
...)
{DSA-407}
- ethereal 0.9.16-0.1
@@ -14305,23 +14305,23 @@
CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows
remote ...)
{DSA-409}
CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X
10.3 ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0912
NOTE: reserved
CAN-2003-0911
NOTE: reserved
CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for
the ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by
...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes
winhlp32.exe ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not
properly ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF)
or (2) ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when
configured ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4,
2.2, and ...)
{DSA-402}
CAN-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x
before ...)
@@ -14331,15 +14331,15 @@
CAN-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to
2.23b1 ...)
{DSA-396}
CAN-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including
7.1, ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in
Windows XP may allow local ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class
in the ...)
- NOTE: not-for-us (Sun/Java)
+ NOT-FOR-US: Sun/Java
CAN-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows
local ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in
Oracle ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2003-0893
NOTE: reserved
CAN-2003-0892
@@ -14361,21 +14361,21 @@
CAN-2003-0884
NOTE: reserved
CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows
local ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a
constant ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5
Challenge ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users
to ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0879
NOTE: rejected
CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to
overwrite ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users
to ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global
read/write/execute ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for
...)
NOTE: source package only
NOTE: openslp: slpd.all_init symlink vuln
@@ -14383,15 +14383,15 @@
NOTE: source package still distributes the file, however.
- openslp 1.0.11a-1
CAN-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and
earlier ...)
- NOTE: not-for-us (Deskpro)
+ NOT-FOR-US: Deskpro
CAN-2003-0873
NOTE: reserved
CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to
...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and
Mac OS X ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote
...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2003-0869
NOTE: reserved
CAN-2003-0868
@@ -14444,11 +14444,11 @@
{DSA-428}
- slocate 2.7-3
CAN-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro
allows ...)
- NOTE: not-for-us (SuSE)
+ NOT-FOR-US: SuSE
CAN-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro
...)
- NOTE: not-for-us (SuSE)
+ NOT-FOR-US: SuSE
CAN-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and
3.0.8 ...)
- NOTE: not-for-us (JBoss)
+ NOT-FOR-US: JBoss
CAN-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official
versions, ...)
NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
NOTE: Debian doesn''t enable MOD_GZIP_DEBUG1.
@@ -14459,21 +14459,21 @@
NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
NOTE: Debian doesn''t enable MOD_GZIP_DEBUG1.
CAN-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files
in ...)
- NOTE: not-for-us (Peoplesoft)
+ NOT-FOR-US: Peoplesoft
CAN-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly
other ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2003-0839 (Directory traversal vulnerability in the "Shell
Folders" capability in ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0838 (Internet Explorer allows remote attackers to bypass zone
restrictions ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2
for ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2
before ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before
0.92 ...)
- NOTE: not-for-us (mplayer)
+ NOT-FOR-US: mplayer
CAN-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to
execute ...)
- NOTE: not-for-us (CDE)
+ NOT-FOR-US: CDE
CAN-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows
attackers to ...)
{DSA-392}
- webfs 1.20
@@ -14491,59 +14491,59 @@
{DSA-391}
- freesweep 0.88-4.1
CAN-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows
remote ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0826 (lsh daemon (lshd) does not properly return from certain
functions in ...)
{DSA-717-1}
- lsh-server 1.4.2-6
CAN-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll)
in ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to
direct ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of
Microsoft ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to
execute ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works
Suites ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet
Security and ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library
(MSASN1.DLL), as ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to
bypass ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to
bypass ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to
bypass ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to
bypass ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM
functionality ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0812 (Stack-based buffer overflow in a logging function for Windows
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0811
NOTE: reserved
CAN-2003-0810
NOTE: reserved
CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle
object ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0808
NOTE: reserved
CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over
HTTP ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in
Microsoft ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and
3.x ...)
{DSA-387}
NOTE: gopherd not in testing or unstable (deprecated)
CAN-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X
before ...)
- NOTE: not-for-us (BSD)
+ NOT-FOR-US: BSD
CAN-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers
to ...)
- NOTE: not-for-us (Nokia)
+ NOT-FOR-US: Nokia
CAN-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers
to ...)
- NOTE: not-for-us (Nokia)
+ NOT-FOR-US: Nokia
CAN-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic
...)
- NOTE: not-for-us (Nokia)
+ NOT-FOR-US: Nokia
CAN-2003-0800
NOTE: reserved
CAN-2003-0799
@@ -14551,9 +14551,9 @@
CAN-2003-0798
NOTE: reserved
CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through
6.5.22 ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through
6.5.22 ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and
earlier, ...)
{DSA-415}
CAN-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not
limit ...)
@@ -14577,7 +14577,7 @@
CAN-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward
packets ...)
{DSA-389}
CAN-2003-0784 (Format string vulnerability in tsm for the bos.rte.security
fileset on ...)
- NOTE: not-for-us (IBM TSM)
+ NOT-FOR-US: IBM TSM
CAN-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain
root ...)
{DSA-385}
CAN-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow
attackers to ...)
@@ -14601,132 +14601,132 @@
CAN-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP
address ...)
{DSA-379}
CAN-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote
authenticated ...)
- NOTE: not-for-us (WS_FTP server)
+ NOT-FOR-US: WS_FTP server
CAN-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable
temporary ...)
- libapache-gallery-perl 0.7
CAN-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does
not ...)
- NOTE: not-for-us (IkonBoard not in Debian)
+ NOT-FOR-US: IkonBoard
CAN-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front
...)
- NOTE: not-for-us (ICQ Web Front)
+ NOT-FOR-US: ICQ Web Front
CAN-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the
Cross-Site ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and
earlier, ...)
- NOTE: not-for-us (RogerWilco not in Debian)
+ NOT-FOR-US: RogerWilco
CAN-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5,
and ...)
- NOTE: not-for-us (ftp desktop (windows))
+ NOT-FOR-US: ftp desktop (windows)
CAN-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91,
...)
- NOTE: not-for-us (winamp)
+ NOT-FOR-US: winamp
CAN-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to
obtain ...)
- NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian)
+ NOT-FOR-US: Escapade Scripting Engine (ESP
CAN-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting
Engine ...)
- NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian)
+ NOT-FOR-US: Escapade Scripting Engine (ESP
CAN-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb
2.5 ...)
- NOTE: not-for-us (foxweb)
+ NOT-FOR-US: foxweb
CAN-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session
...)
- asterisk 0.5.0
CAN-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (optisoft blubster)
+ NOT-FOR-US: optisoft blubster
CAN-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2
before ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2
before ...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote
attackers ...)
- NOTE: not-for-us (check point firewall)
+ NOT-FOR-US: check point firewall
CAN-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in
SiteBuilder ...)
- NOTE: not-for-us (sitebuilder not in Debian)
+ NOT-FOR-US: sitebuilder
CAN-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier
allows ...)
- NOTE: not-for-us (gtkftpd not in Debian)
+ NOT-FOR-US: gtkftpd
CAN-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to
bypass ...)
- NOTE: not-for-us (newsPHP not in Debian)
+ NOT-FOR-US: newsPHP
CAN-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to
read ...)
- NOTE: not-for-us (newsPHP not in Debian)
+ NOT-FOR-US: newsPHP
CAN-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and
...)
- NOTE: not-for-us (AttilaPHP not in Debian)
+ NOT-FOR-US: AttilaPHP
CAN-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2
and ...)
- NOTE: not-for-us (PY-Membres not in Debian)
+ NOT-FOR-US: PY-Membres
CAN-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (PY-Membres not in Debian)
+ NOT-FOR-US: PY-Membres
CAN-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP
Internet ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet
...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS)
4620.2.0.323011 ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2003-0746 (Various Distributed Computing Environment (DCE) implementations,
...)
- NOTE: not-for-us (Distributed Computing Environment (DCE) not in Deb)
+ NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb
CAN-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on
the ...)
- NOTE: not-for-us (castlerock SNMPc)
+ NOT-FOR-US: castlerock SNMPc
CAN-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows
remote ...)
- leafnode 1.9.42
CAN-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3)
before 3.36 ...)
{DSA-376}
- exim 3.36-8
CAN-2003-0742 (SCO Internet Manager (mana) allows local users to execute
arbitrary ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CAN-2003-0741
NOTE: reserved
CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file
descriptor ...)
- stunnel 2:3.26
- stunnel4 2:4.04
CAN-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier,
allows ...)
- NOTE: not-for-us (VMware)
+ NOT-FOR-US: VMware
CAN-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows
remote ...)
- NOTE: not-for-us (phpWebSite not in Debian)
+ NOT-FOR-US: phpWebSite
CAN-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows
remote ...)
- NOTE: not-for-us (phpWebSite not in Debian)
+ NOT-FOR-US: phpWebSite
CAN-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in
phpWebSite ...)
- NOTE: not-for-us (phpWebSite not in Debian)
+ NOT-FOR-US: phpWebSite
CAN-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite
0.9.x ...)
- NOTE: not-for-us (phpWebSite not in Debian)
+ NOT-FOR-US: phpWebSite
CAN-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap
before ...)
- libpam-ldap 164-1
- libnss-ldap 207-1
CAN-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic
...)
- NOTE: not-for-us (BEA weblogic)
+ NOT-FOR-US: BEA weblogic
CAN-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier
allows ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier
allows ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2003-0730 (Multiple integer overflows in the font libraries for XFree86
4.3.0 ...)
{DSA-380}
CAN-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers
to ...)
- NOTE: not-for-us (tellurian tftpdNT)
+ NOT-FOR-US: tellurian tftpdNT
CAN-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal
session ...)
- horde2 2.2.4
CAN-2003-0727 (Multiple buffer overflows in the XML Database (XDB)
functionality for ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2003-0726 (RealOne player allows remote attackers to execute arbitrary
script in ...)
- NOTE: not-for-us (RealOne player)
+ NOT-FOR-US: RealOne player
CAN-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source
...)
- NOTE: not-for-us (Real Networks Server / Helix Server)
+ NOT-FOR-US: Real Networks Server / Helix Server
CAN-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA
...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may
allow ...)
- gkrellmd 2.1.14
CAN-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
- NOTE: not-for-us (solaris)
+ NOT-FOR-US: solaris
CAN-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in
PINE ...)
- pine 4.58
CAN-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to
execute ...)
- pine 4.58
CAN-2003-0719 (Buffer overflow in the Private Communications Transport (PCT)
protocol ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0718 (The WebDAV Message Handler for Internet Information Services
(IIS) ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0717 (The Messenger Service for Windows NT through Server 2003 does
not ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0716
NOTE: reserved
CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object
Model ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange
2000 ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0713
NOTE: reserved
CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding
for the ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help
and ...)
- NOTE: not-for-us (pchealth for windows)
+ NOT-FOR-US: pchealth for windows
CAN-2003-0710
NOTE: reserved
CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is
...)
@@ -14740,13 +14740,13 @@
CAN-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote
attackers ...)
{DSA-378}
CAN-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when
chown''ing ...)
- NOTE: not-for-us (KisMAC for Mac OS X)
+ NOT-FOR-US: KisMAC for Mac OS X
CAN-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load
arbitrary ...)
- NOTE: not-for-us (KisMAC for Mac OS X)
+ NOT-FOR-US: KisMAC for Mac OS X
CAN-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor
7.0 XPU ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages
that ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use
the ...)
NOTE: fixed in 2.4.22-pre3
CAN-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use
the ...)
@@ -14755,9 +14755,9 @@
NOTE: rejected
NOTE: see CAN-2003-0743
CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers
fileset for ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly
close ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-0695 (Multiple "buffer management errors" in OpenSSH
before 3.7.1 may allow ...)
{DSA-383 DSA-382}
CAN-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers
to ...)
@@ -14784,52 +14784,52 @@
CAN-2003-0684
NOTE: reserved
CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in
...)
- NOTE: not-for-us (SGI)
+ NOT-FOR-US: SGI
CAN-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier,
with unknown impact, a ...)
{DSA-383 DSA-382}
- openssh 1:3.6.1p2-9
CAN-2003-0681 (A "potential buffer overflow in ruleset
parsing" for Sendmail 8.12.9, ...)
{DSA-384}
CAN-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may
allow ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0679 (Unknown vulnerability in the libcpr library for the
Checkpoint/Restart ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0678
NOTE: reserved
CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote
attackers to ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
- NOTE: not-for-us (Sun iPlanet)
+ NOT-FOR-US: Sun iPlanet
CAN-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier
allows ...)
{DSA-370}
CAN-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid
context, ...)
- NOTE: not-for-us (sustworks IPNetSentryX)
+ NOT-FOR-US: sustworks IPNetSentryX
CAN-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to
sniff ...)
- NOTE: not-for-us (sustworks IPNetSentryX)
+ NOT-FOR-US: sustworks IPNetSentryX
CAN-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial
of ...)
- NOTE: not-for-us (solaris)
+ NOT-FOR-US: solaris
CAN-2003-0668
NOTE: reserved
CAN-2003-0667
NOTE: reserved
CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access
Snapshot ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx)
in ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0,
2000, XP, ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0660 (The Authenticode capability in Microsoft Windows NT through
Server ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT
through ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0,
...)
- NOTE: not-for-us (docview / caldera)
+ NOT-FOR-US: docview / caldera
CAN-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for
...)
{DSA-365}
CAN-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary
files ...)
@@ -14839,21 +14839,21 @@
CAN-2003-0654 (Buffer overflow in autorespond may allow remote attackers to
execute ...)
{DSA-373}
CAN-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and
earlier ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain
privileges ...)
{DSA-367}
CAN-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo
0.2.1 ...)
- NOTE: not-for-us (mod_mylo for apache)
+ NOT-FOR-US: mod_mylo for apache
CAN-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy
Arcade, ...)
- NOTE: not-for-us (gamespy)
+ NOT-FOR-US: gamespy
CAN-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows
local ...)
{DSA-368}
CAN-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50,
allow ...)
{DSA-472}
CAN-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and
earlier ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend
Micro ...)
- NOTE: not-for-us (ActiveX)
+ NOT-FOR-US: ActiveX
CAN-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled
DEFINE ...)
{DSA-364}
CAN-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the
.kdbgrc ...)
@@ -14862,49 +14862,49 @@
{DSA-358}
NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3)
CAN-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows
local ...)
- NOTE: not-for-us (Watchguard / win)
+ NOT-FOR-US: Watchguard / win
CAN-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows
local ...)
- NOTE: not-for-us (Watchguard / win)
+ NOT-FOR-US: Watchguard / win
CAN-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start
...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1
...)
- NOTE: not-for-us (novell ichain)
+ NOT-FOR-US: novell ichain
CAN-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field
Patch 3, ...)
- NOTE: not-for-us (novell ichain)
+ NOT-FOR-US: novell ichain
CAN-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout
for a ...)
- NOTE: not-for-us (novell ichain)
+ NOT-FOR-US: novell ichain
CAN-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify
that ...)
- NOTE: not-for-us (novell ichain)
+ NOT-FOR-US: novell ichain
CAN-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2
before ...)
- NOTE: not-for-us (novell ichain)
+ NOT-FOR-US: novell ichain
CAN-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality
for ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications
AOL/J ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review
(FNDWRR) ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation
4.0 ...)
- NOTE: not-for-us (VMware)
+ NOT-FOR-US: VMware
CAN-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program
of ...)
{DSA-359}
CAN-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript
...)
- NOTE: not-for-us (peoplesoft)
+ NOT-FOR-US: peoplesoft
CAN-2003-0628 (PeopleSoft Gateway Administration servlet
(gateway.administration) in ...)
- NOTE: not-for-us (peoplesoft)
+ NOT-FOR-US: peoplesoft
CAN-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows
remote ...)
- NOTE: not-for-us (peoplesoft)
+ NOT-FOR-US: peoplesoft
CAN-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows
remote ...)
- NOTE: not-for-us (peoplesoft)
+ NOT-FOR-US: peoplesoft
CAN-2003-0625 (Off-by-one error in certain versions of xfstt allows remote
attackers ...)
{DSA-360}
CAN-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp
for ...)
- NOTE: not-for-us (BEA WebLogic)
+ NOT-FOR-US: BEA WebLogic
CAN-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration
Console ...)
- NOTE: not-for-us (BEA Tuxedo)
+ NOT-FOR-US: BEA Tuxedo
CAN-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows
...)
- NOTE: not-for-us (BEA Tuxedo)
+ NOT-FOR-US: BEA Tuxedo
CAN-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows
...)
- NOTE: not-for-us (BEA Tuxedo)
+ NOT-FOR-US: BEA Tuxedo
CAN-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when
installed ...)
{DSA-364}
CAN-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c
in ...)
@@ -14915,7 +14915,7 @@
CAN-2003-0617 (mindi 0.58 and earlier does not properly create temporary files,
which ...)
{DSA-362}
CAN-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy
...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of
CGI.pm ...)
{DSA-371}
CAN-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of
Gallery 1.1 ...)
@@ -14927,9 +14927,9 @@
CAN-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users
to ...)
{DSA-356}
CAN-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee
ePolicy ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on
Solaris ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-0608
NOTE: reserved
CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part
of ...)
@@ -14938,9 +14938,9 @@
{DSA-353}
- sup 1.8-9
CAN-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet
Explorer ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier
...)
- bugzilla 2.16.3
NOTE: in 2.17.x : we need at least 2.17.4
@@ -14948,7 +14948,7 @@
- bugzilla 2.16.3
NOTE: in 2.17.x : we need at least 2.17.4
CAN-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6
does ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0600
NOTE: reserved
CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS)
capability for ...)
@@ -14956,59 +14956,59 @@
CAN-2003-0598
NOTE: rejected
CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in
UnixWare ...)
- NOTE: not-for-us (Unixware)
+ NOT-FOR-US: Unixware
CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates
temporary ...)
{DSA-352}
- fdclone 2.02a
CAN-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000
allows ...)
- NOTE: not-for-us (WiTango Application Server and Tango 2000)
+ NOT-FOR-US: WiTango Application Server and Tango 2000
CAN-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access
...)
NOTE: cannot find reference to it being fixed.
TODO: check
CAN-2003-0593 (Opera allows remote attackers to bypass intended cookie access
...)
- NOTE: not-for-us (opera)
+ NOT-FOR-US: opera
CAN-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote
attackers ...)
{DSA-459}
CAN-2003-0591
NOTE: rejected
CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows
remote ...)
- NOTE: not-for-us (Splatt Forum)
+ NOT-FOR-US: Splatt Forum
CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
- NOTE: not-for-us (Digi-ads)
+ NOT-FOR-US: Digi-ads
CAN-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass
...)
- NOTE: not-for-us (Digi-news)
+ NOT-FOR-US: Digi-news
CAN-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate
Bulletin ...)
- NOTE: not-for-us (Infopop Ultimate Bulletin Board (UBB))
+ NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB)
CAN-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to
obtain ...)
- NOTE: not-for-us (Brooky eStore)
+ NOT-FOR-US: Brooky eStore
CAN-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1
...)
- NOTE: not-for-us (Brooky eStore)
+ NOT-FOR-US: Brooky eStore
CAN-2003-0584 (Format string vulnerability in Backup and Restore Utility for
Unix ...)
- NOTE: not-for-us (BRU)
+ NOT-FOR-US: BRU
CAN-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU)
17.0 and ...)
- NOTE: not-for-us (BRU)
+ NOT-FOR-US: BRU
CAN-2003-0582
NOTE: rejected
CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote
attackers to ...)
{DSA-360}
CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and
earlier ...)
- NOTE: not-for-us (IBM U2 UniVerse)
+ NOT-FOR-US: IBM U2 UniVerse
CAN-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...)
- NOTE: not-for-us (IBM U2 UniVerse)
+ NOT-FOR-US: IBM U2 UniVerse
CAN-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard
links and ...)
- NOTE: not-for-us (IBM U2 UniVerse)
+ NOT-FOR-US: IBM U2 UniVerse
CAN-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of
service and ...)
- mpg123 0.59r-1
CAN-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX
6.5.19f and ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in
SGI ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and
possibly ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and
...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f,
and ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0571
NOTE: reserved
CAN-2003-0570
@@ -15018,7 +15018,7 @@
CAN-2003-0568
NOTE: reserved
CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to
cause ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0566
NOTE: reserved
CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of
the ...)
@@ -15032,25 +15032,25 @@
CAN-2003-0563
NOTE: reserved
CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell
Netware 5.1 ...)
- NOTE: not-for-us (Novell Netware)
+ NOT-FOR-US: Novell Netware
CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP
servers ...)
- NOTE: not-for-us (IglooFTP)
+ NOT-FOR-US: IglooFTP
CAN-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows
remote ...)
- NOTE: not-for-us (VP-ASP)
+ NOT-FOR-US: VP-ASP
CAN-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions,
allows ...)
- NOTE: not-for-us (phpforum)
+ NOT-FOR-US: phpforum
CAN-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers
to ...)
- NOTE: not-for-us (LeapFTP)
+ NOT-FOR-US: LeapFTP
CAN-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and
...)
- NOTE: not-for-us (StoreFront)
+ NOT-FOR-US: StoreFront
CAN-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us (Polycom MGC)
+ NOT-FOR-US: Polycom MGC
CAN-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a
denial of ...)
NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
CAN-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other
versions, ...)
- NOTE: not-for-us (NeoModus Direct Connect)
+ NOT-FOR-US: NeoModus Direct Connect
CAN-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin
(npcdt.dll) ...)
- NOTE: not-for-us (Netscape)
+ NOT-FOR-US: Netscape
CAN-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge
Forwarding ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre3
@@ -15067,7 +15067,7 @@
CAN-2003-0547 (GDM before 2.4.1.6, when using the "examine session
errors" feature, ...)
- gdm 2.4.1.5
CAN-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG
signatures, ...)
- NOTE: not-for-us (up2date)
+ NOT-FOR-US: up2date
CAN-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote
attackers to ...)
{DSA-394 DSA-393}
CAN-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of
...)
@@ -15096,37 +15096,37 @@
CAN-2003-0534
NOTE: reserved
CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly
determine ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote
attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet
Explorer ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0529
NOTE: reserved
CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object
Model ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0527
NOTE: reserved
CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory
that ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite
arbitrary ...)
NOTE: appears specific to the knoppix CD
CAN-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain
...)
- NOTE: not-for-us (ProductCart)
+ NOT-FOR-US: ProductCart
CAN-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5
through 2 ...)
- NOTE: not-for-us (ProductCart)
+ NOT-FOR-US: ProductCart
CAN-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows
remote ...)
- NOTE: not-for-us (cPanel is not our cpanel)
+ NOT-FOR-US: cPanel is not our cpanel
CAN-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to
cause a ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain
Windows ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0518 (The screen saver in MacOS X allows users with physical access to
cause ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to
...)
- mgetty 1.1.29
CAN-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...)
@@ -15134,31 +15134,31 @@
CAN-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL
...)
{DSA-347}
CAN-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie
access ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass
intended ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login
invalid" message ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices
...)
- NOTE: not-for-us (Cisco Aironet AP1x00 Series Wireless devices)
+ NOT-FOR-US: Cisco Aironet AP1x00 Series Wireless devices
CAN-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows
remote ...)
- NOTE: not-for-us (ezbounce)
+ NOT-FOR-US: ezbounce
CAN-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier
...)
- NOTE: not-for-us (Cyberstrong eShop)
+ NOT-FOR-US: Cyberstrong eShop
CAN-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe
Acrobat ...)
- NOTE: not-for-us (acroread)
+ NOT-FOR-US: acroread
CAN-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000
before ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote
attackers to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01
2000 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in
Phpgroupware ...)
{DSA-365}
CAN-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL
in ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows
remote ...)
- NOTE: not-for-us (Apple Quicktime)
+ NOT-FOR-US: Apple Quicktime
CAN-2003-0501 (The /proc filesystem in Linux allows local users to obtain
sensitive ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre10
@@ -15167,66 +15167,66 @@
CAN-2003-0499 (Mantis 0.17.5 and earlier stores its database password in
cleartext in ...)
{DSA-335}
CAN-2003-0498 (CachÃ© Database 5.x
installs the /cachesys/csp directory with insecure ...)
- NOTE: not-for-us (Intersystems Cache database)
+ NOT-FOR-US: Intersystems Cache database
CAN-2003-0497 (CachÃ© Database 5.x
installs /cachesys/bin/cache with world-writable ...)
- NOTE: not-for-us (Intersystems Cache database)
+ NOT-FOR-US: Intersystems Cache database
CAN-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users
to ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows
remote ...)
- NOTE: not-for-us (lednews; not in debian)
+ NOT-FOR-US: lednews; not in debian
CAN-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote
...)
- NOTE: not-for-us (snitz forums; not in debian)
+ NOT-FOR-US: snitz forums; not in debian
CAN-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain
privileges as ...)
- NOTE: not-for-us (snitz forums; not in debian)
+ NOT-FOR-US: snitz forums; not in debian
CAN-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz
...)
- NOTE: not-for-us (snitz forums; not in debian)
+ NOT-FOR-US: snitz forums; not in debian
CAN-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote
attackers ...)
- NOTE: not-for-us (xoop; not in debian)
+ NOT-FOR-US: xoop; not in debian
CAN-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X
10.2.6, ...)
- NOTE: not-for-us (Dantz Retrospect)
+ NOT-FOR-US: Dantz Retrospect
CAN-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges
after ...)
{DSA-330}
CAN-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio
...)
- NOTE: not-for-us (Kerio Mail server)
+ NOT-FOR-US: Kerio Mail server
CAN-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote
...)
- NOTE: not-for-us (Kerio Mail server)
+ NOT-FOR-US: Kerio Mail server
CAN-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and
...)
- phpbb2 2.0.6
CAN-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier
allows ...)
- NOTE: not-for-us (Progress 4GL Compiler)
+ NOT-FOR-US: Progress 4GL Compiler
CAN-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for
phpBB ...)
- phpbb2 2.0.6d-3
CAN-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8
Partagium ...)
- NOTE: not-for-us (XMB Forum)
+ NOT-FOR-US: XMB Forum
CAN-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by
...)
- tutos 1.1.20030715-1
CAN-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1
allow ...)
- tutos 1.1.20030715-1
CAN-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite
...)
- NOTE: not-for-us (VMware)
+ NOT-FOR-US: VMware
CAN-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for
WebBBS ...)
- NOTE: not-for-us (WebBBS; not in debian)
+ NOT-FOR-US: WebBBS; not in debian
CAN-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and
earlier, ...)
- NOTE: not-for-us (bahamut and other irc daemons; not in debian)
+ NOT-FOR-US: bahamut and other irc daemons; not in debian
CAN-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a
denial ...)
- wzdftpd 0.2
CAN-2003-0476 (The execve system call in Linux 2.4.x records the file
descriptor of ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre4
CAN-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote
...)
- NOTE: not-for-us (iWeb server)
+ NOT-FOR-US: iWeb server
CAN-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote
...)
- NOTE: not-for-us (iWeb server)
+ NOT-FOR-US: iWeb server
CAN-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19
causes ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to
cause a ...)
- NOTE: not-for-us (SGI IRIX)
+ NOT-FOR-US: SGI IRIX
CAN-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote
attackers ...)
- NOTE: not-for-us (webadmin / win)
+ NOT-FOR-US: webadmin / win
CAN-2003-0470 (Buffer overflow in the "RuFSI Utility Class"
ActiveX control (aka ...)
- NOTE: not-for-us (symantec activex)
+ NOT-FOR-US: symantec activex
CAN-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various
Windows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use
Postfix to ...)
{DSA-363}
CAN-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in
Linux ...)
@@ -15250,16 +15250,16 @@
CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number
of ...)
{DSA-423 DSA-358}
CAN-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and
OS/2 ...)
- NOTE: not-for-us (apache for win and os/2)
+ NOT-FOR-US: apache for win and os/2
CAN-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove
authentication ...)
{DSA-361}
CAN-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through
D48.03, and ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2003-0457
NOTE: reserved
- mysql-dfsg 4.0.21-4
CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full
...)
- NOTE: not-for-us (visnetic website)
+ NOT-FOR-US: visnetic website
CAN-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates
temporary ...)
{DSA-331}
CAN-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow
local ...)
@@ -15273,13 +15273,13 @@
CAN-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows
...)
{DSA-321}
CAN-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and
load ...)
- NOTE: not-for-us (progress database)
+ NOT-FOR-US: progress database
CAN-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to
read ...)
- NOTE: not-for-us (portmon; not in debian)
+ NOT-FOR-US: portmon; not in debian
CAN-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5
and ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0,
possibly ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers
to ...)
{DSA-328}
CAN-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote
...)
@@ -15322,81 +15322,81 @@
CAN-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote
attackers to ...)
{DSA-320}
CAN-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server
before ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin
...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows
remote ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server
before ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows
remote ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows
remote ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X
Server ...)
- NOTE: not-for-us (Apple)
+ NOT-FOR-US: Apple
CAN-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router
SMC7004VWBR ...)
- NOTE: not-for-us (SMC)
+ NOT-FOR-US: SMC
CAN-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the
size of ...)
NOTE: only linux 2.0.x
CAN-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows
remote ...)
- NOTE: not-for-us (Son hServer)
+ NOT-FOR-US: Son hServer
CAN-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for
Bandmin 1.4 ...)
- NOTE: not-for-us (bandmin; not in Debian)
+ NOT-FOR-US: bandmin;
CAN-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (Remote PC Access)
+ NOT-FOR-US: Remote PC Access
CAN-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows
2000/XP ...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CAN-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple
sample ...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CAN-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log
the ...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CAN-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote
...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CAN-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to
...)
- NOTE: not-for-us (AnalogX proxy)
+ NOT-FOR-US: AnalogX proxy
CAN-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote
...)
- NOTE: not-for-us (BRS WebWeaver)
+ NOT-FOR-US: BRS WebWeaver
CAN-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly
other ...)
- NOTE: not-for-us (Uptimes Project upclient; not in Debian)
+ NOT-FOR-US: Uptimes Project upclient;
CAN-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4
allows ...)
- gbatnav 1.0.4-4
CAN-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the
...)
- NOTE: not-for-us (PalmVNC)
+ NOT-FOR-US: PalmVNC
CAN-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers
to ...)
- NOTE: not-for-us (Vignette)
+ NOT-FOR-US: Vignette
CAN-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette
...)
- NOTE: not-for-us (Vignette)
+ NOT-FOR-US: Vignette
CAN-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers
to ...)
- NOTE: not-for-us (Vignette)
+ NOT-FOR-US: Vignette
CAN-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer
5 and ...)
- NOTE: not-for-us (Vignette)
+ NOT-FOR-US: Vignette
CAN-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to
...)
- NOTE: not-for-us (Vignette)
+ NOT-FOR-US: Vignette
CAN-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly
calculate the ...)
- NOTE: not-for-us (Vignette / AIX)
+ NOT-FOR-US: Vignette / AIX
CAN-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other
...)
- NOTE: not-for-us (Vignette StoryServer)
+ NOT-FOR-US: Vignette StoryServer
CAN-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the
SSI ...)
- NOTE: not-for-us (Vignette StoryServer)
+ NOT-FOR-US: Vignette StoryServer
CAN-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa
2.0.2 ...)
- NOTE: not-for-us (FastTrack network code (Kazaa))
+ NOT-FOR-US: FastTrack network code (Kazaa)
CAN-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before
2.4.1, if ...)
- linux-atm 2.4.1
CAN-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute
...)
- NOTE: not-for-us (Ultimate PHP Board)
+ NOT-FOR-US: Ultimate PHP Board
CAN-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to
execute ...)
- NOTE: not-for-us (BLNews)
+ NOT-FOR-US: BLNews
CAN-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming
...)
- NOTE: not-for-us (Privacyware Privatefirewall)
+ NOT-FOR-US: Privacyware Privatefirewall
CAN-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows
remote ...)
- NOTE: not-for-us (ST FTP Service (DOS))
+ NOT-FOR-US: ST FTP Service (DOS)
CAN-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and
possibly ...)
- NOTE: not-for-us (Magic WinMail Server)
+ NOT-FOR-US: Magic WinMail Server
CAN-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared
library ...)
- opt 3.19
CAN-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect
...)
- NOTE: not-for-us (RSA ACE/Agent)
+ NOT-FOR-US: RSA ACE/Agent
CAN-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and
the ...)
NOTE: pam is not vulnerable in default confuguration
NOTE: pam is not vulnerable at all in sarge, according to maintainer
@@ -15416,15 +15416,15 @@
CAN-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and
...)
{DSA-314}
CAN-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac
OS X ...)
- NOTE: not-for-us (MaxOS)
+ NOT-FOR-US: MaxOS
CAN-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used
with ...)
- NOTE: not-for-us (MaxOS)
+ NOT-FOR-US: MaxOS
CAN-2003-0377 (SQL injection vulnerability in the web-based administration
interface ...)
- NOTE: not-for-us (iisPROTECT)
+ NOT-FOR-US: iisPROTECT
CAN-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause
a ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of
XMBforum XMB ...)
- NOTE: not-for-us (XMBforum aka Partagium))
+ NOT-FOR-US: XMBforum aka Partagium)
CAN-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in
libnessus ...)
- nessus 2.0.6
CAN-2003-0373 (Multiple buffer overflows in Nessus before 2.0.6 allow local
users ...)
@@ -15432,19 +15432,19 @@
CAN-2003-0372 (Signed integer vulnerability in libnsl in Nessus before 2.0.6
allows ...)
- nessus 2.0.6
CAN-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP
servers ...)
- NOTE: not-for-us (Prishtina FTP client)
+ NOT-FOR-US: Prishtina FTP client
CAN-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate
the ...)
{DSA-361}
CAN-2003-0369
NOTE: reserved
CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers
to ...)
- NOTE: not-for-us (Nokia Gateway GPRS)
+ NOT-FOR-US: Nokia Gateway GPRS
CAN-2003-0367 (znew in the gzip package allows local users to overwrite
arbitrary ...)
{DSA-308}
CAN-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to
cause ...)
{DSA-318}
CAN-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for
"Full ...)
- NOTE: not-for-us (ICQLite)
+ NOT-FOR-US: ICQLite
CAN-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4
allows ...)
{DSA-442 DSA-336 DSA-332 DSA-311}
CAN-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly
other ...)
@@ -15464,63 +15464,63 @@
CAN-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and
earlier ...)
{DSA-313}
CAN-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common
Name ...)
- NOTE: not-for-us (Safari)
+ NOT-FOR-US: Safari
CAN-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows
attackers ...)
- gs-gpl 7.07
CAN-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data
Access ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0351
NOTE: rejected
CAN-2003-0350 (The control for listing accessibility options in the
Accessibility ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0349 (Buffer overflow in the streaming media component for logging
multicast ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX
control ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft
Visual ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI
library ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP,
2000, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and
6.0 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
- NOTE: not-for-us (BlackMoon FTP Server)
+ NOT-FOR-US: BlackMoon FTP Server
CAN-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
- NOTE: not-for-us (BlackMoon FTP Server)
+ NOT-FOR-US: BlackMoon FTP Server
CAN-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine
0.71 ...)
- NOTE: not-for-us (Owl Intranet Engine)
+ NOT-FOR-US: Owl Intranet Engine
CAN-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the
...)
- NOTE: not-for-us (Puresecure)
+ NOT-FOR-US: Puresecure
CAN-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d)
0.0.10 ...)
- NOTE: not-for-us (WsMp3)
+ NOT-FOR-US: WsMp3
CAN-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d)
0.0.10 and ...)
- NOTE: not-for-us (WsMp3)
+ NOT-FOR-US: WsMp3
CAN-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF)
5.1 ...)
- NOTE: not-for-us (lsadmin)
+ NOT-FOR-US: lsadmin
CAN-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary
files ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which
...)
- NOTE: not-for-us (Slaskware specific)
+ NOT-FOR-US: Slaskware specific
CAN-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to
cause a ...)
- ircii-pana 1:1.0-0c19.20030512-1
CAN-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00
(C-Kermit ...)
- NOTE: not-for-us (C-Kermit on HP-UX)
+ NOT-FOR-US: C-Kermit on HP-UX
CAN-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly
earlier ...)
- NOTE: not-for-us (BadBlue)
+ NOT-FOR-US: BadBlue
CAN-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers
to ...)
- NOTE: not-for-us (ttForum)
+ NOT-FOR-US: ttForum
CAN-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local
users to ...)
NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
CAN-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in
the ...)
- NOTE: not-for-us (CesarFTP)
+ NOT-FOR-US: CesarFTP
CAN-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later
...)
{DSA-399 DSA-306}
CAN-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote
attackers ...)
- NOTE: not-for-us (Sybase Adaptive Server Enterprise)
+ NOT-FOR-US: Sybase Adaptive Server Enterprise
CAN-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow
attackers ...)
NOTE: bug does exist in slocate.
NOTE: only impacts security if kernel has been recompiled to allow
@@ -15538,23 +15538,23 @@
CAN-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and
earlier ...)
{DSA-306}
CAN-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to
inject ...)
- NOTE: not-for-us (ttCMS)
+ NOT-FOR-US: ttCMS
CAN-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax
MailMax ...)
- NOTE: not-for-us (SmartMax MailMax)
+ NOT-FOR-US: SmartMax MailMax
CAN-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics
module for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...)
- NOTE: not-for-us (iisPROTECT)
+ NOT-FOR-US: iisPROTECT
CAN-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and
Venturi ...)
- NOTE: not-for-us (Venturi Client)
+ NOT-FOR-US: Venturi Client
CAN-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Snowblind Web Server)
+ NOT-FOR-US: Snowblind Web Server
CAN-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (Snowblind Web Server)
+ NOT-FOR-US: Snowblind Web Server
CAN-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0
allows ...)
- NOTE: not-for-us (Snowblind Web Server)
+ NOT-FOR-US: Snowblind Web Server
CAN-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0
allows ...)
- NOTE: not-for-us (Snowblind Web Server)
+ NOT-FOR-US: Snowblind Web Server
CAN-2003-0311
NOTE: reserved
CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for
eZ ...)
@@ -15562,23 +15562,23 @@
NOTE: and I guess that fix made it into new upstream versions,
NOTE: but I did not check in detail
CAN-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to
bypass ...)
- NOTE: not-for-us (MSIE)
+ NOT-FOR-US: MSIE
CAN-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not
securely ...)
{DSA-305}
CAN-2003-0307 (Poster version.two allows remote authenticated users to gain
...)
- NOTE: not-for-us (Poster version.two)
+ NOT-FOR-US: Poster version.two
CAN-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers
to ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through
12.2, aka ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote
attackers ...)
- NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk)
+ NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CAN-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero)
Helpdesk ...)
- NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk)
+ NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CAN-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP
servers ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote
...)
- NOTE: not-for-us (Microsort)
+ NOT-FOR-US: Microsort
CAN-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP
...)
NOTE: sylpheed and sylpheed-claws might still be vulnerable
NOTE: but it''s only a crasher
@@ -15595,31 +15595,31 @@
CAN-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP
...)
- evolution 1.3.2
CAN-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for
vBulletin ...)
- NOTE: not-for-us (vBulletin)
+ NOT-FOR-US: vBulletin
CAN-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote
attackers to ...)
- NOTE: not-for-us (php-proxima)
+ NOT-FOR-US: php-proxima
CAN-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU
...)
- NOTE: not-for-us (PalmOS)
+ NOT-FOR-US: PalmOS
CAN-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi
Traffic-Server ...)
- NOTE: not-for-us (Inktomi)
+ NOT-FOR-US: Inktomi
CAN-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not
properly ...)
- NOTE: not-for-us (3com OfficeConnect Remote 812 ADSL Router)
+ NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router
CAN-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (eServ)
+ NOT-FOR-US: eServ
CAN-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord
program in ...)
- cdrtools 4:2.0+a14-1
CAN-2003-0288 (Buffer overflow in the file & folder transfer mechanism
for IP ...)
- NOTE: not-for-us (IP Messenger for Win)
+ NOT-FOR-US: IP Messenger for Win
CAN-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before
2.6, ...)
- NOTE: not-for-us (Movable Type)
+ NOT-FOR-US: Movable Type
CAN-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03
and ...)
- NOTE: not-for-us (Snitz Forums)
+ NOT-FOR-US: Snitz Forums
CAN-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a
configuration file ...)
- NOTE: not-for-us (bad sendmail config on AIX)
+ NOT-FOR-US: bad sendmail config on AIX
CAN-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF
files, ...)
- NOTE: not-for-us (Adobe Acrobat)
+ NOT-FOR-US: Adobe Acrobat
CAN-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3
allows ...)
- NOTE: not-for-us (Phorum)
+ NOT-FOR-US: Phorum
CAN-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers
to ...)
{DSA-344}
CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5,
and ...)
@@ -15627,53 +15627,53 @@
NOTE: firebird (1) in debian is very insecure and vulnerable, but
NOTE: the server is not included, just the libraries. See bug #251458
CAN-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP
CMailServer ...)
- NOTE: not-for-us (SMTP Service for ESMTP CMailServer )
+ NOT-FOR-US: SMTP Service for ESMTP CMailServer
CAN-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module
for ...)
- NOTE: not-for-us (PHP-Nuke)
+ NOT-FOR-US: PHP-Nuke
CAN-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in
...)
- NOTE: not-for-us (HappyMail)
+ NOT-FOR-US: HappyMail
CAN-2003-0277 (Directory traversal vulnerability in normal_html.cgi in
Happycgi.com ...)
- NOTE: not-for-us (HappyMail)
+ NOT-FOR-US: HappyMail
CAN-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause
a ...)
- NOTE: not-for-us (Pi3Web)
+ NOT-FOR-US: Pi3Web
CAN-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (YaBB SE)
+ NOT-FOR-US: YaBB SE
CAN-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier
allows ...)
- NOTE: not-for-us (ListProc)
+ NOT-FOR-US: ListProc
CAN-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface
for ...)
NOTE: old version of Request Tracker not in debian.
CAN-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...)
- NOTE: not-for-us (miniPortail)
+ NOT-FOR-US: miniPortail
CAN-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers
to ...)
- NOTE: not-for-us (Personal FTP Server)
+ NOT-FOR-US: Personal FTP Server
CAN-2003-0270 (The administration capability for Apple AirPort 802.11 wireless
access ...)
- NOTE: not-for-us (Apple Airport)
+ NOT-FOR-US: Apple Airport
CAN-2003-0269 (Buffer overflow in youbin allows local users to gain privileges
via a ...)
- NOTE: not-for-us (youbin)
+ NOT-FOR-US: youbin
CAN-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to
identify the ...)
- NOTE: not-for-us (SLWebMail on Windows)
+ NOT-FOR-US: SLWebMail on Windows
CAN-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote
...)
- NOTE: not-for-us (SLWebMail on Windows)
+ NOT-FOR-US: SLWebMail on Windows
CAN-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems
allows ...)
- NOTE: not-for-us (SLWebMail on Windows)
+ NOT-FOR-US: SLWebMail on Windows
CAN-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates
critical ...)
- NOTE: not-for-us (SDBINST for SAP database)
+ NOT-FOR-US: SDBINST for SAP database
CAN-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote
attackers ...)
- NOTE: not-for-us (SLMail)
+ NOT-FOR-US: SLMail
CAN-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server
...)
- NOTE: not-for-us (FTGatePro)
+ NOT-FOR-US: FTGatePro
CAN-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid
root, ...)
{DSA-299}
CAN-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which
could ...)
{DSA-302}
CAN-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware
Client ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware
Client ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware
Client ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2003-0257 (Format string vulnerability in the printer capability for IBM
AIX .3, ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly
cleanse the ...)
- kopete 3.2.0
CAN-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly
...)
@@ -15702,63 +15702,63 @@
CAN-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter
IP ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
CAN-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to
execute ...)
- NOTE: not-for-us (Happycgi.com Happymall)
+ NOT-FOR-US: Happycgi.com Happymall
CAN-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain
...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503
directly ...)
- NOTE: not-for-us (FrontRange GoldMine / win)
+ NOT-FOR-US: FrontRange GoldMine / win
CAN-2003-0240 (The web-based administration capability for various Axis Network
...)
- NOTE: not-for-us (Axis Network Camera)
+ NOT-FOR-US: Axis Network Camera
CAN-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro
2003a ...)
- NOTE: not-for-us (Mirabilis ICQ / windows)
+ NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows
remote ...)
- NOTE: not-for-us (Mirabilis ICQ / windows)
+ NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0237 (The "ICQ Features on Demand" functionality for
Mirabilis ICQ Pro 2003a ...)
- NOTE: not-for-us (Mirabilis ICQ / windows)
+ NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ
Pro ...)
- NOTE: not-for-us (Mirabilis ICQ / windows)
+ NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro
2003a ...)
- NOTE: not-for-us (Mirabilis ICQ / windows)
+ NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0234
NOTE: reserved
CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer
5.01, ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to
execute ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go
gain ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0229
NOTE: reserved
CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media
Player ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0227 (The logging capability for unicast and multicast transmissions
in the ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet
Information ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle
Database ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CAN-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B
PK1 and ...)
- NOTE: not-for-us (HP tru64)
+ NOT-FOR-US: HP tru64
CAN-2003-0220 (Buffer overflow in the administrator authentication process for
Kerio ...)
- NOTE: not-for-us (Kerio Personal Firewall)
+ NOT-FOR-US: Kerio Personal Firewall
CAN-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote
...)
- NOTE: not-for-us (Kerio Personal Firewall)
+ NOT-FOR-US: Kerio Personal Firewall
CAN-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon
...)
- NOTE: not-for-us (Monkey http daemon; not in debian)
+ NOT-FOR-US: Monkey http daemon; not in debian
CAN-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant
Virtual ...)
- NOTE: not-for-us (Neoteris Instant Virtual Extranet)
+ NOT-FOR-US: Neoteris Instant Virtual Extranet
CAN-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local
users to ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and
earlier ...)
- NOTE: not-for-us (bttlxeForum / win)
+ NOT-FOR-US: bttlxeForum / win
CAN-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users
to ...)
{DSA-292}
CAN-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote
...)
@@ -15768,11 +15768,11 @@
CAN-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a
denial ...)
- xinetd 2.3.11
CAN-2003-0210 (Buffer overflow in the administration service (CSAdmin) for
Cisco ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4)
for ...)
{DSA-297}
CAN-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad
user ...)
- NOTE: not-for-us (macromedia flash)
+ NOT-FOR-US: macromedia flash
CAN-2003-0207 (ps2epsi creates insecure temporary files when calling
ghostscript, ...)
{DSA-286}
CAN-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote
...)
@@ -15792,9 +15792,9 @@
CAN-2003-0199
NOTE: reserved
CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the
permissions of ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows
local ...)
- NOTE: not-for-us (Interbase Database)
+ NOT-FOR-US: Interbase Database
CAN-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow
remote ...)
{DSA-280}
CAN-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of
...)
@@ -15825,33 +15825,33 @@
CAN-2003-0182
NOTE: reserved
CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote
...)
- NOTE: not-for-us (Lotus Domino Web Server)
+ NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote
...)
- NOTE: not-for-us (Lotus Domino Web Server)
+ NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus
Domino ...)
- NOTE: not-for-us (Lotus Domino Web Server)
+ NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before
6.0.1 ...)
- NOTE: not-for-us (Lotus Domino Web Server)
+ NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions,
does ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on
SGI ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of
service ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not
...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CAN-2003-0173 (xfsdq in xfsdump does not create quota information files
securely, ...)
{DSA-283}
CAN-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows
operating ...)
NOTE: not belived to be vulnerable
(http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
CAN-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment
variable to ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to
use ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools
before ...)
- NOTE: not-for-us (HP Instant TopTools)
+ NOT-FOR-US: HP Instant TopTools
CAN-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for
Windows ...)
- NOTE: not-for-us (Apple QuickTime Player)
+ NOT-FOR-US: Apple QuickTime Player
CAN-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for
Mutt ...)
{DSA-300 DSA-274}
CAN-2003-0166 (Integer signedness error in emalloc() function for PHP before
4.3.2 ...)
@@ -15885,13 +15885,13 @@
CAN-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows
remote ...)
{DSA-265}
CAN-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not
properly ...)
- NOTE: not-for-us (BEA WebLogic Server)
+ NOT-FOR-US: BEA WebLogic Server
CAN-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and
allows ...)
{DSA-303}
CAN-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
- NOTE: not-for-us (McAfee ePolicy Orchestrator)
+ NOT-FOR-US: McAfee ePolicy Orchestrator
CAN-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator
2.0 ...)
- NOTE: not-for-us (McAfee ePolicy Orchestrator)
+ NOT-FOR-US: McAfee ePolicy Orchestrator
CAN-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local
and ...)
{DSA-288}
CAN-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and
possibly ...)
@@ -15899,9 +15899,9 @@
CAN-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on
SuSE ...)
{DSA-275 DSA-267}
CAN-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances
when ...)
- NOTE: not-for-us (acroread)
+ NOT-FOR-US: acroread
CAN-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and
earlier, ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CAN-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions,
1.5.x up ...)
{DSA-268}
CAN-2003-0139 (Certain weaknesses in the implementation of version 4 of the
Kerberos ...)
@@ -15909,7 +15909,7 @@
CAN-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal
and ...)
{DSA-273 DSA-269 DSA-266}
CAN-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving
GPRS ...)
- NOTE: not-for-us (Nokia Serving GPRS support node)
+ NOT-FOR-US: Nokia Serving GPRS support node
CAN-2003-0136 (psbanner in the LPRng package allows local users to overwrite
...)
{DSA-285}
CAN-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP
...)
@@ -15931,35 +15931,35 @@
CAN-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25,
and ...)
{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
CAN-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and
earlier, ...)
- NOTE: not-for-us (SOHO Routefinder 550 firmware)
+ NOT-FOR-US: SOHO Routefinder 550 firmware
CAN-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass
...)
- NOTE: not-for-us (Clearswift MAILsweeper)
+ NOT-FOR-US: Clearswift MAILsweeper
CAN-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet
...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2003-0118 (SQL injection vulnerability in the Document Tracking and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0117 (Buffer overflow in the HTTP receiver function
(BizTalkHTTPReceive.dll ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly
check ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly
check ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01,
5.5, and ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer
5.01, 5.5 ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine
(VM) ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0,
Windows NT ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows
proxy ...)
- NOTE: not-for-us (Symantec Enterprise Firewall)
+ NOT-FOR-US: Symantec Enterprise Firewall
CAN-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP
...)
- NOTE: not-for-us (ServerMask)
+ NOT-FOR-US: ServerMask
CAN-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before
1.000 ...)
{DSA-319}
CAN-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x
before ...)
@@ -15967,15 +15967,15 @@
CAN-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before
...)
{DSA-277}
CAN-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2,
Release 1, ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1
through ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq
on ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2003-0090
NOTE: rejected
CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX
...)
- NOTE: not-for-us (HP-UX)
+ NOT-FOR-US: HP-UX
CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows
local ...)
{DSA-262}
CAN-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code
for ...)
@@ -15996,7 +15996,7 @@
CAN-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and
...)
{DSA-266}
CAN-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users
to ...)
- NOTE: not-for-us (HP UX)
+ NOT-FOR-US: HP UX
CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT
Kerberos ...)
- krb5 1.2.4
CAN-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows
remote ...)
@@ -16004,13 +16004,13 @@
CAN-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows
local ...)
{DSA-252}
CAN-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from
memory, ...)
NOTE: apparently fixed upstream 2002-11-12 changelog
CAN-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2)
SecureFX ...)
- NOTE: not-for-us (commercial ssh clients)
+ NOT-FOR-US: commercial ssh clients
CAN-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from
...)
- NOTE: not-for-us (commercial ssh clients)
+ NOT-FOR-US: commercial ssh clients
CAN-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
...)
{DSA-246}
CAN-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or
earlier, ...)
@@ -16023,9 +16023,9 @@
CAN-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow
remote ...)
{DSA-244}
CAN-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake
Linux, ...)
- NOTE: not-for-us (ml85p, as included in the printer-drivers package for
Mandrake Linux)
+ NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake
Linux
CAN-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers
...)
- NOTE: not-for-us (ml85p, as included in the printer-drivers package for
Mandrake Linux)
+ NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake
Linux
CAN-2003-0034 (Buffer overflow in the mtink status monitor, as included in the
...)
NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
NOTE: chooser/mtinkc.c''s version, which goes into mtinkc
@@ -16033,7 +16033,7 @@
CAN-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow
attackers to ...)
{DSA-228}
CAN-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data
Extension ...)
- NOTE: not-for-us (Protegrity Secure.Data Extension Feature)
+ NOT-FOR-US: Protegrity Secure.Data Extension Feature
CAN-2003-0029
NOTE: reserved
CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly
other ...)
@@ -16045,9 +16045,9 @@
CAN-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to
overwrite ...)
{DSA-633-1}
CAN-2003-0011 (Unknown vulnerability in the DNS intrusion detection application
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by
Windows ...)
- NOTE: not-for-us (Windows Script Engine for JScript)
+ NOT-FOR-US: Windows Script Engine for JScript
CAN-2003-0008
NOTE: reserved
CAN-2003-0006
@@ -16057,7 +16057,7 @@
CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do
not ...)
{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal
...)
- NOTE: not-for-us (IBM DB2)
+ NOT-FOR-US: IBM DB2
CAN-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using
Sendmail ...)
NOTE: mailreader. Affects 2.3.30 and 2.3.31.
NOTE: Sarge uses 2.3.29.
@@ -16068,13 +16068,13 @@
{DSA-215}
- cyrus-imapd 1.5.19-9.10
CAN-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2002-1578 (The default installation of SAP R/3, when using Oracle and
SQL*net V2 ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users
and ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working
directory ...)
- NOTE: not-for-us (SAP)
+ NOT-FOR-US: SAP
CAN-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy
via ...)
{DSA-437}
- cgiemail 1.6-20
@@ -16100,7 +16100,7 @@
CAN-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows
...)
- wget 1.8.1-6.1
CAN-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal
...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of
...)
- stunnel4 4.04-1
- stunnel 2:3.24-1
@@ -16108,88 +16108,88 @@
{DSA-396}
- thttpd 2.23beta1-2.3
CAN-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows
XP ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CAN-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p)
allows ...)
- NOTE: not-for-us (ion-p)
+ NOT-FOR-US: ion-p
CAN-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an
account for ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows
attackers to ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows
attackers to ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a
"public" ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores
usernames ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote
...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CAN-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to
cause a ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass
...)
- NOTE: not-for-us (Webweaver)
+ NOT-FOR-US: Webweaver
CAN-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to
obtain ...)
- NOTE: not-for-us (Coolsoft)
+ NOT-FOR-US: Coolsoft
CAN-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP
Server ...)
- NOTE: not-for-us (Coolsoft)
+ NOT-FOR-US: Coolsoft
CAN-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote
attackers to ...)
- NOTE: not-for-us (SolarWinds)
+ NOT-FOR-US: SolarWinds
CAN-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows
remote ...)
- NOTE: not-for-us (MDaemon)
+ NOT-FOR-US: MDaemon
CAN-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary
...)
- NOTE: not-for-us (Molly)
+ NOT-FOR-US: Molly
CAN-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise
Firewall ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CAN-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet
engine ...)
NOTE: problem in jetty 4.1.0, Debian started with 4.2
CAN-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to
determine ...)
- NOTE: not-for-us (EMU Webmail)
+ NOT-FOR-US: EMU Webmail
CAN-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU
...)
- NOTE: not-for-us (EMU Webmail)
+ NOT-FOR-US: EMU Webmail
CAN-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine
for ...)
- NOTE: not-for-us (Sun)
+ NOT-FOR-US: Sun
CAN-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server
2.1.6 ...)
- NOTE: not-for-us (Miniserver)
+ NOT-FOR-US: Miniserver
CAN-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other
...)
- NOTE: not-for-us (PowerFTP)
+ NOT-FOR-US: PowerFTP
CAN-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5
beta ...)
- NOTE: not-for-us (Coolforum)
+ NOT-FOR-US: Coolforum
CAN-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite
arbitrary ...)
- NOTE: not-for-us (BRU)
+ NOT-FOR-US: BRU
CAN-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local
users ...)
{DSA-227}
- openldap2 2.0.27-3
CAN-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote
...)
- NOTE: not-for-us (Unreal)
+ NOT-FOR-US: Unreal
CAN-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to
...)
NOTE: linuxconf not in unstable or testing
CAN-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22
allows ...)
- NOTE: not-for-us (webserver-4everyone)
+ NOT-FOR-US: webserver-4everyone
CAN-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and
earlier ...)
NOTE: AFD not in debian
CAN-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in
NetBSD ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows
...)
- NOTE: not-for-us (FactoSystem)
+ NOT-FOR-US: FactoSystem
CAN-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier
allows ...)
- NOTE: not-for-us (SWServer)
+ NOT-FOR-US: SWServer
CAN-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1
allows ...)
- NOTE: not-for-us (Jawmail)
+ NOT-FOR-US: Jawmail
CAN-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for
Linux, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows
remote ...)
- NOTE: not-for-us (PlanetDNS)
+ NOT-FOR-US: PlanetDNS
CAN-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote
malicious ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote
malicious ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73
and ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote
attackers to ...)
- NOTE: not-for-us (Trillian)
+ NOT-FOR-US: Trillian
CAN-2002-1484 (DB4Web server, when configured to use verbose debug messages,
allows ...)
- NOTE: not-for-us (db4web)
+ NOT-FOR-US: db4web
CAN-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow
remote ...)
- NOTE: not-for-us (db4web)
+ NOT-FOR-US: db4web
CAN-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and
earlier, ...)
NOTE: phpGB not in Debian
CAN-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...)
@@ -16197,25 +16197,25 @@
CAN-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20
allows ...)
NOTE: phpGB not in Debian
CAN-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX
4.0f, ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for
HP ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20
through ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the
cleartext ...)
- NOTE: not-for-us (Shoutcase)
+ NOT-FOR-US: Shoutcase
CAN-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers
to ...)
- flashplugin-nonfree 6.0.61.0-1
CAN-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled,
allows ...)
- NOTE: not-for-us (Cafelog)
+ NOT-FOR-US: Cafelog
CAN-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows
remote ...)
- NOTE: not-for-us (Cafelog)
+ NOT-FOR-US: Cafelog
CAN-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog
Tool ...)
- NOTE: not-for-us (Cafelog)
+ NOT-FOR-US: Cafelog
CAN-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later
...)
- NOTE: not-for-us (Organic PHP)
+ NOT-FOR-US: Organic PHP
CAN-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (Webshop Manager)
+ NOT-FOR-US: Webshop Manager
CAN-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file
was ...)
NOTE: L-Forum not in Debian
CAN-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier,
when ...)
@@ -16225,49 +16225,49 @@
CAN-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40
allows ...)
NOTE: L-Forum not in Debian
CAN-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote
attackers to ...)
- NOTE: not-for-us (mIRC)
+ NOT-FOR-US: mIRC
CAN-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd
allow ...)
- NOTE: not-for-us (OmniHTTPD)
+ NOT-FOR-US: OmniHTTPD
CAN-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the
absolute ...)
- NOTE: not-for-us (MyWebServer)
+ NOT-FOR-US: MyWebServer
CAN-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2
allows ...)
- NOTE: not-for-us (MyWebServer)
+ NOT-FOR-US: MyWebServer
CAN-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2
allows ...)
- NOTE: not-for-us (MyWebServer)
+ NOT-FOR-US: MyWebServer
CAN-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code
of JSP ...)
NOTE: Blazix not in Debian
CAN-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of
...)
- NOTE: not-for-us (IBM UniVerse)
+ NOT-FOR-US: IBM UniVerse
CAN-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext
under ...)
NOTE: eUpload not in Debian
CAN-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server
allows ...)
NOTE: CERN HTTPD not in Debian
CAN-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5
and ...)
- NOTE: not-for-us (Google Toolbar)
+ NOT-FOR-US: Google Toolbar
CAN-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to
...)
- NOTE: not-for-us (Google Toolbar)
+ NOT-FOR-US: Google Toolbar
CAN-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5
allow ...)
- NOTE: not-for-us (Tomahawk)
+ NOT-FOR-US: Tomahawk
CAN-2002-1440 (The Gateway GS-400 server has a default root password of
"0001n" that ...)
- NOTE: not-for-us (Gateway)
+ NOT-FOR-US: Gateway
CAN-2002-1439 (Unknown vulnerability related to stack corruption in the TGA
daemon ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web
mail ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us (Kerio)
+ NOT-FOR-US: Kerio
CAN-2002-1432 (MidiCart stores the midicart.mdb database file under the Web
document ...)
- NOTE: not-for-us (MidiCart)
+ NOT-FOR-US: MidiCart
CAN-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000
modifies the ...)
- NOTE: not-for-us (Belkin)
+ NOT-FOR-US: Belkin
CAN-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com
ShoutBOX ...)
- NOTE: not-for-us (ShoutBox)
+ NOT-FOR-US: ShoutBox
CAN-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to
bypass ...)
NOTE: dotproject not in Debian
CAN-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage
Creator ...)
NOTE: Easy Homepage Creator not in Debian
CAN-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to
cause a ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to
read ...)
NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
NOTE: is version 2.5.x
@@ -16278,19 +16278,19 @@
NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
NOTE: is version 2.5.x
CAN-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates
...)
- NOTE: not-for-us (Webeasymail)
+ NOT-FOR-US: Webeasymail
CAN-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail
3.4.2.2 ...)
- NOTE: not-for-us (Webeasymail)
+ NOT-FOR-US: Webeasymail
CAN-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo
Gallery ...)
- NOTE: not-for-us (Duma)
+ NOT-FOR-US: Duma
CAN-2002-1410 (Easy Guestbook CGI programs do not authenticate the
administrator, ...)
- NOTE: not-for-us (East Guestbook)
+ NOT-FOR-US: East Guestbook
CAN-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause
a ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE
14.2 ...)
- NOTE: not-for-us (HP Openview)
+ NOT-FOR-US: HP Openview
CAN-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with
unknown ...)
- NOTE: not-for-us (HPUX)
+ NOT-FOR-US: HPUX
CAN-2002-1404
NOTE: rejected
CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment
...)
@@ -16351,13 +16351,13 @@
CAN-2002-1355 (Multiple integer signedness errors in the BGP dissector in
Ethereal ...)
- ethereal 0.9.8-1
CAN-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8
allows ...)
- NOTE: not-for-us (TYPSoft FTP Server)
+ NOT-FOR-US: TYPSoft FTP Server
CAN-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text
under ...)
- NOTE: not-for-us (LocalWEB2000 HTTP server)
+ NOT-FOR-US: LocalWEB2000 HTTP server
CAN-2002-1352 (Per Magne Knutsen''s CartMan shopping cart (cartman.php)
1.04 and ...)
- NOTE: not-for-us (CartMan)
+ NOT-FOR-US: CartMan
CAN-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote
attackers to ...)
- NOTE: not-for-us (Melange Chat System)
+ NOT-FOR-US: Melange Chat System
CAN-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and
earlier ...)
- libsasl2 2.1.10-1
CAN-2002-1346
@@ -16377,16 +16377,16 @@
{DSA-220}
- squirrelmail 1:1.3.2-2
CAN-2002-1340 (The "ConnectionFile" property in the
DataSourceControl component in ...)
- NOTE: not-for-us (Office Web Components)
+ NOT-FOR-US: Office Web Components
CAN-2002-1339 (The "XMLURL" property in the Spreadsheet
component of Office Web ...)
- NOTE: not-for-us (Office Web Components)
+ NOT-FOR-US: Office Web Components
CAN-2002-1338 (The Load method in the Chart component of Office Web Components
(OWC) ...)
- NOTE: not-for-us (Office Web Components)
+ NOT-FOR-US: Office Web Components
CAN-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not
escape ...)
{DSA-251 DSA-250 DSA-249}
- w3mmee 0.3.p24.17-3
CAN-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio
3.01 ...)
- NOTE: not-for-us (BizDesign)
+ NOT-FOR-US: BizDesign
CAN-2002-1333
NOTE: reserved
CAN-2002-1332
@@ -16404,21 +16404,21 @@
CAN-2002-1324
NOTE: reserved
CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions
allows ...)
- NOTE: not-for-us (ClearCase)
+ NOT-FOR-US: ClearCase
CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote
...)
NOTE: Realplayer not in Sarge
CAN-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to
SP11, ...)
- NOTE: not-for-us (iPlanet)
+ NOT-FOR-US: iPlanet
CAN-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for
...)
- NOTE: not-for-us (iPlanet)
+ NOT-FOR-US: iPlanet
CAN-2002-1314
NOTE: reserved
CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys
BEFW11S4 ...)
- NOTE: not-for-us (Linksys)
+ NOT-FOR-US: Linksys
CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for
the IIS ...)
- NOTE: not-for-us (Macromedia)
+ NOT-FOR-US: Macromedia
CAN-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for
the IIS ...)
- NOTE: not-for-us (Macromedia)
+ NOT-FOR-US: Macromedia
CAN-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later,
and ...)
{DSA-214}
- kdenetwork 2.2.2-14.20
@@ -16441,35 +16441,35 @@
CAN-2002-1297
NOTE: reserved
CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer,
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer,
can ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer,
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and
earlier, as ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer,
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer,
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer,
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer,
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1287 (Stack-based buffer overflow in the Microsoft Java
implementation, as ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer,
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1285 (runlpr in the LPRng package allows the local lp user to gain
root ...)
- NOTE: not-for-us (SuSE-specific lprfilter package)
+ NOT-FOR-US: SuSE-specific lprfilter package
CAN-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows
remote ...)
- NOTE: not-for-us (Novell iManager (eMFrame))
+ NOT-FOR-US: Novell iManager (eMFrame)
CAN-2002-1282 (Unknown vulnerability in the telnet KIO subsystem
(telnet.protocol) of ...)
{DSA-204}
CAN-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem
(rlogin.protocol) of ...)
{DSA-204}
CAN-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers
to ...)
- NOTE: not-for-us (RealSecure Event Collector)
+ NOT-FOR-US: RealSecure Event Collector
CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before
0.1.17, ...)
{DSA-194}
CAN-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability
in ...)
@@ -16481,19 +16481,19 @@
CAN-2002-1273
NOTE: reserved
CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X
...)
- NOTE: not-for-us (MacOS)
+ NOT-FOR-US: MacOS
CAN-2002-1263
NOTE: rejected
CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1261
NOTE: rejected
CAN-2002-1259
NOTE: rejected
CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass
the ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1249
NOTE: reserved
CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a
raw ...)
@@ -16507,7 +16507,7 @@
CAN-2002-1240
NOTE: reserved
CAN-2002-1238 (Peter Sandvik''s Simple Web Server 0.5.1 and earlier
allows remote ...)
- NOTE: not-for-us (Peter Sandvik''s Simple Web Server)
+ NOT-FOR-US: Peter Sandvik''s Simple Web Server
CAN-2002-1237
NOTE: reserved
CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility
...)
@@ -16517,9 +16517,9 @@
CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl
...)
{DSA-195 DSA-188 DSA-187}
CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and
earlier ...)
- NOTE: not-for-us (Avaya Cajun switches)
+ NOT-FOR-US: Avaya Cajun switches
CAN-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9
allows ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown
impact, ...)
{DSA-178}
CAN-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in
both the ...)
@@ -16527,19 +16527,19 @@
CAN-2002-1218
NOTE: reserved
CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as
used ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote
...)
- tar 1.13.25
CAN-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and
earlier ...)
{DSA-174}
CAN-2002-1213 (Directory traversal vulnerability in RadioBird Software
WebServer 4 ...)
- NOTE: not-for-us (RadioBird Software WebServer 4 Everyone)
+ NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CAN-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23
and ...)
- NOTE: not-for-us (RadioBird Software WebServer 4 Everyone)
+ NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CAN-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores
email ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server
5.0.55, ...)
- NOTE: not-for-us (SolarWinds TFTP Server)
+ NOT-FOR-US: SolarWinds TFTP Server
CAN-2002-1208
NOTE: reserved
CAN-2002-1207
@@ -16549,27 +16549,27 @@
CAN-2002-1205
NOTE: reserved
CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to
steal a ...)
- NOTE: not-for-us (Netscape Communicator 4.x)
+ NOT-FOR-US: Netscape Communicator 4.x
CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing
before ...)
- NOTE: not-for-us (IBM SecureWay Firewall)
+ NOT-FOR-US: IBM SecureWay Firewall
CAN-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through
V5.1A ...)
- NOTE: not-for-us (HP Tru64 UNIX)
+ NOT-FOR-US: HP Tru64 UNIX
CAN-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a
denial of ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly
other ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier,
FreeBSD ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CAN-2002-1191 (The Sabserv client component in Sabre Desktop Reservation
Software 4.2 ...)
- NOTE: not-for-us (Sabre Desktop)
+ NOT-FOR-US: Sabre Desktop
CAN-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts,
which ...)
- NOTE: not-for-us (Cisco IOS)
+ NOT-FOR-US: Cisco IOS
CAN-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- NOTE: not-for-us (Microsoft IIS)
+ NOT-FOR-US: Microsoft IIS
CAN-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3
in the ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to
execute ...)
- NOTE: not-for-us (Winamp)
+ NOT-FOR-US: Winamp
CAN-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not
...)
{DSA-171}
CAN-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote
attackers ...)
@@ -16581,9 +16581,9 @@
CAN-2002-1171
NOTE: reserved
CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic
Express ...)
- NOTE: not-for-us (IBM Websphere)
+ NOT-FOR-US: IBM Websphere
CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic
Express ...)
- NOTE: not-for-us (IBM Websphere)
+ NOT-FOR-US: IBM Websphere
CAN-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0
allows ...)
NOTE: wn not in Debian testing
CAN-2002-1165 (Sendmail Consortium''s Restricted Shell (SMRSH) in
Sendmail 8.12.6, ...)
@@ -16595,33 +16595,33 @@
NOTE: assuming the current unstable/testing version is ok then..
- kon2 0.3.9b-18
CAN-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection
capability ...)
- NOTE: not-for-us (Microsoft Netmeeting)
+ NOT-FOR-US: Microsoft Netmeeting
CAN-2002-1149 (The installation procedure for Invision Board suggests that
users ...)
- NOTE: not-for-us (Invision Board)
+ NOT-FOR-US: Invision Board
CAN-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of
...)
- NOTE: not-for-us (Microsoft SQL)
+ NOT-FOR-US: Microsoft SQL
CAN-2002-1144
NOTE: reserved
CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal
sensitive ...)
- NOTE: not-for-us (Microsoft Word & Excel)
+ NOT-FOR-US: Microsoft Word & Excel
CAN-2002-1136
NOTE: reserved
CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through
WEBES ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2002-1133 (Encoded directory traversal vulnerability in Dino''s web
server 2.1 ...)
- NOTE: not-for-us (Dino''s Webserver)
+ NOT-FOR-US: Dino''s Webserver
CAN-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and
...)
{DSA-191}
CAN-2002-1130
NOTE: reserved
CAN-2002-1129 (Buffer overflow in dxterm allows local users to execute
arbitrary code ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x
allows ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local
users to ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CAN-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE
and ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to
gain ...)
{DSA-166}
CAN-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for
...)
@@ -16629,7 +16629,7 @@
NOTE: messages.
TODO: check Debian mailscanners, if any.
CAN-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows
remote ...)
- NOTE: not-for-us (Savant Web Server)
+ NOT-FOR-US: Savant Web Server
CAN-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view
private ...)
{DSA-161}
CAN-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers
to ...)
@@ -16637,333 +16637,333 @@
CAN-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and
earlier, ...)
{DSA-153}
CAN-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before
3.5.5, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before
3.5.5, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows
remote ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp
before ...)
- libesmtp5 0.8.11-1
CAN-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design,
provides ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and
earlier ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41
and ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not
...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and
earlier ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier
allows ...)
- NOTE: not-for-us (ezContents)
+ NOT-FOR-US: ezContents
CAN-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before
Patch 2 ...)
- NOTE: not-for-us (Abyss)
+ NOT-FOR-US: Abyss
CAN-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory
...)
- NOTE: not-for-us (Abyss)
+ NOT-FOR-US: Abyss
CAN-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote
...)
- NOTE: not-for-us (IPSwitch)
+ NOT-FOR-US: IPSwitch
CAN-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows
remote ...)
- NOTE: not-for-us (Pegasus)
+ NOT-FOR-US: Pegasus
CAN-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2
...)
- NOTE: not-for-us (MERCUR Mailserver)
+ NOT-FOR-US: MERCUR Mailserver
CAN-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01),
allows ...)
- NOTE: not-for-us (ZyXEL)
+ NOT-FOR-US: ZyXEL
CAN-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of
...)
- NOTE: not-for-us (ZyXEL)
+ NOT-FOR-US: ZyXEL
CAN-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki
module ...)
- phpwiki 1.3.4-1
CAN-2002-1069 (The remote administration capability for the D-Link DI-804
router 4.68 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1068 (The web server for D-Link DP-300 print server allows remote
attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1067 (Administrative web interface for IC9 Pocket Print Server
Firmware ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote
attackers to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and
earlier, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and
earlier, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and
earlier, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1,
and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x
through ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt
Qube ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1055 (Buffer overflow in administrative web server for Brother
NC-3100h ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use
MS-DOS ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows
remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote
attackers to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial
of ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1042 (Directory traversal vulnerability in search engine for iPlanet
web ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2)
configuration ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly
verify if a ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL)
before ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid
Dynamics ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to
read ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook
2.5.2 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1023 (BadBlue server allows remote attackers to cause a denial of
service ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini
file, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1021 (BadBlue server allows remote attackers to read restricted files,
such ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify
if a ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to
other ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for
copy, ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1012 (Buffer overflow in web server for Tivoli Management Framework
(TMF) ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1011 (Buffer overflow in web server for Tivoli Management Framework
(TMF) ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access
restrictions ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi,
as ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow
remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user
to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote
attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta
1.0.02 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002
before ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS)
3.0.3 ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before
3.0.3C ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows
remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition
(ISEE) ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1)
dced ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000
Client ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote
attackers to ...)
{DSA-157}
CAN-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor,
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0
writes an ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0979 (The Java logging feature for the Java Virtual Machine in
Internet ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read
...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX
control ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0973 (Integer signedness error in several system calls for FreeBSD
4.6.1 ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a
denial ...)
{DSA-165}
CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users
to ...)
- NOTE: not-for-us (Microsoft Windows specific)
+ NOT-FOR-US: Microsoft Windows specific
CAN-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to
cause ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and
earlier ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow
remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net
CBMS ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows
remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh
has a ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another
...)
- NOTE: not-for-us (YaBB not in Debian)
+ NOT-FOR-US: YaBB
CAN-2002-0954 (The encryption algorithms for enable and passwd commands on
Cisco PIX ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0951 (SQL injection vulnerability in Ruslan
<Body>Builder allows remote ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail
1.422 and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote
attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0943 (MetaCart2.sql stores the user database under the web document
root ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow
attackers ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does
not use ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use
Operator ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page
owners to ...)
- NOTE: not-for-us (JRun not in Debian)
+ NOT-FOR-US: JRun
CAN-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page
owners to ...)
- tomcat 3.2.3-1
CAN-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2
(typically ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and
passwords ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk
20020509, and ...)
- NOTE: not-for-us (MyHelpDesk not in Debian)
+ NOT-FOR-US: MyHelpDesk
CAN-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and
...)
- NOTE: not-for-us (MyHelpDesk not in Debian)
+ NOT-FOR-US: MyHelpDesk
CAN-2002-0930 (Format string vulnerability in the FTP server for Novell Netware
6.0 ...)
- NOTE: not-for-us (Netware)
+ NOT-FOR-US: Netware
CAN-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow
remote ...)
- NOTE: not-for-us (Netware)
+ NOT-FOR-US: Netware
CAN-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote
attackers to ...)
- NOTE: not-for-us (pirch not in Debian)
+ NOT-FOR-US: pirch
CAN-2002-0926 (Directory traversal vulnerability in Wolfram Research
webMathematica ...)
- NOTE: not-for-us (webMathematica not in Debian)
+ NOT-FOR-US: webMathematica
CAN-2002-0925 (Format string vulnerability in mmsyslog function allows remote
...)
- NOTE: not-for-us (mmftpd not in Debian anymore)
+ NOT-FOR-US: mmftpd not in Debian anymore
CAN-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to
execute ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to
read ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain
database ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain
potentially ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted
...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users
to ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as
the ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the
web ...)
- NOTE: not-for-us (CGIScript.net not int Debian)
+ NOT-FOR-US: CGIScript.net not int Debian
CAN-2002-0915 (autorun in Xandros based Linux distributions allows local users
to ...)
- NOTE: not-for-us (Xandros specific)
+ NOT-FOR-US: Xandros specific
CAN-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP
client ...)
- NOTE: not-for-us (Slurp NNTP not in Debian)
+ NOT-FOR-US: Slurp NNTP
CAN-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other
...)
NOTE: DSA-129
CAN-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS
servers ...)
- NOTE: not-for-us (netstd not in Debian anymore)
+ NOT-FOR-US: netstd not in Debian anymore
CAN-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a
remote ...)
- NOTE: not-for-us (mnews not in Debian)
+ NOT-FOR-US: mnews
CAN-2002-0908 (Directory traversal vulnerability in the web server for Cisco
IDS ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before
1.8.12 ...)
- NOTE: not-for-us (SHOUTcast not in Debian)
+ NOT-FOR-US: SHOUTcast
CAN-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local
users to ...)
- NOTE: not-for-us (Informix)
+ NOT-FOR-US: Informix
CAN-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a
small ...)
- NOTE: not-for-us (wbboard not in Debian)
+ NOT-FOR-US: wbboard
CAN-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2)
allows ...)
- phpbb2 2.0.6c-1
CAN-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network
Disk ...)
- amanda 2.4.0b6-1
CAN-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers
to ...)
- NOTE: not-for-us (Falcon not in Debian)
+ NOT-FOR-US: Falcon
CAN-2002-0896 (The throttle capability in Swatch may fail to report certain
events if ...)
- swatch 3.0.4-1
CAN-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to
cause a ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec
ISAPI 4.1 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and
1.1.7, ...)
- NOTE: not-for-us (3com)
+ NOT-FOR-US: 3com
CAN-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows
remote ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris,
and ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server)
on ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated
Administrator ...)
- NOTE: not-for-us (Compaq)
+ NOT-FOR-US: Compaq
CAN-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and
7960 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote
...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers
to ...)
- NOTE: not-for-us (CFXImage not in Debian)
+ NOT-FOR-US: CFXImage
CAN-2002-0878 (SQL injection vulnerability in the login form for LogiSense
software ...)
- NOTE: not-for-us (LogiSense not in Debian)
+ NOT-FOR-US: LogiSense
CAN-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala
4.5 ...)
- NOTE: not-for-us (Shambala)
+ NOT-FOR-US: Shambala
CAN-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a
denial ...)
- NOTE: not-for-us (Shambala)
+ NOT-FOR-US: Shambala
CAN-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions,
when ...)
{DSA-150}
CAN-2002-0870 (The original patch for the Cisco Content Service Switch 11000
Series ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for
...)
- NOTE: not-for-us (IIS)
+ NOT-FOR-US: IIS
CAN-2002-0868
NOTE: reserved
CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000
and ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CAN-2002-0862 (The (1) CertGetCertificateChain, (2)
CertVerifyCertificateChainPolicy, ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows
remote ...)
- NOTE: not-for-us (Microsoft)
+ NOT-FOR-US: Microsoft
CAN-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with
a ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility
...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CAN-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12
allows ...)
{DSA-147}
CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon
(ipppd) ...)
- NOTE: not-for-us (SuSE specific)
+ NOT-FOR-US: SuSE specific
CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client
3.5.4 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file
with ...)
- NOTE: not-for-us (iSCSI not in Debian)
+ NOT-FOR-US: iSCSI
CAN-2002-0843 (Buffer overflows in the ApacheBench benchmark support program
(ab.c) ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
@@ -16979,13 +16979,13 @@
CAN-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and
earlier ...)
{DSA-162}
CAN-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and
possibly ...)
- NOTE: not-for-us (Eudora)
+ NOT-FOR-US: Eudora
CAN-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to
bypass ...)
- NOTE: not-for-us (Internet Explorer)
+ NOT-FOR-US: Internet Explorer
CAN-2002-0828
NOTE: rejected
CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0
allows ...)
- NOTE: not-for-us (UnixWare)
+ NOT-FOR-US: UnixWare
CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before
nss_ldap-198 ...)
- libnss-ldap 199-1
CAN-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a
denial ...)
@@ -16993,13 +16993,13 @@
CAN-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote
attackers ...)
- ethereal 0.9.4-1woody1
CAN-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1,
and 2 ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CAN-2002-0819 (Format string vulnerability in artsd, when called by
artswrapper, ...)
- NOTE: not-for-us (artscontrol not suid root)
+ NOT-FOR-US: artscontrol not suid root
CAN-2002-0815 (The Javascript "Same Origin Policy" (SOP), as
implemented in (1) ...)
- mozilla 2:1.0.0-1
CAN-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential
Gateway ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow
remote ...)
NOTE: bugzilla 2.16.0-2.1
CAN-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before
2.14.2, ...)
@@ -17007,57 +17007,57 @@
CAN-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows
remote ...)
NOTE: bugzilla 2.16.0-2.1
CAN-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote
attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows
local ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for
Solaris ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-0796 (Format string vulnerability in the logging component of snmpdx
for ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CAN-2002-0793 (Hard link and possibly symbolic link following vulnerabilities
in QNX ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CAN-2002-0792 (The web management interface for Cisco Content Service Switch
(CSS) ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote
attackers ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web
server ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0786 (iCon administrative web server for Critical Path inJoin
Directory ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server
0.7b ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute
arbitrary ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CAN-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate)
enabled ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote
attackers ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote
...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows
remote ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CAN-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a
default ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers
to copy ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS
0.9.2 ...)
- viewcvs 0.9.2-5
CAN-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to
obtain ...)
- NOTE: not-for-us (Quake server)
+ NOT-FOR-US: Quake server
CAN-2002-0769 (The web-based configuration interface for the Cisco ATA 186
Analog ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CAN-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO
file ...)
- NOTE: not-for-us (simpleinit not in Debian)
+ NOT-FOR-US: simpleinit
CAN-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary
commands ...)
- NOTE: not-for-us (Phorum not in Debian)
+ NOT-FOR-US: Phorum
CAN-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5
on ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts
enabled ...)
- webmin 0.980-1
- usermin 0.910-1
@@ -17065,49 +17065,49 @@
- webmin 0.980-1
- usermin 0.910-1
CAN-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers
to ...)
- NOTE: not-for-us (Talentsoft not in Debian)
+ NOT-FOR-US: Talentsoft
CAN-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file
that is ...)
- NOTE: not-for-us (CGIscript.net not in Debian)
+ NOT-FOR-US: CGIscript.net
CAN-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to
use ...)
- NOTE: not-for-us (CGIscript.net not in Debian)
+ NOT-FOR-US: CGIscript.net
CAN-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to
read ...)
- NOTE: not-for-us (CGIscript.net not in Debian)
+ NOT-FOR-US: CGIscript.net
CAN-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute
...)
- NOTE: not-for-us (CGIscript.net not in Debian)
+ NOT-FOR-US: CGIscript.net
CAN-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an
insecure ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long
...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very
long ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CAN-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed
...)
- slrn 0.9.6.2-9
CAN-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote
attackers to ...)
- NOTE: not-for-us (PostCalendat not in Debian)
+ NOT-FOR-US: PostCalendat
CAN-2002-0735 (Format string vulnerability in the logging() function in C-Note
Squid ...)
- NOTE: not-for-us (only potato was vulnerable)
+ NOT-FOR-US: only potato was vulnerable
CAN-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows
remote ...)
- NOTE: not-for-us (MyGuestbook)
+ NOT-FOR-US: MyGuestbook
CAN-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for
...)
- NOTE: not-for-us (vqServer)
+ NOT-FOR-US: vqServer
CAN-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip
...)
- NOTE: not-for-us (guestbook)
+ NOT-FOR-US: guestbook
CAN-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x
before ...)
{DSA-140}
CAN-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows
local ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in
Microsoft ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify
the ...)
- NOTE: not-for-us (internet explorer)
+ NOT-FOR-US: internet explorer
CAN-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions
for ...)
- NOTE: not-for-us (Microsoft SQL Server)
+ NOT-FOR-US: Microsoft SQL Server
CAN-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of
...)
- php4 4:4.2.2-1
CAN-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...)
@@ -17115,53 +17115,53 @@
CAN-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote
attackers to ...)
- squid 2.4.6-2
CAN-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly
...)
- NOTE: not-for-us (EASM not in Debian)
+ NOT-FOR-US: EASM
CAN-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster
Server ...)
- NOTE: not-for-us (HP)
+ NOT-FOR-US: HP
CAN-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0708 (Directory traversal vulnerability in the Web Reports Server for
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0706 (UserManager.js in the Web Reports Server for SurfControl
SuperScout ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter
stores the ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0702 (Format string vulnerabilities in the logging routines for
dynamic DNS ...)
- dhcp3 3.0+3.0.1rc9-1
CAN-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX
Control in ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in
...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CAN-2002-0690 (Format string vulnerability in McAfee Security ePolicy
Orchestrator ...)
- NOTE: not-for-us (McAfee)
+ NOT-FOR-US: McAfee
CAN-2002-0689
NOTE: reserved
CAN-2002-0686 (Buffer overflow in the search component for iPlanet Web Server
(iWS) ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of
...)
- glibc 2.2.5-8
CAN-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote
...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1
allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote
attackers to ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through
1.2.7.4 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP
phone ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP
phone ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through
1.2.7.4 ...)
- NOTE: not-for-us
+ NOT-FOR-US: no_package
CAN-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do
not ...)
{DSA-201}
CAN-2002-0664 (The default Access Control Lists (ACLs) of the administration
database ...)
- NOTE: not-for-us (ZMerge not in Debian)
+ NOT-FOR-US: ZMerge
CAN-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39
on ...)
- apache2 2.0.40
CAN-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)