Author: alec-guest
Date: 2007-01-27 21:00:39 +0100 (Sat, 27 Jan 2007)
New Revision: 5357
Modified:
data/CVE/list
Log:
CVE-2007-0227: slocate
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-01-27 14:17:43 UTC (rev 5356)
+++ data/CVE/list 2007-01-27 20:00:39 UTC (rev 5357)
@@ -415,7 +415,7 @@
CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote
attackers to ...)
NOT-FOR-US: FreeWebshop
CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in
POP3/SMTP ...)
- NOT-FOR-US: OWA
+ NOT-FOR-US: OWA
CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a
denial ...)
NOT-FOR-US: Twilight Webserver
CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD
...)
@@ -508,8 +508,8 @@
CVE-2007-0254 (Format string vulnerability in the errors_create_window function
in ...)
- xine-ui 0.99.4+dfsg+cvs20061111-2 (unimportant; bug #407369)
NOTE: My understanding is that this CVE is bogus.
- NOTE: I failed to see where the format string vulnerability is, I have report
- NOTE: a bug in case I have missed something.
+ NOTE: I failed to see where the format string vulnerability is, I have report
+ NOTE: a bug in case I have missed something.
CVE-2007-0253 (** DISPUTED ** ...)
- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
NOTE: See CVE-2007-0257
@@ -566,11 +566,17 @@
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security
Analyzer ...)
NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that
specify ...)
- TODO: check
+ - slocate <unfixed> (unimportant)
+ NOTE: slocate will allow users to find files in directories with the
+ NOTE: executable bit set but without the readable bit set - files the
+ NOTE: user can access if the user knows the exact path but couldn''t
+ NOTE: otherwise find. I''m not convinced this is an issue - the
executable
+ NOTE: bit means "searchable" for directories - but the original
argument
+ NOTE: is plausible.
CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and
earlier ...)
NOT-FOR-US: uniForum
CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in
...)
- NOT-FOR-US: Shopping Cart
+ NOT-FOR-US: Shopping Cart
CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP
...)
NOT-FOR-US: Shopping Cart
CVE-2007-0223 (SQL injection vulnerability in
shared/code/cp_functions_downloads.php ...)
@@ -768,15 +774,15 @@
CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure
...)
NOT-FOR-US: Mac OS X
CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one
drivers, as ...)
- NOT-FOR-US: HP all-in-one drivers
+ NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
- centericq 4.21.0-17 (low)
[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal
server)
NOTE: The bug really exist but, is not exploitable because the LiveJournal
server
NOTE: has a length restriction on both the username (15 characters) and the
real name
NOTE: (50 characters). In my opnion is only exploitable if the user try
connect in
- NOTE: fake LiveJournal server. All version of Debian centericq packages have a
- NOTE: compromised code.
+ NOTE: fake LiveJournal server. All version of Debian centericq packages have a
+ NOTE: compromised code.
CVE-2007-0159 (Directory traversal vulnerability in the
GeoIP_update_database_general ...)
- geoip 1.3.17-1.1 (bug #406628; medium)
CVE-2007-0158
@@ -805,7 +811,7 @@
CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an
...)
NOT-FOR-US: Cuyahoga
CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and
Chips ...)
- NOT-FOR-US: Fix and Chips
+ NOT-FOR-US: Fix and Chips
CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in
BinGoPHP ...)
NOT-FOR-US: BinGoPHP
CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in
Digitizing ...)
@@ -841,7 +847,7 @@
CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO
...)
NOT-FOR-US: Formbankserver
CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in
SimpleBoxes/SerendipityNZ ...)
- NOT-FOR-US: Serene Bach
+ NOT-FOR-US: Serene Bach
CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal
before ...)
- drupal 4.7.5-1
NOTE: vendor advisory: http://drupal.org/node/104233
@@ -1143,7 +1149,7 @@
- drupal 4.7.5-1 (low)
NOTE: DRUPAL-SA-2007-002
CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection
scheme ...)
- - wordpress 2.0.6-1 (bug #405691; medium)
+ - wordpress 2.0.6-1 (bug #405691; medium)
NOTE: http://www.hardened-php.net/advisory_022007.141.html
CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP,
decodes ...)
- wordpress 2.0.6-1 (bug #405691; medium)
@@ -1233,7 +1239,7 @@
CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127
...)
- tdiary 2.0.2+20060303-5 (bug #403345; bug #404940; medium)
CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in
contact_us.php ...)
- NOT-FOR-US: ac4p Mobilelib gold
+ NOT-FOR-US: ac4p Mobilelib gold
CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the
Roster ...)
NOT-FOR-US: Shadowed Portal / Roster Module
CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not
...)
@@ -1243,7 +1249,7 @@
CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer
10.5 ...)
NOT-FOR-US: RealPlayer for Windows
CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out
(WYWO) ...)
- NOT-FOR-US: WYWO - InOut Board
+ NOT-FOR-US: WYWO - InOut Board
CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS
Made ...)
NOT-FOR-US: CMS Made Simple
CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user
comment ...)
@@ -1330,7 +1336,7 @@
CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in
...)
NOT-FOR-US: DB Hub
CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in
process.php in ...)
- NOT-FOR-US: buratinable templator (aka bubla)
+ NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in
wp-admin/templates.php in ...)
- wordpress 2.0.6-1 (bug #405299)
CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka
Ananda ...)
@@ -1361,7 +1367,7 @@
CVE-2006-6795 (PHP remote file inclusion vulnerability in
gallery/displayCategory.php ...)
NOT-FOR-US: myPHPNuke
CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0
allows ...)
- NOT-FOR-US: Efkan Forum
+ NOT-FOR-US: Efkan Forum
CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul
Merkezi ...)
NOT-FOR-US: Okul Merkezi Portal
CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar
MX ...)
@@ -1401,7 +1407,7 @@
CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial of
...)
NOT-FOR-US: acFTP
CVE-2006-6774 (PHP remote file inclusion vulnerability in ...)
- NOT-FOR-US: Content Federator
+ NOT-FOR-US: Content Federator
CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows
remote ...)
NOT-FOR-US: Fishyshoop
CVE-2006-6772 (Format string vulnerability in w3m 0.5.1, when run with the dump
or ...)
@@ -1451,7 +1457,7 @@
CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell
...)
NOT-FOR-US: Novell NetMail
CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in
template.php in ...)
- NOT-FOR-US: phpMyAnime (aka phpmymanga)
+ NOT-FOR-US: phpMyAnime (aka phpmymanga)
CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks
RealPlayer ...)
NOT-FOR-US: RealNetworks RealPlayer
CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows
remote ...)
@@ -1547,11 +1553,11 @@
CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before
...)
NOT-FOR-US: Hitachi Directory Server
CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source
...)
- NOT-FOR-US: SugarCRM Open Source
+ NOT-FOR-US: SugarCRM Open Source
CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php
in ...)
NOT-FOR-US: Newxooper
CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in
PgmReloaded ...)
- NOT-FOR-US: PgmReloaded
+ NOT-FOR-US: PgmReloaded
CVE-2006-6709 (Multiple SQL injection vulnerabilities in MGinternet Property
Site ...)
NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6708 (Cross-site scripting (XSS) vulnerability in listings.asp in
MGinternet ...)
@@ -1723,7 +1729,7 @@
CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x
before ...)
NOT-FOR-US: MySite for Drupal
CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal
(1) ...)
- NOT-FOR-US: Drupal Project Issue Tracking
+ NOT-FOR-US: Drupal Project Issue Tracking
CVE-2006-6645 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Web Links module for mxBB
CVE-2006-6644 (PHP remote file inclusion vulnerability in
pages/meeting_constants.php ...)
@@ -1733,7 +1739,7 @@
CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi
1.0 ...)
NOT-FOR-US: Sistemi
CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before
maintenance ...)
- NOT-FOR-US: CA CleverPath Portal
+ NOT-FOR-US: CA CleverPath Portal
CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture
...)
NOT-FOR-US: SiteCatalyst
CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow
local ...)
@@ -1801,7 +1807,7 @@
NOT-FOR-US: Barman
CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and
remote ...)
- nexuiz 2.2.1-1 (low)
- NOTE: Only game console command execution possible, not shell commands
+ NOTE: Only game console command execution possible, not shell commands
CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of
...)
- nexuiz 2.2.1-1
CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP
...)
@@ -2460,7 +2466,7 @@
CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in
mg.applanix ...)
NOT-FOR-US: mg.applanix
CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial
of ...)
- NOT-FOR-US: nVIDIA nView
+ NOT-FOR-US: nVIDIA nView
CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z
Clanportal ...)
NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in
deV!L`z ...)
@@ -2528,7 +2534,7 @@
CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM)
before ...)
NOT-FOR-US: Tivoli
CVE-2006-6308 (** DISPUTED ** ...)
- NOT-FOR-US: Symantec LiveState
+ NOT-FOR-US: Symantec LiveState
CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows
remote ...)
NOT-FOR-US: Novell Netware
CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication
Services ...)
@@ -2560,7 +2566,7 @@
CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 allows
remote ...)
NOT-FOR-US: Apple Airport
CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable
...)
- NOT-FOR-US: MailEnable Professional
+ NOT-FOR-US: MailEnable Professional
CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module
(MEIMAPS.EXE) ...)
NOT-FOR-US: MailEnable
CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset
...)
@@ -2590,11 +2596,11 @@
CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in
...)
NOT-FOR-US: ContentServ
CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy
Server ...)
- NOT-FOR-US: Sun Java System Proxy Server
+ NOT-FOR-US: Sun Java System Proxy Server
CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows
local ...)
NOT-FOR-US: Solaris
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net
iNews (1) ...)
- NOT-FOR-US: Expinion.net iNews
+ NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd logs
file, which ...)
- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd logs file, which
allows remote ...)
@@ -2709,7 +2715,7 @@
CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search
Appliance ...)
NOT-FOR-US: Google Search Appliance
CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon
(bpcd.exe) in ...)
- NOT-FOR-US: Symantec Veritas NetBackup
+ NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows
remote ...)
NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website
(Recipes ...)
@@ -2761,7 +2767,7 @@
CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in
b2evolution ...)
- b2evolution <not-affected> (0.9 releases not vulnerable)
CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search
functionality ...)
- NOT-FOR-US: Fixit iDMS Pro Image Gallery
+ NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image
Gallery ...)
NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate
Survey ...)
@@ -2769,7 +2775,7 @@
CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and
earlier ...)
NOT-FOR-US: BasicForum
CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net
SimpleBlog ...)
- NOT-FOR-US: 8pixel.net SimpleBlog
+ NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net
simpleblog ...)
NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before
0.30 ...)
@@ -2791,7 +2797,7 @@
CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop
...)
NOT-FOR-US: Gabriele Teotino GNotebook
CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in
ClickTech ...)
- NOT-FOR-US: ClickTech ClickContact
+ NOT-FOR-US: ClickTech ClickContact
CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...)
NOT-FOR-US: iNews Publisher
CVE-2006-6179 (Buffer overflow in ...)
@@ -2813,7 +2819,7 @@
CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3
and ...)
- tdiary 2.1.4-4 (bug #400447; bug #400650)
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in
...)
- NOT-FOR-US: Mac OS X
+ NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function for Real Media input
plugin ...)
{DSA-1244-1}
- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
@@ -2959,7 +2965,7 @@
CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro
2.0 ...)
NOT-FOR-US: Alan Ward A-Cart Pro
CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified
BPG-InfoTech ...)
- NOT-FOR-US: BPG-InfoTech Content Management System
+ NOT-FOR-US: BPG-InfoTech Content Management System
CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store
3.5.2.14 ...)
NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before
1.0.1a-beta ...)
@@ -3413,7 +3419,7 @@
CVE-2006-5899 (** DISPUTED ** ...)
NOT-FOR-US: @cid stat
CVE-2006-5898 (Directory traversal vulnerability in
localization/languages.lib.php3 ...)
- NOT-FOR-US: PhpMyChat
+ NOT-FOR-US: PhpMyChat
CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus
1.9 and ...)
NOT-FOR-US: PhpMyChat Plus
CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain
the ...)
@@ -3527,7 +3533,7 @@
CVE-2006-5848
REJECTED
CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in
FreeWebshop ...)
- NOT-FOR-US: FreeWebshop
+ NOT-FOR-US: FreeWebshop
CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop
2.2.2 ...)
NOT-FOR-US: FreeWebshop
CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in
Speedywiki 2.0 ...)
@@ -3578,7 +3584,7 @@
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
- linux-2.6 <unfixed> (low)
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon
(bpcd.exe) in ...)
- NOT-FOR-US: Symantec Veritas NetBackup
+ NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1
function in ...)
NOT-FOR-US: Citrix
CVE-2006-5820
@@ -3590,16 +3596,16 @@
- gv 1:3.6.2-3 (medium; bug #398292)
- evince 0.4.0-3 (medium; bug #400904; bug #400906; bug #402063)
CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x
before ...)
- NOT-FOR-US: Lotus Domino
+ NOT-FOR-US: Lotus Domino
CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure
...)
NOT-FOR-US: Parallels
CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry
Sheiko ...)
NOT-FOR-US: Business Card Web Builder
CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD
1.3.0 ...)
{DSA-1222-1}
- - proftpd-dfsg 1.3.0-15 (bug #399070; high)
+ - proftpd-dfsg 1.3.0-15 (bug #399070; high)
CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote
attackers ...)
- NOT-FOR-US: Novell eDirectory
+ NOT-FOR-US: Novell eDirectory
CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows
attackers to ...)
NOT-FOR-US: Novell eDirectory
CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers
to ...)
@@ -3833,7 +3839,7 @@
CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows
remote ...)
NOT-FOR-US: ECI Telecom
CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in
Darwin ...)
- NOT-FOR-US: Apple Mac OS X
+ NOT-FOR-US: Apple Mac OS X
CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies
MDaemon ...)
NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient
in ...)
@@ -4025,7 +4031,7 @@
CVE-2006-5626 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: phpFaber
CVE-2006-5625 (PHP remote file inclusion vulnerability in
wwwdev/nxheader.inc.php in ...)
- NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS)
+ NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS)
CVE-2006-5624 (Multiple PHP remote file inclusion vulnerabilities in Multi-Page
...)
NOT-FOR-US: Multi-Page Comment System (MPCS)
CVE-2006-5623 (PHP remote file inclusion vulnerability in ip.inc.php in
Electronic ...)
@@ -4072,7 +4078,7 @@
CVE-2006-5603 (SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000
...)
NOT-FOR-US: Snitz Forums
CVE-2006-5600 (Axalto Protiva 1.1, possibly only non-commercial versions,
stores ...)
- NOT-FOR-US: Axalto Protiva
+ NOT-FOR-US: Axalto Protiva
CVE-2006-5599 (Cross-site scripting (XSS) vulnerability in Oracle Application
Express ...)
NOT-FOR-US: Oracle
CVE-2006-5598 (Cross-site scripting (XSS) vulnerability in index.php for GOOP
Gallery ...)
@@ -4166,7 +4172,7 @@
CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5
allows ...)
NOT-FOR-US: Imageview
CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and
5.0 ...)
- NOT-FOR-US: Cisco Security Agent
+ NOT-FOR-US: Cisco Security Agent
CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21
and ...)
NOT-FOR-US: RevilloC MailServer
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might
allow ...)
@@ -4509,7 +4515,7 @@
CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free
Web ...)
NOT-FOR-US: Free Web Publishing System (FreeWPS)
CVE-2006-5410 (PHP remote file inclusion vulnerability in ...)
- NOT-FOR-US: BoonEx Dolphin
+ NOT-FOR-US: BoonEx Dolphin
CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS
management ...)
NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the
wireless ...)
@@ -5040,7 +5046,7 @@
CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP
Web ...)
NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php
in ...)
- NOT-FOR-US: Skrypty PPA Gallery
+ NOT-FOR-US: Skrypty PPA Gallery
CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php
in Sum ...)
NOT-FOR-US: digiSHOP
CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and
possibly ...)
@@ -5134,7 +5140,7 @@
CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart
1.3.5 ...)
NOT-FOR-US: Zen Cart
CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD
...)
- NOT-FOR-US: PHPSelect Web Development Division
+ NOT-FOR-US: PHPSelect Web Development Division
CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the
web ...)
- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; unimportant)
NOTE: Only path disclosure
@@ -7201,7 +7207,7 @@
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell
...)
NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
- NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition
+ NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition
CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in
WebDynamite ...)
NOT-FOR-US: WebDynamite ProjectButler
CVE-2006-4204 (Multiple PHP remote file inclusion vulnerabilities in PHProjekt
5.1 ...)
@@ -7274,7 +7280,7 @@
{DSA-1196-1}
- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL
...)
- NOT-FOR-US: GNU Radius
+ NOT-FOR-US: GNU Radius
CVE-2006-4180
REJECTED
CVE-2006-4179
@@ -7318,7 +7324,7 @@
CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action
in ...)
NOT-FOR-US: XennoBB
CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs
and ...)
- NOT-FOR-US: MVCnPHP
+ NOT-FOR-US: MVCnPHP
CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette
...)
NOT-FOR-US: Chaussette
CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in
Spaminator 1.7 ...)
@@ -7379,7 +7385,7 @@
CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php
in the ...)
NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla!
CVE-2006-4129 (PHP remote file inclusion vulnerability in
admin.webring.docs.php in ...)
- NOT-FOR-US: Webring Component (com_webring) for Joomla!
+ NOT-FOR-US: Webring Component (com_webring) for Joomla!
CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup
Exec ...)
NOT-FOR-US: Symantec VERITAS
CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0
and ...)
@@ -7460,7 +7466,7 @@
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a
user''s actions to ...)
NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel
...)
- NOT-FOR-US: Archangel Weblog
+ NOT-FOR-US: Archangel Weblog
CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster
2.2 ...)
NOT-FOR-US: Webligo BlogHoster
CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76
and ...)
@@ -7529,7 +7535,7 @@
CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba
Godor ...)
NOT-FOR-US: SAPID Blog
CVE-2006-4062 (PHP remote file inclusion vulnerability in ...)
- NOT-FOR-US: SAPID Shop
+ NOT-FOR-US: SAPID Shop
CVE-2006-4061 (** DISPUTED ** ...)
NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in
Visual ...)
@@ -7714,7 +7720,7 @@
CVE-2006-3984 (PHP remote file inclusion vulnerability in
phpAdsNew/view.inc.php in ...)
NOT-FOR-US: Phpauction
CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in
...)
- NOT-FOR-US: php(Reactor)
+ NOT-FOR-US: php(Reactor)
CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in ...)
NOT-FOR-US: Knusperleicht
CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in
Mambo ...)
@@ -7804,7 +7810,7 @@
CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000,
XP, and ...)
NOT-FOR-US: Microsoft
CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine
5.3 ...)
- NOT-FOR-US: N1 Grid Engine
+ NOT-FOR-US: N1 Grid Engine
CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow
remote ...)
NOT-FOR-US: phpbb-Auction
CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to
perform ...)
@@ -7903,7 +7909,7 @@
CVE-2006-3894
RESERVED
CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone
ImageKit ...)
- NOT-FOR-US: Newtone ImageKit
+ NOT-FOR-US: Newtone ImageKit
CVE-2006-3892
RESERVED
CVE-2006-3891
@@ -8034,7 +8040,7 @@
- tomcat5 <not-affected> (bug #380361; maintainter can''t
reproduce)
- tomcat5.5 <not-affected> (bug #380376; maintainer can''t
reproduce)
CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID
field to ...)
- NOT-FOR-US: EJ3 TOPo
+ NOT-FOR-US: EJ3 TOPo
CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to
overwrite ...)
NOT-FOR-US: EJ3 TOPo
CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken
Loudblog ...)
@@ -8235,7 +8241,7 @@
CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the
...)
NOT-FOR-US: perForms component (com_performs) for Joomla!
CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the
SMF-Forum ...)
- NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo
+ NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo
CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when
auto-login ...)
NOT-FOR-US: PHP-Post
CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in
component.php in ...)
@@ -8283,7 +8289,7 @@
CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the
Hashcash ...)
NOT-FOR-US: Hashcash Component (com_hashcash) for Joomla
CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in
Sitemap ...)
- NOT-FOR-US: Sitemap component (com_sitemap) for Mambo
+ NOT-FOR-US: Sitemap component (com_sitemap) for Mambo
CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: LoudMouth Component for Mambo
CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite
module ...)
@@ -8292,7 +8298,7 @@
- apache2 2.0.55-4.1 (medium; bug #380182)
CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows
remote ...)
{DSA-1141-1 DSA-1140-1}
- - gnupg 1.4.5-1 (medium; bug #381204)
+ - gnupg 1.4.5-1 (medium; bug #381204)
- gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function
in the ...)
- linux-2.6 2.6.17-7
@@ -8644,7 +8650,7 @@
CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds
module ...)
NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke
allows ...)
- NOT-FOR-US: Sections module for PHP-Nuke
+ NOT-FOR-US: Sections module for PHP-Nuke
CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root
password ...)
- shadow <not-affected> (fix for a mistake in the Ubuntu installer)
CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in
Cisco ...)
@@ -8658,7 +8664,7 @@
CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in
Cisco ...)
NOT-FOR-US: Cisco
CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a
...)
- NOT-FOR-US: Microsoft Internet Explorer
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local
users ...)
{DSA-1111}
- linux-2.6 2.6.17-4 (bug #378324; high)
@@ -8819,9 +8825,9 @@
CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote
...)
NOT-FOR-US: FreeHost
CVE-2006-3515 (SQL injection vulnerability in the loginADP function in
ajaxp.php in ...)
- NOT-FOR-US: AjaxPortal
+ NOT-FOR-US: AjaxPortal
CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOT-FOR-US: PHP-Blogger
+ NOT-FOR-US: PHP-Blogger
CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote
attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to
cause a ...)
@@ -9201,7 +9207,7 @@
CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic
1.0.2 ...)
NOT-FOR-US: Arctic
CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module
2.04jp ...)
- NOT-FOR-US: MyAds module for Xoops
+ NOT-FOR-US: MyAds module for Xoops
CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For
Mambo ...)
NOT-FOR-US: Pearl For Mambo
CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156
allows ...)
@@ -9451,7 +9457,7 @@
CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1
and ...)
NOT-FOR-US: DataLife
CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab
...)
- NOT-FOR-US: Woltlab Burning Board
+ NOT-FOR-US: Woltlab Burning Board
CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning
Board ...)
NOT-FOR-US: Woltlab Burning Board
CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning
Board ...)
@@ -9840,9 +9846,9 @@
CVE-2006-3040 (** DISPUTED ** ...)
NOT-FOR-US: Amr Talkbox
CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in
Cescripts ...)
- NOT-FOR-US: Cescripts Realty Home Rent
+ NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in
Cescripts ...)
- NOT-FOR-US: Cescripts Realty Home Rent
+ NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in
publish.php in ...)
NOT-FOR-US: ST AdManager Lite
CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -9858,7 +9864,7 @@
CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp
in ...)
NOT-FOR-US: fipsCMS
CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone
Shopping ...)
- NOT-FOR-US: DwZone Shopping Cart
+ NOT-FOR-US: DwZone Shopping Cart
CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in
ClickTech ...)
NOT-FOR-US: ClickTech Clickcart
CVE-2006-3028 (PHP remote file inclusion vulnerability in ...)
@@ -9986,7 +9992,7 @@
CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain
the ...)
NOT-FOR-US: Moblog
CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and
...)
- NOT-FOR-US: Moblog
+ NOT-FOR-US: Moblog
CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo
Gallery ...)
NOT-FOR-US: Coppermine
CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -10235,7 +10241,7 @@
CVE-2006-2865 (** DISPUTED ** ...)
NOTE: phpbb2, but invalid
CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes
...)
- NOT-FOR-US: BlueShoes
+ NOT-FOR-US: BlueShoes
CVE-2006-2863 (PHP remote file inclusion vulnerability in
class.cs_phpmailer.php in ...)
NOT-FOR-US: CS-Cart
CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery
1.0.0 ...)
@@ -10257,7 +10263,7 @@
CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0
allows ...)
NOT-FOR-US: iBWd
CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty
Portal ...)
- NOT-FOR-US: abarcar
+ NOT-FOR-US: abarcar
CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6
and ...)
NOT-FOR-US: dotWidget
CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in
dotProject ...)
@@ -10283,7 +10289,7 @@
CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and
(2) ...)
NOT-FOR-US: PmWiki
CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module
...)
- NOT-FOR-US: WeBWorK
+ NOT-FOR-US: WeBWorK
CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for
...)
NOT-FOR-US: F-Secure
CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest
Book ...)
@@ -10337,7 +10343,7 @@
CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
NOT-FOR-US: CoolPHP
CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes
...)
- NOT-FOR-US: SimpleBoard
+ NOT-FOR-US: SimpleBoard
CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main
functions ...)
NOT-FOR-US: iShopCart
CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart
...)
@@ -10361,7 +10367,7 @@
CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL
Eventum ...)
NOT-FOR-US: MySQL Eventum
CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function
in ...)
- NOT-FOR-US: OpenBook
+ NOT-FOR-US: OpenBook
CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE
CMS ...)
NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass
...)
@@ -10587,7 +10593,7 @@
CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in
Epicdesigns ...)
NOT-FOR-US: tinyBB
CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a
...)
- NOT-FOR-US: Open-Xchange
+ NOT-FOR-US: Open-Xchange
CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows
remote ...)
NOT-FOR-US: Nukedit
CVE-2006-2736 (PHP remote file inclusion vulnerability in
blend_data/blend_common.php ...)
@@ -10712,7 +10718,7 @@
CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows
Graphical User ...)
NOT-FOR-US: Cisco VPN Client
CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News
...)
- NOT-FOR-US: Pre News Manager
+ NOT-FOR-US: Pre News Manager
CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...)
NOT-FOR-US: SiteScape Forum
CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and
possibly ...)
@@ -10772,7 +10778,7 @@
CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in
Vacation ...)
NOT-FOR-US: Vacation Rental Script
CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in ...)
- NOT-FOR-US: CosmicShoppingCart
+ NOT-FOR-US: CosmicShoppingCart
CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a)
search.php, ...)
NOT-FOR-US: CosmicShoppingCart
CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp
for ...)
@@ -10939,7 +10945,7 @@
CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in
RWiki ...)
NOT-FOR-US: RWiki
CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web
Proxy ...)
- NOT-FOR-US: Sun Java System Web Proxy Server
+ NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server
7 ...)
NOT-FOR-US: Sun Java System Application Server
CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server
...)
@@ -11158,7 +11164,7 @@
- nagios 2:1.4-1 (bug #366682; bug #366803; bug #368193; high)
- nagios2 2.3-1 (bug #366683; bug #368199; high)
CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac
WebOS ...)
- NOT-FOR-US: Spymac
+ NOT-FOR-US: Spymac
CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews
1.2.1 ...)
NOT-FOR-US: ScozNews
CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and
earlier ...)
@@ -11172,7 +11178,7 @@
CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV
for ...)
NOT-FOR-US: ZipTV
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch
4 ...)
- NOT-FOR-US: VMware ESX
+ NOT-FOR-US: VMware ESX
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted
...)
- dia 0.95.0-4 (bug #368202; low)
[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously
malformed file names)
@@ -11434,7 +11440,7 @@
RESERVED
CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary
files ...)
{DSA-857-1}
- - graphviz 2.2.1-1sarge1 (bug #336985; low)
+ - graphviz 2.2.1-1sarge1 (bug #336985; low)
CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite
files and ...)
{DSA-1216}
- flexbackup 1.2.1-3 (bug #334350; low)
@@ -11561,9 +11567,9 @@
CVE-2006-2312 (Unspecified vulnerability in the URI handler in Skype 2.0.*.104
and ...)
NOT-FOR-US: Skype
CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server
and ...)
- NOT-FOR-US: BlueDragon Server and Server JX
+ NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows
remote ...)
- NOT-FOR-US: BlueDragon Server and Server JX
+ NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to
obtain ...)
NOT-FOR-US: EServ
CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3
3.25 ...)
@@ -11659,7 +11665,7 @@
CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote
attackers to ...)
NOT-FOR-US: Chirpy!
CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12
...)
- NOT-FOR-US: Ocean12 Calendar Manager Pro
+ NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar
Manager Pro ...)
NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00
allows ...)
@@ -11800,7 +11806,7 @@
CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to
cause a ...)
NOT-FOR-US: NetBSD kernel
CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality
...)
- NOT-FOR-US: Invision Power Board
+ NOT-FOR-US: Invision Power Board
CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has
unknown ...)
NOT-FOR-US: Kerio MailServer
CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery
2.0.6 ...)
@@ -12026,7 +12032,7 @@
CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS
1.1.4 ...)
NOT-FOR-US: Jupiter
CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing
Email ...)
- NOT-FOR-US: Kamgaing
+ NOT-FOR-US: Kamgaing
CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1
allows ...)
NOT-FOR-US: MyBB
CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote
...)
@@ -12088,7 +12094,7 @@
- pdnsd 1.2.4par-0.1 (bug #368268; high)
CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers
to ...)
[sarge] - mydns 1.0.0-4sarge1
- - mydns 1.1.0+pre-3 (medium; bug #348826)
+ - mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series
routers ...)
NOT-FOR-US: Juniper Networks JUNOSe
CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to
cause ...)
@@ -12259,7 +12265,7 @@
CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows
remote ...)
NOT-FOR-US: Winny
CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver
3.5 ...)
- NOT-FOR-US: IZArc Archiver
+ NOT-FOR-US: IZArc Archiver
CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows
remote ...)
NOT-FOR-US: ClanSys
CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow
remote ...)
@@ -12327,8 +12333,8 @@
NOT-FOR-US: FlexBB
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows
remote ...)
{DSA-1055-1 DSA-1053-1}
- - firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
- - mozilla <unfixed> (high)
+ - firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
+ - mozilla <unfixed> (high)
[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in
Thunderbird)
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
- typo3-src 4.0.2-1 (bug #364350)
@@ -12483,11 +12489,11 @@
CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2)
...)
NOT-FOR-US: TotalCalendar
CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to
execute ...)
- NOT-FOR-US: PHP Net Tools
+ NOT-FOR-US: PHP Net Tools
CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows
remote ...)
NOT-FOR-US: PMTool
CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet
...)
- NOT-FOR-US: Internet Photoshow
+ NOT-FOR-US: Internet Photoshow
CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo
2.1.5 ...)
NOT-FOR-US: Papoo
CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...)
@@ -12671,7 +12677,7 @@
CVE-2006-1840 (Multiple unspecified vulnerabilities in Empire Server before
4.3.1 ...)
NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game)
CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP
Album ...)
- NOT-FOR-US: PHP Album
+ NOT-FOR-US: PHP Album
CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to
bypass ...)
NOT-FOR-US: Fuju News
CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0
allows ...)
@@ -13045,9 +13051,9 @@
CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive
information ...)
NOT-FOR-US: Clever Copy
CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in
MyBB (aka ...)
- NOT-FOR-US: MyBB
+ NOT-FOR-US: MyBB
CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in
inc/functions_post.php in ...)
- NOT-FOR-US: MyBB
+ NOT-FOR-US: MyBB
CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian
Kindahl ...)
NOT-FOR-US: TUGZip
CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder
...)
@@ -13120,9 +13126,9 @@
CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb
Banner ...)
NOT-FOR-US: Aweb Banner
CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright
Guestbook ...)
- NOT-FOR-US: Matt Wright Guestbook
+ NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright
Guestbook ...)
- NOT-FOR-US: Matt Wright Guestbook
+ NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3
...)
- gallery 1.5.3-1 (bug #361758)
CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR
...)
@@ -13149,7 +13155,7 @@
CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in ...)
NOT-FOR-US: APT-webshop-system
CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and
earlier ...)
- NOT-FOR-US: ecotwo Shopsystem
+ NOT-FOR-US: ecotwo Shopsystem
CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk
Guestbook ...)
NOT-FOR-US: Chipmunk Guestbook
CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in
TalentSoft ...)
@@ -13208,7 +13214,7 @@
CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before
...)
NOT-FOR-US: YaST
CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted
Mobility ...)
- NOT-FOR-US: Trusted Mobility Agent
+ NOT-FOR-US: Trusted Mobility Agent
CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated
Enterprise ...)
NOT-FOR-US: Accelerated E Solutions
CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry
vCard ...)
@@ -13235,7 +13241,7 @@
CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar
and ...)
NOTE: other reports indicate that Firefox is not vulnerable
CVE-2006-1649 (The "restore to" selection in the
"quarantine a file" capability of ...)
- NOT-FOR-US: Eset Software NOD32 Antivirus 2.5
+ NOT-FOR-US: Eset Software NOD32 Antivirus 2.5
CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier
...)
NOT-FOR-US: SMART SynchronEyes
CVE-2006-1647 (An unspecified "logical programming mistake"
in SMART SynchronEyes ...)
@@ -13357,7 +13363,7 @@
NOT-FOR-US: X-Doom, ZDaemon
NOTE: vulnerable functions don''t exist in lxdoom, prboom
CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help
winhlp32.exe ...)
- NOT-FOR-US: Microsoft Windows Help
+ NOT-FOR-US: Microsoft Windows Help
CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage
...)
- acidbase 1.2.5-1 (bug #363548; low)
[sarge] - acidbase <no-dsa> (Hardly exploitable)
@@ -13383,7 +13389,7 @@
CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt
SiteMan ...)
NOT-FOR-US: Egypt SiteMan
CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow
remote ...)
- NOT-FOR-US: MonAlbum
+ NOT-FOR-US: MonAlbum
CVE-2006-1584 (Unspecified vulnerability in index.php in Warcraft III Replay
Parser ...)
NOT-FOR-US: Warcraft III Replay
CVE-2006-1583 (Cross-site scripting (XSS) vulnerability in index.php in
Warcraft III ...)
@@ -13397,7 +13403,7 @@
CVE-2006-1579 (SQL injection vulnerability in topics.php in Dynamic Bulletin
Board ...)
NOT-FOR-US: Dynamic Bulletin Board System
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital
Library ...)
- NOT-FOR-US: Keystone Digital Library Suite
+ NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
{DSA-1133-1}
[woody] - mantis <not-affected> (Vulnerable code not present)
@@ -13415,7 +13421,7 @@
CVE-2006-1571 (Multiple SQL injection vulnerabilities in loginprocess.php in
...)
NOT-FOR-US: qliteNews
CVE-2006-1570 (Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and
2.2 ...)
- NOT-FOR-US: Esqlanelapse
+ NOT-FOR-US: Esqlanelapse
CVE-2006-1569 (Multiple SQL injection vulnerabilities in RedCMS 0.1 allow
remote ...)
NOT-FOR-US: RedCMS
CVE-2006-1568 (Multiple cross-site scripting (XSS) vulnerabilities in
register.php in ...)
@@ -13440,21 +13446,21 @@
CVE-2006-1560 (Multiple SQL injection vulnerabilities in SkinTech
phpNewsManager 1.48 ...)
NOT-FOR-US: SkinTech phpNewsManager
CVE-2006-1559 (SQL injection vulnerability in PHP Script Index allows remote
...)
- NOT-FOR-US: PHP Script Index
+ NOT-FOR-US: PHP Script Index
CVE-2006-1558 (Cross-site scripting (XSS) vulnerability in search.php in PHP
Script ...)
- NOT-FOR-US: PHP Script Index
+ NOT-FOR-US: PHP Script Index
CVE-2006-1557 (Multiple SQL injection vulnerabilities in X-Changer 0.2 allow
remote ...)
NOT-FOR-US: X-Changer
CVE-2006-1556 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: AL-Caricatier
CVE-2006-1555 (VSNS Lemon 3.2.0 allows remote attackers to bypass
authentication and ...)
- NOT-FOR-US: VSNS Lemon
+ NOT-FOR-US: VSNS Lemon
CVE-2006-1554 (Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0
allows ...)
- NOT-FOR-US: VSNS Lemon
+ NOT-FOR-US: VSNS Lemon
CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in
VSNS ...)
- NOT-FOR-US: VSNS Lemon
+ NOT-FOR-US: VSNS Lemon
CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5
allows ...)
- NOT-FOR-US: Apple
+ NOT-FOR-US: Apple
CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in
PAJAX ...)
NOT-FOR-US: PAJAX
CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash
(segmentation ...)
@@ -13509,11 +13515,11 @@
- libstruts1.2-java 1.2.9-1 (bug #360551)
[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on
proprietary Java)
CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php
in ...)
- NOT-FOR-US: VNews
+ NOT-FOR-US: VNews
CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php
in ...)
- NOT-FOR-US: VNews
+ NOT-FOR-US: VNews
CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba
...)
- NOT-FOR-US: VNews
+ NOT-FOR-US: VNews
CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running
on ...)
NOT-FOR-US: Bogus issue, this doesn''t trigger any local overflow
NOTE: Should be rejected
@@ -13641,7 +13647,7 @@
CVE-2006-1503 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Virtual Wa
CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote
...)
- NOT-FOR-US: MPlayer
+ NOT-FOR-US: MPlayer
NOTE: I can''t find the vulnerable code in xine-lib
CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0
allows ...)
NOT-FOR-US: OneOrZero
@@ -13879,7 +13885,7 @@
CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Metisware Instructor
CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in
...)
- NOT-FOR-US: Meeting Reserve
+ NOT-FOR-US: Meeting Reserve
CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in
G-Book ...)
NOT-FOR-US: G-Book
CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a)
phpAdsNew ...)
@@ -13918,7 +13924,7 @@
CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote
...)
- twiki 1:4.0.4-3 (bug #367973)
CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1
ignore ...)
- - twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian
too young)
+ - twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian
too young)
CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in
...)
NOT-FOR-US: Cisco
CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in
the ...)
@@ -14013,7 +14019,7 @@
CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg
...)
NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote
attackers ...)
- NOT-FOR-US: MyBB
+ NOT-FOR-US: MyBB
CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe,
as ...)
NOT-FOR-US: VeriSign haydn.exe
CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and
2.6, ...)
@@ -14040,13 +14046,13 @@
CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with
...)
- gnome-screensaver 2.14.1-1 (bug #357885)
CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow
...)
- NOT-FOR-US: Maian Weblog
+ NOT-FOR-US: Maian Weblog
CVE-2006-1333 (Multpile SQL injection vulnerabilities in BetaParticle Blog 6.0
and ...)
NOT-FOR-US: BetaParticle Blog
CVE-2006-1332 (Noah''s Classifieds 1.3 and earlier allows remote
attackers to obtain ...)
- NOT-FOR-US: Noah''s Classifieds
+ NOT-FOR-US: Noah''s Classifieds
CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
- NOT-FOR-US: Noah''s Classifieds
+ NOT-FOR-US: Noah''s Classifieds
CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and
earlier ...)
NOT-FOR-US: phpWebsite
CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11
allows ...)
@@ -14122,9 +14128,9 @@
CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21
and ...)
NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway
...)
- NOT-FOR-US: Milkeyway Captive Portal
+ NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive
Portal 0.1 ...)
- NOT-FOR-US: Milkeyway Captive Portal
+ NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board
(IPB) ...)
NOT-FOR-US: Invision Power Board
CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board
(IPB) ...)
@@ -14173,7 +14179,7 @@
CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack
sessions ...)
NOT-FOR-US: Invision Power Board
CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp
in ...)
- NOT-FOR-US: VPMi Enterprise
+ NOT-FOR-US: VPMi Enterprise
CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net
...)
NOT-FOR-US: xhawk.net discussion
CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion
2.0 ...)
@@ -14211,11 +14217,11 @@
CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and
iTunes ...)
NOT-FOR-US: Apple Quicktime
CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11,
and ...)
- NOT-FOR-US: HP-UX
+ NOT-FOR-US: HP-UX
CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0
allows ...)
NOT-FOR-US: AIX
CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX
5.3 ...)
- NOT-FOR-US: AIX
+ NOT-FOR-US: AIX
CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer
...)
NOT-FOR-US: Microsoft
CVE-2005-4743 (Multiple SQL injection vulnerabilities in index.php in NeLogic
Nephp ...)
@@ -14239,7 +14245,7 @@
CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA
Authentication ...)
NOT-FOR-US: RSA Authentication Agent for Web
CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112
allow ...)
- NOT-FOR-US: NetBSD
+ NOT-FOR-US: NetBSD
CVE-2005-4732 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
NOT-FOR-US: TuxBank
CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini
(aka ...)
@@ -14254,7 +14260,7 @@
NOTE: Discussion has shown that the revamp patch doesn''t fix new
vulnerabilities
- gpdf 2.10.0-3
CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP
Blog ...)
- NOT-FOR-US: Simple PHP Blog
+ NOT-FOR-US: Simple PHP Blog
CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x
before ...)
{DSA-1103 DSA-1097-1}
- linux-2.6 2.6.16-4
@@ -14263,9 +14269,9 @@
CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2)
...)
- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in
issue/createissue.aspx in ...)
- NOT-FOR-US: Gemini
+ NOT-FOR-US: Gemini
CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with
magic_quotes_gpc ...)
- NOT-FOR-US: DSLogin
+ NOT-FOR-US: DSLogin
CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with
...)
NOT-FOR-US: DSNewsletter
CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes
the ...)
@@ -14446,9 +14452,9 @@
CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum
2.0.3 ...)
NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership
Script ...)
- NOT-FOR-US: manas tungare Site Membership Script
+ NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site
...)
- NOT-FOR-US: manas tungare Site Membership Script
+ NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in
Fantastic ...)
NOT-FOR-US: Fantastic News
CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote
attackers ...)
@@ -14461,7 +14467,7 @@
- teg 0.11.1-3 (bug #357645; low)
[sarge] - teg <no-dsa> (Only DoS against exotic, mostly single player
game)
CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in
OWL ...)
- NOT-FOR-US: OWL Intranet Engine
+ NOT-FOR-US: OWL Intranet Engine
CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs
function ...)
- peercast 0.1217.toots.20060314-1
CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold
...)
@@ -14510,7 +14516,7 @@
- monotone 0.26pre1-0.1 (low)
[sarge] - monotone <no-dsa> (Only exploitable in very far-fetched
situation)
NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on the client
- NOTE: and massive social engineering
+ NOTE: and massive social engineering
CVE-2006-1128 (Directory traversal vulnerability in the session handling class
...)
- gallery2 2.0.3
CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to
2.0.2 ...)
@@ -14607,7 +14613,7 @@
CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in
phpArcadeScript ...)
NOT-FOR-US: phpArcadeScript
CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in
Jonathan ...)
- NOT-FOR-US: PluggedOut Nexus
+ NOT-FOR-US: PluggedOut Nexus
CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in
Game-Panel ...)
NOT-FOR-US: Game-Panel
CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other
products ...)
@@ -14621,11 +14627,11 @@
CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the
commentary ...)
NOT-FOR-US: Evo-Dev evoBlog
CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a
showtopic ...)
- NOT-FOR-US: checkInvision Power Board
+ NOT-FOR-US: checkInvision Power Board
CVE-2006-1075 (Format string vulnerability in the visualization function in
Jason ...)
- NOT-FOR-US: Liero Xtreme
+ NOT-FOR-US: Liero Xtreme
CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote
attackers ...)
- NOT-FOR-US: Liero Xtreme
+ NOT-FOR-US: Liero Xtreme
CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave
Simplog ...)
NOT-FOR-US: Daverave Simplog
CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog
1.0.2 and ...)
@@ -14655,7 +14661,7 @@
{DSA-999-1}
- lurker 2.1-1
CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through
7.15.2 ...)
- - curl 7.15.3-1
+ - curl 7.15.3-1
[woody] - curl <not-affected> (Vulnerable code not present)
[sarge] - curl <not-affected> (Vulnerable code not present)
CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8
might ...)
@@ -14760,7 +14766,7 @@
CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in
PeHePe ...)
NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas
Vegas ...)
- NOT-FOR-US: Johnny_Vegas Vegas Forum
+ NOT-FOR-US: Johnny_Vegas Vegas Forum
CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard
3.0.1 ...)
NOT-FOR-US: UkiBoard
CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween
1.03 ...)
@@ -14787,17 +14793,17 @@
{DSA-1001-1}
- crossfire 1.9.0-1
CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default
password ...)
- NOT-FOR-US: M4 Project enigma-suite
+ NOT-FOR-US: M4 Project enigma-suite
CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1
and ...)
- NOT-FOR-US: N8cms
+ NOT-FOR-US: N8cms
CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2
allow ...)
- NOT-FOR-US: N8cms
+ NOT-FOR-US: N8cms
CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in
sendcard ...)
NOT-FOR-US: sendcard
CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote
...)
- NOT-FOR-US: Parodia
+ NOT-FOR-US: Parodia
CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in
...)
- NOT-FOR-US: Parodia
+ NOT-FOR-US: Parodia
CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless
Firewall ...)
NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of ...)
@@ -14966,7 +14972,7 @@
CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote
...)
NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the
JGS-XA ...)
- NOT-FOR-US: Woltlab Burning Board
+ NOT-FOR-US: Woltlab Burning Board
CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt
...)
NOT-FOR-US: StuffIt
CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N
MDaemon ...)
@@ -15112,9 +15118,9 @@
CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT)
WebDrive, ...)
NOT-FOR-US: WebDrive
CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct
brute ...)
- NOT-FOR-US: PunBB
+ NOT-FOR-US: PunBB
CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a
denial of ...)
- NOT-FOR-US: PunBB
+ NOT-FOR-US: PunBB
CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify
the ...)
NOT-FOR-US: Global Hauri ViRobot
CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote
...)
@@ -15130,7 +15136,7 @@
CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe,
(2) the ...)
NOT-FOR-US: StarForce Safe''n''Sec Personal
CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0
in e107 ...)
- NOT-FOR-US: e107 CMS Chatbox plugin
+ NOT-FOR-US: e107 CMS Chatbox plugin
CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host
1.21 ...)
NOT-FOR-US: SmE GB Host
CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c
for zoo ...)
@@ -15255,7 +15261,7 @@
NOT-FOR-US: php-Nuke
CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers
to ...)
- tin 1:1.8.2-1
- [sarge] - tin <not-affected> (Vulnerable code not present)
+ [sarge] - tin <not-affected> (Vulnerable code not present)
CVE-2006-0803 (The signature verification functionality in the YaST Online
Update ...)
NOT-FOR-US: YaSt Online Update
CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages
module ...)
@@ -15273,7 +15279,7 @@
CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in
Clever Copy ...)
NOT-FOR-US: Clever Copy
CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex
2.0.2 ...)
- NOT-FOR-US: Quirex
+ NOT-FOR-US: Quirex
CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain
the ...)
NOT-FOR-US: V-webmail
CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to
conduct ...)
@@ -15299,9 +15305,9 @@
CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in
Siteframe ...)
NOT-FOR-US: Siteframe Beaumont
CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and
earlier ...)
- NOT-FOR-US: PerlBlog
+ NOT-FOR-US: PerlBlog
CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b
and ...)
- NOT-FOR-US: PerlBlog
+ NOT-FOR-US: PerlBlog
CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl
in ...)
NOT-FOR-US: PerlBlog
CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB
Forums ...)
@@ -15442,7 +15448,7 @@
CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF
MSAnalysis ...)
NOT-FOR-US: MusOX DF
CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in
CPG-Nuke ...)
- NOT-FOR-US: CPG-Nuke
+ NOT-FOR-US: CPG-Nuke
CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume
CMS ...)
NOT-FOR-US: Plume CMS
CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when
...)
@@ -15452,7 +15458,7 @@
CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when
...)
NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a
...)
- NOT-FOR-US: RunCMS
+ NOT-FOR-US: RunCMS
CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13
allows ...)
NOT-FOR-US: Winamp
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP
Classifieds ...)
@@ -15460,7 +15466,7 @@
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in
Avaya ...)
NOT-FOR-US: Avaya VSU
CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause
a ...)
- NOT-FOR-US: Tivoli
+ NOT-FOR-US: Tivoli
CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows
remote ...)
NOT-FOR-US: sNews
CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows
remote ...)
@@ -15598,7 +15604,7 @@
- mantis 0.19.4-3
[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus
Domino ...)
- NOT-FOR-US: Lotus Domino
+ NOT-FOR-US: Lotus Domino
CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes
Client ...)
NOT-FOR-US: Lotus Domino
CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host
1.21 ...)
@@ -15612,7 +15618,7 @@
CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP
Event ...)
NOT-FOR-US: Softcomplex
CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager
4.2 ...)
- NOT-FOR-US: HP
+ NOT-FOR-US: HP
CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate
...)
@@ -15772,7 +15778,7 @@
{DSA-967-1}
- elog 2.6.1+r1642-1
CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before
6.00.304 ...)
- NOT-FOR-US: PHP-Fusion
+ NOT-FOR-US: PHP-Fusion
CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce
Server ...)
NOT-FOR-US: Lexmark Printer
CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based
and ...)
@@ -15802,7 +15808,7 @@
NOT-FOR-US: Lotus Domino
CVE-2006-0579 (Multiple integer overflows in (1) the new_demux_packet function
in ...)
- mplayer <not-affected> (fixed before first upload; 1.0pre7try3)
- NOTE: code not in ffmpeg and xine-lib
+ NOTE: code not in ffmpeg and xine-lib
CVE-2006-0578 (Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not
enforce ...)
NOT-FOR-US: Blue Coat Proxy Security Gateway OS
CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM
privileges by ...)
@@ -15833,7 +15839,7 @@
CVE-2006-0565 (PHP remote file include vulnerability in
inc/backend_settings.php in ...)
NOT-FOR-US: LoudBlog
CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...)
- NOT-FOR-US: Microsoft
+ NOT-FOR-US: Microsoft
CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog
1.9.9c ...)
NOT-FOR-US: PluggedOut Blog
CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in
PluggedOut ...)
@@ -15879,7 +15885,7 @@
CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka
7.0.5296.0) ...)
NOT-FOR-US: Microsoft
CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a
denial ...)
- NOT-FOR-US: Cerulean Trillian
+ NOT-FOR-US: Cerulean Trillian
CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb
...)
NOT-FOR-US: NukedWeb
CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon
Vanilla ...)
@@ -15902,7 +15908,7 @@
NOT-FOR-US: cPanel
NOTE: Not Debian''s cpanel
CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in
SoftMaker ...)
- NOT-FOR-US: SoftMaker Shop
+ NOT-FOR-US: SoftMaker Shop
CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0
allows ...)
NOT-FOR-US: Sun Java System Access Manager
CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb
...)
@@ -16061,10 +16067,10 @@
CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in ...)
NOT-FOR-US: MyBB
CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and
...)
- NOT-FOR-US: uebimiau
+ NOT-FOR-US: uebimiau
NOTE: this had an ITP back in 2002, but it never was done (bug #164116)
CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers
to ...)
- NOT-FOR-US: CommuniGate Pro
+ NOT-FOR-US: CommuniGate Pro
CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN
before ...)
NOT-FOR-US: PHP GEN
CVE-2005-4706 (Unspecified vulnerability in the "privilege
management" feature of Sun ...)
@@ -16125,13 +16131,13 @@
- migrationtools 46-2.1 (bug #338920; unimportant)
NOTE: The temp fix makes use of TMPDIR
CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in
AudienceView ...)
- NOT-FOR-US: AudienceView
+ NOT-FOR-US: AudienceView
CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and
6.16 ...)
NOT-FOR-US: mIRC
CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before
4.6.9, ...)
NOT-FOR-US: Sophos Anti-Virus
CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote
...)
- NOT-FOR-US: Internet Explorer 6
+ NOT-FOR-US: Internet Explorer 6
CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof
the ...)
NOT-FOR-US: Apple
CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the
...)
@@ -16198,7 +16204,7 @@
CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO
Mail ...)
NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows
remote ...)
- NOT-FOR-US: WeBWorK
+ NOT-FOR-US: WeBWorK
CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated
users ...)
NOT-FOR-US: Phpclanwebsite
CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka
PCW) ...)
@@ -16234,9 +16240,9 @@
CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in
image-editor-52/index.php ...)
NOT-FOR-US: CityPost Simple Image-Editor
CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php
in ...)
- NOT-FOR-US: CityPost Simple PHP Upload
+ NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in
CityPost ...)
- NOT-FOR-US: CityPost Simple PHP Upload
+ NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS)
WebAdmin ...)
NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin
CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running
with JDK ...)
@@ -16299,7 +16305,7 @@
CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local
users ...)
NOT-FOR-US: Sun Grid Engine
CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ
Bulletin ...)
- NOT-FOR-US: AZ Bulletin Board
+ NOT-FOR-US: AZ Bulletin Board
CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain
sensitive ...)
NOT-FOR-US: MyBB
CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff
3.8.0 ...)
@@ -16360,7 +16366,7 @@
CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize
a ...)
NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site
Manager ...)
- NOT-FOR-US: Netrix X-Site Manager
+ NOT-FOR-US: Netrix X-Site Manager
CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5
allows ...)
{DSA-988-1}
- squirrelmail 2:1.4.6-1 (bug #354063; bug #355424)
@@ -16375,9 +16381,9 @@
CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane
Visions ...)
NOT-FOR-US: Insane Visions BlogPHP
CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling
RCBlog ...)
- NOT-FOR-US: Noah Medling RCBlog
+ NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories
under ...)
- NOT-FOR-US: Noah Medling RCBlog
+ NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0369 (** DISPUTED ** ...)
- mysql-dfsg-4.1 <unfixed> (unimportant)
NOTE: This isn''t a security hole, it''s expected behaviour
@@ -16408,11 +16414,11 @@
CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to
cause ...)
NOT-FOR-US: Ari Pikivirta Home Ftp Server
CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote
attackers ...)
- NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
+ NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points
(WAP) ...)
NOT-FOR-US: Cisco IOS
CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...)
- NOT-FOR-US: Fluffington FLog
+ NOT-FOR-US: Fluffington FLog
CVE-2006-0351 (Unspecified "critical denial-of-service
vulnerability" in MyDNS before ...)
{DSA-963-1}
[sarge] - mydns 1.0.0-4sarge1
@@ -16459,12 +16465,12 @@
- ecartis 1.0.0+cvs.20030911-11 (low; bug #348824)
[sarge] - ecartis <no-dsa> (No real fix available, only rare setups
affected, minor exploit potential)
CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail
plugin ...)
- NOT-FOR-US: Squirrelmail plugin
+ NOT-FOR-US: Squirrelmail plugin
CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2
...)
{DSA-1148-1}
- gallery 1.5.2-1
CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS,
BS-S, ...)
- NOT-FOR-US: HITSENSER Data Mart Server BS
+ NOT-FOR-US: HITSENSER Data Mart Server BS
CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote
attackers to ...)
NOT-FOR-US: Tftpd32, different from the tftpd in Debian
CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive
information ...)
@@ -16515,7 +16521,7 @@
CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows
...)
NOT-FOR-US: aoblogger
CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows
remote ...)
- NOT-FOR-US: Linksys hardware issue
+ NOT-FOR-US: Linksys hardware issue
CVE-2006-0308 (PHP remote file include vulnerability in HTMLtonuke.php in
HTMLtoNuke ...)
NOT-FOR-US: HTMLtoNuke
CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer
...)
@@ -16527,7 +16533,7 @@
CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote
attackers to ...)
NOT-FOR-US: dual dns server
CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing
component, ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla!
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware
WV.00.02 ...)
NOT-FOR-US: ZyXel hardware
CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in
other ...)
@@ -16745,7 +16751,7 @@
CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in
Dragon ...)
NOT-FOR-US: Dragon Design Services Network (DDSN)
CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in
DCP-Portal 5.3 ...)
- NOT-FOR-US: DCP-Portal
+ NOT-FOR-US: DCP-Portal
CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update
from ...)
NOT-FOR-US: MyBB
CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB)
before ...)
@@ -16880,7 +16886,7 @@
CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars
1.2.2 ...)
NOT-FOR-US: CaLogic Calendars
CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a
denial of ...)
- NOT-FOR-US: Cisco IP Phone
+ NOT-FOR-US: Cisco IP Phone
CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows
local ...)
NOT-FOR-US: Cray UNICOS
CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow
local ...)
@@ -16920,9 +16926,9 @@
CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has
unknown ...)
NOT-FOR-US: Solaris
CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl
Forums 2.4 ...)
- NOT-FOR-US: PEARLINGER Pearl Forums
+ NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl
Forums 2.4 ...)
- NOT-FOR-US: PEARLINGER Pearl Forums
+ NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote
...)
NOT-FOR-US: 3CFR
CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML
WikiProcessor in ...)
@@ -16997,7 +17003,7 @@
NOT-FOR-US: Kayako SupportSuite
CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been
disabled, ...)
- openoffice.org <unfixed> (unimportant)
- NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser.
+ NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser.
NOTE: If the admin doesn''t web browsing, why is one
installed/enabled?
CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1
allows ...)
NOT-FOR-US: PD9 Software MegaBBS
@@ -17019,11 +17025,11 @@
CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP
1.2.6 ...)
NOT-FOR-US: SysCP WebFTP
CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive
...)
- NOT-FOR-US: boastMachine
+ NOT-FOR-US: boastMachine
CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in
...)
- NOT-FOR-US: Mail Management Agent
+ NOT-FOR-US: Mail Management Agent
CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in
...)
- NOT-FOR-US: Mail Management Agent
+ NOT-FOR-US: Mail Management Agent
CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before
...)
NOT-FOR-US: Rockliffe MailSite
CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of
Rockliffe ...)
@@ -17039,7 +17045,7 @@
CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow
remote ...)
NOT-FOR-US: ADN Forum
CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in
...)
- NOT-FOR-US: Aquifer CMS
+ NOT-FOR-US: Aquifer CMS
CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server
before ...)
NOT-FOR-US: Notes/Domino
CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and
Domino ...)
@@ -17063,13 +17069,13 @@
CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media
...)
NOT-FOR-US: Boxcar Media Shopping Cart
CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro
Domus ...)
- NOT-FOR-US: Foro Domus
+ NOT-FOR-US: Foro Domus
CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular
Merchant ...)
- NOT-FOR-US: Modular Merchant Shopping Cart
+ NOT-FOR-US: Modular Merchant Shopping Cart
CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS
allows ...)
- NOT-FOR-US: Timecan CMS
+ NOT-FOR-US: Timecan CMS
CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote
attackers to ...)
- NOT-FOR-US: Timecan CMS
+ NOT-FOR-US: Timecan CMS
CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when
running on ...)
NOT-FOR-US: PostgreSQL on Windows
CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and
earlier ...)
@@ -17100,7 +17106,7 @@
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard
1.0 ...)
NOT-FOR-US: oaBoard
CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card
ME PHP ...)
- NOT-FOR-US: @Card ME PHP
+ NOT-FOR-US: @Card ME PHP
CVE-2006-0092
REJECTED
NOT-FOR-US: SiteSuite CMS
@@ -17115,7 +17121,7 @@
CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php
in ...)
NOT-FOR-US: Lizard Cart
CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next
Generation ...)
- NOT-FOR-US: Next Generation Image Gallery
+ NOT-FOR-US: Next Generation Image Gallery
CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote
...)
NOT-FOR-US: Nkads
CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0
and ...)
@@ -17126,7 +17132,7 @@
NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-4633
REJECTED
- NOT-FOR-US: phpoutsourcing Zorum Forum
+ NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote!Pro 4.0
and ...)
NOT-FOR-US: Vote!Pro
CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and
earlier ...)
@@ -17138,9 +17144,9 @@
CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38
and ...)
NOT-FOR-US: HelpDeskPoint
CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1)
GmailSite ...)
- NOT-FOR-US: GmailSite
+ NOT-FOR-US: GmailSite
CVE-2005-4626 (The default configuration of Recruitment Software installs ...)
- NOT-FOR-US: Recruitment Software
+ NOT-FOR-US: Recruitment Software
CVE-2005-4625 (Drivers for certain display adapters, including (1) an
unspecified ATI ...)
NOT-FOR-US: Strange Windows drivers
CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6
allows ...)
@@ -17154,7 +17160,7 @@
CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to
...)
NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum
Forum ...)
- NOT-FOR-US: phpoutsourcing Zorum Forum
+ NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15
allows ...)
{DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.15-1
@@ -17281,7 +17287,7 @@
CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp
...)
NOT-FOR-US: OoApp Guestbook
CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei
...)
- NOT-FOR-US: iPei Guestbook
+ NOT-FOR-US: iPei Guestbook
CVE-2005-4596 (Cross-site scripting (XSS) vulnerability in read.php in
AdesGuestbook ...)
NOT-FOR-US: AdesGuestbook
CVE-2005-4595 (Untrusted search path vulnerability (RPATH) in XnView 1.70 and
NView ...)
@@ -17362,7 +17368,7 @@
- electricsheep 2.6.3+cvs20051206-1 (unimportant)
NOTE: This does not seem to be exploitable.
CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4
allows ...)
- NOT-FOR-US: Day Communique
+ NOT-FOR-US: Day Communique
CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi
Business ...)
NOT-FOR-US: Hitachi Business Logic
CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic
- ...)
@@ -17434,7 +17440,7 @@
CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the
full ...)
NOT-FOR-US: eggblog
CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in
NetDirect ...)
- NOT-FOR-US: NetDirect ShopEngine
+ NOT-FOR-US: NetDirect ShopEngine
CVE-2005-4544
RESERVED
CVE-2005-4543
@@ -17475,7 +17481,7 @@
CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through
5.1 ...)
NOT-FOR-US: MIMEsweeper For Web
CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows
local ...)
- NOT-FOR-US: Sygate
+ NOT-FOR-US: Sygate
CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note
private" when a ...)
{DSA-944-1}
- mantis 0.19.4-1 (bug #345288)
@@ -17537,7 +17543,7 @@
CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000
...)
NOT-FOR-US: Cisco
CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and
earlier ...)
- NOT-FOR-US: Text-e
+ NOT-FOR-US: Text-e
CVE-2005-4497 (Cross-site scripting (XSS) vulnerability in Tangora Portal CMS
4.0 and ...)
NOT-FOR-US: Tangora Portal
CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS
1.2.1 ...)
@@ -17559,7 +17565,7 @@
CVE-2005-4488 (Multiple cross-site scripting (XSS) vulnerabilities in index.tpl
in ...)
NOT-FOR-US: Redakto WCMS
CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0
and ...)
- NOT-FOR-US: RAMSite
+ NOT-FOR-US: RAMSite
CVE-2005-4486 (** DISPUTED ** ...)
NOT-FOR-US: Quantum Art
CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in
ProjectApp 3.3 ...)
@@ -17577,7 +17583,7 @@
CVE-2005-4479 (SQL injection vulnerability in article.php in phpSlash 0.8.1 and
...)
NOT-FOR-US: phpSlash
CVE-2005-4478 (Multiple SQL injection vulnerabilities in Papoo 2.1.2 and
earlier ...)
- NOT-FOR-US: Papoo
+ NOT-FOR-US: Papoo
CVE-2005-4477 (Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and
...)
NOT-FOR-US: papaya CMS
CVE-2005-4476 (Cross-site scripting (XSS) vulnerability in
store/search/results.html ...)
@@ -17645,7 +17651,7 @@
CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in
i3sipmsg.dll ...)
NOT-FOR-US: SIP Proxy
CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in
NEC ...)
- NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
+ NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows
remote ...)
NOT-FOR-US: Ingate Firewall / SIParator
CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain
sensitive ...)
@@ -17654,13 +17660,13 @@
CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva
PHP ...)
NOT-FOR-US: Tolva PHP website system
CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2
and ...)
- NOT-FOR-US: Beehive Forum
+ NOT-FOR-US: Beehive Forum
CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2
and ...)
- NOT-FOR-US: Beehive Forum
+ NOT-FOR-US: Beehive Forum
CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components
vmnat.exe ...)
NOT-FOR-US: VMWare
CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not
properly ...)
- NOT-FOR-US: Metadot Portal Server
+ NOT-FOR-US: Metadot Portal Server
CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote
...)
NOT-FOR-US: MailEnable
CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and
...)
@@ -17672,7 +17678,7 @@
NOT-FOR-US: livejournal
NOTE: liblivejournal-perl doesn''t seem to embed any of the affected
code
CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows
remote ...)
- NOT-FOR-US: Ultraapps Issue Manager
+ NOT-FOR-US: Ultraapps Issue Manager
CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database
under ...)
NOT-FOR-US: Information Call Center
CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX
B.11.11 ...)
@@ -17742,9 +17748,9 @@
CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory
outside ...)
NOT-FOR-US: Dev-Editor
CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive
...)
- NOT-FOR-US: Honeycomb Archive Enterprise
+ NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in
...)
- NOT-FOR-US: Honeycomb Archive Enterprise
+ NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW)
...)
NOT-FOR-US: Widcomm Bluetooth for Windows
CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows
remote ...)
@@ -17766,9 +17772,9 @@
CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and
...)
NOT-FOR-US: Miraserver
CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury
CMS ...)
- NOT-FOR-US: Mercury CMS
+ NOT-FOR-US: Mercury CMS
CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and
...)
- NOT-FOR-US: Mercury CMS
+ NOT-FOR-US: Mercury CMS
CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote
attackers to ...)
NOT-FOR-US: Red Queen
CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop
18.x ...)
@@ -17844,15 +17850,15 @@
CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2
allows ...)
NOT-FOR-US: Acuity CMS
CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ...)
- NOT-FOR-US: roundcube webmail
+ NOT-FOR-US: roundcube webmail
CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php
in ...)
- NOT-FOR-US: DRZES HMS
+ NOT-FOR-US: DRZES HMS
CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow
remote ...)
- NOT-FOR-US: DRZES HMS
+ NOT-FOR-US: DRZES HMS
CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP
0.9.0.1029 ...)
- NOT-FOR-US: FLIP
+ NOT-FOR-US: FLIP
CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot
Banana ...)
- NOT-FOR-US: Hot Banana Web Content Management Suite
+ NOT-FOR-US: Hot Banana Web Content Management Suite
CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in
...)
NOT-FOR-US: Komodo CMS
CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows
...)
@@ -17927,9 +17933,9 @@
CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote
attackers ...)
NOT-FOR-US: ZixForum
CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary
Board ...)
- NOT-FOR-US: Binary Board System
+ NOT-FOR-US: Binary Board System
CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager
...)
- NOT-FOR-US: Secure Smart Manager
+ NOT-FOR-US: Secure Smart Manager
CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant
...)
NOT-FOR-US: iHTML Merchant
CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant
Mall ...)
@@ -17945,21 +17951,21 @@
CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b
have ...)
NOT-FOR-US: Driverse
CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00
through ...)
- NOT-FOR-US: Hitachi Groupmax Mail SMTP
+ NOT-FOR-US: Hitachi Groupmax Mail SMTP
CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration
Portal ...)
- NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
+ NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi
...)
- NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
+ NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in
Apani ...)
NOT-FOR-US: Apani Networks EpiForce
CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain
the ...)
- NOT-FOR-US: Limbo CMS
+ NOT-FOR-US: Limbo CMS
CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS
1.0.4.2 ...)
- NOT-FOR-US: Limbo CMS
+ NOT-FOR-US: Limbo CMS
CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2
and ...)
- NOT-FOR-US: Limbo CMS
+ NOT-FOR-US: Limbo CMS
CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does
not ...)
- NOT-FOR-US: Limbo CMS
+ NOT-FOR-US: Limbo CMS
CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote
attackers ...)
NOT-FOR-US: HP-UX
CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum
PLEXCART ...)
@@ -17981,7 +17987,7 @@
CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and
earlier ...)
NOT-FOR-US: ScareCrow
CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet
BBS 2.0 ...)
- NOT-FOR-US: SiteNet BBS
+ NOT-FOR-US: SiteNet BBS
CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9,
0.9.1, ...)
- trac 0.9.3-1 (bug #344006)
[sarge] - trac <unfixed> (medium)
@@ -18010,7 +18016,7 @@
CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a
denial ...)
NOT-FOR-US: AppServ Open Project
CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image
Gallery XE ...)
- NOT-FOR-US: Absolute Image Gallery XE
+ NOT-FOR-US: Absolute Image Gallery XE
CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms
before ...)
NOT-FOR-US: Alkacon OpenCms
CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in
ClickCartPro ...)
@@ -18054,11 +18060,11 @@
CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence
6.5x ...)
NOT-FOR-US: Business Objects WebIntelligence
CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2)
...)
- NOT-FOR-US: AIX
+ NOT-FOR-US: AIX
CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow
remote ...)
- NOT-FOR-US: AIX
+ NOT-FOR-US: AIX
CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows
local ...)
- NOT-FOR-US: AIX
+ NOT-FOR-US: AIX
CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134
allows ...)
NOT-FOR-US: Watchfire AppScan
CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet
Explorer ...)
@@ -18117,9 +18123,9 @@
CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in
QuickPayPro 3.1 ...)
NOT-FOR-US: QuickPayPro
CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger
Beta ...)
- NOT-FOR-US: Plogger
+ NOT-FOR-US: Plogger
CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows
...)
- NOT-FOR-US: Plogger
+ NOT-FOR-US: Plogger
CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe
...)
NOT-FOR-US: Snipe Gallery
CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier
allows ...)
@@ -18127,20 +18133,20 @@
CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow
remote ...)
NOT-FOR-US: QuickPayPro
CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in
...)
- NOT-FOR-US: VCD-db
+ NOT-FOR-US: VCD-db
CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and
earlier ...)
- NOT-FOR-US: VCD-db
+ NOT-FOR-US: VCD-db
CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in
Search/DisplayResults.php ...)
NOT-FOR-US: PHP JackKnife
CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in
view_filters_page.php in ...)
{DSA-944-1}
- mantis 0.19.4-1 (bug #345288)
CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0
and ...)
- NOT-FOR-US: MySQL Auction
+ NOT-FOR-US: MySQL Auction
CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD
...)
NOT-FOR-US: CKGOLD
CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in
...)
- NOT-FOR-US: WHMCompleteSolution
+ NOT-FOR-US: WHMCompleteSolution
CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery
1.0.0 and ...)
NOT-FOR-US: EncapsGallery
CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad
Manager ...)
@@ -18154,7 +18160,7 @@
CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in
EveryAuction ...)
NOT-FOR-US: EveryAuction
CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1
and ...)
- NOT-FOR-US: PhpWebGallery
+ NOT-FOR-US: PhpWebGallery
CVE-2005-4227 (Multiple "potential" SQL injection
vulnerabilities in DCP-Portal 6.1.1 ...)
NOT-FOR-US: DCP-Portal
CVE-2005-4226 (Multiple "potential" SQL injection
vulnerabilities in phpWebThings 1.4 ...)
@@ -18170,7 +18176,7 @@
CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2
Beta 2 ...)
NOT-FOR-US: Arab Portal System
CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows
remote ...)
- NOT-FOR-US: Netgear hardware issue
+ NOT-FOR-US: Netgear hardware issue
CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS)
contains ...)
NOT-FOR-US: Innovative CMS
CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4
allows ...)
@@ -18315,7 +18321,7 @@
{DSA-955-1}
- mailman 2.1.5-10
CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers
to ...)
- NOT-FOR-US: Soti Pocket Controller-Professional
+ NOT-FOR-US: Soti Pocket Controller-Professional
CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop
...)
NOT-FOR-US: PGP Desktop Home
CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login
page in ...)
@@ -18529,7 +18535,7 @@
CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a
...)
NOT-FOR-US: e107
CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices
with ...)
- NOT-FOR-US: MultiVOIP hardware
+ NOT-FOR-US: MultiVOIP hardware
CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow
remote ...)
NOT-FOR-US: Blog System
CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer
function ...)
@@ -18552,15 +18558,15 @@
CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0
and ...)
NOT-FOR-US: Hobosworld HobSR
CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and
...)
- NOT-FOR-US: Warm Links
+ NOT-FOR-US: Warm Links
CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI
Guy ...)
NOT-FOR-US: MR CGI Guy Hot Links SQL
CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier
allows ...)
NOT-FOR-US: FileLister
CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future
Portal ...)
- NOT-FOR-US: Web4Future Portal Solutions News Portal
+ NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future
Portal ...)
- NOT-FOR-US: Web4Future Portal Solutions News Portal
+ NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future
Affiliate ...)
NOT-FOR-US: Web4Future Affiliate Manager
CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in
Web4Future ...)
@@ -18588,7 +18594,7 @@
CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect
...)
NOT-FOR-US: Help Desk Reloaded Free Help Desk
CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind
2004 ...)
- NOT-FOR-US: Interspire FastFind
+ NOT-FOR-US: Interspire FastFind
CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0
before ...)
- gallery2 2.0.2-1 (medium)
CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the "Add
Image From Web" ...)
@@ -18623,7 +18629,7 @@
NOT-FOR-US: Jax Calendar
CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2
...)
{DSA-919-2}
- - curl 7.15.1-1 (bug #342339; bug #342696; medium)
+ - curl 7.15.1-1 (bug #342339; bug #342696; medium)
CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before
1.2.3.03, ...)
NOT-FOR-US: SAPID CMS
CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
@@ -18643,7 +18649,7 @@
CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in
SiteBeater ...)
NOT-FOR-US: SiteBeater MP3 Catalog
CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in
Solupress ...)
- NOT-FOR-US: Solupress News
+ NOT-FOR-US: Solupress News
CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations,
allows ...)
NOT-FOR-US: Zen Cart
CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in
...)
@@ -18688,7 +18694,7 @@
CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and
1.4 ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium
...)
- NOT-FOR-US: NetClassifieds Premium Edition
+ NOT-FOR-US: NetClassifieds Premium Edition
CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality
PPC ...)
NOT-FOR-US: QualityEBiz Quality PPC
CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple
DUware ...)
@@ -18703,7 +18709,7 @@
{DSA-958-1}
- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in
...)
- NOT-FOR-US: Extreme Search Corporate Edition
+ NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in
Citrix ...)
NOT-FOR-US: Citrix
CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...)
@@ -18736,9 +18742,9 @@
CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7
has ...)
- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows
remote ...)
- NOT-FOR-US: Microsoft cabarc
+ NOT-FOR-US: Microsoft cabarc
CVE-2004-2642 (Yeemp 0.9.9 and earlier does properly encrypt inbound files,
which ...)
- NOT-FOR-US: Yeemp
+ NOT-FOR-US: Yeemp
CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun
Fire ...)
NOT-FOR-US: Sun appliances
CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat
before ...)
@@ -18754,7 +18760,7 @@
CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System
...)
NOT-FOR-US: McAfee
CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM
AIX ...)
- NOT-FOR-US: AIX
+ NOT-FOR-US: AIX
CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous
...)
NOT-FOR-US: Sesamie
CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify
...)
@@ -18770,9 +18776,9 @@
CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode,
which ...)
NOT-FOR-US: J2ME
CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55
cellular ...)
- NOT-FOR-US: Siemens cell phone
+ NOT-FOR-US: Siemens cell phone
CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email
allows ...)
- NOT-FOR-US: Outblaze Email
+ NOT-FOR-US: Outblaze Email
CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in
"TextSearch" in WackoWiki ...)
NOT-FOR-US: WackoWiki
CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when
...)
@@ -18782,9 +18788,9 @@
CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01,
when ...)
NOT-FOR-US: Nortel Contivity VPN client
CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not
properly ...)
- NOT-FOR-US: ripMIME
+ NOT-FOR-US: ripMIME
CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass
e-mail ...)
- NOT-FOR-US: ripMIME
+ NOT-FOR-US: ripMIME
CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server
(PWS) ...)
NOT-FOR-US: Pegasi Web Server
CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS)
0.2.2 ...)
@@ -18885,9 +18891,9 @@
CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before
SP1 ...)
NOT-FOR-US: Microsoft
CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System
1.1 ...)
- NOT-FOR-US: ilyav Survey System
+ NOT-FOR-US: ilyav Survey System
CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1
and ...)
- NOT-FOR-US: ilyav Survey System
+ NOT-FOR-US: ilyav Survey System
CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca
...)
NOT-FOR-US: Orca Knowledgebase
CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and
earlier ...)
@@ -18936,7 +18942,7 @@
CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote
attackers ...)
NOT-FOR-US: Babe Logger
CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows
remote ...)
- NOT-FOR-US: PBLang
+ NOT-FOR-US: PBLang
CVE-2005-3918 (** DISPUTED ** ...)
NOT-FOR-US: OvBB
CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals
2.0 ...)
@@ -18948,7 +18954,7 @@
CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4
allow ...)
NOT-FOR-US: AFFcommerce
CVE-2005-3913 (Unspecified vulnerability in the domain alias management in
Virtual ...)
- NOT-FOR-US: Virtual Hosting Control System
+ NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in
Webmin ...)
{DSA-1199-1}
- webmin <not-affected> (Fixed through corrected Perl)
@@ -18972,11 +18978,11 @@
CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4
allows ...)
NOT-FOR-US: SCO Unixware
CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in
gui/errordocs/index.php in ...)
- NOT-FOR-US: Virtual Hosting Control System
+ NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not
...)
NOT-FOR-US: Flash MX
CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server
does 5.1 ...)
- NOT-FOR-US: Macromedia Breeze
+ NOT-FOR-US: Macromedia Breeze
CVE-2005-3899 (The automatic update feature in Google Talk allows remote
attackers to ...)
NOT-FOR-US: Google Talk
CVE-2005-3898
@@ -19011,7 +19017,7 @@
CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in
...)
NOT-FOR-US: Gadu-Gadu
CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0
and ...)
- NOT-FOR-US: Cisco Security Agent
+ NOT-FOR-US: Cisco Security Agent
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape
before ...)
{DSA-916-1}
- inkscape 0.42-1 (bug #321501; low)
@@ -19112,7 +19118,7 @@
CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO
Supportdesk ...)
NOT-FOR-US: SupportPRO Supportdesk
CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft
...)
- NOT-FOR-US: IsolSoft Support Center
+ NOT-FOR-US: IsolSoft Support Center
CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in
...)
NOT-FOR-US: sCssBoard
CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows
remote ...)
@@ -19156,7 +19162,7 @@
CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host
Directory ...)
NOT-FOR-US: Softbiz Web Host Directory
CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum
1.1 ...)
- NOT-FOR-US: freeForum
+ NOT-FOR-US: freeForum
CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and
...)
NOT-FOR-US: Orca Forum
CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC
Pro ...)
@@ -19166,7 +19172,7 @@
CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a
denial of ...)
NOT-FOR-US: freeFTPd
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX
Magic ...)
- NOT-FOR-US: AMAX Magic Winmail Server
+ NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux
kernels ...)
{DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.14-1 (medium)
@@ -19201,11 +19207,11 @@
CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in
...)
NOT-FOR-US: PHP-Nuke
CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds
2.0.6 ...)
- NOT-FOR-US: phpAdsNew and phpPgAds
+ NOT-FOR-US: phpAdsNew and phpPgAds
CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOT-FOR-US: phpwcms
+ NOT-FOR-US: phpwcms
CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5
allow ...)
- NOT-FOR-US: phpwcms
+ NOT-FOR-US: phpwcms
CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA)
7.0(0), ...)
NOT-FOR-US: Cisco appliance
CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
@@ -19314,9 +19320,9 @@
- x-face-el 1.3.6.23-1
NOTE: DSA-340
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows
attackers to ...)
- NOT-FOR-US: Solaris
+ NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers
to ...)
- NOT-FOR-US: IPUpdate
+ NOT-FOR-US: IPUpdate
CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and
11.23 ...)
NOT-FOR-US: HP-UX
CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0
PR2 Rev ...)
@@ -19358,7 +19364,7 @@
CVE-2005-3760 (Double-free vulnerability in the BBOORB module in IBM WebSphere
...)
NOT-FOR-US: WebSphere
CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search
...)
- NOT-FOR-US: Google search appliance
+ NOT-FOR-US: Google search appliance
CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and
possibly ...)
NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour
NOTE: is well documented and can be switched off. Let''s hope that all
users
@@ -19367,11 +19373,11 @@
- ooo2dbk <not-affected> (uses it''s own xslt unless overridden
by command line arg)
TODO: check zope-zms (stef-guest: pinged maintainers)
CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search
Appliance, ...)
- NOT-FOR-US: Google search appliance
+ NOT-FOR-US: Google search appliance
CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search
Appliance, and ...)
- NOT-FOR-US: Google search appliance
+ NOT-FOR-US: Google search appliance
CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search
...)
- NOT-FOR-US: Google search appliance
+ NOT-FOR-US: Google search appliance
CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote
attackers to ...)
NOT-FOR-US: Opera
CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in
the diagela command ...)
@@ -19409,12 +19415,12 @@
CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add
content" page in ...)
NOT-FOR-US: phpMyFAQ
CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in
Juniper ...)
- NOT-FOR-US: Juniper products using IKE
+ NOT-FOR-US: Juniper products using IKE
CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
{DSA-965-1}
- ipsec-tools 1:0.6.3-1 (bug #340584; low)
CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain
...)
- NOT-FOR-US: AMAX Magic Winmail
+ NOT-FOR-US: AMAX Magic Winmail
CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow
remote ...)
- isoqlog 2.2-0.1
CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties
and ...)
@@ -19432,7 +19438,7 @@
CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain
sensitive ...)
NOT-FOR-US: Serena TeamTrack
CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business
...)
- NOT-FOR-US: Leigh Business Enterprises
+ NOT-FOR-US: Leigh Business Enterprises
CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software
Sciences ...)
NOT-FOR-US: ISS Web+Center
CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that
permits ...)
@@ -19466,7 +19472,7 @@
{DSA-907-1}
- ipmenu 0.0.3-5
CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown
impact and ...)
- NOT-FOR-US: yaSSL
+ NOT-FOR-US: yaSSL
CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Revize CMS
CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to
obtain ...)
@@ -19517,9 +19523,9 @@
CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail
Server ...)
NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3691 (Directory traversal vulnerability in the IMAP service
(meimaps.exe) of ...)
- NOT-FOR-US: MailEnable Professional
+ NOT-FOR-US: MailEnable Professional
CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of
...)
- NOT-FOR-US: MailEnable Professional
+ NOT-FOR-US: MailEnable Professional
CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the ...)
NOT-FOR-US: XMB
CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB
1.9.3 ...)
@@ -19730,7 +19736,7 @@
CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions
allows ...)
NOT-FOR-US: phpAdsNews
CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft
Windows ...)
- NOT-FOR-US: Windows
+ NOT-FOR-US: Windows
CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File
Sharing ...)
NOT-FOR-US: DB2
CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with
Simple ...)
@@ -19957,14 +19963,14 @@
CVE-2005-3562
REJECTED
CVE-2005-3561 ( ...)
- NOT-FOR-US: ATutor
+ NOT-FOR-US: ATutor
CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security
Suite ...)
NOT-FOR-US: Zone Labs
CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9
...)
{DSA-1048-1}
- asterisk 1:1.2.7.1.dfsg-2 (bug #338116; medium)
CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows
...)
- NOT-FOR-US: OSTE
+ NOT-FOR-US: OSTE
CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in
PHPlist ...)
NOT-FOR-US: PHPList
CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist
2.10.1 ...)
@@ -20109,9 +20115,9 @@
CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in
...)
NOT-FOR-US: FlatFrag
CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus
Video ...)
- NOT-FOR-US: Asus Video Security
+ NOT-FOR-US: Asus Video Security
CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when
using ...)
- NOT-FOR-US: Asus Video Security
+ NOT-FOR-US: Asus Video Security
CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to
cause a ...)
- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier
allow ...)
@@ -20139,7 +20145,7 @@
CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1
allows ...)
NOT-FOR-US: OpenTopic
CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another
Bulletin ...)
- NOT-FOR-US: YaBB
+ NOT-FOR-US: YaBB
CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user
PIN''s ...)
NOT-FOR-US: NetTelephone
CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to
cause a ...)
@@ -20159,7 +20165,7 @@
CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp,
(2) ...)
NOT-FOR-US: a.shopKart
CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of
service ...)
- NOT-FOR-US: GuildFTPd
+ NOT-FOR-US: GuildFTPd
CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer
2.92 ...)
NOT-FOR-US: EServer
CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages
in the ...)
@@ -20187,7 +20193,7 @@
CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to
execute ...)
NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1253 (Bookmark4U 1.8.3 allows remote attackers to execute arbitrary
PHP code ...)
- NOT-FOR-US: Bookmark4U
+ NOT-FOR-US: Bookmark4U
CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute
...)
NOT-FOR-US: S8Forum
CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3)
mass_operations.inc.php ...)
@@ -20446,7 +20452,7 @@
CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to
cause a ...)
NOT-FOR-US: Hasbani Web Server
CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software
hides any ...)
- NOT-FOR-US: XCP DRM
+ NOT-FOR-US: XCP DRM
CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple
PHP Blog ...)
NOT-FOR-US: Simple PHP Blog
CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications
Express ...)
@@ -20852,7 +20858,7 @@
- php4 4:4.4.2-1 (bug #336004; bug #354684; low)
- php5 5.1.1-1 (bug #336005; low)
[sarge] - php4 <not-affected>
- NOTE: can''t reproduce, error may not be present in 4.3.
+ NOTE: can''t reproduce, error may not be present in 4.3.
NOTE: tentatively marking as not-affected in sarge.
CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib
...)
{DSA-886-1}
@@ -20892,7 +20898,7 @@
{DSA-887-1 DTSA-21-1}
- clamav 0.87.1-1 (high)
CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data
ONTAP ...)
- NOT-FOR-US: NetCache
+ NOT-FOR-US: NetCache
CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple
...)
NOT-FOR-US: phpCodeGenie
CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown
...)
@@ -21362,7 +21368,7 @@
CVE-2005-XXXX [Missing safemode checks in PHP''s _php_image_output
functions]
- php5 5.0.5-2 (low)
- php4 4:4.4.0-3 (low)
- [sarge] - php4 <no-dsa> (Safe mode violations not supported)
+ [sarge] - php4 <no-dsa> (Safe mode violations not supported)
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and
earlier does ...)
{DSA-1017-1}
- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
@@ -21407,7 +21413,7 @@
CVE-2005-3166 (Unspecified vulnerability in "edit submission
handling" for MediaWiki ...)
- mediawiki 1.4.11-1 (bug #332408; unknown)
CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki
...)
- - mediawiki 1.4.9
+ - mediawiki 1.4.9
CVE-2005-3164 (Hitachi Cosminexus Application Server does not properly handle
when a ...)
NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows
attackers ...)
@@ -22789,9 +22795,9 @@
CVE-2005-2639 (Buffer overflow in Chris Moneymaker''s World Poker
Championship 1.0 ...)
NOT-FOR-US: World Poker Championship
CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPFreeNews ...)
- NOT-FOR-US: PHPFreeNews
+ NOT-FOR-US: PHPFreeNews
CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and
earlier ...)
- NOT-FOR-US: PHPFreeNews
+ NOT-FOR-US: PHPFreeNews
CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in
phpAdsNew ...)
- phpadsnew <itp> (bug #226636)
CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and
phpPgAds ...)
@@ -22799,7 +22805,7 @@
CVE-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to
Screen" feature ...)
NOT-FOR-US: WinFTP Server
CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php,
(2) ...)
- NOT-FOR-US: PHPTB Topic Board
+ NOT-FOR-US: PHPTB Topic Board
CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in
...)
- mediabox404 <itp> (bug #294397)
CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and
3.5.0 to ...)
@@ -22823,19 +22829,19 @@
CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar
2.0.114.1 ...)
NOT-FOR-US: Google Toolbar
CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote
attackers ...)
- NOT-FOR-US: PHPNews
+ NOT-FOR-US: PHPNews
CVE-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite
arbitrary ...)
- wmfrog <itp> (bug #294352)
CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to
cause a ...)
NOT-FOR-US: Outpost Pro
CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in
QuoteEngine ...)
- NOT-FOR-US: QuoteEngine
+ NOT-FOR-US: QuoteEngine
CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown
impact ...)
- NOT-FOR-US: MadBMS
+ NOT-FOR-US: MadBMS
CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for
phpScheduleIt ...)
- NOT-FOR-US: phpScheduleIt
+ NOT-FOR-US: phpScheduleIt
CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and
...)
- NOT-FOR-US: SillySearch
+ NOT-FOR-US: SillySearch
CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add
a ...)
NOT-FOR-US: Easy Chat Server
CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to
cause a ...)
@@ -22923,15 +22929,15 @@
CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX
control ...)
NOT-FOR-US: ADM ActiveX control
CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a
denial of ...)
- NOT-FOR-US: WinAgents TFTP Server
+ NOT-FOR-US: WinAgents TFTP Server
CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer
0.1.2 ...)
- NOT-FOR-US: ignitionServer
+ NOT-FOR-US: ignitionServer
CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does
not ...)
NOT-FOR-US: Trend OfficeScan
CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in
EnderUNIX ...)
NOT-FOR-US: EnderUNIX spamGuard
CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web
document ...)
- NOT-FOR-US: WWWguestbook
+ NOT-FOR-US: WWWguestbook
CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and
...)
NOT-FOR-US: Axis Network Camera
CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40
and ...)
@@ -22953,11 +22959,11 @@
CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users
to ...)
NOT-FOR-US: slimftpd not in debian
CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and
earlier ...)
- NOT-FOR-US: smtp.proxy
+ NOT-FOR-US: smtp.proxy
CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows
remote ...)
- NOT-FOR-US: ccproxy
+ NOT-FOR-US: ccproxy
CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of
service ...)
- NOT-FOR-US: Davenport
+ NOT-FOR-US: Davenport
CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using
the ...)
NOT-FOR-US: Novell NetWare
CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through
5.0 ...)
@@ -23244,7 +23250,7 @@
CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote
...)
NOT-FOR-US: Leif M. Wright Web Blog
CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web
...)
- NOT-FOR-US: Forum Web Server
+ NOT-FOR-US: Forum Web Server
CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server
9.0.1.4, ...)
NOT-FOR-US: Oracle
CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec
...)
@@ -23280,7 +23286,7 @@
CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to
execute ...)
NOT-FOR-US: Kerio Personal Firewal
CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote
attackers ...)
- NOT-FOR-US: Clearswift MAILsweeper
+ NOT-FOR-US: Clearswift MAILsweeper
CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Vizer
CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance
before ...)
@@ -23758,7 +23764,7 @@
{DSA-813-1 DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- centericq 4.20.0-9 (bug #323185; medium)
- [sarge] - ekg <not-affected>
+ [sarge] - ekg <not-affected>
NOTE: I checked the ekg source from Sarge and all fixes from the centericq DSA
813
NOTE: are already included.
CVE-2005-2447
@@ -25426,7 +25432,7 @@
- clamav 0.86.1-1 (bug #318756; medium)
CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and
RealOne ...)
NOT-FOR-US: Affected only Real Player, not Helix Player
- NOTE: http://service.real.com/help/faq/security/050623_player/EN/
+ NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5
(6.0.12.1040-1069) and ...)
NOT-FOR-US: Real Player
NOTE: This didn''t affected Helix, although the changelog claimed so,
see
@@ -26300,7 +26306,7 @@
CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4
allows ...)
- libpam-opie <unfixed> (bug #112279; unimportant)
NOTE: This is documented and not really important. In contrast to passwords
- NOTE: used by humans
+ NOTE: used by humans
[sarge] - libpam-opie <no-dsa> (Documented shortcoming, minor impact)
CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2
...)
NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
@@ -26444,7 +26450,7 @@
CVE-2005-1919
REJECTED
CVE-2005-1918 (The original patch for a GNU tar directory traversal
vulnerability ...)
- - tar 1.14-2.2
+ - tar 1.14-2.2
NOTE: 1.14-2.2 is ok, maybe Debian was not-affected anyway
CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and
overwrite ...)
NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is
not the same one
@@ -27538,7 +27544,7 @@
CVE-2005-XXXX [vpnc: config file path security hole]
- vpnc 0.3.2+SVN20050326-2
CVE-2005-XXXX [Several buffer overflows in termpkg]
- - termpkg 3.3-2
+ - termpkg 3.3-2
CVE-2005-XXXX [Integer overflow in binutils'' ELF parsing]
NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but
it''s
NOTE: already fixed since 2.15-6
@@ -27872,7 +27878,7 @@
CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in
common.c ...)
- cherokee 0.4.21b01-1
CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote
attackers to ...)
- NOT-FOR-US: Kinesphere eXchange POP3
+ NOT-FOR-US: Kinesphere eXchange POP3
CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to
cause a ...)
NOT-FOR-US: Eudora
CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in
phpBB ...)
@@ -28860,9 +28866,9 @@
[sarge] - kernel-source-2.4.27 2.4.27-10
NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial
of ...)
- - gaim 1:1.2.1-1.1
+ - gaim 1:1.2.1-1.1
CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim
before ...)
- - gaim 1:1.2.1-1.1
+ - gaim 1:1.2.1-1.1
CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard
drive ...)
{DSA-741-1}
- bzip2 1.0.2-7
@@ -29775,7 +29781,7 @@
CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and
earlier, ...)
NOT-FOR-US: Adobe SVG Viewer
CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for
...)
- NOT-FOR-US: EncapsBB
+ NOT-FOR-US: EncapsBB
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64
architectures with ...)
- kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 <not-affected>
@@ -29985,7 +29991,7 @@
CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in
PHPOpenChat ...)
NOT-FOR-US: PHPOpenChat
CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow
...)
- NOT-FOR-US: Delegate
+ NOT-FOR-US: Delegate
CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0
allows ...)
NOT-FOR-US: TRG News Script
CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows
...)
@@ -30098,9 +30104,9 @@
CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x
before ...)
- mathopd 1.5p5-1
CVE-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root
...)
- NOT-FOR-US: Cherokee
+ NOT-FOR-US: Cherokee
CVE-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows
remote ...)
- NOT-FOR-US: Cherokee
+ NOT-FOR-US: Cherokee
CVE-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1
4.1 ...)
NOT-FOR-US: Nokia Firewall appliances
CVE-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which
allows ...)
@@ -30185,31 +30191,31 @@
CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes
...)
NOT-FOR-US: Hola CMS
CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect
installation ...)
- NOT-FOR-US: ZPanel
+ NOT-FOR-US: ZPanel
CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel
allows ...)
- NOT-FOR-US: ZPanel
+ NOT-FOR-US: ZPanel
CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote
attackers to ...)
- NOT-FOR-US: ZPanel
+ NOT-FOR-US: ZPanel
CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in
phpAdsNew ...)
- NOT-FOR-US: phpAdsNew
+ NOT-FOR-US: phpAdsNew
CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
- NOT-FOR-US: phpAdsNew
+ NOT-FOR-US: phpAdsNew
CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows
remote ...)
- NOT-FOR-US: SimpGB
+ NOT-FOR-US: SimpGB
CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in
YaBB ...)
- NOT-FOR-US: YaBB
+ NOT-FOR-US: YaBB
CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum
before ...)
- NOT-FOR-US: Phorum
+ NOT-FOR-US: Phorum
CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before
5.0.14a ...)
- NOT-FOR-US: Phorum
+ NOT-FOR-US: Phorum
CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and
(2) ...)
- NOT-FOR-US: paFileDB
+ NOT-FOR-US: paFileDB
CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2)
category.php in ...)
- NOT-FOR-US: paFileDB
+ NOT-FOR-US: paFileDB
CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain
sensitive ...)
- NOT-FOR-US: paFileDB
+ NOT-FOR-US: paFileDB
CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote
...)
- NOT-FOR-US: PlatinumFTP
+ NOT-FOR-US: PlatinumFTP
CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded
file is ...)
NOT-FOR-US: PhotoPost
CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost
PHP ...)
@@ -30293,7 +30299,7 @@
CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the
Adobe ...)
NOT-FOR-US: Adobe PhotoDeluxe
CVE-2001-1423 (Advanced Poll before 1.61, when using a flat file database,
allows ...)
- NOT-FOR-US: Advanced Poll
+ NOT-FOR-US: Advanced Poll
CVE-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for
...)
NOT-FOR-US: WinVNC
CVE-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote
attackers to ...)
@@ -30314,7 +30320,7 @@
CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
- omniorb4 4.0.5-2
CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through
4.6.0 ...)
- NOT-FOR-US: not part of Woody, has been removed from sarge/sid
+ NOT-FOR-US: not part of Woody, has been removed from sarge/sid
CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read
arbitrary ...)
NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of
stable
CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable
...)
@@ -30581,13 +30587,13 @@
CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote
...)
NOT-FOR-US: JoWood Chaser (for Windows)
CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for
...)
- NOT-FOR-US: PHP-Fusion
+ NOT-FOR-US: PHP-Fusion
CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for ...)
- NOT-FOR-US: SocialMPN
+ NOT-FOR-US: SocialMPN
CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the
control ...)
NOT-FOR-US: Gene6 FTP Server for Win
CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute
...)
- NOT-FOR-US: The Includer
+ NOT-FOR-US: The Includer
CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned
off, ...)
NOT-FOR-US: Windows
CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote
attackers ...)
@@ -30605,19 +30611,19 @@
CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: Nokia
CVE-2005-0680 (PHP remote file inclusion vulnerability in ...)
- NOT-FOR-US: Download Center Lite
+ NOT-FOR-US: Download Center Lite
CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php
for ...)
- NOT-FOR-US: Tell A Friend Script
+ NOT-FOR-US: Tell A Friend Script
CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for
Form ...)
- NOT-FOR-US: Form Mail Script
+ NOT-FOR-US: Form Mail Script
CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform
certain ...)
- NOT-FOR-US: Zorum
+ NOT-FOR-US: Zorum
CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL
...)
- NOT-FOR-US: Zorum
+ NOT-FOR-US: Zorum
CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum
3.5 ...)
- NOT-FOR-US: Zorum
+ NOT-FOR-US: Zorum
CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for
paBox ...)
- NOT-FOR-US: Pabox for PHPNuke
+ NOT-FOR-US: Pabox for PHPNuke
CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php
for ...)
- phpbb2 2.0.13-2
CVE-2005-0672 (Carsten''s 3D Engine (Ca3DE), March 2004 version and
earlier, allows ...)
@@ -30721,9 +30727,9 @@
CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security
products ...)
NOT-FOR-US: Symantec DNSd
CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the
full ...)
- NOT-FOR-US: Zorum
+ NOT-FOR-US: Zorum
CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum
3.4 ...)
- NOT-FOR-US: Zorum
+ NOT-FOR-US: Zorum
CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using
the ...)
- squid 2.5.9-2
CVE-2005-0940
@@ -31345,7 +31351,7 @@
- lynx-cur 2.8.6-6 (low)
- lynx-ssl <removed>
CVE-2004-1616 (Links allows remote attackers to cause a denial of service
(memory ...)
- - links 0.99+1.00pre12-1 (bug #296341; low)
+ - links 0.99+1.00pre12-1 (bug #296341; low)
CVE-2004-1615 (Opera allows remote attackers to cause a denial of service
(invalid ...)
NOT-FOR-US: Opera
CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service
...)
@@ -31569,7 +31575,7 @@
CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade
module for ...)
NOT-FOR-US: Invision Power Board
CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for
the Cash ...)
- NOT-FOR-US: Cash Mod module of phpbb2
+ NOT-FOR-US: Cash Mod module of phpbb2
CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking
enabled, ...)
NOT-FOR-US: ZoneAlarm
CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier
...)
@@ -31666,7 +31672,7 @@
NOT-FOR-US: MercuryBoard
CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows
remote ...)
- phpmyadmin 4:2.6.2 (unimportant)
- NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> :
+ NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> :
NOTE: I think it is not a problem on Debian as far as everybody knows the full
NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in
...)
@@ -31917,7 +31923,7 @@
CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped
Sequence ...)
- linux-2.6 <not-affected> (Linux is not vulnerable, see #310804)
- kernel-source-2.4.27 <not-affected> (Linux is not vulnerable, see
#310804)
- - kfreebsd5-source 5.3-15 (medium)
+ - kfreebsd5-source 5.3-15 (medium)
CVE-2005-0355
RESERVED
CVE-2005-0354
@@ -32035,7 +32041,7 @@
CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME
viewer in ...)
- imp3 3.2.5-1
CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI
interpreter in ...)
- NOT-FOR-US: db2www
+ NOT-FOR-US: db2www
CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board
Power ...)
NOT-FOR-US: Board Power
CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in
PuTTY ...)
@@ -32443,7 +32449,7 @@
CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local
users ...)
NOT-FOR-US: AIX
CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail
allows ...)
- NOT-FOR-US: S/MIME plugin
+ NOT-FOR-US: S/MIME plugin
CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows
remote ...)
NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
- epiphany-browser 1.4.8-2
@@ -32466,7 +32472,7 @@
- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an
executable file ...)
NOTE: I don''t know if this could work under Linux, anything I drag on
the Desktop from firefox is convert to a Link
- NOTE: "when it has an image/gif content type but has a dangerous
extension such as .bat or .exe, allows remote attackers
+ NOTE: "when it has an image/gif content type but has a dangerous
extension such as .bat or .exe, allows remote attackers
NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by
the Windows batch file parser
NOTE: any interpretor would require the file to be +x to execute it and then
would spit if handed a GIF
NOTE: < vorlon> hacim: it''s specific to Windows, home to the
dumbest interpreter on the planet.
@@ -32495,7 +32501,7 @@
CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery
...)
- gallery 1.4.4-pl5-1
CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community
Blog ...)
- NOT-FOR-US: Invision Community Blog
+ NOT-FOR-US: Invision Community Blog
CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in
Woltlab ...)
NOT-FOR-US: Woltlab Burning Board Lite
CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers
to ...)
@@ -32575,9 +32581,9 @@
CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00
allows ...)
NOT-FOR-US: NodeManager Professional
CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation
plugin ...)
- NOT-FOR-US: vacation plugin
+ NOT-FOR-US: vacation plugin
CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail
...)
- NOT-FOR-US: vacation plugin
+ NOT-FOR-US: vacation plugin
CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates
temporary ...)
NOT-FOR-US: mod_dosevasive module for apache
CVE-2005-0181
@@ -33052,7 +33058,7 @@
CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris
7 ...)
NOT-FOR-US: Solaris
CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server
...)
- NOT-FOR-US: Sun Java System Web Proxy Server
+ NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force
flags, ...)
- gzip <not-affected> (gzip on Solaris)
CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote
attackers ...)
@@ -34396,7 +34402,7 @@
RESERVED
CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute
...)
{DSA-611-1}
- - htget <removed>
+ - htget <removed>
CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct
before ...)
{DSA-559-1}
- net-acct 0.71-7
@@ -34590,7 +34596,7 @@
CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as
used in ...)
NOT-FOR-US: Windows
CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3
for ...)
- NOT-FOR-US: Real Helix server
+ NOT-FOR-US: Real Helix server
CVE-2004-0773
RESERVED
CVE-2004-0772 (Double-free vulnerabilities in error handling code in krb524d
for MIT ...)
@@ -34861,9 +34867,9 @@
NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
- kernel-patch-adamantix 1.6
CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6
...)
- NOT-FOR-US: popclient
+ NOT-FOR-US: popclient
CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive
...)
- NOT-FOR-US: csFAQ
+ NOT-FOR-US: csFAQ
CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal
1.x ...)
NOT-FOR-US: PowerPortal
CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in
PowerPortal ...)
@@ -35084,7 +35090,7 @@
CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other
versions ...)
NOT-FOR-US: Wingate
CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled
with the ...)
- NOT-FOR-US: GNU radius
+ NOT-FOR-US: GNU radius
CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP,
Windows XP ...)
NOT-FOR-US: Windows
CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft
...)
@@ -35142,7 +35148,7 @@
- queue 1.30.1-5
CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause
a ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- - kernel-source-2.4.27 2.4.27-1
+ - kernel-source-2.4.27 2.4.27-1
- linux-2.6 2.6.12-1 (bug #261521)
CVE-2004-0553
RESERVED
@@ -35709,7 +35715,7 @@
CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows
remote ...)
NOT-FOR-US: Online Store Kit
CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a
denial ...)
- NOT-FOR-US: smallftpd;
+ NOT-FOR-US: smallftpd;
CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: CesarFTP; Win32
CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to
cause a ...)
@@ -35717,17 +35723,17 @@
CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to
cause a ...)
NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user
exists ...)
- NOT-FOR-US: yabb;
+ NOT-FOR-US: yabb;
CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows
remote ...)
- NOT-FOR-US: ShopCartCGI 2.3;
+ NOT-FOR-US: ShopCartCGI 2.3;
CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows
remote ...)
NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and
1.5.5 ...)
- NOT-FOR-US: YaBB;
+ NOT-FOR-US: YaBB;
CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote
game ...)
- NOT-FOR-US: Purge Jihad;
+ NOT-FOR-US: Purge Jihad;
CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local
users to ...)
- NOT-FOR-US: SignatureDB;
+ NOT-FOR-US: SignatureDB;
CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch
3.2.13 ...)
- mnogosearch 3.2.18
NOTE: it''s not quite clear which version exactly fixes the problem;
@@ -35736,57 +35742,57 @@
NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2)
NOTE: and I can confirm the buffer overflow is fixed there
CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to
cause a ...)
- NOT-FOR-US: Xlight FTP server 1.52;
+ NOT-FOR-US: Xlight FTP server 1.52;
CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote
...)
- NOT-FOR-US: RobotFTP;
+ NOT-FOR-US: RobotFTP;
CVE-2004-0285 (PHP remote file inclusion vulnerabilities in
include/footer.inc.php in ...)
- NOT-FOR-US: PHP scripts
+ NOT-FOR-US: PHP scripts
CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003
allow ...)
NOT-FOR-US: MSIE bugs
CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files
via a ...)
- NOT-FOR-US: mailmgr;
+ NOT-FOR-US: mailmgr;
CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial
of ...)
- NOT-FOR-US: Crob FTP;
+ NOT-FOR-US: Crob FTP;
CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain
...)
- NOT-FOR-US: Caucho Technology Resin;
+ NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view
JSP ...)
- NOT-FOR-US: Caucho Technology Resin;
+ NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite
arbitrary ...)
- NOT-FOR-US: AIMSniff;
+ NOT-FOR-US: AIMSniff;
CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track
Racing, ...)
- NOT-FOR-US: Ratbag game engine;
+ NOT-FOR-US: Ratbag game engine;
CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote
attackers ...)
- NOT-FOR-US: Dream FTP;
+ NOT-FOR-US: Dream FTP;
CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates
3.2 ...)
- NOT-FOR-US: BosDates;
+ NOT-FOR-US: BosDates;
CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote
attackers to ...)
- NOT-FOR-US: MaxWebPortal;
+ NOT-FOR-US: MaxWebPortal;
CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in
MaxWebPortal ...)
- NOT-FOR-US: MaxWebPortal;
+ NOT-FOR-US: MaxWebPortal;
CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and
possibly ...)
- NOT-FOR-US: PHP-Nuke;
+ NOT-FOR-US: PHP-Nuke;
CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow
remote ...)
- NOT-FOR-US: EvolutionX;
+ NOT-FOR-US: EvolutionX;
CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in
eTrust ...)
- NOT-FOR-US: eTrust InoculateIT;
+ NOT-FOR-US: eTrust InoculateIT;
CVE-2004-0266 (SQL injection vulnerability in the "public
message" capability ...)
- NOT-FOR-US: PHP-Nuke;
+ NOT-FOR-US: PHP-Nuke;
CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for
Php-Nuke ...)
- NOT-FOR-US: PHP-Nuke;
+ NOT-FOR-US: PHP-Nuke;
CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial
of ...)
NOT-FOR-US: PalmOS
CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client
...)
- NOT-FOR-US: The Palace;
+ NOT-FOR-US: The Palace;
CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite
contains ...)
- NOT-FOR-US: CactuShop;
+ NOT-FOR-US: CactuShop;
CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier
allows ...)
- NOT-FOR-US: formmail.php;
+ NOT-FOR-US: formmail.php;
CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0,
...)
NOT-FOR-US: RealPlayer
CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers
to ...)
- NOT-FOR-US: Xlight;
+ NOT-FOR-US: Xlight;
CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x
and 3.x ...)
- NOT-FOR-US: Discuz;
+ NOT-FOR-US: Discuz;
CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers
to ...)
NOT-FOR-US: IBM Cloudscape
CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a
denial of ...)
@@ -36845,21 +36851,21 @@
CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable
temporary ...)
- libapache-gallery-perl 0.7
CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does
not ...)
- NOT-FOR-US: IkonBoard
+ NOT-FOR-US: IkonBoard
CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front
...)
NOT-FOR-US: ICQ Web Front
CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the
Cross-Site ...)
NOT-FOR-US: microsoft
CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and
earlier, ...)
- NOT-FOR-US: RogerWilco
+ NOT-FOR-US: RogerWilco
CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5,
and ...)
NOT-FOR-US: ftp desktop (windows)
CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91,
...)
NOT-FOR-US: winamp
CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to
obtain ...)
- NOT-FOR-US: Escapade Scripting Engine (ESP
+ NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting
Engine ...)
- NOT-FOR-US: Escapade Scripting Engine (ESP
+ NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb
2.5 ...)
NOT-FOR-US: foxweb
CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session
...)
@@ -36873,19 +36879,19 @@
CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote
attackers ...)
NOT-FOR-US: check point firewall
CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in
SiteBuilder ...)
- NOT-FOR-US: sitebuilder
+ NOT-FOR-US: sitebuilder
CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier
allows ...)
- NOT-FOR-US: gtkftpd
+ NOT-FOR-US: gtkftpd
CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to
bypass ...)
- NOT-FOR-US: newsPHP
+ NOT-FOR-US: newsPHP
CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to
read ...)
- NOT-FOR-US: newsPHP
+ NOT-FOR-US: newsPHP
CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and
...)
- NOT-FOR-US: AttilaPHP
+ NOT-FOR-US: AttilaPHP
CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2
and ...)
- NOT-FOR-US: PY-Membres
+ NOT-FOR-US: PY-Membres
CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers
to ...)
- NOT-FOR-US: PY-Membres
+ NOT-FOR-US: PY-Membres
CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP
Internet ...)
NOT-FOR-US: SAP
CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet
...)
@@ -36911,13 +36917,13 @@
CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier,
allows ...)
NOT-FOR-US: VMware
CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows
remote ...)
- NOT-FOR-US: phpWebSite
+ NOT-FOR-US: phpWebSite
CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows
remote ...)
- NOT-FOR-US: phpWebSite
+ NOT-FOR-US: phpWebSite
CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in
phpWebSite ...)
- NOT-FOR-US: phpWebSite
+ NOT-FOR-US: phpWebSite
CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite
0.9.x ...)
- NOT-FOR-US: phpWebSite
+ NOT-FOR-US: phpWebSite
CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap
before ...)
- libpam-ldap 164-1
- libnss-ldap 207-1
@@ -37527,7 +37533,7 @@
CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL
pad the ...)
- linux-2.6 <not-affected> (Generic C version fixed in 2.6.x)
NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
- NOTE: arch specific asm versions:
+ NOTE: arch specific asm versions:
NOTE: x86 is not affected
NOTE: ppc32 fixed in 2.4.22-rc4
NOTE: not an issue on alpha, see bug #280492
@@ -37661,7 +37667,7 @@
CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows
remote ...)
NOT-FOR-US: Son hServer
CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for
Bandmin 1.4 ...)
- NOT-FOR-US: bandmin;
+ NOT-FOR-US: bandmin;
CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a
denial ...)
NOT-FOR-US: Remote PC Access
CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows
2000/XP ...)
@@ -37677,7 +37683,7 @@
CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote
...)
NOT-FOR-US: BRS WebWeaver
CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly
other ...)
- NOT-FOR-US: Uptimes Project upclient;
+ NOT-FOR-US: Uptimes Project upclient;
CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4
allows ...)
- gbatnav 1.0.4-4
CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the
...)
@@ -37968,7 +37974,7 @@
CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5,
and ...)
- firebird2 1.5.1-1 (bug #251458)
CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP
CMailServer ...)
- NOT-FOR-US: SMTP Service for ESMTP CMailServer
+ NOT-FOR-US: SMTP Service for ESMTP CMailServer
CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module
for ...)
NOT-FOR-US: PHP-Nuke
CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in
...)
@@ -38520,7 +38526,7 @@
CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal
...)
NOT-FOR-US: microsoft
CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of
...)
- - stunnel4 4.04-1
+ - stunnel4 4.04-1
- stunnel 2:3.24-1
CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual
...)
{DSA-396}
@@ -39271,7 +39277,7 @@
CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system
...)
NOT-FOR-US: BlackICE Agent
CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another
...)
- NOT-FOR-US: YaBB
+ NOT-FOR-US: YaBB
CVE-2002-0954 (The encryption algorithms for enable and passwd commands on
Cisco PIX ...)
NOT-FOR-US: Cisco
CVE-2002-0951 (SQL injection vulnerability in Ruslan
<Body>Builder allows remote ...)
@@ -39293,25 +39299,25 @@
CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use
Operator ...)
NOT-FOR-US: nCipher MSCAPI
CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page
owners to ...)
- NOT-FOR-US: JRun
+ NOT-FOR-US: JRun
CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page
owners to ...)
- tomcat 3.2.3-1
CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2
(typically ...)
- NOT-FOR-US: Jon Hedley AlienForm2
+ NOT-FOR-US: Jon Hedley AlienForm2
CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and
passwords ...)
NOT-FOR-US: Datalex PLC BooktIt Consumer
CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk
20020509, and ...)
- NOT-FOR-US: MyHelpDesk
+ NOT-FOR-US: MyHelpDesk
CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and
...)
- NOT-FOR-US: MyHelpDesk
+ NOT-FOR-US: MyHelpDesk
CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware
6.0 ...)
NOT-FOR-US: Netware
CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow
remote ...)
NOT-FOR-US: Netware
CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote
attackers to ...)
- NOT-FOR-US: pirch
+ NOT-FOR-US: pirch
CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research
webMathematica ...)
- NOT-FOR-US: webMathematica
+ NOT-FOR-US: webMathematica
CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote
...)
NOT-FOR-US: mmftpd not in Debian anymore
CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to
execute ...)
@@ -39333,27 +39339,27 @@
CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users
to ...)
NOT-FOR-US: Xandros specific tool
CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP
client ...)
- NOT-FOR-US: Slurp NNTP
+ NOT-FOR-US: Slurp NNTP
CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other
...)
NOTE: DSA-129
CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS
servers ...)
NOTE: netstd
CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a
remote ...)
- NOT-FOR-US: mnews
+ NOT-FOR-US: mnews
CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco
IDS ...)
NOT-FOR-US: Cisco
CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before
1.8.12 ...)
- NOT-FOR-US: SHOUTcast
+ NOT-FOR-US: SHOUTcast
CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local
users to ...)
NOT-FOR-US: Informix
CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a
small ...)
- NOT-FOR-US: wbboard
+ NOT-FOR-US: wbboard
CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2)
allows ...)
- phpbb2 2.0.6c-1
CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network
Disk ...)
- amanda 2.4.0b6-1
CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers
to ...)
- NOT-FOR-US: Falcon
+ NOT-FOR-US: Falcon
CVE-2002-0896 (The throttle capability in Swatch may fail to report certain
events if ...)
- swatch 3.0.4-1
CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to
cause a ...)
@@ -39377,9 +39383,9 @@
CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote
...)
NOT-FOR-US: Cisco
CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers
to ...)
- NOT-FOR-US: CFXImage
+ NOT-FOR-US: CFXImage
CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense
software ...)
- NOT-FOR-US: LogiSense
+ NOT-FOR-US: LogiSense
CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala
4.5 ...)
NOT-FOR-US: Shambala
CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a
denial ...)
@@ -39411,7 +39417,7 @@
CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client
3.5.4 ...)
NOT-FOR-US: Cisco
CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file
with ...)
- NOT-FOR-US: iSCSI
+ NOT-FOR-US: iSCSI
CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program
(ab.c) ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
@@ -39507,9 +39513,9 @@
CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186
Analog ...)
NOT-FOR-US: Cisco
CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO
file ...)
- NOT-FOR-US: simpleinit
+ NOT-FOR-US: simpleinit
CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary
commands ...)
- NOT-FOR-US: Phorum
+ NOT-FOR-US: Phorum
CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5
on ...)
NOT-FOR-US: HP
CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts
enabled ...)
@@ -39519,15 +39525,15 @@
- webmin 0.980-1
- usermin 0.910-1
CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers
to ...)
- NOT-FOR-US: Talentsoft
+ NOT-FOR-US: Talentsoft
CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file
that is ...)
- NOT-FOR-US: CGIscript.net
+ NOT-FOR-US: CGIscript.net
CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to
use ...)
- NOT-FOR-US: CGIscript.net
+ NOT-FOR-US: CGIscript.net
CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to
read ...)
- NOT-FOR-US: CGIscript.net
+ NOT-FOR-US: CGIscript.net
CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute
...)
- NOT-FOR-US: CGIscript.net
+ NOT-FOR-US: CGIscript.net
CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
NOT-FOR-US: AIX
CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an
insecure ...)
@@ -39543,7 +39549,7 @@
CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed
...)
- slrn 0.9.6.2-9
CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote
attackers to ...)
- NOT-FOR-US: PostCalendat
+ NOT-FOR-US: PostCalendat
CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note
Squid ...)
- squid <not-affected> (Historic vulnerability, fixed before Woody was
released)
CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows
remote ...)
@@ -39571,7 +39577,7 @@
CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote
attackers to ...)
- squid 2.4.6-2
CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly
...)
- NOT-FOR-US: EASM
+ NOT-FOR-US: EASM
CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster
Server ...)
NOT-FOR-US: HP
CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...)
@@ -39618,7 +39624,7 @@
{DSA-201}
- freeswan 1.99-1
CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration
database ...)
- NOT-FOR-US: ZMerge
+ NOT-FOR-US: ZMerge
CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39
on ...)
- apache2 2.0.40
CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
@@ -39828,7 +39834,7 @@
CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman
before ...)
{DSA-436}
- mailman 2.1-1
- NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this.
+ NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this.
NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE
Personal ...)
- kdepim 4:3.1.5-1
@@ -39870,7 +39876,7 @@
{DSA-255}
- tcpdump 3.7.1-1.2
CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when
zlib is ...)
- - zlib 1:1.1.4-10
+ - zlib 1:1.1.4-10
CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through
8.18, ...)
NOT-FOR-US: peopletools
CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote
...)
@@ -39919,9 +39925,9 @@
{DSA-496}
- eterm 0.9.2-6
CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the
window ...)
- NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
- NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
- NOTE: never vulnerable to the problem described.
+ NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
+ NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
+ NOTE: never vulnerable to the problem described.
NOTE: this CVE is bogus.
CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to
...)
- rxvt 1:2.6.4-6.1 (bug #244810)
@@ -39973,8 +39979,8 @@
CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management
System ...)
NOT-FOR-US: sun
CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify
menu ...)
- NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
- NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
+ NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
+ NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
NOTE: never vulnerable to the problem described.
NOTE: this CVE is bogus.
CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify
menu ...)