CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version ...) - glibc 2.3.5-3 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=661 CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for context-de ...) NOT-FOR-US: Generic protocol issue CVE-2005-4899 RESERVED CVE-2005-4898 RESERVED CVE-2005-4897 RESERVED CVE-2005-4896 RESERVED CVE-2005-XXXX [more related to CVE-2005-4890] - shadow (unimportant; bug #628843) NOTE: only affects the su executable, so if you use sudo you're not affected CVE-2005-4895 (Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools bef ...) - google-perftools 0.7-1 CVE-2005-4894 RESERVED CVE-2005-4893 RESERVED CVE-2005-4892 RESERVED CVE-2005-4891 (Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL inje ...) NOT-FOR-US: Simple Machine Forum (SMF) CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo ...) - shadow 1:4.1.5-1 (low; bug #628843) [squeeze] - shadow (Minor issue) [lenny] - shadow (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008 - sudo 1.7.4p4 (low; bug #657784) NOTE: sudo might be fixed earlier, use_pty present in stable CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ...) - rpm 4.7.0-1 (bug #584257; unimportant) NOTE: Marking as unimportant since rpm isn't used as a package manager CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows r ...) NOT-FOR-US: Novell NetWare CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 ...) NOT-FOR-US: Novell NetWare CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...) - linux-2.6 2.6.12-1 - linux-2.6.24 (fixed before 2.6.24) CVE-2005-4885 (Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Contro ...) NOT-FOR-US: Sun StorEdge 6130 CVE-2005-4884 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...) NOT-FOR-US: Oracle Database Server CVE-2005-4883 (Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote at ...) NOT-FOR-US: Tftpd32 CVE-2005-4882 (tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse Sim ...) NOT-FOR-US: Tftpd32 CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2. ...) - linux-2.6 2.6.13-1 (low) - linux-2.6.24 (fixed prior to first upload of 2.6.24) CVE-2005-4880 (Jax Guestbook 3.1 and 3.31 stores sensitive information under the web ...) NOT-FOR-US: Jax Guestbook CVE-2005-4879 (Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.p ...) NOT-FOR-US: Jax Guestbook CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_ma ...) - acidbase 1.2.1-1 CVE-2005-4877 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...) NOT-FOR-US: Openfire CVE-2005-4876 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...) NOT-FOR-US: Openfire CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive in ...) - typo3-src 4.0.2-1 CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE met ...) - iceweasel (old version and CVE) CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for CU ...) - cups 1.1.23-10sarge1 - cupsys 1.1.23-10sarge1 CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2 does not ...) - pcre3 6.2-1 [sarge] - pcre3 4.5+7.4-1 NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2 CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 in ...) NOT-FOR-US: IBM DB2 CVE-2005-4870 (Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclo ...) NOT-FOR-US: IBM DB2 CVE-2005-4869 (The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local u ...) NOT-FOR-US: IBM DB2 CVE-2005-4868 (Shared memory sections and events in IBM DB2 8.1 have default permissi ...) NOT-FOR-US: IBM DB2 CVE-2005-4867 (Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, ...) NOT-FOR-US: IBM DB2 CVE-2005-4866 (Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allow ...) NOT-FOR-US: IBM DB2 CVE-2005-4865 (Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remo ...) NOT-FOR-US: IBM DB2 CVE-2005-4864 (Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows ...) NOT-FOR-US: IBM DB2 CVE-2005-4863 (Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows lo ...) NOT-FOR-US: IBM DB2 CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user passw ...) NOT-FOR-US: Xwiki CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows re ...) NOT-FOR-US: Ragnarok CVE-2005-4860 (Spectrum Cash Receipting System before 6.504 uses weak cryptography (s ...) NOT-FOR-US: Spectrum Cash Receipting System CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information unde ...) NOT-FOR-US: mimicboard2 CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in m ...) NOT-FOR-US: mimicboard2 CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3 ...) - ezpublish CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...) - ezpublish CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...) - ezpublish (bug #424790) CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's rea ...) - ezpublish (bug #424790) CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 befor ...) - ezpublish (bug #424790) CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through 3. ...) - ezpublish (bug #424790) CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissio ...) - ezpublish (bug #424790) CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and crea ...) - ezpublish (bug #424790) CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password att ...) - derby (Fixed before initial upload to Debian) NOTE: http://issues.apache.org/jira/browse/DERBY-530 NOTE: http://issues.apache.org/jira/browse/DERBY-559 CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion B ...) NOT-FOR-US: BlackBerry Enterprise Server CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack ...) NOT-FOR-US: Spey CVE-2005-4846 (Format string vulnerability in Logger.cc for Spey 0.3.3 allows attacke ...) NOT-FOR-US: Spey CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and ...) NOT-FOR-US: Sun Java on Microsoft Windows CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to cause a den ...) NOT-FOR-US: Microsoft CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause a deni ...) NOT-FOR-US: Microsoft CVE-2005-4842 (The System Monitor Source Properties control allows remote attackers t ...) NOT-FOR-US: Microsoft CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to cause a de ...) NOT-FOR-US: Microsoft CVE-2005-4840 (The Outlook Express Address Book control, when using Internet Explorer ...) NOT-FOR-US: Microsoft CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and Algorithm. ...) NOT-FOR-US: PureTLS CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the example web ...) - tomcat5.5 5.5.15-1 (low) CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3 ...) - net-snmp 5.2.2-1 (medium) CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not ...) [sarge] - tomcat4 (affects deprecated HTTP/1.1 connector only) CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample co ...) - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi (Non-free not supported) CVE-2005-4834 (IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2005-4833 (IBM WebSphere Application Server (WAS) 6.0 before 20050201, when servi ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows r ...) NOT-FOR-US: Oracle Database Server CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Ty ...) - viewvc 0.9.4+svn20060318-1 (low) CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...) - viewvc 0.9.4+svn20060318-1 (low) NOTE: referring to http://www.securityfocus.com/archive/1/461427/100/0/threaded this NOTE: has been fixed in cvs for 0.9.3 CVE-2005-4829 (VirtueMart before 1.0.1 does not properly handle errors when a user is ...) NOT-FOR-US: VirtueMart CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large ema ...) - kolabd (Only vulnerable in 2.0-2.1; not packaged Debian) CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote atta ...) NOT-FOR-US: Microsoft CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature ...) NOT-FOR-US: Cisco CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allow ...) NOT-FOR-US: Cisco CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in Sitefram ...) NOT-FOR-US: siteframe CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-e ...) NOT-FOR-US: HP CVE-2005-4822 (SQL injection vulnerability in projects/project-edit.asp in Digger Sol ...) NOT-FOR-US: Digger Solutions Intranet Open Source (IOS) CVE-2005-4821 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 a ...) NOT-FOR-US: Land Down Under CVE-2005-4820 (SMC Wireless Router model SMC7904WBRA allows remote attackers to cause ...) NOT-FOR-US: SMC CVE-2005-4819 (Cross-site scripting (XSS) vulnerability in Lotus Domino versions befo ...) NOT-FOR-US: Lotus Domino CVE-2005-4818 (Multiple SQL injection vulnerabilities in Copernicus Europa allow remo ...) NOT-FOR-US: Copernicus Europa CVE-2005-4817 (Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) be ...) - tmsnc 0.2.5-1 CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...) {DSA-1245-1} - proftpd-dfsg 1.2.10+1.3.0rc5-1 (bug #404751; medium) CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4. ...) NOT-FOR-US: SAP CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...) NOT-FOR-US: Segue CMS CVE-2005-4813 (Unspecified vulnerability in Report Application Server (Crystalras.exe ...) NOT-FOR-US: Business Objects Crystal Reports CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...) NOT-FOR-US: SISCO OSI stack for Windows CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...) {DSA-1304} - linux-2.6 2.6.14 CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attack ...) NOT-FOR-US: Microsoft CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla a ...) - mozilla (low) - firefox (at least 1.5.0.6 is not vulnerable) - xulrunner [sarge] - mozilla (Conceptual problem, not fixable in a backport) CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) a ...) - binutils 2.17-1 (low) [sarge] - binutils (Only a security-problems in far-fetched configurations) CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c in th ...) - binutils 2.17-1 (low) [sarge] - binutils (Only a security-problems in far-fetched configurations) CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earl ...) NOT-FOR-US: MySQL Eventum CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1 ...) NOT-FOR-US: MySQL Eventum CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ad ...) NOT-FOR-US: OpenBook CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS a ...) NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass authenti ...) NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain sensitive in ...) NOT-FOR-US: Kayako liveResponse CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the password ...) NOT-FOR-US: Kayako liveResponse CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature in Kaya ...) NOT-FOR-US: Kayako liveResponse CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResp ...) NOT-FOR-US: Kayako liveResponse CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web Proxy Serv ...) NOT-FOR-US: Sun Java System Web Proxy Server CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 Stan ...) NOT-FOR-US: Sun Java System Application Server CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server Platfo ...) NOT-FOR-US: Sun Java System Application Server CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll C ...) NOT-FOR-US: PHP Poll Creator CVE-2005-1754 NOT-FOR-US: JavaMail API NOTE: vulnerable file not in Debian CVE-2005-1753 NOT-FOR-US: JavaMail API NOTE: vulnerable file not in Debian CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows remote a ...) - gforge 3.1-30 NOTE: viewFile.php disabled in 3.1-30 CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...) {DSA-857-1} - graphviz 2.2.1-1sarge1 (bug #336985; low) CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...) {DSA-1216} - flexbackup 1.2.1-3 (bug #334350; low) CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Anot ...) NOT-FOR-US: YaPIG CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP Image Ga ...) NOT-FOR-US: YaPIG CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP ...) NOT-FOR-US: YaPIG CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...) {DSA-1184-2 DSA-1183-1} - linux-2.6 CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd) ...) NOT-FOR-US: Solaris CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in Solari ...) - xview (xview on Solaris) NOTE: Is only relevant for suid binaries, but xview is not really suitable for NOTE: those anyway. Exact information is not available, but a similar problem NOTE: is already fixed in the Debian package. CVE-2005-4795 (Unspecified vulnerability in the multi-language environment library (l ...) NOT-FOR-US: Solaris CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and ...) NOT-FOR-US: Cisco CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in Hi ...) NOT-FOR-US: Hitachi CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State Universi ...) NOT-FOR-US: phpWebSite CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 caus ...) {DTSA-107-1} - beagle 0.2.13-1 (low) [etch] - beagle (Minor issue) - banshee 0.11.2+dfsg-1 (low) - liferea 1.4.9-1 (low; bug #451548) [etch] - liferea (Minor issue) - blam 1.8.4-1 (low) [etch] - blam (Minor issue) NOTE: lintian bug filed: #451559 CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 1 ...) - tomboy 0.8.1-2 (low) [etch] - tomboy (Minor issue) CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, do ...) - resmgr CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, al ...) - resmgr CVE-2005-4787 NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll 5.8 ...) NOT-FOR-US: HAURI anti-virus CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earli ...) NOT-FOR-US: QuickBlogger CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in ...) NOTE: this does not affect linux CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not chec ...) NOT-FOR-US: NetBSD CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is c ...) NOT-FOR-US: NetBSD CVE-2005-4781 (Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 ...) NOT-FOR-US: SergiD Top Music module CVE-2005-4780 NOT-FOR-US: LightHouse CMS CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with ...) NOT-FOR-US: NetBSD CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspeci ...) - powersave 0.12.7-1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=119628&x=18&y=11&=Find CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP pa ...) NOT-FOR-US: Tashcom ASPEdit CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...) NOT-FOR-US: NetBSD CVE-2005-4775 (Michael Scholz and Sebastian Stein Contineo 2.0, when the admin accoun ...) NOT-FOR-US: Contineo CVE-2005-4774 (Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote ...) NOT-FOR-US: Xerver CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x al ...) NOT-FOR-US: VMware CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 200510 ...) NOT-FOR-US: YaST CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Sui ...) NOT-FOR-US: Trusted Mobility Agent CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated Enterprise S ...) NOT-FOR-US: Accelerated E Solutions CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry vCard ...) NOT-FOR-US: Belchior Foundry vCard CVE-2005-4768 (SQL injection vulnerability in manage_account.php in Tux Racer TuxBank ...) NOT-FOR-US: Tux Racer TuxBank CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4765 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 S ...) NOT-FOR-US: BEA WebLogic CVE-2005-4764 (BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out th ...) NOT-FOR-US: BEA WebLogic CVE-2005-4763 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4762 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4761 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4760 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4759 (BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migrati ...) NOT-FOR-US: BEA WebLogic CVE-2005-4758 (Unspecified vulnerability in the Administration server in BEA WebLogic ...) NOT-FOR-US: BEA WebLogic CVE-2005-4757 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4756 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4755 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) store ...) NOT-FOR-US: BEA WebLogic CVE-2005-4754 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow rem ...) NOT-FOR-US: BEA WebLogic CVE-2005-4753 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4752 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4751 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Se ...) NOT-FOR-US: BEA WebLogic CVE-2005-4750 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...) NOT-FOR-US: BEA WebLogic CVE-2005-4749 (HTTP request smuggling vulnerability in BEA WebLogic Server and WebLog ...) NOT-FOR-US: BEA WebLogic CVE-2005-4748 (PHP remote file include vulnerability in functions_admin.php in Virtua ...) NOT-FOR-US: Virtual War CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Hel ...) NOT-FOR-US: WebHost Automation Ltd Helm CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote a ...) {DSA-1145-1} - freeradius 1.0.5-1 CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...) {DSA-1145-1} - freeradius 1.0.5-1 CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRA ...) {DSA-1089-1} - freeradius 1.0.5-1 CVE-2005-4743 (Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp P ...) NOT-FOR-US: NeLogic Nephp Publisher CVE-2005-4742 (Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploi ...) NOT-FOR-US: Echelog CVE-2005-4741 (NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 ...) NOT-FOR-US: NetBSD CVE-2005-4740 (IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows ...) NOT-FOR-US: IBM DB2 CVE-2005-4739 (IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s0508 ...) NOT-FOR-US: IBM DB2 CVE-2005-4738 (IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ...) NOT-FOR-US: IBM DB2 CVE-2005-4737 (IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows r ...) NOT-FOR-US: IBM DB2 CVE-2005-4736 (IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote aut ...) NOT-FOR-US: IBM DB2 CVE-2005-4735 (IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote aut ...) NOT-FOR-US: IBM DB2 CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication ...) NOT-FOR-US: RSA Authentication Agent for Web CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow lo ...) NOT-FOR-US: NetBSD CVE-2005-4732 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tu ...) NOT-FOR-US: TuxBank CVE-2005-XXXX [xsupplicant information leak] - xsupplicant 1.0.1-5 (bug #317703; low) CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the S ...) NOT-FOR-US: PEAR HTML_QuickForm_Controller CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...) NOT-FOR-US: PEAR Text_Password CVE-2005-4729 (SQL injection vulnerability in show.php in VBZooM Forum allows remote ...) NOT-FOR-US: VBZooM CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian G ...) - amaya 9.4-1 (bug #341424) [sarge] - amaya (The Sarge version doesn't have an rpath set) CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before ...) NOT-FOR-US: gBook CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows remot ...) NOT-FOR-US: MUTE CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ac ...) NOT-FOR-US: Geeklog CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows rem ...) NOT-FOR-US: PhpTagCool CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allo ...) NOT-FOR-US: D-Link hardware CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ob ...) NOT-FOR-US: tmsPUBLISHER CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...) NOT-FOR-US: tmsPUBLISHER CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ...) {DSA-1044-1} - mozilla-firefox 1.5.dfsg+1.5.0.2 (low) - firefox 1.5.dfsg-1 CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 ...) NOT-FOR-US: Sysbotz Systems Panel CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of se ...) NOT-FOR-US: Opera CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 S ...) NOT-FOR-US: Microsoft CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote ...) NOT-FOR-US: Hitachi TP1 CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, ...) NOT-FOR-US: PHP-Nuke CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...) NOT-FOR-US: OpenVMPS CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6 ...) - pam-mysql 0.6.2-1 (bug #353589; low) [sarge] - pam-mysql (Vulnerable code not present) CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper ...) NOT-FOR-US: Handicapper CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allo ...) NOT-FOR-US: Land Down Under CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products an ...) NOT-FOR-US: AutoCAD CVE-2005-4709 (The popSubjectContext method in the SecurityAssociation class in JBoss ...) NOT-FOR-US: JBoss Enterprise Java Beans CVE-2005-4708 (Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute ...) NOT-FOR-US: Adobe Macromedia MX products (Captivate, Contribute and eLicensing client) CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...) NOT-FOR-US: PHP GEN CVE-2005-4706 (Unspecified vulnerability in the "privilege management" feature of Sun ...) NOT-FOR-US: Solaris 10 CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...) NOT-FOR-US: BEA WebLogic CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) NOT-FOR-US: BEA WebLogic CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers ...) NOT-FOR-US: Windows Tomcat vulnerability CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in IP ...) NOT-FOR-US: IPBProArcade CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun Solar ...) NOT-FOR-US: Solaris 10 CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) o ...) NOT-FOR-US: TellMe CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows remo ...) NOT-FOR-US: TellMe CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier all ...) NOT-FOR-US: TellMe CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local u ...) NOT-FOR-US: Microsoft CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP key ...) NOT-FOR-US: Microsoft CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...) NOT-FOR-US: Symantec Brightmail AntiSpam CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain B ...) NOT-FOR-US: WebGUI CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to caus ...) - gaim-encryption 3.0~beta5-3 (low; bug #337127) [sarge] - gaim-encryption (Minor issue) CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5 ...) NOT-FOR-US: mroovca CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...) NOT-FOR-US: NetBSD CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation priv ...) NOT-FOR-US: Six Apart Movable Type CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes i ...) NOT-FOR-US: Six Apart Movable Type CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail a ...) NOT-FOR-US: PunBB CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's I ...) NOT-FOR-US: PunBB CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.p ...) NOT-FOR-US: PunBB CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...) NOTE: see CVE-2005-4684 - firefox (unimportant) - iceweasel (unimportant) - mozilla (unimportant) [sarge] - mozilla (Hardly exploitable) - xulrunner (unimportant) CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS re ...) NOTE: http://www.redhat.com/archives/fedora-extras-commits/2006-August/msg01104.html says "ignore (kdebase) not fixed upstream, low, can't fix" - kdebase (unimportant) [sarge] - kdebase (Hardly exploitable) CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of /etc ...) - migrationtools 46-2.1 (bug #338920; unimportant) NOTE: The temp fix makes use of TMPDIR CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...) NOT-FOR-US: AudienceView CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allo ...) NOT-FOR-US: mIRC CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...) NOT-FOR-US: Sophos Anti-Virus CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote attack ...) NOT-FOR-US: Internet Explorer 6 CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the U ...) NOT-FOR-US: Apple CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the Addition ...) NOT-FOR-US: osCommerce CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null termi ...) - exiv2 0.9 CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in Complete PHP C ...) NOT-FOR-US: Complete PHP Counter CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete PHP Cou ...) NOT-FOR-US: Complete PHP Counter CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on whether ...) NOT-FOR-US: ioFTPD CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php ...) NOT-FOR-US: CityPost Simple Image-Editor CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in Ci ...) NOT-FOR-US: CityPost Simple PHP Upload CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost Au ...) NOT-FOR-US: CityPost Simple PHP Upload CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin a ...) NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...) NOT-FOR-US: ParoxProxy CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-assisted attacke ...) {DSA-1012-1} - unzip 5.52-7 (low; bug #349794) CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...) NOT-FOR-US: PHlyMail CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier al ...) NOT-FOR-US: PunBB CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other version ...) NOT-FOR-US: OcoMon CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly ...) NOT-FOR-US: OcoMon CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly ea ...) NOT-FOR-US: OcoMon CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail me ...) NOT-FOR-US: Campsite CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow ...) NOT-FOR-US: IPCop CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permission ...) NOT-FOR-US: IPCop CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers ...) NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass au ...) NOT-FOR-US: Ocean12 CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earl ...) NOT-FOR-US: TClanPortal CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6 ...) NOT-FOR-US: PHP-Fusion CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1. ...) NOT-FOR-US: Oracle CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier a ...) NOT-FOR-US: AL-Caricatier CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote attacker ...) NOT-FOR-US: PHlyMail CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 al ...) NOT-FOR-US: AlstraSoft EPay Pro CVE-2005-4650 (Joomla! 1.03 does not restrict the number of "Search" Mambots, which a ...) NOT-FOR-US: Joomla! CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestb ...) NOT-FOR-US: Advanced Guestbook CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earl ...) NOT-FOR-US: Illustrate dBpowerAMP Music Converter CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 ...) NOT-FOR-US: PEARLINGER Pearl Forums CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 ...) NOT-FOR-US: PEARLINGER Pearl Forums CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote attacke ...) NOT-FOR-US: 3CFR CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...) {DSA-951-2} - trac 0.9.3-1 [sarge] - trac 0.8.1-3sarge4 (medium) CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS ...) NOT-FOR-US: Antharia OnContent CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 B ...) NOT-FOR-US: HydroBB CVE-2005-4641 (SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote a ...) NOT-FOR-US: eazyCMS CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll Software 0.4 ...) NOT-FOR-US: class-1 Poll CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/C ...) - linux-2.6 2.6.15-1 (low) CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow remote atta ...) NOT-FOR-US: Kayako SupportSuite CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ka ...) NOT-FOR-US: Kayako SupportSuite CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, doe ...) - openoffice.org (unimportant) NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser. NOTE: If the admin doesn't web browsing, why is one installed/enabled? CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel before ...) NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...) NOT-FOR-US: ActiveCampaign SupportTrio CVE-2005-4633 REJECTED CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ear ...) NOT-FOR-US: Vote!Pro CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier a ...) NOT-FOR-US: Zina CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 allows remo ...) NOT-FOR-US: ClientExec CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to e ...) NOT-FOR-US: SMBCMS CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ear ...) NOT-FOR-US: HelpDeskPoint CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...) NOT-FOR-US: GmailSite CVE-2005-4626 (The default configuration of Recruitment Software installs admin/site. ...) NOT-FOR-US: Recruitment Software CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...) NOT-FOR-US: Strange Windows drivers CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows rem ...) NOT-FOR-US: PTnet ircd CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a denial o ...) NOT-FOR-US: eFileGo CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote attack ...) NOT-FOR-US: eFileGo CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page in vBu ...) NOT-FOR-US: vBulletin CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to execu ...) NOT-FOR-US: WinRAR CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...) NOT-FOR-US: phpoutsourcing Zorum Forum CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...) {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.15-1 CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution] - b2evolution 0.9.1b-4 (bug #344000) CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...) NOT-FOR-US: cSupport CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows remot ...) NOT-FOR-US: iSupport CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlie ...) NOT-FOR-US: DapperDesk CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier ...) NOT-FOR-US: digiSHOP CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remo ...) NOT-FOR-US: VUBB alpha CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote ...) NOT-FOR-US: VUBB alpha CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ea ...) NOT-FOR-US: Free ClickBank CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12, ...) - dopewars (According to upstream Windows-specific) CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to obta ...) NOT-FOR-US: BugPort CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows remot ...) NOT-FOR-US: BugPort CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...) NOT-FOR-US: BugPort CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz prod ...) NOT-FOR-US: Web Wiz CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions bef ...) {DSA-1017-1} - linux-2.6 2.6.15-1 - kernel-source-2.4.27 (2.4's proc_file_lseek contains a sanity check) CVE-2005-XXXX [xshisen follows symlinks for shared gid games files] - xshisen 1.51-1-2 (bug #291613) CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package allows l ...) - mtink (mtink not installed SUID root) CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1. ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-4600 (Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Comp ...) - knowledgeroot (fixed before first upload; see bug #381912) - moodle (has newer version) - wordpress 2.5.1-3 [etch] - wordpress (Vulnerable code not present) NOTE: this was possibly fixed before 2.5.1 in wordpress but since 2.5.1-3 wordpress NOTE: uses the system copy of tinymce and the exact fixed version is not NOTE: really determinably anymore CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyM ...) - knowledgeroot (fixed before first upload; see bug #381912) CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestboo ...) NOT-FOR-US: OoApp Guestbook CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei Guestboo ...) NOT-FOR-US: iPei Guestbook CVE-2005-4596 (Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook ...) NOT-FOR-US: AdesGuestbook CVE-2005-4595 (Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4 ...) NOT-FOR-US: NView and XnView, different from nview from nvi CVE-2005-4594 (Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers ...) NOT-FOR-US: TUGZip CVE-2005-4593 (PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and ...) NOT-FOR-US: phpDocumentor CVE-2005-4592 (Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows r ...) - bogofilter 0.96.3 [sarge] - bogofilter (Only some 0.96 CVS versions were affected) CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94 ...) - bogofilter 0.96.3 [sarge] - bogofilter (Sarge version doesn't include Unicode) CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on ...) NOT-FOR-US: Spb Kiosk Engine CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the re ...) NOT-FOR-US: Spb Kiosk Engine CVE-2005-4588 (Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote atta ...) NOT-FOR-US: Koobi CVE-2005-4587 (Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote ...) NOT-FOR-US: Juniper CVE-2005-4586 (Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 all ...) NOT-FOR-US: PHPSurveyor CVE-2005-XXXX [snort: DoS in verbose mode] - snort 2.3.3-2 (bug #328134; low) [woody] - snort (Only exploitable in obscure setups not used in production environments, see #328134) [sarge] - snort (Only exploitable in obscure setups not used in production environments, see #328134) CVE-2005-4601 (The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers t ...) {DSA-957-2} - imagemagick 6:6.2.4.5-0.6 (bug #345238; medium) NOTE: Exploitable through Gnus and Thunderbird. - graphicsmagick 1.1.7-1 CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0 ...) - ethereal 0.10.14-1 (bug #345243; low) NOTE: This affects Woody and Sarge CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause a den ...) - bzflag 2.0.6.20060412-1 (bug #345245; low) [sarge] - bzflag (Minor DoS against a game) CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX Se ...) NOT-FOR-US: VMWare CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity chec ...) - electricsheep 2.6.3+cvs20051206-1 (unimportant) NOTE: Even an authenticated server might serve unwanted content, so NOTE: this can't be considered a real vulnerability. CVE-2005-4581 (Buffer overflow in Electric Sheep 2.6.3 client allows local users to e ...) - electricsheep 2.6.3+cvs20051206-1 (unimportant) NOTE: This does not seem to be exploitable. CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4 allows re ...) NOT-FOR-US: Day Communique CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi Business L ...) NOT-FOR-US: Hitachi Business Logic CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic - Con ...) NOT-FOR-US: Hitachi Business Logic CVE-2005-4577 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Busines ...) NOT-FOR-US: Hitachi Business Logic CVE-2005-4576 (Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngin ...) NOT-FOR-US: Fatwire Update Engine CVE-2005-4575 (PaperThin CommonSpot Content Server 4.5 and earlier allow remote attac ...) NOT-FOR-US: CommonSpot Content Server CVE-2005-4574 (Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin Co ...) {DSA-1201-1} NOT-FOR-US: CommonSpot Content Server CVE-2005-4573 (PHP remote file include vulnerability in plog-admin-functions.php in P ...) NOT-FOR-US: Plogger CVE-2005-4572 (Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow ...) NOT-FOR-US: myEZshop Shopping Cart CVE-2005-4571 (Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart all ...) NOT-FOR-US: myEZshop Shopping Cart CVE-2005-4570 (The Internet Key Exchange version 1 (IKEv1) implementations in Fortine ...) NOT-FOR-US: FortiOS CVE-2005-4569 (Stack-based buffer overflow in index.fts in FTGate Technology (formerl ...) NOT-FOR-US: FTGate CVE-2005-4568 (Multiple format string vulnerabilities in FTGate Technology (formerly ...) NOT-FOR-US: FTGate CVE-2005-4567 (Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technolo ...) NOT-FOR-US: FTGate CVE-2005-4566 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) impleme ...) NOT-FOR-US: NetVanta CVE-2005-4565 (Format string vulnerability in the Internet Key Exchange version 1 (IK ...) NOT-FOR-US: NetVanta CVE-2005-4564 (The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN N ...) NOT-FOR-US: NetVanta CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart Enterprise ...) NOT-FOR-US: Enterprise Heart Enterprise Connector CVE-2005-4562 REJECTED CVE-2005-4561 REJECTED CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in Microsof ...) {CVE-2006-0106} NOT-FOR-US: Microsoft CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Ser ...) NOT-FOR-US: IceWarp Web Mail CVE-2005-4558 (IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNet ...) NOT-FOR-US: IceWarp Web Mail CVE-2005-4557 (dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Serv ...) NOT-FOR-US: IceWarp Web Mail CVE-2005-4556 (PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as us ...) NOT-FOR-US: IceWarp Web Mail CVE-2005-4555 (Cross-site scripting (XSS) vulnerability in add.php in DEV web managem ...) NOT-FOR-US: DEV web management system CVE-2005-4554 (Multiple SQL injection vulnerabilities in DEV web management system 1. ...) NOT-FOR-US: DEV web management system CVE-2005-4553 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to e ...) NOT-FOR-US: Golden FTP Server CVE-2005-4552 (The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 ...) NOT-FOR-US: Sun Solaris PC NetLink CVE-2005-4551 (Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpB ...) NOT-FOR-US: codegrrl SimpBook CVE-2005-4550 (The PORTAL schema in Oracle Application Server (OracleAS) Discussion F ...) NOT-FOR-US: Oracle CVE-2005-4549 (Cross-site scripting (XSS) vulnerability in Oracle Application Server ...) NOT-FOR-US: Oracle CVE-2005-4548 (SQL injection vulnerability in the "user area" in RWS Statistics Count ...) NOT-FOR-US: RWS Statistics Counter CVE-2005-4547 (Cross-site scripting (XSS) vulnerability in home/search.php in eggblog ...) NOT-FOR-US: eggblog CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the full p ...) NOT-FOR-US: eggblog CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect Sh ...) NOT-FOR-US: NetDirect ShopEngine CVE-2005-4544 REJECTED CVE-2005-4543 REJECTED CVE-2005-4542 REJECTED CVE-2005-4541 REJECTED CVE-2005-4540 REJECTED CVE-2005-4539 REJECTED CVE-2005-4538 REJECTED CVE-2005-4537 REJECTED CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enable ...) {DSA-960-3} - libmail-audit-perl 2.1-5.1 (bug #344029; medium) CVE-2005-4535 REJECTED CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and earlie ...) {DSA-969-1} - scponly 4.6-1 (bug #344418) CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system support ...) {DSA-969-1} - scponly 4.6-1 (bug #344418) CVE-2005-4531 REJECTED CVE-2005-4530 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) NOT-FOR-US: EPay Enterprise CVE-2005-4529 (The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to ...) NOT-FOR-US: phpBB addon CVE-2005-4528 (SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB a ...) NOT-FOR-US: phpBB addon CVE-2005-4527 (Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote ...) NOT-FOR-US: Direct News CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 all ...) NOT-FOR-US: MIMEsweeper For Web CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local user ...) NOT-FOR-US: Sygate CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note private" when a bu ...) {DSA-944-1} - mantis 0.19.4-1 (bug #345288) CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feed ...) {DSA-944-1} - mantis 0.19.4-1 (bug #345288) CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the view_filter ...) {DSA-944-1} - mantis 0.19.4-1 (bug #345288) CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows rem ...) {DSA-944-1} - mantis 0.19.4-1 (bug #345288) CVE-2005-4520 (Unspecified "port injection" vulnerabilities in filters in Mantis 1.0. ...) {DSA-944-1} - mantis 0.19.4-1 (bug #345288) CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page (manage ...) {DSA-944-1} - mantis 0.19.4-1 (bug #345288) CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...) {DSA-944-1} - mantis 0.19.4-1 (bug #345288) CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 al ...) NOT-FOR-US: PHP-Fusion CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00 ...) NOT-FOR-US: PHP-Fusion CVE-2005-4515 NOT-FOR-US: WebDB CVE-2005-4514 NOT-FOR-US: Webwasher CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows r ...) NOT-FOR-US: WANDSOFT e-SEARCH CVE-2005-4512 (Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier ...) NOT-FOR-US: WAXTRAPP CVE-2005-4511 (Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows lo ...) NOT-FOR-US: TN3270 Resource Gateway CVE-2005-4510 (Directory traversal vulnerability in server.np in NetPublish Server 7 ...) NOT-FOR-US: Netpublish Server CVE-2005-4509 (SQL injection vulnerability in index.asp in pTools allows remote attac ...) NOT-FOR-US: pTools CVE-2005-4508 (Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to o ...) NOT-FOR-US: Nexus Concepts Dev Hound CVE-2005-4507 (Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts ...) NOT-FOR-US: Nexus Concepts Dev Hound CVE-2005-4506 (Nexus Concepts Dev Hound 2.24 and earlier stores username and password ...) NOT-FOR-US: Nexus Concepts Dev Hound CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan Enterpr ...) NOT-FOR-US: McAfee CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in A ...) - kdelibs NOTE: Konqueror from sid doesn't crash, will test an older version later CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...) NOT-FOR-US: httprint CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and possibl ...) NOT-FOR-US: httprint CVE-2005-4501 (MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string" ...) - mediawiki 1.4.13-1 (bug #345280) CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...) NOT-FOR-US: MusicBox CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concent ...) NOT-FOR-US: Cisco CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier a ...) NOT-FOR-US: Text-e CVE-2005-4497 (Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and ...) NOT-FOR-US: Tangora Portal CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 ...) NOT-FOR-US: Syntax CMS CVE-2005-4495 NOT-FOR-US: SpireMedia CVE-2005-4494 (Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier all ...) - spip 2.0.6-1 (medium; bug #352078) CVE-2005-4493 (Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier a ...) NOT-FOR-US: SpearTek CVE-2005-4492 (Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 ...) NOT-FOR-US: Starphire SiteSage CVE-2005-4491 (Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 ...) NOT-FOR-US: Sitekit CMS CVE-2005-4490 (Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and ...) NOT-FOR-US: SCOOP! CVE-2005-4489 (Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier ...) NOT-FOR-US: Scoop CVE-2005-4488 (Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Re ...) NOT-FOR-US: Redakto WCMS CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and ea ...) NOT-FOR-US: RAMSite CVE-2005-4486 NOT-FOR-US: Quantum Art CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 ...) NOT-FOR-US: ProjectApp CVE-2005-4484 (Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 ...) NOT-FOR-US: IntranetApp CVE-2005-4483 (Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3. ...) NOT-FOR-US: SiteEnable CVE-2005-4482 (Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 ...) NOT-FOR-US: PortalApp CVE-2005-4481 NOT-FOR-US: Polypoly CVE-2005-4480 (Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlie ...) NOT-FOR-US: Plexcor CMS CVE-2005-4479 (SQL injection vulnerability in article.php in phpSlash 0.8.1 and earli ...) NOT-FOR-US: phpSlash CVE-2005-4478 (Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allo ...) NOT-FOR-US: Papoo CVE-2005-4477 (Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earli ...) NOT-FOR-US: papaya CMS CVE-2005-4476 (Cross-site scripting (XSS) vulnerability in store/search/results.html ...) NOT-FOR-US: OpenEdit CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier ...) NOT-FOR-US: OpenCms CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.1 ...) {DSA-1208-1} - bugzilla 2.18 (bug #329387; low) NOTE: The vulnerable script has been removed in the 2.18 upstream release CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran] - libjpeg6b 6b-11 (bug #340079; low) [woody] - libjpeg6b (Does not include exifautotran) [sarge] - libjpeg6b (Creates tempfile in cwd, only very far-fetched attack vectors applicable) CVE-2005-4474 (Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows ...) NOT-FOR-US: WinRAR CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...) NOT-FOR-US: Macromedia JRun 4 web server CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) ...) NOT-FOR-US: Macromedia JRun 4 web server CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2 ...) NOT-FOR-US: Avaya Modular Messaging Message Storage Server CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...) {DSA-1039-1 DTSA-29-1} - blender 2.40-1 (bug #344398; medium) [woody] - blender (Woody has it in non-free and it is binary-only) CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView 3. ...) NOT-FOR-US: PHPGedView CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in PHPGedV ...) NOT-FOR-US: PHPGedView CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in PHPGedView ...) NOT-FOR-US: PHPGedView CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll i ...) NOT-FOR-US: SIP Proxy CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIV ...) NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000 CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote ...) NOT-FOR-US: Ingate Firewall / SIParator CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive inf ...) - wordpress 1.5.2-1 (unimportant) NOTE: Only path disclosure CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP web ...) NOT-FOR-US: Tolva PHP website system CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ea ...) NOT-FOR-US: Beehive Forum CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ea ...) NOT-FOR-US: Beehive Forum CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe ...) NOT-FOR-US: VMWare CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...) NOT-FOR-US: Metadot Portal Server CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote attacker ...) NOT-FOR-US: MailEnable CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and Enterpri ...) NOT-FOR-US: MailEnable CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote ...) NOT-FOR-US: livejournal NOTE: liblivejournal-perl doesn't seem to embed any of the affected code CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJour ...) NOT-FOR-US: livejournal NOTE: liblivejournal-perl doesn't seem to embed any of the affected code CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote aut ...) NOT-FOR-US: Ultraapps Issue Manager CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under t ...) NOT-FOR-US: Information Call Center CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 all ...) NOT-FOR-US: HP-UX CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 al ...) NOTE: According to the description possibly a dupe of the non-issue CVE-2005-4349 CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated administrator ...) NOT-FOR-US: FlatNuke CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an MD5 che ...) NOT-FOR-US: FlatNuke CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in phpCOIN ...) NOT-FOR-US: phpCOIN CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x a ...) NOT-FOR-US: ASPBite CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow ...) NOT-FOR-US: Pegasus Mail CVE-2005-4444 (Stack-based buffer overflow in the trace message functionality in Pega ...) NOT-FOR-US: Pegasus Mail CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gento ...) - gauche (Gentoo-specific packaging flaw) CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Ge ...) - openldap2 (Gentoo-specific packaging flaw) - openldap2.2 (Gentoo-specific packaging flaw) CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network segmentat ...) NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass network seg ...) NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to c ...) {DSA-967-1} - elog 2.6.1+r1642-1 (bug #349528; high) CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in ...) NOT-FOR-US: Dec2Rar CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing Proto ...) NOT-FOR-US: IOS CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented ...) NOT-FOR-US: IOS CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man ...) NOT-FOR-US: AbleDesign D-Man CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x al ...) NOT-FOR-US: AbleDesign ReSearch CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in Esselbach St ...) NOT-FOR-US: Esselbach Storyteller CMS CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 a ...) NOT-FOR-US: PlaySMS CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote attackers to e ...) NOT-FOR-US: WowBB CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...) NOT-FOR-US: LogicBill CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers t ...) NOT-FOR-US: CS-Cart CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus Help ...) NOT-FOR-US: Cerberus Helpdesk CVE-2005-4427 (Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remo ...) NOT-FOR-US: Cerberus Helpdesk CVE-2005-4426 (Interpretation conflict in YaBB before 2.1 allows remote authenticated ...) NOT-FOR-US: YaBB CVE-2005-4425 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allo ...) NOT-FOR-US: Kerio Firewall CVE-2005-4424 (Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might ...) NOT-FOR-US: PHPKIT CVE-2005-4423 (Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows re ...) NOT-FOR-US: PHPFM CVE-2005-4422 (Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stabl ...) NOT-FOR-US: toendaCMS CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory outside ...) NOT-FOR-US: Dev-Editor CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterpri ...) NOT-FOR-US: Honeycomb Archive Enterprise CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honey ...) NOT-FOR-US: Honeycomb Archive Enterprise CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1 ...) NOT-FOR-US: Widcomm Bluetooth for Windows CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows remote ...) NOT-FOR-US: TML CMS CVE-2005-4415 (Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 a ...) NOT-FOR-US: TML CMS CVE-2005-4414 (Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown i ...) NOT-FOR-US: Teamwork 3 CVE-2005-4413 (Multiple cross-site scripting (XSS) vulnerabilities in sample scripts ...) NOT-FOR-US: Websphere CVE-2005-4412 (Citrix Program Neighborhood client before 9.150 caches the user passwo ...) NOT-FOR-US: Citrix CVE-2005-4411 (Buffer overflow in Mercury Mail Transport System 4.01b allows remote a ...) NOT-FOR-US: Mercury Mail Transport System CVE-2005-4410 (Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote ...) NOT-FOR-US: NQcontent CVE-2005-4409 (Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier a ...) NOT-FOR-US: MMBase CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earli ...) NOT-FOR-US: Miraserver CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4 ...) NOT-FOR-US: Mercury CMS CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlie ...) NOT-FOR-US: Mercury CMS CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to ...) NOT-FOR-US: Red Queen CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x all ...) NOT-FOR-US: Media2 CMS CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier all ...) NOT-FOR-US: Marwel CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and Enter ...) NOT-FOR-US: MailEnable Professional CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier a ...) NOT-FOR-US: Lutece CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Li ...) NOT-FOR-US: Liferay Portal Professional CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in Libert ...) NOT-FOR-US: Libertas Enterprise CMS CVE-2005-4398 NOT-FOR-US: lemoon CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote attack ...) NOT-FOR-US: iCMS CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS ...) NOT-FOR-US: iCMS CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier all ...) NOT-FOR-US: FarCry CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier all ...) NOT-FOR-US: EPiX CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS ...) NOT-FOR-US: e-publish CMS CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2 ...) NOT-FOR-US: e-publish CMS CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote attac ...) NOT-FOR-US: damoon CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and earlie ...) NOT-FOR-US: ContentServ CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtai ...) NOT-FOR-US: CONTENS CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 ...) NOT-FOR-US: CONTENS CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...) NOT-FOR-US: contenite CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlie ...) NOT-FOR-US: Colony CMS CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC ...) NOT-FOR-US: Cofax CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain th ...) NOT-FOR-US: CitySoft Community Enterprise CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Comm ...) NOT-FOR-US: CitySoft Community Enterprise CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x allow ...) NOT-FOR-US: CitySoft Community Enterprise CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...) NOT-FOR-US: Caravel CMS CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...) NOT-FOR-US: Bitweaver CVE-2005-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 a ...) NOT-FOR-US: Bitweaver CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earli ...) NOT-FOR-US: Baseline CMS CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1 ...) NOT-FOR-US: Baseline CMS CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows remot ...) NOT-FOR-US: Amaxus CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allow ...) NOT-FOR-US: Amaxus CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 a ...) NOT-FOR-US: Allinta CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote attack ...) NOT-FOR-US: Adaptive Website Framework CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive W ...) NOT-FOR-US: Adaptive Website Framework CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...) NOT-FOR-US: Acidcat CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and ...) NOT-FOR-US: Acidcat CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows re ...) NOT-FOR-US: Acuity CMS CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ($rcmail_co ...) - roundcube (Quotes are stripped now and if the task can't be found there is a default of mail) CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in DRZ ...) NOT-FOR-US: DRZES HMS CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote a ...) NOT-FOR-US: DRZES HMS CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...) NOT-FOR-US: FLIP CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana We ...) NOT-FOR-US: Hot Banana Web Content Management Suite CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in Komod ...) NOT-FOR-US: Komodo CMS CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remot ...) NOT-FOR-US: Komodo CMS CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia Co ...) NOT-FOR-US: Magnolia Content Management Suite CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on ...) NOT-FOR-US: IIS CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 al ...) NOT-FOR-US: ODFaq CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ob ...) - phpbb2 (unimportant) CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowe ...) - phpbb2 2.0.21-1 (bug #344674; low) [sarge] - phpbb2 (Affects only an inherently unsafe option only suitable for trusted users) NOTE: According to the maintainer only affects a config option that is strongly NOTE: discouraged due to potential security problems CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to execu ...) NOT-FOR-US: UStore CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow re ...) NOT-FOR-US: UStore CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimp ...) NOT-FOR-US: Webglimpse CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when co ...) NOT-FOR-US: toendaCMS CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2 ...) - linux-2.6 2.6.18-3 CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up ...) - linux-2.6 2.6.18-3 CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 an ...) NOT-FOR-US: WBEM Services CVE-2005-4349 [SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7....] - phpmyadmin 4:3.2.0-1 (unimportant) NOTE: A big commit that included a lot of fixes/versions NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/644366eaf1bd10dd087bfc8c46ed98a337c04ab4#diff-4cb9ef0ba2c5556cd595ceb5dd85fd33R2070 NOTE: Only for authenticated used, will possibly be rejected CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidr ...) {DSA-939-1} - fetchmail 6.3.1-1 (bug #343836; bug #345944; low) CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5. ...) {DSA-1011-1} - util-vserver 0.30.208-1 CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and ...) {DSA-1011-1} - util-vserver 0.30.208-1 (bug #329090; medium) - kernel-patch-vserver 2.3 (bug #329087; medium) NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier a ...) NOT-FOR-US: phpBB Blog CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password has ...) NOT-FOR-US: ColdFusion MX CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...) NOT-FOR-US: ColdFusion MX CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...) NOT-FOR-US: ColdFusion MX CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6 ...) NOT-FOR-US: ColdFusion MX CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite 6.3. ...) NOT-FOR-US: Academic Suite CVE-2005-4340 REJECTED CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and Co ...) NOT-FOR-US: Academic Suite CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in ...) NOT-FOR-US: Academic Suite CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in A ...) NOT-FOR-US: Academic Suite CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ear ...) NOT-FOR-US: ProjectForum CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a deni ...) NOT-FOR-US: ProjectForum CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers t ...) NOT-FOR-US: ZixForum CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board Sy ...) NOT-FOR-US: Binary Board System CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allow ...) NOT-FOR-US: Secure Smart Manager CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant Versio ...) NOT-FOR-US: iHTML Merchant CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall all ...) NOT-FOR-US: iHTML Merchant CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extr ...) NOT-FOR-US: paFileDB CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimp ...) NOT-FOR-US: WebGlimpse CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt W ...) NOT-FOR-US: Michael Arndt WebCal CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute Netwo ...) NOT-FOR-US: APC hardware issue CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have unk ...) NOT-FOR-US: Driverse CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07 ...) NOT-FOR-US: Hitachi Groupmax Mail SMTP CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 0 ...) NOT-FOR-US: Hitachi Cosminexus Collaboration Portal CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosmine ...) NOT-FOR-US: Hitachi Cosminexus Collaboration Portal CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani Ne ...) NOT-FOR-US: Apani Networks EpiForce CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the in ...) NOT-FOR-US: Limbo CMS CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 a ...) NOT-FOR-US: Limbo CMS CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earl ...) NOT-FOR-US: Limbo CMS CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not pro ...) NOT-FOR-US: Limbo CMS CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers t ...) NOT-FOR-US: HP-UX CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...) NOT-FOR-US: Plexum PLEXCART CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shoppin ...) NOT-FOR-US: PPCal Shopping Cart CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond Personal ...) NOT-FOR-US: AlmondSoft Almond Personals CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond Classifi ...) NOT-FOR-US: AlmondSoft Almond Personals CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, ...) NOT-FOR-US: DCForum CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authen ...) NOT-FOR-US: SSH Tectia Server CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows rem ...) NOT-FOR-US: ezUpload Pro CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to i ...) NOT-FOR-US: ezUpload Pro CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...) NOT-FOR-US: ScareCrow CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...) NOT-FOR-US: SiteNet BBS CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...) - trac 0.9.3-1 (bug #344006) [sarge] - trac (medium) NOTE: upstream bts at http://trac.edgewall.org/ticket/2473 claims this is NOTE: fixed in http://trac.edgewall.org/changeset/2724 but it's a fairly NOTE: invasive set of patches to backport. basically most instances NOTE: of input being escape()'d are no longer done so, and instead a NOTE: Markup() function replaces them, and special checks are done NOTE: on rendered HTML output to prevent XSS code from being displayed. CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to o ...) NOT-FOR-US: ezDatabase CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earl ...) NOT-FOR-US: ezDatabase CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...) NOT-FOR-US: ezDatabase CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earl ...) NOT-FOR-US: pgpXplorer CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in libre ...) NOT-FOR-US: libremail CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...) NOT-FOR-US: Atlant Pro CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.0 ...) NOT-FOR-US: AtlantForum CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier a ...) NOT-FOR-US: bbBoard CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial o ...) NOT-FOR-US: AppServ Open Project CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...) NOT-FOR-US: Absolute Image Gallery XE CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0 ...) NOT-FOR-US: Alkacon OpenCms CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...) NOT-FOR-US: ClickCartPro CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlie ...) NOT-FOR-US: CommerceSQL CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Online ...) NOT-FOR-US: ECTOOLS Onlineshop CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...) NOT-FOR-US: ECW-Cart CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...) NOT-FOR-US: eDatCat CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E- ...) NOT-FOR-US: MarmaraWeb E-commerce CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...) NOT-FOR-US: MarmaraWeb E-commerce CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote atta ...) NOT-FOR-US: PhpLogCon CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copit ...) NOT-FOR-US: Dick Copits PDEstore CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine ...) NOT-FOR-US: StaticStore Search Engine CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earl ...) NOT-FOR-US: The CITY Shop CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and e ...) NOT-FOR-US: Zaygo DomainCart CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and ...) NOT-FOR-US: Zaygo HostingCart CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...) - cmake (Gentoo-specific packaging flaw) CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on ...) - qt-x11-free (Gentoo-specific packaging flaw) CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo ...) - perl (Gentoo-specific packaging flaw) CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS bef ...) NOT-FOR-US: toendaCMS CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of se ...) NOT-FOR-US: Westell Versalink CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to caus ...) NOT-FOR-US: Scientific Atlanta DPX2100 Cable Modem CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x all ...) NOT-FOR-US: Business Objects WebIntelligence CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) getComman ...) NOT-FOR-US: AIX CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote at ...) NOT-FOR-US: AIX CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...) NOT-FOR-US: AIX CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows rem ...) NOT-FOR-US: Watchfire AppScan CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...) NOT-FOR-US: Microsoft Windows CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...) - cpio 2.6-10 (bug #344134; medium) [sarge] - cpio (medium) [woody] - cpio (medium) CVE-2005-4267 (Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote at ...) NOT-FOR-US: Qualcomm WorldMail CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password] NOTE: not reproducible - rageircd (bug #343543; medium) CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Sessio ...) NOT-FOR-US: Alt-N MDaemon and WorldClient CVE-2005-4265 REJECTED CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support Tic ...) NOT-FOR-US: PHP Support Tickets CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows re ...) NOT-FOR-US: Envolution CVE-2005-4262 (Cross-site scripting (XSS) vulnerability in the News module in Envolut ...) NOT-FOR-US: Envolution CVE-2005-4261 (Unspecified vulnerability in Positive Software Corporation CP+ (cpplus ...) NOT-FOR-US: CP+ CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and l ...) NOT-FOR-US: PHP-Nuke CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attac ...) NOT-FOR-US: ASPBB CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a ...) NOT-FOR-US: Cisco CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...) NOT-FOR-US: Linksys hardware CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Fo ...) NOT-FOR-US: ASP-DEV XM Forum CVE-2005-4255 (Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1. ...) NOT-FOR-US: WikkaWiki CVE-2005-4254 (SQL injection vulnerability in view_Results.php in DreamLevels DreamPo ...) NOT-FOR-US: DreamLevels DreamPoll CVE-2005-4253 (Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1 ...) NOT-FOR-US: Torrential CVE-2005-4252 (Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earl ...) NOT-FOR-US: mcGallery PRO CVE-2005-4251 (Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlie ...) NOT-FOR-US: mcGallery PRO CVE-2005-4250 (Directory traversal vulnerability in mcGallery PRO 2.2 and earlier all ...) NOT-FOR-US: mcGallery PRO CVE-2005-4249 (ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext ...) NOT-FOR-US: ADP Forum CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 ...) NOT-FOR-US: QuickPayPro CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta ...) NOT-FOR-US: Plogger CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows remot ...) NOT-FOR-US: Plogger CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe Galler ...) NOT-FOR-US: Snipe Gallery CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows ...) NOT-FOR-US: Snipe Gallery CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote ...) NOT-FOR-US: QuickPayPro CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in VCD-d ...) NOT-FOR-US: VCD-db CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and earlier a ...) NOT-FOR-US: VCD-db CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php ...) NOT-FOR-US: PHP JackKnife CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in M ...) {DSA-944-1} - mantis 0.19.4-1 (bug #345288) CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earl ...) NOT-FOR-US: MySQL Auction CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allow ...) NOT-FOR-US: CKGOLD CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCo ...) NOT-FOR-US: WHMCompleteSolution CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and ...) NOT-FOR-US: EncapsGallery CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad Manager ...) NOT-FOR-US: Ad Manager Pro CVE-2005-4232 NOT-FOR-US: Jamit Job Board CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earli ...) NOT-FOR-US: Link Up Gold CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlie ...) NOT-FOR-US: Link Up Gold CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...) NOT-FOR-US: EveryAuction CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earl ...) NOT-FOR-US: PhpWebGallery CVE-2005-4227 (Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 ...) NOT-FOR-US: DCP-Portal CVE-2005-4226 (Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 ...) NOT-FOR-US: pgpWebThings CVE-2005-4225 (Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 ...) NOT-FOR-US: myBloggie CVE-2005-4224 (Multiple "potential" SQL injection vulnerabilities in e107 0.7 might a ...) NOT-FOR-US: e107 CVE-2005-4223 (Multiple "potential" SQL injection vulnerabilities in Utopia News Pro ...) NOT-FOR-US: Utopia News Pro CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi i ...) NOT-FOR-US: Lars Ellingsen Guestserver CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...) NOT-FOR-US: Arab Portal System CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...) NOT-FOR-US: Netgear hardware issue CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains user ...) NOT-FOR-US: Innovative CMS CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows re ...) NOT-FOR-US: PHPWebThings CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...) - perl (MacOS specific vulnerability) CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Se ...) NOT-FOR-US: Macromedia Flash Media Server CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...) NOT-FOR-US: Motorola hardware CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers to obtain the installation path ...) NOT-FOR-US: phpCOIN CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...) NOT-FOR-US: phpCOIN CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1 ...) NOT-FOR-US: phpCOIN CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in php ...) NOT-FOR-US: phpCOIN CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor (I ...) NOT-FOR-US: Opera CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to ...) NOT-FOR-US: Alt-N MDaemon CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote atta ...) NOT-FOR-US: Flatnuke CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script allow ...) NOT-FOR-US: BTGrup Admin WebController Script CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic Suite 6.3. ...) NOT-FOR-US: Blackboard Learning and Community Port Systems CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...) NOT-FOR-US: LocazoList CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows r ...) NOT-FOR-US: LogiSphere CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...) NOT-FOR-US: LogiSphere CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allo ...) NOT-FOR-US: LogiSphere CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...) NOT-FOR-US: My Album Online CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) befor ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote a ...) NOT-FOR-US: Netref CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to e ...) NOT-FOR-US: Nortel SSL VPN CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal To ...) NOT-FOR-US: Scout Portal Toolkit CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1 ...) NOT-FOR-US: Scout Portal Toolkit CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming M ...) NOT-FOR-US: Sights 'n Sounds Streaming Media Server CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows re ...) NOT-FOR-US: UseBB CVE-2005-4242 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 ...) - turba2 2.0.5-1 (bug #342946; medium) CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in templates/notep ...) - mnemo2 2.0.3-1 (bug #342944; medium) CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in templates/taskl ...) - nag2 2.0.4-1 (bug #342945; medium) CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Applicati ...) {DSA-1033-1} - horde3 3.0.9-1 (bug #342942; bug #354512; medium) CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...) {DSA-970-1} - kronolith2 2.0.6-1 (bug #342943; medium) - kronolith (bug #349261; medium) CVE-2005-4188 RESERVED CVE-2005-4187 RESERVED CVE-2005-4186 RESERVED CVE-2005-4185 RESERVED CVE-2005-4184 RESERVED CVE-2005-4183 RESERVED CVE-2005-4182 RESERVED CVE-2005-4181 RESERVED CVE-2005-4180 RESERVED CVE-2005-4179 RESERVED CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Per ...) NOT-FOR-US: Magic Book Personal and Professional CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after rea ...) NOT-FOR-US: AWARD BIOS CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the ...) NOT-FOR-US: Insyde BIOS CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow r ...) NOT-FOR-US: eFiction CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: eFiction CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...) NOT-FOR-US: eFiction CVE-2005-4171 (The "Upload new image" command in the "Manage Images" eFiction 1.1, wh ...) NOT-FOR-US: eFiction CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...) NOT-FOR-US: eFiction CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote at ...) NOT-FOR-US: eFiction CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 a ...) NOT-FOR-US: eFiction CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allow ...) NOT-FOR-US: eFiction CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUp ...) NOT-FOR-US: DUportal CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...) NOT-FOR-US: ASP-DEV ASP Resources Forum CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows authenticated us ...) {DSA-923-1} - dropbear 0.47-1 (high) CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows ...) NOT-FOR-US: PHP-addressbook CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 al ...) NOT-FOR-US: Captcha CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCa ...) NOT-FOR-US: ACME PerlCal CVE-2005-4161 NOT-FOR-US: MilliScripts CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 allo ...) NOT-FOR-US: Torrential CVE-2005-4159 NOT-FOR-US: Simple Machines Forum CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...) {DSA-946-2} - sudo 1.6.8p12-1 (bug #342948; medium) CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allo ...) NOT-FOR-US: Kerio Firewall CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), wi ...) NOT-FOR-US: Mambo CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execut ...) NOT-FOR-US: ATutor CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows u ...) - php5 5.1.1-1 NOTE: PHP 5 in Debian is vulnerable according to the changelog. CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ...) {DSA-955-1} - mailman 2.1.5-10 CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to tur ...) NOT-FOR-US: Soti Pocket Controller-Professional CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Profes ...) NOT-FOR-US: PGP Desktop Home CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in C ...) NOT-FOR-US: CA Clever Path CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain s ...) NOT-FOR-US: Lyris ListManager CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, include ...) NOT-FOR-US: Lyris ListManager CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote at ...) NOT-FOR-US: Lyris ListManager CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain sensit ...) NOT-FOR-US: Lyris ListManager CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the ...) NOT-FOR-US: Lyris ListManager CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORD ...) NOT-FOR-US: Lyris ListManager CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allo ...) NOT-FOR-US: Lyris ListManager CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 t ...) NOT-FOR-US: Lyris ListManager CVE-2005-4141 (Multiple SQL injection vulnerabilities in ASPMForum allow remote attac ...) NOT-FOR-US: ASPMForum CVE-2005-4140 (SQL injection vulnerability in admin/login/index.php in Website Baker ...) NOT-FOR-US: Website Baker CVE-2005-4139 (Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 ...) NOT-FOR-US: ThWboard CVE-2005-4138 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before ...) NOT-FOR-US: ThWboard CVE-2005-4137 (SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows ...) NOT-FOR-US: DRZES HMS CVE-2005-4136 (Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 ...) NOT-FOR-US: DRZES HMS CVE-2005-4135 (Direct static code injection vulnerability in includes/newtopic.php in ...) NOT-FOR-US: SimpleBBS CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.1 ...) {DSA-1051-1 DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-2 (unimportant) - mozilla 2:1.7.13-0.1 (unimportant) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant) NOTE: Not exploitable beyond a sluggish browser startup, see NOTE: http://web.archive.org/web/20141206010602/https://www.mozilla.org/security/history-title.html CVE-2005-4133 (Sun Update Connection in Sun Solaris 10, when configured to use a web ...) NOT-FOR-US: Solaris CVE-2005-4132 (Unspecified "security leak" vulnerability in Contenido before 4.6.4, w ...) NOT-FOR-US: Contenido CVE-2005-4131 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...) NOT-FOR-US: Excel CVE-2005-4130 NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared CVE-2005-4129 REJECTED CVE-2005-4128 REJECTED CVE-2005-4127 REJECTED CVE-2005-4126 NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared CVE-2005-4125 REJECTED CVE-2005-4124 REJECTED CVE-2005-4123 REJECTED CVE-2005-4122 REJECTED CVE-2005-4121 REJECTED CVE-2005-4120 REJECTED CVE-2005-4119 REJECTED CVE-2005-4118 REJECTED CVE-2005-4117 REJECTED CVE-2005-4116 REJECTED CVE-2005-4115 REJECTED CVE-2005-4114 REJECTED CVE-2005-4113 REJECTED CVE-2005-4112 REJECTED CVE-2005-4111 REJECTED CVE-2005-4110 REJECTED CVE-2005-4109 REJECTED CVE-2005-4108 REJECTED CVE-2005-4107 REJECTED CVE-2005-4106 REJECTED CVE-2005-4105 REJECTED CVE-2005-4104 REJECTED CVE-2005-4103 REJECTED CVE-2005-4102 REJECTED CVE-2005-4101 REJECTED CVE-2005-4100 REJECTED CVE-2005-4099 REJECTED CVE-2005-4098 REJECTED CVE-2005-4097 REJECTED CVE-2005-4096 REJECTED CVE-2005-4095 (Directory traversal vulnerability in connector.php in the fckeditor2rc ...) NOT-FOR-US: DoceboLMS CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows rem ...) NOT-FOR-US: DoceboLMS CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence R56, N ...) NOT-FOR-US: Check Point CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTi ...) NOT-FOR-US: Apple QuickTime CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1- ...) NOT-FOR-US: 1-Script 1-Search CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is r ...) NOT-FOR-US: HP-UX CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass cross-do ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows rem ...) NOT-FOR-US: phpForumPro CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar Su ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web c ...) NOT-FOR-US: BlueCoat WinProxy CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allow ...) NOT-FOR-US: phpBB eXtreme Styles module CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...) NOT-FOR-US: phpBB eXtreme Styles module CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by def ...) NOT-FOR-US: QNX CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...) NOT-FOR-US: Alisveristr E-commerce CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...) - imp4 4.0.4-1 (bug #342654; unimportant) NOTE: Internet Explorer bug, most definitely fixed since long, didn't check though CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote a ...) - phpmyadmin (Affects only 2.7.0) NOTE: https://www.phpmyadmin.net/security/PMASA-2005-9/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5f3b086ed22b8ca49472d27a014df3908b0388ac CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1. ...) NOT-FOR-US: Ideal BB.NET CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...) NOT-FOR-US: Appfluent Technology Database IDS 2.0 CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF ...) NOT-FOR-US: CF_Nuke CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earl ...) NOT-FOR-US: CF_Nuke CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in CFMagic Magic List ...) NOT-FOR-US: Magic List Pro CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Person ...) NOT-FOR-US: Magic Personal Forum CVE-2005-4071 (Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal ...) NOT-FOR-US: Magic Personal Forum CVE-2005-4070 REJECTED CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure ...) NOT-FOR-US: Sony root kit CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 ...) NOT-FOR-US: AIX CVE-2005-4067 REJECTED CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and p ...) NOT-FOR-US: Total Commander CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac befo ...) {DSA-951-2} - trac 0.9.2-1 (bug #342232; medium) [sarge] - trac 0.8.1-3sarge4 CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attac ...) NOT-FOR-US: A-FAQ CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp ...) NOT-FOR-US: NetAuctionHelp CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassifi ...) NOT-FOR-US: XcClassified CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlb ...) NOT-FOR-US: XcPhotoAlbum CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pr ...) NOT-FOR-US: rwAuction CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and ea ...) NOT-FOR-US: LocazoList CVE-2005-4058 (SQL injection vulnerability in saralblog 1 and earlier allows remote a ...) NOT-FOR-US: saralblog CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in PluggedOut N ...) NOT-FOR-US: PluggedOut Nexus CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allo ...) NOT-FOR-US: PluggedOut Nexus CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and earlie ...) NOT-FOR-US: Cars Portal CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and ...) NOT-FOR-US: PluggedOut Bot CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote ...) NOT-FOR-US: coWiki CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other web sit ...) NOT-FOR-US: e107 CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a downl ...) NOT-FOR-US: e107 CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with ...) NOT-FOR-US: MultiVOIP hardware CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote ...) NOT-FOR-US: Blog System CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function ...) {DSA-1005-1 DSA-1004-1 DSA-992-1} - ffmpeg 0.cvs20050918-5.1 (bug #342207; medium) - xmovie - xine-lib 1.0.1-1.5 (bug #342208; medium) - mplayer (Fixed before initial upload) - gst-ffmpeg 0.8.7-5 (bug #343503; medium) - vlc 0.8.4.debian-2 (medium) NOTE: kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed NOTE: smilutils, motion, kino link statically against libavcodec, but don't use the vulnerable function CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnow ...) NOT-FOR-US: IISWorks ASPKnowledgeBase CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java Sy ...) NOT-FOR-US: Sun Java System Application Server CVE-2005-4045 (Unspecified vulnerability in System Communications Services 6 Delegate ...) NOT-FOR-US: Sun Java System Messaging Server CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Searc ...) NOT-FOR-US: Amazon Search Directory CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and ea ...) NOT-FOR-US: Hobosworld HobSR CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earli ...) NOT-FOR-US: Warm Links CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy H ...) NOT-FOR-US: MR CGI Guy Hot Links SQL CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier allows remo ...) NOT-FOR-US: FileLister CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future Portal S ...) NOT-FOR-US: Web4Future Portal Solutions News Portal CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future Portal Sol ...) NOT-FOR-US: Web4Future Portal Solutions News Portal CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future Affiliate M ...) NOT-FOR-US: Web4Future Affiliate Manager CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future Ke ...) NOT-FOR-US: Web4Future Keyboard Frequency Counter CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterpr ...) NOT-FOR-US: Web4Future eCommerce Enterprise Edition CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating Professio ...) NOT-FOR-US: Web4Future eDating Professional CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data ...) NOT-FOR-US: Nodezilla CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search ...) NOT-FOR-US: Easy Search System CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows re ...) - mediawiki (Only affects the 1.5 branch) CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows ...) NOT-FOR-US: Quicksilver Forums CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid usernames ...) NOT-FOR-US: WebEOC CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember allow r ...) NOT-FOR-US: aMember CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers t ...) NOT-FOR-US: SimpleBBS CVE-2005-4026 (search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr ...) NOT-FOR-US: Geeklog CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect install.p ...) NOT-FOR-US: Help Desk Reloaded Free Help Desk CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 a ...) NOT-FOR-US: Interspire FastFind CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before ...) - gallery2 2.0.2-1 (medium) CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the "Add Image From Web" f ...) - gallery2 2.0.2-1 (medium) CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install log unde ...) - gallery2 2.0.2-1 (low) CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and ...) NOT-FOR-US: Widget Imprint CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate Syste ...) NOT-FOR-US: Relative Real Estate Systems CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate Commerce ...) NOT-FOR-US: Landshop Real Estate Commerce System CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers to obta ...) NOT-FOR-US: Widget Property CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows remote at ...) NOT-FOR-US: Widget Property CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit the si ...) NOT-FOR-US: PHP Web Statistik CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a d ...) NOT-FOR-US: PHP Web Statistik CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web root with ...) NOT-FOR-US: PHP Web Statistik CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statist ...) NOT-FOR-US: PHP Web Statistik CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar ...) NOT-FOR-US: Codewalkers ltwCalendar CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier allows ...) NOT-FOR-US: Kbase Express CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2. ...) NOT-FOR-US: PHP Lite Calender Express CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 a ...) NOT-FOR-US: Jax Calendar CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 throug ...) {DSA-919-2} - curl 7.15.1-1 (bug #342339; bug #342696; medium) CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, rel ...) NOT-FOR-US: SAPID CMS CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentica ...) NOT-FOR-US: SAPID CMS CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 all ...) NOT-FOR-US: PHP-Fusion CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSi ...) NOT-FOR-US: MyTemplateSite CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package So ...) NOT-FOR-US: Absolute Shopping Package Solutions (ASPS) Shopping Cart CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, wh ...) NOT-FOR-US: WebEOC CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and ...) NOT-FOR-US: phpYellowTM Pro Edition CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater ...) NOT-FOR-US: SiteBeater News System CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater M ...) NOT-FOR-US: SiteBeater MP3 Catalog CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress Ne ...) NOT-FOR-US: Solupress News CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows ...) NOT-FOR-US: Zen Cart CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in Zen Car ...) NOT-FOR-US: Zen Cart CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX serve ...) NOT-FOR-US: Sobexsrv NOTE: Checked obexserver source package, not vulnerable CVE-2005-3994 REJECTED CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 an ...) NOT-FOR-US: MailEnable CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan (RAT ...) NOT-FOR-US: WinEggDropShell CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14. ...) NOT-FOR-US: phpMyChat CVE-2005-3990 REJECTED CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack befor ...) NOT-FOR-US: Avaya hardware CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies L ...) NOT-FOR-US: Pineapple Technologies Lore CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote a ...) NOT-FOR-US: Tradesoft CMS CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and ...) NOT-FOR-US: Instant Photo Gallery CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro S ...) NOT-FOR-US: Astaro Security Linux CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote attacke ...) {DSA-1002-1} - webcalendar 1.0.2-1 (bug #342090) CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...) NOT-FOR-US: HP Systems Insight Manager CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...) {DSA-1002-1} - webcalendar 1.0.2-1 (bug #342090) CVE-2005-3981 NOT-FOR-US: Windows CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall Tra ...) - trac 0.9.1-1 (bug #341697; medium) [sarge] - trac CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 be ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium Editi ...) NOT-FOR-US: NetClassifieds Premium Edition CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 15 ...) NOT-FOR-US: QualityEBiz Quality PPC CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware pr ...) NOT-FOR-US: Multipke DuWare products CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...) {DSA-958-1} - drupal 4.5.6-1 (bug #348811; medium) CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PH ...) {DSA-958-1} - drupal 4.5.6-1 (low) CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 th ...) {DSA-958-1} - drupal 4.5.6-1 (bug #348811; medium) CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in Extre ...) NOT-FOR-US: Extreme Search Corporate Edition CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix M ...) NOT-FOR-US: Citrix CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre1 ...) NOT-FOR-US: MXChange CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allow ...) NOT-FOR-US: MXChange CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier ...) NOT-FOR-US: PHPX CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action mo ...) NOT-FOR-US: Atlassian Confluence CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search ...) NOT-FOR-US: Java Search Engine CVE-2005-3965 REJECTED CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, an ...) - openmotif 2.2.3-1.4 (bug #342092; medium) [sarge] - openmotif (Non-free) CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 al ...) NOT-FOR-US: DotClear CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...) {DSA-943-1} - perl 5.8.7-9 (bug #341542; medium) CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers to ove ...) {DSA-1002-1} - webcalendar 1.0.2-1 (bug #341208; medium) CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of s ...) NOT-FOR-US: Kadu CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 ...) NOT-FOR-US: FreeWebStat CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0 allows rem ...) NOT-FOR-US: Entergal MX CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in DotClear 1 ...) NOT-FOR-US: DotClear CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 a ...) NOT-FOR-US: DMANews CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, ...) NOT-FOR-US: MagpieRSS CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows rem ...) NOT-FOR-US: blogBuddies CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers ...) NOT-FOR-US: Bedeng PSP CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows remote atta ...) NOT-FOR-US: PHP Labs Top Auction CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey Wizard al ...) NOT-FOR-US: PHP Labs Survey Wizard CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users ...) - nufw 1.0.16-1 (bug #341544; medium) CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remo ...) {DSA-1002-1} - webcalendar 1.0.2-1 (bug #341208; medium) CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ea ...) NOT-FOR-US: PHPAlbum CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload Center al ...) NOT-FOR-US: PHP Upload Center CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service (crash ...) NOT-FOR-US: Opera CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 a ...) NOT-FOR-US: Microsoft CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 a ...) NOT-FOR-US: ilyav Survey System CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ear ...) NOT-FOR-US: ilyav Survey System CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca Knowl ...) NOT-FOR-US: Orca Knowledgebase CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier ...) NOT-FOR-US: Orca Blog CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c an ...) NOT-FOR-US: Orca Ringmaker CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...) NOT-FOR-US: WSN Knowledge Base CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allow ...) NOT-FOR-US: Softbiz FAQ CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script ...) NOT-FOR-US: Softbiz B2B CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows re ...) NOT-FOR-US: SocketKB CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remot ...) NOT-FOR-US: SocketKB CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 3 ...) NOT-FOR-US: pcAnywhere CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script's Event Calendar ...) NOT-FOR-US: 88Script's Event Calendar CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and e ...) NOT-FOR-US: O-Kiraku Nikki CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows rem ...) NOT-FOR-US: ASP-Rider CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows remot ...) NOT-FOR-US: N-13 News CVE-2005-3929 (Directory traversal vulnerability in the create function in xarMLSXML2 ...) NOT-FOR-US: Xaraya NOTE: xarMLSXML2PHPBackend.php, 'nuff said CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users t ...) NOT-FOR-US: QNX CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlie ...) NOT-FOR-US: GuppY CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...) NOT-FOR-US: GuppY CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC Helpd ...) NOT-FOR-US: Central Manchester CLC Helpdesk Issue Manager CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop ...) NOT-FOR-US: Randshop CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...) NOT-FOR-US: NetObjects Fusion CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus l ...) NOT-FOR-US: Panda Antivirus CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for I ...) NOT-FOR-US: IOS CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers t ...) NOT-FOR-US: Babe Logger CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote ...) NOT-FOR-US: PBLang CVE-2005-3918 NOT-FOR-US: OvBB CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 Onl ...) NOT-FOR-US: CommidityRentals CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...) NOT-FOR-US: WSN Forum CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in Claviste ...) NOT-FOR-US: Clavister Web Client CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remo ...) NOT-FOR-US: AFFcommerce CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual Ho ...) NOT-FOR-US: Virtual Hosting Control System CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin b ...) {DSA-1199-1} - webmin (Fixed through corrected Perl) NOTE: No longer exploitable with Perl 5.8.7-9, thus no dedicated Webmin updated CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...) NOT-FOR-US: BosDates CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magi ...) NOT-FOR-US: Post Affiliate Pro CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate P ...) NOT-FOR-US: Post Affiliate Pro CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in GhostScripte ...) NOT-FOR-US: GhostScripter Amazon Shop CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java JDK and ...) NOT-FOR-US: Sun Java CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java SDK an ...) NOT-FOR-US: Sun Java CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1 ...) NOT-FOR-US: Sun Java CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java ...) NOT-FOR-US: Sun Java CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows loc ...) NOT-FOR-US: SCO Unixware CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...) NOT-FOR-US: Virtual Hosting Control System CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficie ...) NOT-FOR-US: Flash MX CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server does 5.1 ...) NOT-FOR-US: Macromedia Breeze CVE-2005-3899 (The automatic update feature in Google Talk allows remote attackers to ...) NOT-FOR-US: Google Talk CVE-2005-3898 REJECTED CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Safari NOTE: Not reproducible with konqueror 4:3.4.2-4. CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU cons ...) NOTE: maintainers don't believe it is a security bug and can't reproduce after 1.5.dfsg-1 - firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant) - mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant) - mozilla (bug #340282; unimportant) CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 throug ...) {DSA-973-1} - otrs 2.0.4p01-1 (bug #340352; medium) CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Ope ...) {DSA-973-1} - otrs 2.0.4p01-1 (bug #340352; medium) CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open Ticket Requ ...) {DSA-973-1} - otrs 2.0.4p01-1 (bug #340352; medium) CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a we ...) NOT-FOR-US: Gadu-Gadu CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers ...) NOT-FOR-US: Gadu-Gadu CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: Gadu-Gadu CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service vi ...) NOT-FOR-US: Gadu-Gadu CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denia ...) NOT-FOR-US: Gadu-Gadu CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenam ...) NOT-FOR-US: Gadu-Gadu CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5. ...) NOT-FOR-US: Cisco CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.4 ...) {DSA-916-1} - inkscape 0.42-1 (bug #321501; low) CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu 2 ...) NOT-FOR-US: Zaimu CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP befor ...) - php4 4:4.4.2-1 (bug #341726; medium) - php5 5.1.1-1 (bug #341368; medium) [sarge] - php4 (application's job to sanitize input) CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowle ...) NOT-FOR-US: FAQRing Knowledge Base CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Bas ...) NOT-FOR-US: AtlantisFAQ Knowledge Base CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earli ...) NOT-FOR-US: Omnistar KBase CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository ...) NOT-FOR-US: Softbiz Resource Repository Script CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...) NOT-FOR-US: PHP Doc System CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management S ...) NOT-FOR-US: Simple Document Management System CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ...) NOT-FOR-US: AD Center ADC2000 NG Pro CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 a ...) NOT-FOR-US: Enterprise Connector CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earli ...) NOT-FOR-US: Netzbrett CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 all ...) NOT-FOR-US: ShockBoard CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier all ...) NOT-FOR-US: Ugroup CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0 ...) NOT-FOR-US: JBB CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...) NOT-FOR-US: edmoBBS CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API Se ...) NOT-FOR-US: Google API CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier all ...) NOT-FOR-US: K-Search CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...) NOT-FOR-US: RevenuePilot Search Engine CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1 ...) NOT-FOR-US: SearchFeed Search Engine CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and earl ...) NOT-FOR-US: AllWeb search CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and earli ...) NOT-FOR-US: SourceWell CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and e ...) {DSA-1088-1 DSA-1083-1 DTSA-23-1} - centericq 4.21.0-6 (bug #340959; medium) - orpheus 1.5-5 (bug #368402; medium) - motor 2:3.4.0-6 (bug #368400; medium) NOTE: DTSA is for centericq only NOTE: This affects Sarge and Woody centericq NOTE: This affects Sarge and Woody motor CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to execut ...) {DSA-959-1} - unalz 0.55-1 (bug #340842; medium) CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz 0. ...) NOT-FOR-US: phpGreetz CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May At ...) NOT-FOR-US: Oliver May Athena PHP Website Administration CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 al ...) NOT-FOR-US: Q-News CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux k ...) {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.12-6 CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1. ...) - krusader 1.70.0-1 (bug #336169; low) [sarge] - krusader NOTE: This seems to be a dupe of CVE-2006-3816, pinged MITRE CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...) NOT-FOR-US: 1-2-3 music store CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS a ...) NOT-FOR-US: EasyPageCMS CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier allo ...) NOT-FOR-US: sNews CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ( ...) NOT-FOR-US: Online Work Order Suite CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online Atten ...) NOT-FOR-US: Online Attendance System CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online Knowl ...) NOT-FOR-US: Online Knowledge Base System CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ea ...) NOT-FOR-US: Fantastic News CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allo ...) NOT-FOR-US: EZ Invoice Inc CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article Manag ...) NOT-FOR-US: phpWordpress, this is not the same as Wordpress CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows r ...) NOT-FOR-US: Nicecode iDesk CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a an ...) NOT-FOR-US: pdjk-support suite CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...) NOT-FOR-US: kPlaylist CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...) NOT-FOR-US: Omnistar Live CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk all ...) NOT-FOR-US: SupportPRO Supportdesk CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft Suppo ...) NOT-FOR-US: IsolSoft Support Center CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in sCssB ...) NOT-FOR-US: sCssBoard CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...) NOT-FOR-US: DeskLance CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in DeskLa ...) NOT-FOR-US: DeskLance CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 a ...) NOT-FOR-US: Tunez CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier ...) NOT-FOR-US: Tunez CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, a ...) NOT-FOR-US: SpeedProject products CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, a ...) NOT-FOR-US: SpeedProject products CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote ...) NOT-FOR-US: ActiveCampaign SupportTrio CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows re ...) NOT-FOR-US: ActiveCampaign SupportTrio CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBu ...) NOT-FOR-US: ActiveCampaign SupportTrio CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ear ...) NOT-FOR-US: AgileBill CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...) NOT-FOR-US: Ezyhelpdesk CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...) NOT-FOR-US: Comdev Vote Caster CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote attacke ...) NOT-FOR-US: vTiger CRM CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...) NOT-FOR-US: vTiger CRM CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier a ...) NOT-FOR-US: vTiger CRM CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...) NOT-FOR-US: vTiger CRM CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger CR ...) NOT-FOR-US: vTiger CRM CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier a ...) NOT-FOR-US: vTiger CRM CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 ...) NOT-FOR-US: vTiger CRM CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory S ...) NOT-FOR-US: Softbiz Web Host Directory CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 a ...) NOT-FOR-US: freeForum CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlie ...) NOT-FOR-US: Orca Forum CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro al ...) NOT-FOR-US: SmartPPC Pro CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterpri ...) NOT-FOR-US: MailEnable CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...) NOT-FOR-US: freeFTPd CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic Winm ...) NOT-FOR-US: AMAX Magic Winmail Server CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2 ...) {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.14-1 (medium) CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ker ...) - linux-2.6 2.6.14-1 (medium) CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...) NOT-FOR-US: Cisco CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed" ...) NOT-FOR-US: Cisco CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...) NOT-FOR-US: Belkin hardware CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test possib ...) NOT-FOR-US: PasswordSafe CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak ...) NOT-FOR-US: Macromedia Contribute Publishing Server CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information v ...) - phpbb2 (unimportant) NOTE: Not a real security problem, error messages might disclose the installation NOTE: which is known for the Debian package anyway CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template ...) NOT-FOR-US: AlstraSoft Template Seller CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in Alstr ...) NOT-FOR-US: AlstraSoft Template Seller CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...) NOT-FOR-US: AlstraSoft Affiliate Network CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affi ...) NOT-FOR-US: AlstraSoft Affiliate Network CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...) NOT-FOR-US: AlstraSoft Affiliate Network CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...) NOT-FOR-US: AlstraSoft Affiliate Network CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in PHP-Nuk ...) NOT-FOR-US: PHP-Nuke CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 ...) NOT-FOR-US: phpAdsNew and phpPgAds CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter. ...) NOT-FOR-US: phpwcms CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow re ...) NOT-FOR-US: phpwcms CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0( ...) NOT-FOR-US: Cisco CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-880-1} - phpmyadmin 4:2.6.4-pl4-1 (bug #360726) NOTE: https://www.phpmyadmin.net/security/PMASA-2005-7/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0191fc3c33feb809cf668f018ad53dc35061fe4c NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/2e5c10aa2fc10fb1004aac7db78ebdaac21b9220 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/053d90b6019959c3a503d6b12b9cd23dc31df2be CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZE ...) NOT-FOR-US: Novell ZENworks CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix ...) NOT-FOR-US: Ebuild IndeX CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 inc ...) {DSA-1017-1} - linux-2.6 2.6.15-1 (medium) - kernel-source-2.4.27 CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14. ...) {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.14-3 (medium) CVE-2005-3782 (Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and pass ...) NOT-FOR-US: Apple CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12 ...) {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.13-1 CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up ...) {DSA-1017-1} - linux-2.6 2.6.13-1 CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in PmWik ...) NOT-FOR-US: PmWiki CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...) NOT-FOR-US: Solaris CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to exe ...) NOT-FOR-US: IPUpdate CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 a ...) NOT-FOR-US: HP-UX CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to dele ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote al ...) NOT-FOR-US: PollVote CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ser ...) NOT-FOR-US: Cisco CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact a ...) NOT-FOR-US: Joomla! CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow r ...) NOT-FOR-US: Joomla! CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...) NOT-FOR-US: PHP-Post CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...) NOT-FOR-US: PHP Download Manager CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) impleme ...) NOT-FOR-US: Symantec appliances CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly restrict the ...) NOT-FOR-US: Exponent CMS CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user pages und ...) NOT-FOR-US: Exponent CMS CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on uploaded fi ...) NOT-FOR-US: Exponent CMS CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS 0.96.3 and ...) NOT-FOR-US: Exponent CMS CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full installation ...) NOT-FOR-US: Exponent CMS CVE-2005-3762 (SQL injection vulnerability in the navigation module (navigationmodule ...) NOT-FOR-US: Exponent CMS CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and la ...) NOT-FOR-US: Exponent CMS CVE-2005-3760 (Double free vulnerability in the BBOORB module in IBM WebSphere Applic ...) NOT-FOR-US: WebSphere CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search Applian ...) NOT-FOR-US: Google search appliance CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly Go ...) NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour NOTE: is well documented and can be switched off. Let's hope that all users NOTE: of saxon are aware of this. A warning has been added to the readme. NOTE: Current rdependencies: - ooo2dbk (uses it's own xslt unless overridden by command line arg) CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, al ...) NOT-FOR-US: Google search appliance CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...) NOT-FOR-US: Google search appliance CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search Applian ...) NOT-FOR-US: Google search appliance CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...) NOT-FOR-US: Opera CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in the diagela command (di ...) NOT-FOR-US: AIX CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3 ...) NOT-FOR-US: Tru-Zone Nuke ET CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote attacker ...) - jetty 5.1.8-1 (bug #340582; medium) CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows remote att ...) NOT-FOR-US: APBoard CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and p ...) - libstruts1.2-java 1.2.8-1 (bug #340583; medium) [sarge] - libstruts1.2-java (Only in contrib, relies on proprietary Java) CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlie ...) NOT-FOR-US: phpComasy CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...) NOT-FOR-US: SimplePoll CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll ...) NOT-FOR-US: Advanced Poll CVE-2005-3741 (Almond Classifieds does not properly verify the password, which allows ...) NOT-FOR-US: Almond Classifieds CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earl ...) NOT-FOR-US: PHP-Fusion CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and ...) NOT-FOR-US: PHP-Fusion CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when register_glo ...) NOT-FOR-US: Mambo CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 throu ...) {DSA-916-1 DTSA-24-1} - inkscape 0.43-1 (bug #330894; medium) CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart al ...) NOT-FOR-US: e-Quick Cart CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow remote at ...) NOT-FOR-US: e-Quick Cart CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add content" page in ...) NOT-FOR-US: phpMyFAQ CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper ...) NOT-FOR-US: Juniper products using IKE CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg ...) {DSA-965-1} - ipsec-tools 1:0.6.3-1 (bug #340584; low) CVE-2005-3808 (Integer overflow in the invalidate_inode_pages2_range function in mm/t ...) - linux-2.6 2.6.14-4 (medium) [sarge] - kernel-source-2.4.27 (Vulnerable code not present) [sarge] - kernel-source-2.6.8 (Vulnerable code not present) CVE-2005-3809 (The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in ...) - linux-2.6 2.6.14-4 (medium) [sarge] - kernel-source-2.4.27 (Vulnerable code not present) [sarge] - kernel-source-2.6.8 (Vulnerable code not present) CVE-2005-3810 (ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2. ...) - linux-2.6 2.6.14-4 (medium) [sarge] - kernel-source-2.4.27 (Vulnerable code not present) [sarge] - kernel-source-2.6.8 (Vulnerable code not present) CVE-2005-3759 (Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3. ...) {DSA-909-1} - horde3 3.0.7-1 (bug #340323; medium) CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...) - cyassl (Fixed before initial upload to archive) CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorS ...) NOT-FOR-US: Revize CMS CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain s ...) NOT-FOR-US: Revize CMS CVE-2005-3728 (Idetix Software Systems Revize CMS stores conf/revize.xml under the we ...) NOT-FOR-US: Revize CMS CVE-2005-3727 (SQL injection vulnerability in debug/query_results.jsp in Idetix Softw ...) NOT-FOR-US: Revize CMS CVE-2005-3726 (SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows re ...) NOT-FOR-US: ArticleLive NX CVE-2005-3725 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addr ...) NOT-FOR-US: Zyxel WIFI Phone CVE-2005-3724 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attacker ...) NOT-FOR-US: Zyxel WIFI Phone CVE-2005-3723 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disabl ...) NOT-FOR-US: Hitachi WIFI Phone CVE-2005-3722 (The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows ...) NOT-FOR-US: Hitachi WIFI Phone CVE-2005-3721 (The default configuration of the HTTP server in Hitachi IP5000 VOIP WI ...) NOT-FOR-US: Hitachi WIFI Phone CVE-2005-3720 (The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI ...) NOT-FOR-US: Hitachi WIFI Phone CVE-2005-3719 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator pa ...) NOT-FOR-US: Hitachi WIFI Phone CVE-2005-3718 (UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel ...) NOT-FOR-US: UTStarcom WIFI Phone CVE-2005-3717 (The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWo ...) NOT-FOR-US: UTStarcom WIFI Phone CVE-2005-3716 (The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWork ...) NOT-FOR-US: UTStarcom WIFI Phone CVE-2005-3715 (Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWork ...) NOT-FOR-US: Senao Wireless VoIP Phone CVE-2005-3699 (Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers t ...) NOT-FOR-US: Opera CVE-2005-3698 (PHP Easy Download allows remote attackers to bypass authentication via ...) NOT-FOR-US: PHP Easy Download CVE-2005-3697 (Unspecified vulnerability in the administration interface in Uresk Lin ...) NOT-FOR-US: Uresk Links Lite CVE-2005-3696 (SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attac ...) NOT-FOR-US: Arki-DB CVE-2005-3695 (Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php i ...) NOT-FOR-US: LiteSpeed Webserver CVE-2005-3694 (centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allo ...) {DSA-912-1} - centericq 4.21.0-4 (bug #334089; low) CVE-2005-3693 (The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm Medi ...) NOT-FOR-US: SunnComm MediaMax DRM CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server ...) NOT-FOR-US: AMAX Magic Winmail Server CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...) NOT-FOR-US: MailEnable Professional CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailE ...) NOT-FOR-US: MailEnable Professional CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the installati ...) NOT-FOR-US: XMB CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 a ...) NOT-FOR-US: XMB CVE-2005-3687 (cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote a ...) NOT-FOR-US: WHM AutoPilot CVE-2005-3686 (SQL injection vulnerability in search.inc.php in Unclassified NewsBoar ...) NOT-FOR-US: Unclassified Newsboard CVE-2005-3685 (Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Sh ...) NOT-FOR-US: VP-ASP Shopping Cart CVE-2005-3684 (Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, ...) NOT-FOR-US: freeFTPd CVE-2005-3683 (Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enab ...) NOT-FOR-US: freeFTPd CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...) NOT-FOR-US: Wizz Forum CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads modul ...) NOT-FOR-US: Xoops CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS 2.2. ...) NOT-FOR-US: Xoops CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-A ...) NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows r ...) NOT-FOR-US: Google Talk CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote a ...) - helix-player CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allo ...) NOT-FOR-US: PhpWebThings CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to cau ...) NOTE: Generic protocol weakness, likely hard to fix at the kernel NOTE: level without performance impact. CVE-2005-3674 (The Internet Key Exchange version 1 (IKEv1) implementation in the libi ...) NOT-FOR-US: libike from Solaris CVE-2005-3673 (The Internet Key Exchange version 1 (IKEv1) implementation in Check Po ...) NOT-FOR-US: Check Point's IKE implementation CVE-2005-3672 (The Internet Key Exchange version 1 (IKEv1) implementation in Stonesof ...) NOT-FOR-US: StoneGate's IKE implementation CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...) - openswan 1:2.4.4-1 (bug #339082; low) [sarge] - openswan (Only exploitable in inherently insecure mode of operation) NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange vers ...) NOT-FOR-US: HP-UX's IKE implementation CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange vers ...) NOT-FOR-US: Cisco CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of I ...) NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified implement ...) NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple unspeci ...) NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1207-1} - phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium) NOTE: https://www.phpmyadmin.net/security/PMASA-2005-8/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/05c719aba3b99820daa3187e055c6ef4540b53cc CVE-2005-XXXX [unsafe file permissions in vpnc] - vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant) NOTE: Only an example file CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before Firmware Up ...) NOT-FOR-US: Apple AirPort CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remo ...) NOT-FOR-US: Apple Quicktime CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 al ...) NOT-FOR-US: Apple CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote attacke ...) NOT-FOR-US: Apple Quicktime CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote attacke ...) NOT-FOR-US: Apple Quicktime CVE-2005-3709 (Integer underflow in Apple Quicktime before 7.0.4 allows remote attack ...) NOT-FOR-US: Apple Quicktime CVE-2005-3708 (Integer overflow in Apple Quicktime before 7.0.4 allows remote attacke ...) NOT-FOR-US: Apple Quicktime CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote attacker ...) NOT-FOR-US: Apple Quicktime CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4. ...) NOT-FOR-US: Mac OS X CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3. ...) NOT-FOR-US: Mac OS X CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allo ...) NOT-FOR-US: Mac OS X CVE-2005-3703 REJECTED CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote att ...) NOT-FOR-US: Safari CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 ...) NOT-FOR-US: Mac OS X CVE-2005-3700 (Unknown vulnerability in iodbcadmintool in the ODBC Administrator util ...) NOT-FOR-US: Mac OS X CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...) NOT-FOR-US: Kaspersky AV CVE-2005-3663 (Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 ...) NOT-FOR-US: Kaspersky AV CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the -al ...) {DSA-904-1} - netpbm-free 2:10.0-10.1 (medium; bug #351639) CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0. ...) NOT-FOR-US: Dell hardware issue CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...) - linux (unimportant) - linux-2.6 (unimportant) NOTE: Design limitation, for rare corner cases, where this poses a problem advanced NOTE: resource management systems can be deployed CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7 ...) NOT-FOR-US: EMC Legato NetWorker CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x bef ...) NOT-FOR-US: EMC Legato NetWorker CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Cent ...) NOT-FOR-US: McAfee CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in mod_aut ...) {DSA-935-1} [sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0 - libapache2-mod-auth-pgsql 2.0.2b1-7 - libapache-mod-auth-pgsql (Does not contain the vulnerable ap_log_rerror() function) CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server Remote Man ...) NOT-FOR-US: Novell Open Enterprise Server CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...) NOT-FOR-US: Blue Coat WinProxy CVE-2005-3653 (Heap-based buffer overflow in the iGateway service for various Compute ...) NOT-FOR-US: IGateway CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 a ...) NOT-FOR-US: Citrix CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix func ...) {DSA-920-1} - ethereal 0.10.13-1.1 (bug #342911; medium) CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...) NOT-FOR-US: Sony Root Kit Uninstaller CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users t ...) NOTE: only exploitable in certian configurations (non-default) NOTE: warning added.. - moodle 1.5.3+20060108-1 (bug #338592; low) [sarge] - moodle (Isn't explotable in sarge) CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in d ...) - moodle 1.5.3+20060108-1 (bug #338592; low) [sarge] - moodle (Only exploitable in strange PHP setups) CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from ...) NOT-FOR-US: Folder Guard CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpA ...) NOT-FOR-US: phpAdsNews CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remo ...) NOT-FOR-US: phpAdsNews CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2 ...) NOT-FOR-US: Windows CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...) NOT-FOR-US: DB2 CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...) NOT-FOR-US: Informix CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing enable ...) NOT-FOR-US: Oracle CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of Floosie ...) NOT-FOR-US: FTGate CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...) NOT-FOR-US: Help Center Live CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow re ...) NOT-FOR-US: Ekinboard CVE-2005-3637 REJECTED CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...) NOT-FOR-US: SAP Web Application Server CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Applica ...) NOT-FOR-US: SAP Web Application Server CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6. ...) NOT-FOR-US: SAP Web Application Server CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web Appli ...) NOT-FOR-US: SAP Web Application Server CVE-2005-3632 (Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow ...) {DSA-904-1} - netpbm-free 2:10.0-10.1 (medium; bug #351639) CVE-2005-3631 (udev does not properly set permissions on certain files in /dev/input, ...) - udev (Red Hat specific) CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to obtain se ...) NOT-FOR-US: Fedora Directory Server CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly handle cer ...) NOTE: current sudo cleans the environment, so we are not affected - sysvconfig (sudo cleans env anyway) CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Strea ...) {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - kdegraphics 4:3.5.0-3 - gpdf 2.10.0-2 (bug #342286) - xpdf 3.01-4 - koffice 1:1.4.2-6 (bug #342294) - libextractor 0.5.9-1 - pdfkit.framework 0.8-4 - pdftohtml 0.36-12 - cupsys 1.1.22-7 - cups 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. - tetex-bin 3.0-12 NOTE: tetex-bin switched to poppler in 3.0-12. CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...) {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.4-1 (bug #346076) - kdegraphics 4:3.5.0-3 - gpdf 2.10.0-2 (bug #342286) - xpdf 3.01-4 - koffice 1:1.4.2-6 (bug #342294) - libextractor 0.5.9-1 - pdfkit.framework 0.8-4 - pdftohtml 0.36-12 - cupsys 1.1.22-7 - cups 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. - tetex-bin 3.0-12 NOTE: tetex-bin switched to poppler in 3.0-12. CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...) {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.3-2 - kdegraphics 4:3.5.0-3 - xpdf 3.01-4 - gpdf 2.10.0-2 (bug #342286) - koffice 1:1.4.2-6 (bug #342294) - libextractor 0.5.9-1 - pdfkit.framework 0.8-4 - pdftohtml 0.36-12 - cupsys 1.1.22-7 - cups 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. - tetex-bin 3.0-12 NOTE: tetex-bin switched to poppler in 3.0-12. CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...) {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.4-1 (bug #346076) - tetex-bin 3.0-12 - kdegraphics 4:3.5.0-3 - xpdf 3.01-4 - gpdf 2.10.0-2 (bug #342286) - koffice 1:1.4.2-6 (bug #342294) - libextractor 0.5.9-1 - pdfkit.framework 0.8-4 - pdftohtml 0.36-12 - cups 1.1.22-7 - cupsys 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. NOTE: tetex-bin switched to poppler in 3.0-12. CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpd ...) {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.4-1 (bug #346076) - tetex-bin 3.0-12 - gpdf 2.10.0-2 (bug #342286) - kdegraphics 4:3.5.0-3 - xpdf 3.01-4 - koffice 1:1.4.2-6 (bug #342294) - libextractor 0.5.9-1 - pdfkit.framework 0.8-4 - pdftohtml 0.36-12 - cups 1.1.22-7 - cupsys 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. NOTE: tetex-bin switched to poppler in 3.0-12. CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR pr ...) [sarge] - kernel-source-2.6.8 (Does not contain NFS ACLs) - linux-2.6 2.6.14-7 CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain t ...) - phpmyadmin (unimportant) CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 patc ...) NOT-FOR-US: VMware ESX CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface f ...) NOT-FOR-US: VMware ESX CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management inte ...) NOT-FOR-US: VMWare ESX CVE-2005-3617 RESERVED CVE-2005-3616 RESERVED CVE-2005-3615 RESERVED CVE-2005-3614 RESERVED CVE-2005-3613 RESERVED CVE-2005-3612 RESERVED CVE-2005-3611 RESERVED CVE-2005-3610 RESERVED CVE-2005-3609 RESERVED CVE-2005-3608 RESERVED CVE-2005-3607 RESERVED CVE-2005-3606 RESERVED CVE-2005-3605 RESERVED CVE-2005-3604 RESERVED CVE-2005-3603 RESERVED CVE-2005-3602 RESERVED CVE-2005-3601 RESERVED CVE-2005-3600 RESERVED CVE-2005-3599 RESERVED CVE-2005-3598 RESERVED CVE-2005-3597 REJECTED CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote attacker ...) NOT-FOR-US: ASPKnowledgebase CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank pas ...) NOT-FOR-US: Windows XP CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores v ...) NOT-FOR-US: e107 CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...) NOT-FOR-US: CuteNews CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier a ...) - flashplugin-nonfree 7.0.61-1 (bug #339290; high) [sarge] - flashplugin-nonfree (Only affects proprietary Flash plugin) CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote a ...) NOT-FOR-US: FileZilla Server CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 all ...) NOT-FOR-US: Advanced Guestbook CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...) {DSA-947-1} - clamav 0.87.1-1 (medium) NOTE: sarge is affected (not in oldstable) CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...) NOT-FOR-US: Mambo CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows ...) NOT-FOR-US: PhpWebThings CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...) NOT-FOR-US: PhpWebThings CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit (S ...) NOT-FOR-US: Sun Java CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group ...) - imagemagick (Gentoo-specific packaging flaw) CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to increa ...) - gdal (Gentoo-specific packaging flaw) CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to incre ...) - qdbm (Gentoo-specific packaging flaw) CVE-2005-3579 (ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote at ...) NOT-FOR-US: Walla TeleSite CVE-2005-3578 (SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3 ...) NOT-FOR-US: Walla TeleSite CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Wal ...) NOT-FOR-US: Walla TeleSite CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ac ...) NOT-FOR-US: Walla TeleSite CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier all ...) NOT-FOR-US: Cyphor CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote at ...) NOT-FOR-US: iCMS CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...) {DSA-955-1} - mailman 2.1.5-10 (bug #327732; bug #339095; medium) CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allow ...) NOT-FOR-US: Peel CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHP ...) NOT-FOR-US: protection.php from several crappy web apps not in Debian CVE-2005-3570 (Unspecified cross-site scripting (XSS) vulnerability in Horde before 2 ...) {DSA-914-1} - horde2 2.2.9-1 (bug #338983) CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX ...) NOT-FOR-US: DB2 CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allow ...) NOT-FOR-US: DB2 CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 bin ...) NOT-FOR-US: Tivoli CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server for U ...) NOT-FOR-US: VERITAS Cluster Server CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and ...) NOT-FOR-US: HP-UX CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obt ...) NOT-FOR-US: HP-UX CVE-2005-3563 REJECTED CVE-2005-3562 REJECTED CVE-2005-3561 REJECTED CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...) NOT-FOR-US: Zone Labs CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 throu ...) {DSA-1048-1} - asterisk 1:1.2.7.1.dfsg-2 (bug #338116; medium) CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remot ...) NOT-FOR-US: OSTE CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist 2.1 ...) - phplist (bug #612288) CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 ...) - phplist (bug #612288) CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier a ...) - phplist (bug #612288) CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...) NOT-FOR-US: PHPKIT CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 ...) NOT-FOR-US: PHPKIT CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...) NOT-FOR-US: PHPKIT CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...) NOT-FOR-US: toendaCMS CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before 0.6 ...) NOT-FOR-US: toendaCMS CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power ...) NOT-FOR-US: Invision Power Board CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power Bo ...) NOT-FOR-US: Invision Power Board CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 a ...) NOT-FOR-US: Invision Power Board CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before ...) NOT-FOR-US: F-Secure Internet Gatekeeper and Antivirus Gateway CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ibPro ...) NOT-FOR-US: ibProArcade CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allow ...) NOT-FOR-US: XMB CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...) NOT-FOR-US: Phorum CVE-2005-3542 REJECTED CVE-2005-3541 RESERVED CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to exec ...) {DSA-929-1} - petris 1.0.1-5 CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier a ...) {DSA-933-1} - hylafax 2:4.2.4-2 (bug #347298) NOTE: First patch had regressions CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrar ...) - hylafax 2:4.2.4-1 [sarge] - hylafax (Affected only 4.2.3) [woody] - hylafax (Affected only 4.2.3) CVE-2005-3537 (A "missing request validation" error in phpBB 2 before 2.0.18 allows r ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; medium) CVE-2005-3536 (SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote att ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; medium) CVE-2005-3535 (Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary ...) {DSA-926-1} - ketm 0.0.6-17sarge1 (low) CVE-2005-3534 (Buffer overflow in the Network Block Device (nbd) server 2.7.5 and ear ...) {DSA-924-1} - nbd 1:2.8.3-1 CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to execute arb ...) {DSA-918-1} - osh 1.7-15 CVE-2005-3532 (authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through ...) {DSA-917-1} - courier 0.47-12 (bug #211920; medium) CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows loca ...) {DTSA-27-1} - fuse 2.4.1-0.1 (bug #340398; low) [sarge] - fuse (Minor local DoS) CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...) NOT-FOR-US: Antville CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remo ...) NOT-FOR-US: TikiWiki CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...) NOT-FOR-US: TikiWiki CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows l ...) - linux-2.6 2.6.14-1 (low) - kernel-source-2.4.27 (Vulnerable code was introduced later) [sarge] - kernel-source-2.6.8 (Vulnerable code was introduced later) NOTE: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0 CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 200 ...) NOT-FOR-US: Ipswitch Collaboration Suite CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the installer fo ...) NOT-FOR-US: Adobe CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...) NOT-FOR-US: ManageEngine NetflowAnalyzer CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6 ...) NOT-FOR-US: e107 CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 ...) NOT-FOR-US: MySource CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow r ...) NOT-FOR-US: MySource CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 all ...) NOT-FOR-US: PunBB CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the insta ...) NOT-FOR-US: Chipmunk Scripts Guestbook CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...) NOT-FOR-US: Chipmunk Directory CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...) NOT-FOR-US: Chipmunk Topsites CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum ...) NOT-FOR-US: Chipmunk Forum CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain the inst ...) NOT-FOR-US: VUBB CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc ...) NOT-FOR-US: VUBB CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4 ...) NOT-FOR-US: Spymac Web OS CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denia ...) - tomcat5 (Debian's 5.0 version is not vulnerable) CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote attacke ...) NOT-FOR-US: JPortal CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2. ...) NOT-FOR-US: Tonio gallery (not the one in the gallery debian package) CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows remote atta ...) NOT-FOR-US: CuteNews CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server ...) NOT-FOR-US: Sambar CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat script in ...) NOT-FOR-US: Entropy Chat Script CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled ...) NOT-FOR-US: AIX CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other o ...) NOT-FOR-US: SuSE fork of passwd CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers to vi ...) NOT-FOR-US: Cerberus Helpdesk CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass protection vi ...) NOT-FOR-US: F-Prot Antivirus CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5. ...) NOT-FOR-US: WebSphere CVE-2005-3497 NOT-FOR-US: PHP Handicapper CVE-2005-3496 (Cross-site scripting (XSS) vulnerability in PHP Handicapper allows rem ...) NOT-FOR-US: PHP Handicapper CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass authenticati ...) NOT-FOR-US: Ar-blog CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier al ...) NOT-FOR-US: Ar-blog CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a denia ...) NOT-FOR-US: Battle Carry CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: FlatFrag CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in FlatFr ...) NOT-FOR-US: FlatFrag CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video Secu ...) NOT-FOR-US: Asus Video Security CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...) NOT-FOR-US: Asus Video Security CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a d ...) - scorched3d 39.1+cvs20050929-2 (bug #337403; medium) CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow r ...) - scorched3d 39.1+cvs20050929-2 (bug #337403; medium) CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and ea ...) - scorched3d 39.1+cvs20050929-2 (bug #337403; medium) CVE-2005-3485 (Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote attacke ...) NOT-FOR-US: Glider Collect'n kill CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allow ...) NOT-FOR-US: NeroNET CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...) NOT-FOR-US: GO-Global CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows rem ...) {DSA-1207-1} - phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium) NOTE: https://www.phpmyadmin.net/security/PMASA-2005-6/ CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl ...) {DSA-896-1} - linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high) CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...) - linux-2.6 2.6.14-4 CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before 2.6.15 ...) {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.14-4 (low) CVE-2005-XXXX [user logout in drupal has no effect] [sarge] - drupal (bug was introduced after 4.5.3) - drupal 4.5.5-3 (bug #336719; medium) CVE-2005-XXXX [double free() in libungif] - libungif4 4.1.4-1 (bug #338542; medium) CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote att ...) {DSA-891-1} - gpsdrive 2.09-2sarge1 (bug #337495; medium) CVE-2005-XXXX [Insecure temp files in note] - note 1.3.1-3 (bug #337492; unimportant) NOTE: Second issue not shipped in binary, only example, first issue not sufficiently NOTE: predictable for a real world attack CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) bef ...) {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (medium) CVE-2005-3501 (The cabd_find function in cabd.c of the libmspack library (mspack) for ...) {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (medium) CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in Lig ...) NOT-FOR-US: Cisco CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitra ...) NOT-FOR-US: IOS CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...) NOT-FOR-US: Ringtail CaseBook CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail Case ...) NOT-FOR-US: Ringtail CaseBook CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe.net Tutorials Mana ...) NOT-FOR-US: PHPCafe Tutorial Manager CVE-2005-3477 (Multiple interpretation error in the image upload handling code in Inv ...) NOT-FOR-US: Invision Gallery CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and O ...) NOT-FOR-US: OpenVMS CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a de ...) NOT-FOR-US: Hasbani Web Server CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...) NOT-FOR-US: XCP DRM CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...) NOT-FOR-US: Simple PHP Blog CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express 20 ...) NOT-FOR-US: Sun Java System Communications Express CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch fo ...) NOT-FOR-US: MailWatch for MailScanner CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in MailWat ...) NOT-FOR-US: MailWatch for MailScanner CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows re ...) NOT-FOR-US: News2Net CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...) NOT-FOR-US: F-Secure CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...) NOT-FOR-US: Serv-U FTP Server CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...) NOT-FOR-US: Oracle CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle Enterpris ...) NOT-FOR-US: Oracle CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...) NOT-FOR-US: Oracle CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...) NOT-FOR-US: Oracle CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...) NOT-FOR-US: Oracle CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...) NOT-FOR-US: Oracle CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...) NOT-FOR-US: Oracle CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) NOT-FOR-US: Oracle CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) NOT-FOR-US: Oracle CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...) NOT-FOR-US: Oracle CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...) NOT-FOR-US: Oracle CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...) NOT-FOR-US: Oracle CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle Applicatio ...) NOT-FOR-US: Oracle CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server 1. ...) NOT-FOR-US: Oracle CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application Se ...) NOT-FOR-US: Oracle CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application Ser ...) NOT-FOR-US: Oracle CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0 ...) NOT-FOR-US: Oracle CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application Ser ...) NOT-FOR-US: Oracle CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server ...) NOT-FOR-US: Oracle CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database Ser ...) NOT-FOR-US: Oracle CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...) NOT-FOR-US: Oracle CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in ...) NOT-FOR-US: Oracle CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Oracle CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up t ...) NOT-FOR-US: Oracle CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database Serv ...) NOT-FOR-US: Oracle CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database Ser ...) NOT-FOR-US: Oracle CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up ...) NOT-FOR-US: Oracle CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up t ...) NOT-FOR-US: Oracle CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database S ...) NOT-FOR-US: Oracle CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remo ...) NOT-FOR-US: Nuked-Klan CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to ...) NOT-FOR-US: Archilles Newsworld CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) se ...) NOT-FOR-US: Archilles Newsworld CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers ...) NOT-FOR-US: Mirabilis ICQ CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protect ...) NOT-FOR-US: MiniGal2 CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express be ...) NOT-FOR-US: MailSite Express CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express befor ...) NOT-FOR-US: MailSite Express CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save logi ...) NOT-FOR-US: MailSite Express CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...) NOT-FOR-US: MailSite Express CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...) NOT-FOR-US: IPS Sensors CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ser ...) NOT-FOR-US: Cisco CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allow ...) {DSA-877-1} - gnump3d 2.9.6-1 CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allow ...) {DSA-877-1} - gnump3d 2.9.5-1 (low) CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remot ...) NOT-FOR-US: Subdreamer CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast Foru ...) NOT-FOR-US: ASP Fast Forum CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attack ...) NOT-FOR-US: Hyper Estraier CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) NOTE: http://www.hardened-php.net/advisory_172005.75.html NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 NOTE: Remote code execution may be possible, especially in conjunction NOTE: with PHP bugs. CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 all ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 an ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is d ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ses ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #336582; bug #336587) CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with insuff ...) NOT-FOR-US: eyeOS CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...) NOT-FOR-US: eyeOS CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...) NOT-FOR-US: Elite Forum CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2 ...) NOT-FOR-US: Snitz Forums CVE-2005-3410 RESERVED CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote atta ...) {DSA-885-1} - openvpn 2.0.5-1 (bug #337334; low) CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows ...) NOT-FOR-US: gCards CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote ...) NOT-FOR-US: phpESP CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier a ...) NOT-FOR-US: phpESP CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbi ...) NOT-FOR-US: ATutor CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1. ...) NOT-FOR-US: ATutor CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 th ...) NOT-FOR-US: ATutor CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...) NOTE: That's a non-issue; only a feature request for an improvement in a corner case. NOTE: If someone wants to use security-sensitive communication a TLS-secured server NOTE: should be used. CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote att ...) NOT-FOR-US: TheHacker CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote attac ...) NOT-FOR-US: Fortinet CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attac ...) NOT-FOR-US: CAT-QuickHeal CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...) NOT-FOR-US: Solaris Management Console CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...) NOT-FOR-US: Comersus BackOffice CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, ...) NOT-FOR-US: AIX CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote at ...) NOT-FOR-US: Invision Gallery CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1 ...) NOT-FOR-US: oaboard CVE-2005-3393 (Format string vulnerability in the foreign_option function in options. ...) {DSA-885-1} - openvpn 2.0.5-1 (bug #336751; medium) CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...) - php4 4:4.4.2-1 (bug #336645; bug #354681; low) [sarge] - php4 (Safe mode violations not supported) - php5 5.1.1-1 (bug #336654; low) NOTE: According to CVE, this is a safe mode violation, NOTE: therefore low impact. (According to SuSE, it's an NOTE: information leak.) CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...) - php4 4:4.4.2-1 (bug #336645; bug #354678; low) [sarge] - php4 (Safe mode violations not supported) - php5 5.1.1-1 (bug #336654; low) NOTE: This is a safe mode violation, therefore low impact. CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5 ...) - php4 4:4.4.2-1 (bug #336645; bug #354680; low) - php5 5.1.1-1 (bug #336654; low) [sarge] - php4 (Operation with register_globals not supported) NOTE: http://www.hardened-php.net/advisory_202005.79.html NOTE: http://www.hardened-php.net/globals-problem CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, whe ...) - php4 4:4.4.2-1 (bug #336645; bug #354690; low) - php5 5.1.1-1 (bug #336654; low) [sarge] - php4 (application's job to sanitize input) NOTE: http://www.hardened-php.net/advisory_192005.78.html CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ...) {CVE-2002-1954} - php4 4:4.4.2-1 (bug #336645; low) - php5 5.1.1-1 (bug #336654; low) [sarge] - php4 (not worth an update) NOTE: http://www.hardened-php.net/advisory_182005.77.html NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, wh ...) - ntop (Red Hat specific packaging flaw) CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script allo ...) NOT-FOR-US: Techno Dreams scripts CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script allow ...) NOT-FOR-US: Techno Dreams scripts CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script allows ...) NOT-FOR-US: Techno Dreams scripts CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script allow ...) NOT-FOR-US: Techno Dreams scripts CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine al ...) NOT-FOR-US: Sophos CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus (UNA) 1. ...) NOT-FOR-US: Ukranian National Antivirus CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01 allows re ...) NOT-FOR-US: Panda Titanium CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1 ...) NOT-FOR-US: Trend Micro CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02 engine a ...) NOT-FOR-US: Norman CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security Suite 7. ...) NOT-FOR-US: McAfee CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote attac ...) NOT-FOR-US: Kaspersky CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows remote att ...) NOT-FOR-US: Ikarus CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote attackers ...) NOT-FOR-US: F-Prot CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote attackers ...) NOT-FOR-US: Dr. Web CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 eng ...) NOT-FOR-US: eTrust CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote attackers ...) NOT-FOR-US: AVG CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allow ...) NOT-FOR-US: ArcaVir CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module (info_db. ...) NOT-FOR-US: Woltlab Burning Board CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced module ...) NOT-FOR-US: PHP-Nuke CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog ...) NOT-FOR-US: SparkleBlog CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 t ...) NOT-FOR-US: PHP iCalendar CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier all ...) NOT-FOR-US: DCP-Portal CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow remote atta ...) NOT-FOR-US: DboardGear CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 ...) NOT-FOR-US: saphp Lesson CVE-2005-3362 REJECTED CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuk ...) NOT-FOR-US: FlatNuke CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...) NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005 CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...) {DSA-1103} - linux-2.6 2.6.14 CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ser ...) {DSA-1017-1} - linux-2.6 (Fixed before upload into archive; 2.6.11) CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...) - apache2 2.0.55-4 (bug #351246; low) [sarge] - apache2 2.0.54-5sarge2 CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...) {DSA-1017-1} - linux-2.6 2.6.15-4 CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unkn ...) {DSA-901-1} - gnump3d 2.9.8-1 CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in ldif.c of ...) {DSA-908-1 DSA-906-1} - sylpheed 2.0.4-1 (bug #338434; medium) - sylpheed-gtk1 1.0.6-1 (medium) - sylpheed-claws 1.0.5-2 (bug #338436; medium) - sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium) CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 all ...) {DSA-1206-1} - php4 4:4.4.2-1 (bug #339577; medium) - php5 5.1.1-1 (bug #336654; medium) CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of Apa ...) {DSA-1167-1} - apache 1.3.34-2 (bug #343466; low) - apache2 2.0.55-4 (bug #343467; bug #349793; low) [sarge] - apache2 2.0.54-5sarge2 NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected NOTE: Means oldstable and stable are affected CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e- ...) - spamassassin 3.1.0a-1 (bug #339526; low) [sarge] - spamassassin (DoS affects only a single message) [woody] - spamassassin (DoS affects only a single message) CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and p ...) {DSA-890-1} - libungif4 4.1.3-4 (bug #337972; high) - giflib 4.1.4-1 (bug #395382) CVE-2005-3349 (GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitr ...) {DSA-901-1} - gnump3d 2.9.8-1 CVE-2005-3348 (HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 a ...) {DSA-899-1 DSA-898-1 DSA-897-1} - phpsysinfo 2.3-7 (bug #339079) - egroupware 1.0.0.009.dfsg-3-3 - phpgroupware 0.9.16.008-2 CVE-2005-3347 (Multiple directory traversal vulnerabilities in index.php in phpSysInf ...) {DSA-899-1 DSA-898-1 DSA-897-1} - phpsysinfo 2.3-7 (bug #339079) - egroupware 1.0.0.009.dfsg-3-3 - phpgroupware 0.9.16.008-2 CVE-2005-3346 (Buffer overflow in the environment variable substitution code in main. ...) {DSA-918-1} - osh 1.7-15 (bug #338312; bug #323424; bug #323482; bug #311369; medium) CVE-2005-3345 (rssh 2.0.0 through 2.2.3 allows local users to bypass access restricti ...) - rssh 2.3.0-1 (bug #344395; bug #344424) [sarge] - rssh 2.2.3-1.sarge.1 NOTE: Update was introduced through s-p-u, not a DSA CVE-2005-3344 (The default installation of Horde 3.0.4 contains an administrative acc ...) {DSA-884-1} - horde3 3.0.5-2 (bug #332290; bug #332289; medium) CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary files vi ...) {DSA-927-1} - tkdiff 1:4.0.2-2 (low) CVE-2005-3342 (noweb 2.10c and earlier allows local users to overwrite arbitrary file ...) {DSA-968-1} - noweb 2.10c-3.2 (low) CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earli ...) {DSA-941-1} - tuxpaint 1:0.9.15b-1 (low) CVE-2005-XXXX [ntop format string vulnerability] - ntop 3:4.0.3+dfsg1-1 (bug #335996; unimportant) NOTE: Not exploitable CVE-2005-3341 (DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users ...) {DSA-928-1} - dhis-tools-dns 5.0-5 CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which h ...) {DSA-905-1} - mantis 0.19.3-0.1 (bug #330682) CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using reminder ...) {DSA-905-1} - mantis 0.19.3-0.1 (bug #330682; low) CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0 ...) NOTE: This is a duplicate of CVE-2005-3091 (first issue) and CVE-2005-2557 (second NOTE: issue). This will be rejected. CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remot ...) {DSA-905-1} - mantis 0.19.3-0.1 (high) CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...) {DSA-905-1} - mantis 0.19.3-0.1 (bug #335938; medium) CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9. ...) {DSA-953-1} - flyspray 0.9.8-4 (bug #335997; low) NOTE: Sarge is confirmed vulnerable CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...) NOT-FOR-US: eBASEweb CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in Belch ...) NOT-FOR-US: Belchior Foundry vCard CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary file ...) - mgdiff 1.0-28 (bug #335188; unimportant) CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products such as ...) - wordpress (bug #335817; unimportant) NOTE: Upstream claims the modified Snoopy class is secure CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent f ...) NOT-FOR-US: RSA Authentication Agent CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 t ...) NOT-FOR-US: PunBB CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators t ...) NOT-FOR-US: Data ONTAP CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) al ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-3325 (Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Ana ...) {DSA-893-1} - acidbase 1.2.1-1 (bug #335998; bug #336788; medium) NOTE: the fix from 1.2-2 did not address the problem fully - acidlab 0.9.6b20-13 CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote at ...) NOT-FOR-US: MWChat CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows re ...) {DSA-910-1} - zope2.8 2.8.1-7 (bug #334055; bug #334054; high) - zope2.7 2.7.8-1 (bug #334055; bug #334054; high) CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote att ...) - squid NOTE: see bug #334882 for details CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify pe ...) NOT-FOR-US: SuSE-specific tool CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pr ...) NOT-FOR-US: SiteTurn Domain Manager CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php ...) - php4 4:4.4.2-1 (bug #336004; bug #354684; low) - php5 5.1.1-1 (bug #336005; low) [sarge] - php4 NOTE: can't reproduce, error may not be present in 4.3. NOTE: tentatively marking as not-affected in sarge. CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib (chml ...) {DSA-886-1} - chmlib 0.37-1 (bug #335931; medium) CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2 ...) NOT-FOR-US: ZipGenius CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...) NOT-FOR-US: Symantec Discovery CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch Manage ...) NOT-FOR-US: Novell ZENworks CVE-2005-3314 (Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 ...) NOT-FOR-US: Novell Netmail CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...) [woody] - ethereal (Only affects version 0.10.13) [sarge] - ethereal (Only affects version 0.10.13) - ethereal 0.10.14-1 (medium) CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows re ...) NOT-FOR-US: Microsoft CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other platform ...) NOT-FOR-US: BMC Software Control-M CVE-2005-3310 (Interpretation conflict in phpBB 2.0.17, with remote avatars and avata ...) {DSA-925-1} - phpbb2 2.0.18-1 (bug #335662; low) CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote att ...) NOT-FOR-US: Zomplog CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 all ...) NOT-FOR-US: Zomplog CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allo ...) NOT-FOR-US: FlatNuke CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5 ...) NOT-FOR-US: FlatNuke CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote ...) NOT-FOR-US: Nuked Klan CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote at ...) NOT-FOR-US: PHP-Nuke CVE-2005-3303 (The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 ...) {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (high) CVE-2005-XXXX [kernel: Signedness problems in net/core/filter] - linux-2.6 2.6.12-2 [sarge] - kernel-source-2.4.27 [sarge] - kernel-source-2.6.8 NOTE: http://kernel.suse.com/cgit/kernel/commit/?h=v2.6.12.5&id=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern] - thttpd 2.23beta1-4 (low) [sarge] - thttpd (Minor issue in addon package) CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-880-1} - phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium) CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for phpMyAdmi ...) {DSA-880-1} - phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high) CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...) - phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high) [sarge] - phpmyadmin (Not affected according to maintainer; #333433) NOTE: https://www.phpmyadmin.net/security/PMASA-2005-4/ CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote att ...) NOT-FOR-US: OpenWBEM CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote at ...) NOT-FOR-US: OpenWBEM CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote att ...) NOT-FOR-US: HP-UX CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...) NOT-FOR-US: HP-UX CVE-2005-3294 (Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows ...) NOT-FOR-US: Typsoft FTP Server CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of scrip ...) NOT-FOR-US: Xerver CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 al ...) NOT-FOR-US: Xeobook CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with world-writable per ...) - spe (Gentoo-specific packaging flaw) CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows rem ...) NOT-FOR-US: Accelerated Mortgage manager CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...) NOT-FOR-US: AIX CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files w ...) NOT-FOR-US: Mailsite Express CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote a ...) NOT-FOR-US: Mailsite Express CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1. ...) NOT-FOR-US: Kerio Personal Firewall CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in comersus_backoffice_search ...) NOT-FOR-US: Comersus Backoffice Plus CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0 ...) NOT-FOR-US: AhnLab CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 al ...) NOT-FOR-US: TikiWiki CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authenticati ...) NOT-FOR-US: Splatt Forum CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 al ...) NOT-FOR-US: PHP-Nuke addon CVE-2005-3280 (Paros 3.2.5 uses a default password for the "sa" account in the underl ...) NOT-FOR-US: Paros CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...) - bmv 1.2-18 (bug #335497; unimportant) NOTE: Vulnerable code not activated in binary package CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan Kybi ...) {DSA-981-1} - bmv 1.2-18 (bug #335497; medium) NOTE: Sarge and Woody are affected (and the patch applied to fix this in unstable works on both of them, an easy DSA) CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote a ...) NOT-FOR-US: HP-UX CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions] - adduser 3.77 (bug #331720; low) [sarge] - adduser (Very minimal security ramifications, admin's reponsibility) CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow] - pavuk 0.9.33-1 (bug #264684; high) NOTE: second hole mentioned in bug report CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows remo ...) {DSA-934-1} - pound 1.9.4-1 (low) NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000 CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before 2.6. ...) {DSA-922-1} - linux-2.6 2.6.12-2 - kernel-source-2.4.27 CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linu ...) {DSA-922-1 DSA-921-1} - linux-2.6 2.6.13-1 (low) - kernel-source-2.4.27 2.4.27-11 (low) CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...) {DSA-922-1} - linux-2.6 2.6.13-1 (low) CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source En ...) {DSA-922-1} - linux-2.6 2.6.12-1 - kernel-source-2.4.27 CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the bridg ...) {DSA-922-1} - linux-2.6 2.6.12-1 - kernel-source-2.4.27 CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in multi ...) {DSA-922-1} - linux-2.6 (Fixed before upload into archive; 2.6.9) - kernel-source-2.4.27 CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec No ...) NOT-FOR-US: Symantec Antivirus CVE-2005-3269 (Stack-based buffer overflow in help.cgi in the HTTP administrative int ...) NOT-FOR-US: Sun Java System Directory Server CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...) - yiff 2.14.2-8 (bug #334616; low) [sarge] - yiff (Only a minor privacy leak) CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows, before 1. ...) NOT-FOR-US: Skype CVE-2005-3266 REJECTED CVE-2005-3265 (Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows r ...) NOT-FOR-US: Skype CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1. ...) NOT-FOR-US: Zeroblog CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 thro ...) NOT-FOR-US: WinRAR CVE-2005-3262 (Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows ...) NOT-FOR-US: WinRAR CVE-2005-3261 (getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the ve ...) NOT-FOR-US: versatileBulletinBoard CVE-2005-3260 (Multiple cross-site scripting (XSS) vulnerabilities in versatileBullet ...) NOT-FOR-US: versatileBulletinBoard CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...) NOT-FOR-US: versatileBulletinBoard CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ear ...) - squid (bug #334882; medium) NOTE: Bug was introduced in a patch to squid-2.5.STABLE10, NOTE: this patch was never applied to the Debian package. CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly s ...) {DSA-889-1} - enigmail 2:0.93-1 (bug #335731; medium) CVE-2005-3253 (Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5 ...) NOT-FOR-US: Avaya Wireless Access Points CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...) - snort (Vulnerable code was introduced later, see bug #334606) CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...) - gallery2 2.0.1-1 (medium) CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a deni ...) NOT-FOR-US: Solaris CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0 ...) {DSA-1171} [woody] - ethereal (This only affects Ethereal 0.10.1 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and ...) {DSA-1171} [woody] - ethereal (This only affects Ethereal 0.10.1 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause ...) [woody] - ethereal (This only affects Ethereal 0.10.12) [sarge] - ethereal (This only affects Ethereal 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...) {DSA-1171} [woody] - ethereal (This only affects Ethereal 0.9.14 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 ...) - ethereal 0.10.13-1 (bug #334880; medium) CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attacker ...) {DSA-1171} [woody] - ethereal (This only affects Ethereal 0.10.3 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow ...) {DSA-1171} - ethereal 0.10.13-1 (bug #334880; medium) NOTE: The SLIMP3 issue affects Woody/Sarge, the AgentX issue only Sarge CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...) {DSA-1171} [woody] - ethereal (This only affects Ethereal 0.9.7 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote ...) {DSA-1171} - ethereal 0.10.13-1 (bug #334880; medium) NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-assisted att ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...) NOT-FOR-US: Solaris CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibl ...) {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.14-4 (bug #334113; medium) CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...) NOT-FOR-US: Cyphor CVE-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote att ...) NOT-FOR-US: Cyphor CVE-2005-3235 (Multiple interpretation error in unspecified versions of Proland Prote ...) NOT-FOR-US: Proland Protector Plus CVE-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG A ...) NOT-FOR-US: Grisoft AVG Antivirus CVE-2005-3233 (Multiple interpretation error in unspecified versions of Trustix Antiv ...) NOT-FOR-US: Trustix Antivirus CVE-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker all ...) NOT-FOR-US: TheHacker CVE-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick Hea ...) NOT-FOR-US: CAT Quick Heal CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda Antivir ...) NOT-FOR-US: Panda Antivirus CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV Antivi ...) - clamav (predates any supported Debian release) NOTE: Should rather be fixed in the buggy (fringe, proprietary) RAR unpackers CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus AntiVi ...) NOT-FOR-US: Ikarus Antivirus CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...) NOT-FOR-US: UNA Antivirus CVE-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir Antiv ...) NOT-FOR-US: ArcaVir CVE-2005-3225 (Multiple interpretation error in unspecified versions of (1) eTrust-Ir ...) NOT-FOR-US: eTrust Antivirus CVE-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir Antiv ...) NOT-FOR-US: AntiVir CVE-2005-3223 (Multiple interpretation error in unspecified versions of Rising Antivi ...) NOT-FOR-US: Rising Antivirus CVE-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 Antivir ...) NOT-FOR-US: VBA32 Antivirus CVE-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet Anti ...) NOT-FOR-US: Fortinet Antivirus CVE-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus ...) NOT-FOR-US: Norman Antivirus CVE-2005-3219 (Multiple interpretation error in unspecified versions of Avira Antivir ...) NOT-FOR-US: Avira Antivirus CVE-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web Antivi ...) NOT-FOR-US: Dr. Web Antivirus CVE-2005-3217 (Multiple interpretation error in unspecified versions of Symantec Anti ...) NOT-FOR-US: Symantec Antivirus CVE-2005-3216 (Multiple interpretation error in unspecified versions of Sophos Antivi ...) NOT-FOR-US: Sophos Antivirus CVE-2005-3215 (Multiple interpretation error in unspecified versions of McAfee Antivi ...) NOT-FOR-US: McAfee Antivirus CVE-2005-3214 (Multiple interpretation error in unspecified versions of Avast Antivir ...) NOT-FOR-US: Avast Antovirus CVE-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot Antivi ...) NOT-FOR-US: F-Prot Antivirus CVE-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 Antivir ...) NOT-FOR-US: NOD32 Antivirus CVE-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender A ...) NOT-FOR-US: BitDefender Antivirus CVE-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky Ant ...) NOT-FOR-US: Kaspersky Antivirus CVE-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store p ...) NOT-FOR-US: aeNovo apps CVE-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop a ...) NOT-FOR-US: aeNovo apps CVE-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...) NOT-FOR-US: Oracle CVE-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 al ...) NOT-FOR-US: Oracle CVE-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Or ...) NOT-FOR-US: Oracle CVE-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows ...) NOT-FOR-US: Oracle CVE-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 s ...) NOT-FOR-US: Oracle CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...) NOT-FOR-US: Oracle CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1. ...) NOT-FOR-US: Utopia News Pro CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...) NOT-FOR-US: Utopia News Pro CVE-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...) NOT-FOR-US: aspReady CVE-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to dis ...) NOT-FOR-US: Webroot Desktop Firewall CVE-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Fire ...) NOT-FOR-US: Webroot Desktop Firewall CVE-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a defau ...) NOT-FOR-US: Planet Technology switch CVE-2005-3195 REJECTED CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...) NOT-FOR-US: ALZip CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function i ...) {DSA-984-1 DSA-982-1 DSA-979-1 DSA-961-1 DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - xpdf 3.01-3 (bug #342281; bug #342337; medium) - gpdf 2.10.0-1 (bug #342286; medium) - pdftohtml (Vulnerable xpdf code not contained) - kdegraphics 4:3.4.3-4 (bug #342287; medium) NOTE: Previous kdegraphics fix was incomplete - poppler 0.4.2-1.1 (bug #342288; medium) - tetex-bin 3.0-11 (bug #342292; medium) - koffice (Vulnerable xpdf code not contained) - libextractor 0.5.8-1 (medium) - cupsys 1.1.23-13 (unimportant) - cups 1.1.23-13 (unimportant) - pdfkit.framework 0.8-4 CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.0 ...) {DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1} - xpdf 3.01-3 (bug #342281; bug #342337; medium) - gpdf 2.10.0-1 (bug #342286; medium) - pdftohtml 0.36-12 (bug #342289; medium) - kdegraphics 4:3.4.3-4 (bug #342287; medium) NOTE: Previous kdegraphics fix was incomplete - poppler 0.4.3-2 (bug #342288; medium) NOTE: Intial poppler patch in 0.4.2-1.1 was incomplete - tetex-bin 3.0-11 (bug #342292; medium) - koffice 1:1.4.2-5 (bug #342294; medium) - libextractor 0.5.8-1 (medium) - cupsys 1.1.23-13 (unimportant) - cups 1.1.23-13 (unimportant) - pdfkit.framework 0.8-4 CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) DCTStream::readProgres ...) {DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1} - xpdf 3.01-3 (bug #342281; bug #342337; medium) - gpdf 2.10.0-1 (bug #342286; medium) - pdftohtml 0.36-12 (bug #342289; medium) - kdegraphics 4:3.4.3-4 (bug #342287; medium) NOTE: Previous kdegraphics fix was incomplete - pdfkit.framework 0.8-4 - poppler 0.4.2-1.1 (bug #342288; medium) - tetex-bin 3.0-11 (bug #342292; medium) - koffice 1:1.4.2-5 (bug #342294; medium) - libextractor 0.5.8-1 (medium) - cups 1.1.23-13 (unimportant) - cupsys 1.1.23-13 (unimportant) CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 befor ...) NOT-FOR-US: iGateway CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server al ...) NOT-FOR-US: Qualcomm WorldMail IMAP Server CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to ex ...) NOT-FOR-US: Winamp CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a al ...) NOT-FOR-US: WinProxy CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...) {DSA-913-1 DSA-911-1} - gtk+2.0 2.6.10-2 (bug #339431; medium) - gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium) CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service L ...) [woody] - ethereal (Affects only Ethereal 0.10.10 to 0.10.12) - ethereal 0.10.13-1 (bug #334880; medium) NOTE: Sarge is vulnerable CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-lib ...) - w3c-libwww 5.4.0-11 (bug #334443; low) [sarge] - w3c-libwww (Minor DoS) CVE-2005-3182 (Buffer overflow in the HTTP management interface for GFI MailSecurity ...) NOT-FOR-US: GFI MailSecurity CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade] - xscreensaver 4.23-2 (bug #334193; low) [sarge] - xscreensaver (Unproblematic for users running stable) CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...) {DSA-919-2} - wget 1.10.2-1 (medium) [sarge] - wget (Does not contain NTML authentication code) [woody] - wget (Does not contain NTML authentication code) - curl 7.15.0-1 (bug #333734; medium) CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows re ...) {DSA-887-1 DTSA-21-1} - clamav 0.87.1-1 (bug #333566; medium) CVE-2005-3181 (The audit system in Linux kernel 2.6.6, and other versions before 2.6. ...) {DSA-1017-1} - linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low) - kernel-source-2.4.27 (2.4 kernels don't have CONFIG_AUDITSYSCALL) CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions] - php5 5.0.5-2 (unimportant) - php4 4:4.4.0-3 (unimportant) NOTE: Safe mode violations not supported CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...) {DSA-1017-1} - linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium) CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in request_key_au ...) - linux-2.6 2.6.13-2 (low) - kernel-source-2.4.27 NOTE: 2.6.12 itself not affected, fixed in SVN CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs w ...) - linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium) - kernel-source-2.4.27 CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow us ...) {DSA-859-1 DSA-858-1} - xloadimage 4.1-15 (bug #332524; medium) - xli 1.17.0-20 (medium) NOTE: xli couldn't load the provided test images when I checked? CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 allows a ...) {DSA-1039-1} - blender 2.37a-1 (bug #330895; medium) [woody] - blender (Woody's blender does not contain the bvh_import.py script) CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windo ...) NOT-FOR-US: Microsoft CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...) NOT-FOR-US: Microsoft CVE-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local a ...) NOT-FOR-US: Microsoft CVE-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...) NOT-FOR-US: Microsoft CVE-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply g ...) NOT-FOR-US: Microsoft CVE-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before Upda ...) NOT-FOR-US: Microsoft CVE-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...) NOT-FOR-US: Microsoft CVE-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for S ...) NOT-FOR-US: Microsoft CVE-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit ...) NOT-FOR-US: Microsoft CVE-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 f ...) NOT-FOR-US: Microsoft CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...) - mediawiki 1.4.11-1 (bug #332408; medium) CVE-2005-3166 (Unspecified vulnerability in "edit submission handling" for MediaWiki ...) - mediawiki 1.4.11-1 (bug #332408) CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki befor ...) - mediawiki 1.4.9 CVE-2005-3164 (The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 throu ...) NOT-FOR-US: Hitachi Cosminexus Application Server CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...) - polipo 0.9.9-1 (bug #332411; low) [sarge] - polipo (Minor issue) CVE-2005-3162 REJECTED CVE-2005-3161 (Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 a ...) NOT-FOR-US: PHP-Fusion CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusi ...) NOT-FOR-US: PHP-Fusion CVE-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows remot ...) NOT-FOR-US: PHP-Fusion CVE-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...) NOT-FOR-US: PHP-Fusion CVE-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 all ...) NOT-FOR-US: PHP-Fusion CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...) NOT-FOR-US: EasyGuppy CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and P ...) NOT-FOR-US: MailEnable Enterprise CVE-2005-3154 (Format string vulnerability in the logging functionality in BitDefende ...) NOT-FOR-US: Bitdefender Antivirus CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers ...) NOT-FOR-US: MyBloggie CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...) NOT-FOR-US: CubeCart CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows attacker ...) - blender (bug #332413; unimportant) NOTE: To exploit this an attacker would need to trick a user into opening a file NOTE: with a very suspicious file, no automatic processing of Blender files NOTE: This might even be fixed in 2.42 CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...) {DSA-855-1} - weex 2.6.1-6sarge1 (bug #332424; medium) CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handl ...) {DSA-895-1 DTSA-22-1} - uim 1:0.4.7-2 (bug #331620; medium) CVE-2005-3148 (StoreBackup before 1.19 does not properly set the uid and guid for sym ...) {DSA-1022-1} - storebackup 1.19-1 (bug #332434) CVE-2005-3147 (StoreBackup before 1.19 creates the backup root with world-readable pe ...) {DSA-1022-1} - storebackup 1.19-1 (bug #332434; medium) CVE-2005-3146 (StoreBackup before 1.19 allows local users to perform unauthorized ope ...) {DSA-1022-1} - storebackup 1.19-2 (bug #332434; medium) NOTE: The upstream fix only mitigated the issue, but didn't fix it CVE-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ca ...) NOT-FOR-US: Standard Based Linux Instrumentation CVE-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ca ...) NOT-FOR-US: Standard Based Linux Instrumentation CVE-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...) NOT-FOR-US: Mailbox Server for 4D WebStar CVE-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kasper ...) NOT-FOR-US: Kaspersky Antivirus CVE-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a denia ...) NOT-FOR-US: Cerulean Trillian CVE-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions send ...) NOT-FOR-US: Procom NetFORCE CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...) {DSA-836-1 DSA-835-1} - cfengine (bug #332433; low) - cfengine2 2.1.17-1 (bug #332432; low) NOTE: maintainer does not think it's a hole, script is unused/broken CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...) NOT-FOR-US: Virtools Web Player CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows re ...) NOT-FOR-US: Virtools Web Player CVE-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attacke ...) NOT-FOR-US: Citrix CVE-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2. ...) NOT-FOR-US: MERAK Mail Server CVE-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ear ...) NOT-FOR-US: MERAK Mail Server CVE-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Serv ...) NOT-FOR-US: MERAK Mail Server CVE-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...) NOT-FOR-US: lucidCMS CVE-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 a ...) - serendipity 1.0-1 CVE-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add Plu ...) NOT-FOR-US: Address Add Plugin for Squirrelmail CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0. ...) NOT-FOR-US: lucidCMS CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scri ...) {DSA-945-1} - antiword 0.35-2 (low) CVE-2005-3125 REJECTED CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to write ar ...) {DSA-883-1} - thttpd 2.23beta1-4 CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remot ...) {DSA-877-1} - gnump3d 2.9.6-1 (medium) CVE-2005-3122 REJECTED CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...) {DSA-867-1} - module-assistant 0.9.10 CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and e ...) {DSA-1085-1 DSA-876-1 DSA-874-1} - lynx 2.8.5-2sarge1 (bug #335033; high) - lynx-cur 2.8.6-16 (bug #334423; high) - lynx-ssl CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user use ...) {DSA-845-1} - mason 1.0.0-3 CVE-2005-3117 REJECTED CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume ...) NOT-FOR-US: VERITAS Backup CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...) NOT-FOR-US: mpeg-tools CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger (NateonDow ...) NOT-FOR-US: NateOn Messenger CVE-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) a ...) NOT-FOR-US: NateOn Messenger CVE-2005-3112 (The "reset password" feature in Macromedia Breeze 5.0 stores passwords ...) NOT-FOR-US: Macromedia Breeze CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...) {DSA-922-1} - linux-2.6 (Fixed before upload into archive; 2.6.11.11) - kernel-source-2.4.27 CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cau ...) {DSA-922-1} - linux-2.6 (Fixed before upload into archive; 2.6.11.12) - kernel-source-2.4.27 CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...) {DSA-922-1} - linux-2.6 (Fixed before upload into archive; 2.6.11.12) - kernel-source-2.4.27 CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...) {DSA-922-1} - linux-2.6 (Fixed before upload into archive; in 2.6.11) - kernel-source-2.4.27 CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping v ...) {DSA-922-1} - linux-2.6 (Fixed before upload into archive; 2.6.11) CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...) {DSA-922-1} - kernel-source-2.4.27 (bug #332569; unimportant) NOTE: Montecito CPUs are not available on the market yet - linux-2.6 2.6.12-1 CVE-2005-XXXX [Minor local DoS as libldap] - openldap 2.4.13 (bug #253838; low) - openldap2.3 [lenny] - openldap (Minor issue) [etch] - openldap2.3 (Minor issue) CVE-2005-XXXX [Insecure bounds checking in mpack's content parser] - mpack 1.6-1 (bug #216566) CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod] - coreutils 5.93-1 (bug #306076; low) [sarge] - coreutils (Minor issue, hardly exploitable) [woody] - coreutils (Minor issue, hardly exploitable) CVE-2005-XXXX [tar's rmt command may have undesired side effects] - tar (bug #290435; unimportant) [sarge] - tar (Hardly exploitable) CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...) - ldapdiff (The version in Debian doesn't contain the vulnerable code, see #306878) CVE-2005-XXXX [hdup inproperly preserves permissions on directories] - hdup 2.0.14-2 (bug #302790; low) NOTE: Minor issue, workaround and patch documented since version above [sarge] - hdup (Mostly a design limitation, very limited security implications) CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option] - findutils 4.2.22-1 (bug #313081) [woody] - findutils (Only code between 4.2.18 and 4.2.22 affected) [sarge] - findutils (Only code between 4.2.18 and 4.2.22 affected) CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...) [woody] - bugzilla (Only Bugzilla >= 2.18 is affected) [sarge] - bugzilla (Only Bugzilla >= 2.18 is affected) - bugzilla 2.18.4-1 (bug #331206; medium) CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...) [woody] - bugzilla (Only Bugzilla >= 2.19 is affected) [sarge] - bugzilla (Only Bugzilla >= 2.19 is affected) - bugzilla 2.18.4-1 (bug #331206; medium) CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earli ...) {DSA-847-1} - dia 0.94.0-15 (bug #330890; medium) CVE-2005-XXXX [Insecure temp files in linux-wlan-ng] - linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low) CVE-2005-XXXX [Heap overflow in libosip URI parsing] - libosip2 2.0.9-1 (bug #308737) CVE-2005-XXXX [rkhunter: Insecure temporary file] - rkhunter 1.2.7-14 (bug #330627; medium) CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to redirec ...) NOT-FOR-US: Movable Type CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 al ...) NOT-FOR-US: Movable Type CVE-2005-3102 (The administrative interface in Movable Type allows attackers to uploa ...) NOT-FOR-US: Movable Type CVE-2005-3101 (The password reset feature in Movable Type before 3.2 generates differ ...) NOT-FOR-US: Movable Type CVE-2005-3100 (Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4 ...) NOT-FOR-US: Astato Security Linux CVE-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Sol ...) NOT-FOR-US: Solaris CVE-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitr ...) - qpopper (bug #330123; Vulnerable code not shipped in binary) CVE-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka c ...) NOT-FOR-US: Avi Alkalay CVE-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote at ...) NOT-FOR-US: Avi Alkalay CVE-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...) NOT-FOR-US: Avi Alkalay CVE-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute arbitrar ...) NOT-FOR-US: Avi Alkalay CVE-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of servi ...) NOT-FOR-US: Nokia cell phones CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allo ...) NOT-FOR-US: Image-Line Software FL Studio CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 all ...) {DSA-905-1} - mantis 0.19.3-0.1 (bug #330682; low) CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php i ...) - mantis 0.19.2-4 (bug #330682; medium) CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) vi ...) - mozilla-firefox 1.0.7-1 (unimportant) NOTE: Browser crashes not treated as security problems CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 create ...) {DSA-900-3} - fetchmail 6.2.5.4-1 (bug #336096; low) CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary fil ...) {DSA-827-1} - backupninja 0.8-2 (medium) CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation] - microcode.ctl 0.20080131-1 (bug #282583; unimportant) NOTE: The validity of the microcode is ensure inside the CPU CVE-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...) NOT-FOR-US: SecureW2 TLS CVE-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ 3. ...) NOT-FOR-US: contentSrv CVE-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Rive ...) NOT-FOR-US: Riverdark Studios RSS Syndicator CVE-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2 ...) NOT-FOR-US: Sony PSP CVE-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simp ...) NOT-FOR-US: CMS Made Simple CVE-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows rem ...) NOT-FOR-US: SEO-Board CVE-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary c ...) {DSA-1006-1} - wzdftpd 0.5.5-1 (high) CVE-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...) NOT-FOR-US: GeSHi CVE-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform "code inclusion" ...) NOT-FOR-US: PunBB CVE-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...) NOT-FOR-US: PunBB CVE-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers t ...) NOT-FOR-US: Microsoft CVE-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL co ...) NOT-FOR-US: Simplog CVE-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote attack ...) NOT-FOR-US: Zengaia CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and be ...) NOT-FOR-US: RSyslog CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...) - interchange 5.2.1-1 (bug #329705) CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...) - interchange 5.2.1-1 (bug #329705; medium) CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9 ...) NOT-FOR-US: Solaris CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the U ...) - hylafax 1:4.2.2+rc1 (bug #329384; unimportant) NOTE: This was judged non-exploitable CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwr ...) {DSA-865-1} - hylafax 1:4.2.2+rc1 (bug #329384; low) CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ( ...) {DSA-869-1} - eric 3.7.2-1 (bug #330608; medium) CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...) NOT-FOR-US: PerlDiver CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...) NOT-FOR-US: PerlDiver CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to caus ...) NOT-FOR-US: MultiTheftAuto CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...) NOT-FOR-US: MultiTheftAuto CVE-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...) NOT-FOR-US: MailGust CVE-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft E-F ...) NOT-FOR-US: AlstraSoft E-Friends CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9. ...) NOT-FOR-US: PowerArchiver CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth] - distcc 2.18.3-3 (bug #298929; low) [sarge] - distcc (Only affects distcc in a very non-standard way not recommended for unstrusted environments) CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...) NOT-FOR-US: AIX CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Window ...) NOT-FOR-US: Opera CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8 ...) NOT-FOR-US: FortiGate CVE-2005-3057 (The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, ...) NOT-FOR-US: FortiGate CVE-2005-3056 (TWiki allows arbitrary shell command execution via the Include functio ...) - twiki 20040902-2 (bug #330733; high) CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...) {DSA-1017-1} - linux-2.6 2.6.14-1 (bug #330287; bug #332587; medium) - kernel-source-2.4.27 CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not p ...) - php4 4:4.4.0-3 (bug #353585; bug #354685; medium) - php5 5.0.5-2 (bug #353585; medium) [sarge] - php4 (open_basedir violations not supported) CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x al ...) {DSA-1017-1} - linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium) CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 al ...) NOT-FOR-US: jportal CVE-2005-3051 (Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7- ...) NOT-FOR-US: 7-Zip CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: PhpMyFaq CVE-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with insu ...) NOT-FOR-US: PhpMyFaq CVE-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allow ...) NOT-FOR-US: PhpMyFaq CVE-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 ...) NOT-FOR-US: PhpMyFaq CVE-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows r ...) NOT-FOR-US: PhpMyFaq CVE-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and 1 ...) NOT-FOR-US: My Little Forum CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file] - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) [sarge] - egroupware (Minor issue) CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion] - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) [sarge] - egroupware (Minor issue) CVE-2005-XXXX [Insecure pidfile handling in mailleds] - mailleds 0.93-11.1 (bug #329365; low) [sarge] - mailleds (Hardly exploitable) CVE-2005-XXXX [kdebase uses urandom as an entropy source] - kdebase (bug #325369; unimportant) NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels NOTE: on Linux urandom should provide sufficient entropy CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attac ...) - linux-2.6 2.6.12-7 (low) CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...) NOT-FOR-US: Mall23 eCommerce CVE-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "ful ...) - webmin 1.230-1 (high; bug #329741) [sarge] - webmin (Vulnerable code not present, see #329741) - usermin 1.160-1 (high; bug #329742) NOTE: SNS Advisory 83, http://marc.info:80/?m=112733083203821 CVE-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before ...) NOT-FOR-US: Opera CVE-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...) NOT-FOR-US: TAC Vista CVE-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...) NOT-FOR-US: Mall23 eCommerce CVE-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...) NOT-FOR-US: Hosting Controller CVE-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...) NOT-FOR-US: Handy Address Book Server CVE-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in p ...) NOT-FOR-US: File Transfer Anywhere CVE-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) NOT-FOR-US: Compuware DriverStudio CVE-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...) NOT-FOR-US: Compuware DriverStudio CVE-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...) NOT-FOR-US: vxWeb - WinCE software CVE-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...) NOT-FOR-US: vxTfpSrv - WinCE software CVE-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute a ...) NOT-FOR-US: vxTfpSrv - WinCE software CVE-2005-3030 (Directory traversal vulnerability in the archive decompression library ...) NOT-FOR-US: Ahnlab Anti virus CVE-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 V ...) NOT-FOR-US: Ahnlab Anti virus CVE-2005-3028 REJECTED CVE-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which a ...) NOT-FOR-US: Sybari Antigen anti spam solution CVE-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...) NOT-FOR-US: Epay Pro CVE-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...) NOT-FOR-US: vBulletin CVE-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...) NOT-FOR-US: vBulletin CVE-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...) NOT-FOR-US: vBulletin CVE-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...) NOT-FOR-US: vBulletin CVE-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...) NOT-FOR-US: vBulletin CVE-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin befor ...) NOT-FOR-US: vBulletin CVE-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...) NOT-FOR-US: vBulletin CVE-2005-3018 (Apple Safari allows remote attackers to cause a denial of service (app ...) NOT-FOR-US: Safari CVE-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 all ...) NOT-FOR-US: Content2Web CVE-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...) NOT-FOR-US: PHP-Nuke CVE-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 all ...) NOT-FOR-US: Lotus Domino CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows r ...) NOT-FOR-US: Ensim webppliance CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE ...) NOT-FOR-US: YaST CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for SimpleC ...) NOT-FOR-US: SimpleCDR-X CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier allo ...) {DSA-1219} - texinfo 4.8-1 (bug #328365; low) [sarge] - texinfo (Minor issue, hardly exploitable) CVE-2005-3010 (Direct static code injection vulnerability in the flood protection fea ...) NOT-FOR-US: CuteNews CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote att ...) NOT-FOR-US: CuteNews CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...) NOT-FOR-US: Tofu CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...) NOT-FOR-US: Opera CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the use ...) NOT-FOR-US: Opera CVE-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass authenticatio ...) NOT-FOR-US: Helpdesk Software Hesk CVE-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote at ...) NOT-FOR-US: Interakt MX Shop CVE-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release 1 ...) NOT-FOR-US: NooTopList CVE-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ca ...) NOT-FOR-US: Multi-Computer Control System CVE-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows loca ...) NOT-FOR-US: Solaris CVE-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...) NOT-FOR-US: PHP Advanced Transfer Manager CVE-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain s ...) NOT-FOR-US: PHP Advanced Transfer Manager CVE-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the admi ...) NOT-FOR-US: PHP Advanced Transfer Manager CVE-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...) NOT-FOR-US: PHP Advanced Transfer Manager CVE-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM s ...) NOT-FOR-US: VERITAS storage solutions CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read sensiti ...) - bacula 1.38.9-1 (bug #329271; low) NOTE: Sarge affected, didn't exist in Woody CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ClearQues ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4 ...) NOT-FOR-US: HP Tru64 CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...) - ncompress (bug #329052; unimportant) NOTE: see bug close message, Debian's ncompress doesn't expose affected scripts CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...) {DSA-843-1} - arc 5.21m-1 (low) CVE-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores sens ...) NOT-FOR-US: LineControl Java Client CVE-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...) NOT-FOR-US: DeluxeBB CVE-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect contr ...) NOT-FOR-US: HP printers CVE-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...) NOT-FOR-US: Digital Scribe CVE-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusB ...) NOT-FOR-US: AhnLab antivirus and related products CVE-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks aeDatin ...) NOT-FOR-US: aeDating script CVE-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...) NOT-FOR-US: Avocent hardware issue CVE-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical Referen ...) NOT-FOR-US: Oracle CVE-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allow ...) NOT-FOR-US: CompaqHTTPServer CVE-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allo ...) NOT-FOR-US: Orion CVE-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcin ...) NOT-FOR-US: phpoutsourcing Noah's classifieds CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's clas ...) NOT-FOR-US: phpoutsourcing Noah's classifieds CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses un ...) {DSA-878-1} - netpbm-free 2:10.0-10 CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to perfor ...) - pam 0.99.7.1-2 (bug #336344; low) [etch] - pam 0.79-5 [sarge] - pam (Does not contain SELinux support) [woody] - pam (Does not contain SELinux support) CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...) {DSA-913-1 DSA-911-1} - gdk-pixbuf 0.22.0-11 (bug #339431; medium) - gtk+2.0 2.6.10-2 CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before ...) {DSA-913-1 DSA-911-1} - gdk-pixbuf 0.22.0-11 (bug #339431; low) - gtk+2.0 2.6.10-2 (bug #339431; low) CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of se ...) {DSA-890-1} - libungif4 4.1.3-4 (bug #337972; unimportant) - giflib 4.1.4-1 (bug #395382; unimportant) NOTE: Just a bug, hardly security implications CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...) {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low) CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in Abi ...) {DSA-894-1} - abiword 2.4.1-1 (bug #333740; medium) CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...) {DSA-872-1} - koffice 1:1.3.5-5 (bug #333497; medium) CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain circ ...) - apache2 2.0.55-1 (bug #340337; low) [sarge] - apache2 2.0.54-5sarge2 NOTE: this occurs in the binary package apache2-mpm-worker CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0 ...) {DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1} - openssl 0.9.8-3 (bug #333500; low) - openssl097 0.9.7g-5 (bug #333500; low) - openssl094 - openssl095 - openssl096 CVE-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...) {DSA-868-1} - mozilla-firefox (Debian ships a non-vulnerable wrapper script) - mozilla (Debian ships a non-vulnerable wrapper script) - mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high) CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...) {DSA-863-1} - xine-lib 1.0.1-1.4 (bug #332919; bug #333682; medium) CVE-2005-2965 REJECTED CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...) {DSA-894-1} - abiword 2.2.10-1 (bug #329839; medium) CVE-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with Aut ...) {DSA-844-1} - mod-auth-shadow 1.4-2 (bug #323789; medium) CVE-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets world-reada ...) {DSA-830-1} - ntlmaps 0.9.9-4 CVE-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 ...) {DSA-834-1} NOTE: prozilla is not in sarge or etch CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary fi ...) {DSA-836-1 DSA-835-1} - cfengine (bug #332433; low) - cfengine2 2.1.17-1 (bug #332432; low) NOTE: maintainer does not think it's a hole, script is unused/broken CVE-2005-2959 (Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows lo ...) {DSA-870-1} - sudo 1.6.8p9-3 (medium) CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access librar ...) {DSA-871-1} - libgda2 1.2.2-1 (medium) CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 wi ...) NOT-FOR-US: AVIRA Desktop CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores temporary chat log ...) NOT-FOR-US: ATutor CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...) NOT-FOR-US: ATutor CVE-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...) NOT-FOR-US: ATutor CVE-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merch ...) NOT-FOR-US: MIVA Merchant CVE-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09 ...) NOT-FOR-US: Subscribe Me Pro CVE-2005-2951 (Directory traversal vulnerability in security.inc.php in AzDGDatingLit ...) NOT-FOR-US: AzDGDating lite CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1. ...) NOT-FOR-US: Sawmill CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes betwe ...) NOT-FOR-US: pam_per_user (not in Debian) CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list re ...) NOT-FOR-US: KillProcess CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted a ...) NOT-FOR-US: KillProcess CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for creatin ...) - openssl 0.9.8-1 (bug #314465; unimportant) NOTE: MD5 is still good enough for most applications, second preimage attacks NOTE: haven't been presented yet CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center (gw ...) NOT-FOR-US: GNOME Workstation Command Center CVE-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows re ...) {DSA-902-1} - xmail 1.22-1 (bug #333863; medium) CVE-2005-2942 REJECTED CVE-2005-2941 RESERVED CVE-2005-2940 (Unquoted Windows search path vulnerability in Microsoft Antispyware 1. ...) NOT-FOR-US: Microsoft Antispyware CVE-2005-2939 (Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 ...) NOT-FOR-US: VMWare CVE-2005-2938 (Unquoted Windows search path vulnerability in iTunesHelper.exe in iTun ...) NOT-FOR-US: iTunes CVE-2005-2937 REJECTED CVE-2005-2936 (Unquoted Windows search path vulnerability in RealNetworks RealPlayer ...) NOT-FOR-US: Real Player CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft AntiSpyware mi ...) NOT-FOR-US: Microsoft AntiSpyware CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 al ...) NOT-FOR-US: SCO CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c fo ...) {DSA-861-1} - uw-imap 7:2002edebian1-12 (medium; bug #332215) - pine 4.64-1 (medium; bug #348407) - alpine (alpine is based on pine 4.64, this bug was in a previous version of pine) [sarge] - pine (pine is non-free; doesn't permit distribution of modified binaries) CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, incl ...) NOT-FOR-US: Check Point Zone Labs ZoneAlarm CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 i ...) NOT-FOR-US: Ipswitch Collaboration Suite CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attac ...) - lynx (Debian's default config is not vulnerable) CVE-2005-2928 RESERVED CVE-2005-2927 (Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, an ...) NOT-FOR-US: SCO Unixware CVE-2005-2926 (Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Open ...) NOT-FOR-US: SCO Unixware CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...) NOT-FOR-US: IRIX CVE-2005-2924 RESERVED CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ( ...) NOT-FOR-US: Ipswitch Collaboration Suite CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple RealNetw ...) - helix-player 1.0.7-1 (bug #358754; medium) CVE-2005-2921 RESERVED CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions be ...) NOT-FOR-US: Linksys routers CVE-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default con ...) NOT-FOR-US: Linksys routers CVE-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default con ...) NOT-FOR-US: Linksys routers CVE-2005-2913 REJECTED CVE-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ser ...) NOT-FOR-US: Linksys routers CVE-2005-2911 RESERVED CVE-2005-2910 RESERVED CVE-2005-2909 RESERVED CVE-2005-2908 RESERVED CVE-2005-2907 RESERVED CVE-2005-2906 RESERVED CVE-2005-2905 RESERVED CVE-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows remo ...) NOT-FOR-US: Zebedee CVE-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 112 ...) NOT-FOR-US: NOD32 Anti virus CVE-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows re ...) NOT-FOR-US: class-1 Forum CVE-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...) NOT-FOR-US: CjWeb2Mail CVE-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 a ...) NOT-FOR-US: CjLinkOut CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...) NOT-FOR-US: CjTagBoard CVE-2005-2898 NOT-FOR-US: Filezilla CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: WEB//NEWS CVE-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers t ...) NOT-FOR-US: WEB//NEWS CVE-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows re ...) NOT-FOR-US: PBLang CVE-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in P ...) NOT-FOR-US: PBLang CVE-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...) NOT-FOR-US: PBLang CVE-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...) NOT-FOR-US: PBLang CVE-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marke ...) NOT-FOR-US: WebArchiveX CVE-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to phy ...) NOT-FOR-US: SecureOL CVE-2005-2889 (Check Point NGX R60 does not properly verify packets against the prede ...) NOT-FOR-US: Check Point CVE-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Previ ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote att ...) NOT-FOR-US: MAXDev MD-Pro CVE-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1 ...) NOT-FOR-US: MAXDev MD-Pro CVE-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versi ...) NOT-FOR-US: MAXDev MD-Pro CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down Un ...) NOT-FOR-US: Land Down Under CVE-2005-2883 REJECTED CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCal ...) NOT-FOR-US: phpCommunityCalendar CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentic ...) NOT-FOR-US: phpCommunityCalendar CVE-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...) NOT-FOR-US: phpCommunityCalendar CVE-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encry ...) NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect CVE-2005-2945 (arc 5.21j and earlier create temporary files with world-readable permi ...) {DSA-843-1} - arc 5.21m-1 (bug #329053; low) CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...) {DSA-828-1} - squid 2.5.10-7 NOTE: Patch was added to -6, but not listed in dpatch's list of patches CVE-2005-XXXX [user password file created by gajim is world-readable] - gajim 0.8.2-1 (bug #325080; low) CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file] - zope2.7 2.7.8-1 (bug #313644; bug #313621; low) [sarge] - zope2.7 (Inside the responsibility of the admin) CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap] - wine 0.0.20050830-1 (bug #327261; bug #327262; low) [sarge] - wine (Minor issue) CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0 ...) {DSA-824-1 DTSA-19-1} - clamav 0.87-1 (bug #328660; bug #329280; medium) CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote a ...) {DSA-824-1 DTSA-19-1} - clamav 0.87-1 (bug #328660; medium) CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlie ...) {DSA-822-1} - gtkdiskfree 1.9.3-4sarge1 (bug #328566; low) CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local u ...) {DSA-1017-1} - linux-2.6 2.6.12-7 (medium) - kernel-source-2.4.27 (code is vulnerable but there is no amd64 for 2.4 in Sarge) CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and earli ...) NOTE: proactively fixed by the robustness patch - twiki 20040902-2 CVE-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...) {DSA-825-1 DSA-823-1} - util-linux 2.12p-8 (bug #328141; bug #329063; medium) - loop-aes-utils 2.12p-9 (bug #328626; medium) CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via p ...) {DSA-856-1} - py2play 0.1.8-1 (bug #326976; medium) CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...) - cups 1.1.23-1 - cupsys 1.1.23-1 CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in Mozi ...) {DSA-868-1 DSA-866-1 DSA-837-1} - mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium) - mozilla 2:1.7.12-1 (bug #327455; medium) - mozilla-thunderbird 1.0.7-1 NOTE: epiphany-browser is apparently fixed fix the mozilla NOTE: upload; see bug #327366 CVE-2005-2930 (Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_l ...) {DSA-886-1} - chmlib 0.36-1 (bug #327431; medium) CVE-2005-2802 REJECTED CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU Ma ...) {DSA-841-1 DTSA-20-1} - mailutils 1:0.6.90-3 (bug #327424; high) CVE-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows remot ...) NOT-FOR-US: Solaris CVE-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-880-1} - phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium) CVE-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pr ...) NOT-FOR-US: ZipTorrent CVE-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...) NOT-FOR-US: BlueWhaleCRM CVE-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...) NOT-FOR-US: Mercora IMRadio CVE-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3. ...) NOT-FOR-US: aMember Pro CVE-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a sy ...) NOT-FOR-US: URBAN CVE-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in Ope ...) NOT-FOR-US: OpenWebmail CVE-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...) NOT-FOR-US: ADSL hardware CVE-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Editi ...) NOT-FOR-US: N-Stealth CVE-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier all ...) - nikto 1.35-1.1 (bug #327339; medium) CVE-2005-2859 (Savant Web Server stores user credentials in plaintext in the Savant\U ...) NOT-FOR-US: Savant Web Server CVE-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7. ...) NOT-FOR-US: Rediff BOL) CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an o ...) NOT-FOR-US: Free SMTP Server CVE-2005-2856 (Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party comp ...) NOT-FOR-US: ALZip CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5 ...) NOT-FOR-US: Unclassified Newsboard CVE-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedba ...) NOT-FOR-US: thesitewizard.com chfeedback.pl CVE-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a an ...) NOT-FOR-US: GuppY CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5 ...) NOT-FOR-US: Novell Netware CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read s ...) {DTSA-25-1} - smb4k 0.6.4-1 (bug #337471; medium) NOTE: fix in 0.6.3-1 was incomplete according to maintainer CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service (cr ...) NOT-FOR-US: SlimFTPD CVE-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running fi ...) NOT-FOR-US: Barracuda antispam solution CVE-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...) NOT-FOR-US: Barracuda antispam solution CVE-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 a ...) NOT-FOR-US: Barracuda antispam solution CVE-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...) NOT-FOR-US: CMS Made Simple CVE-2005-2845 (Ariba Spend Management System sends the username and password to the s ...) NOT-FOR-US: Ariba Spend Management System CVE-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows rem ...) NOT-FOR-US: Indiatimes Messenger CVE-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and pas ...) NOT-FOR-US: Hesk CVE-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4. ...) NOT-FOR-US: DameWare Mini CVE-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...) NOT-FOR-US: IOS CVE-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier h ...) NOT-FOR-US: MAXdev CVE-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1 ...) NOT-FOR-US: MAXdev CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and e ...) NOT-FOR-US: myBloggie CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...) NOT-FOR-US: WebGUI CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...) NOT-FOR-US: Phorum CVE-2005-2835 RESERVED CVE-2005-2834 RESERVED CVE-2005-2833 RESERVED CVE-2005-2832 RESERVED CVE-2005-2831 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers t ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2005-2830 (Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS prox ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2005-2829 (Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2005-2828 RESERVED CVE-2005-2827 (The thread termination routine in the kernel for Windows NT 4.0 and 20 ...) NOT-FOR-US: Windows NT CVE-2005-2826 RESERVED CVE-2005-2825 RESERVED CVE-2005-2824 RESERVED CVE-2005-2823 RESERVED CVE-2005-2822 RESERVED CVE-2005-2821 RESERVED CVE-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows rem ...) {DSA-820-1} - courier 0.47-9 (bug #327181; medium) CVE-2005-2819 (DownFile 1.3 allows remote attackers to gain administrator privileges ...) NOT-FOR-US: DownFile CVE-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...) NOT-FOR-US: DownFile CVE-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...) NOT-FOR-US: Simple Machines Forum CVE-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote a ...) NOT-FOR-US: Greymatter CVE-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: FlatNuke CVE-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remo ...) NOT-FOR-US: FlatNuke CVE-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earli ...) NOT-FOR-US: FlatNuke CVE-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P a ...) NOT-FOR-US: man2web CVE-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, o ...) - net-snmp (Gentoo Portage specific configuration flaw) CVE-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow loca ...) NOT-FOR-US: urban game CVE-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...) NOT-FOR-US: silc daemon CVE-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, whic ...) - frox 0.7.18-1 (medium) CVE-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop privileg ...) - frox (does not run setuid root in the Debian package) CVE-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows rem ...) NOT-FOR-US: BNBT EasyTracker CVE-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to non-exis ...) NOT-FOR-US: e107 CVE-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and ...) NOT-FOR-US: GroupWise CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...) [sarge] - hiki (code not present in sarge) - hiki 0.8.3-1 CVE-2005-2800 (Memory leak in the seq_file implementation in the SCSI procfs interfac ...) {DSA-1017-1} - linux-2.6 2.6.12-6 (low) - kernel-source-2.4.27 (seq_file introduced in 2.6) CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and po ...) NOT-FOR-US: Linksys routers CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...) - openssh 1:4.2p1-1 (bug #326065; unimportant) NOTE: Not enabled in the binary build, see #326065 - openssh-krb5 (bug #327233; medium) [sarge] - openssh-krb5 (Intended bahaviour, see #327233) CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle d ...) - openssh 1:4.2p1-1 (bug #326065; unimportant) NOTE: GSSAPI features not activated in binary builds CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ear ...) {DSA-809-1} - squid 2.5.10-5 (medium) CVE-2005-2795 RESERVED CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to c ...) {DSA-809-3 DSA-809-1} - squid 2.5.10-5 (medium) CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin ...) [sarge] - phpldapadmin (code not present in sarge) - phpldapadmin 0.9.6c-7 (bug #325785; medium) - egroupware (copy included is older and not vulnerable; bug #339583) CVE-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...) [sarge] - phpldapadmin (code not present in sarge) - phpldapadmin 0.9.6c-7 (bug #325785; medium) - egroupware (copy included is older and not vulnerable; bug #339583) CVE-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BF ...) NOT-FOR-US: BFCC CVE-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BF ...) NOT-FOR-US: BFCC CVE-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BF ...) NOT-FOR-US: BFCC CVE-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 an ...) NOT-FOR-US: Land Down Under CVE-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to d ...) NOT-FOR-US: Simple PHP Blog CVE-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8. ...) NOT-FOR-US: cosmoshop CVE-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the dat ...) NOT-FOR-US: cosmoshop CVE-2005-2784 (SQL injection vulnerability in the login function for the administrati ...) NOT-FOR-US: cosmoshop CVE-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ea ...) NOT-FOR-US: PHP-Fusion CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for AutoL ...) NOT-FOR-US: AutoLinks Pro CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...) {DSA-1063-1} - phpgroupware 0.9.16.009-1 (bug #340094; medium) - egroupware 1.0.0.009.dfsg-3-4 (bug #340495; medium) [woody] - phpgroupware (fudforum not included until 0.9.16) NOTE: Sarge affected, woody isn't CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allo ...) NOT-FOR-US: Land Down Under CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to obt ...) NOT-FOR-US: iTAN CVE-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) al ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: Looking Glass CVE-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 2 ...) NOT-FOR-US: Looking Glass CVE-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify k ...) NOT-FOR-US: Looking Glass CVE-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...) NOT-FOR-US: Litium Quake mod CVE-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote attack ...) NOT-FOR-US: HP OpenView CVE-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota gophe ...) {DSA-832-1} - gopher 3.0.11 (bug #327722; high) CVE-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-S ...) NOT-FOR-US: Reflection for Secure IT CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-S ...) NOT-FOR-US: Reflection for Secure IT CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possib ...) {DSA-820-1} - courier 0.47-9 (bug #327727; medium) CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...) NOT-FOR-US: Sophos AntiVirus CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute arbitrar ...) NOT-FOR-US: LeapFTP CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6] - linux-2.6 2.6.12-6 (low) CVE-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...) NOT-FOR-US: Symantec AntiVirus CVE-2005-2765 (The user interface in the Windows Firewall does not properly display c ...) NOT-FOR-US: Microsoft Windows CVE-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...) NOT-FOR-US: OpenTTD CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...) NOT-FOR-US: OpenTTD CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in proce ...) NOT-FOR-US: VPNRemote CVE-2005-2760 RESERVED CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton An ...) NOT-FOR-US: Symantec Antivirus CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec ...) NOT-FOR-US: Symantec Antivirus CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Serv ...) NOT-FOR-US: Mac OS X CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-assisted attackers to overwri ...) NOT-FOR-US: Apple QuickTime CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-assisted attackers to ...) NOT-FOR-US: Apple QuickTime CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...) NOT-FOR-US: Apple QuickTime CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...) NOT-FOR-US: Apple QuickTime CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does no ...) NOT-FOR-US: Mac OS X CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not ...) NOT-FOR-US: Mac OS X CVE-2005-2750 (Software Update in Mac OS X 10.4.2, when the user marks all updates to ...) NOT-FOR-US: Mac OS X CVE-2005-2749 (Unspecified vulnerability in the Finder Get Info window for Mac OS X 1 ...) NOT-FOR-US: Mac OS X CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X 10.3.9 ...) NOT-FOR-US: Mac OS X CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by appli ...) NOT-FOR-US: Mac OS X CVE-2005-2746 (Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message ...) NOT-FOR-US: Mac OS X CVE-2005-2745 (Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for ...) NOT-FOR-US: Mac OS X CVE-2005-2744 (Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, ...) NOT-FOR-US: Mac OS X CVE-2005-2743 (The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 1 ...) NOT-FOR-US: Mac OS X CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, c ...) NOT-FOR-US: Mac OS X CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9 allows l ...) NOT-FOR-US: Mac OS X CVE-2005-2740 REJECTED CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visibl ...) NOT-FOR-US: Mac OS X CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent m ...) NOT-FOR-US: Java / Apple CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allo ...) NOT-FOR-US: PhotoPost CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier all ...) NOT-FOR-US: YaPig CVE-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earli ...) NOT-FOR-US: phpGraphy CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earl ...) {DSA-1148-1} - gallery 1.5-2 (bug #325285; medium) CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly res ...) NOT-FOR-US: Simple PHP Blog CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...) NOTE: path disclosure, so not very important on debian systems NOTE: unreproducible according to bug #327729 CVE-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when u ...) NOT-FOR-US: Astato specific CVE-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...) NOT-FOR-US: Astato specific CVE-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter H ...) NOT-FOR-US: Astato specific CVE-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote attack ...) {DSA-805-1} NOTE: The CVE description is wrong, this has been merged for 2.0.55 - apache2 2.0.54-5 (bug #326435; medium) CVE-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server inf ...) NOT-FOR-US: Home Ftp Server CVE-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remo ...) NOT-FOR-US: Home Ftp Server CVE-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ver ...) NOT-FOR-US: QNX CVE-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmeth ...) NOT-FOR-US: PaFileDB CVE-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Foojan PHP Weblog CVE-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php o ...) NOT-FOR-US: Foojan PHP Weblog CVE-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ( ...) NOT-FOR-US: HAURI Antivirus CVE-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Ventrilo CVE-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remo ...) NOT-FOR-US: MPlayer CVE-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 al ...) {DSA-799-1} - webcalendar 0.9.45-7 (bug #326223; medium) CVE-2005-2715 (Format string vulnerability in the Java user interface service (bpjava ...) NOT-FOR-US: VERITAS NetBackup Data and Business Center CVE-2005-2714 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4 ...) NOT-FOR-US: Apple CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4 ...) NOT-FOR-US: Apple CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, a ...) NOT-FOR-US: IBM CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC P ...) NOT-FOR-US: ISS CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 allo ...) {DSA-826-1} NOTE: see http://www.open-security.org/advisories/13 - helix-player 1.0.6-1 (bug #330364; high) CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 al ...) {DSA-1018-1 DSA-1017-1} - linux-2.6 2.6.14-3 CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on 64 ...) - kernel-source-2.4.27 (amd64/2.4 not supported) CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...) {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; medium) - mozilla 2:1.7.12-1 (medium) - mozilla-thunderbird 1.0.7-1 CVE-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote att ...) {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; high) - mozilla 2:1.7.12-1 (high) - mozilla-thunderbird 1.0.7-1 CVE-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and ...) {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; high) - mozilla 2:1.7.12-1 (high) - mozilla-thunderbird 1.0.7-1 CVE-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...) {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; medium) - mozilla 2:1.7.12-1 (medium) - mozilla-thunderbird 1.0.7-1 CVE-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...) {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; medium) - mozilla 2:1.7.12-1 (medium) - mozilla-thunderbird 1.0.7-1 CVE-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...) {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; high) - mozilla 2:1.7.12-1 (high) - mozilla-thunderbird 1.0.7-1 CVE-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite b ...) {DSA-868-1 DSA-866-1 DSA-838-1} - mozilla-firefox 1.0.7-1 (bug #329778; medium) - mozilla 2:1.7.12-1 (bug #329778; medium) - mozilla-thunderbird 1.0.7-1 CVE-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyCli ...) {DSA-807-1 DSA-805-1} - libapache-mod-ssl 2.8.24-1 (medium) - apache2 2.0.54-5 (bug #327210; medium) CVE-2005-2699 (Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1. ...) NOT-FOR-US: PHPKit CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publis ...) NOT-FOR-US: Nephp Publisher Enterprise CVE-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1 ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes i ...) NOT-FOR-US: Notes CVE-2005-2695 (Unspecified vulnerability in the SSL certificate checking functionalit ...) NOT-FOR-US: Cisco CVE-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allo ...) NOT-FOR-US: WinAce CVE-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows rem ...) {DSA-793-1} - courier 0.47-8 (medium; bug #325631) CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 doe ...) {DSA-922-1 DSA-921-1} - linux-2.6 (Fixed before upload into archive; 2.6.11) CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...) [sarge] - kernel-source-2.4.27 (Unfixable design issues) [sarge] - kernel-source-2.6.8 (Unfixable design issues) - kernel-source-2.6.8 (bug #332231; low) - linux-2.6 2.6.18-1 (bug #332381; low) NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite NOTE: of ipt_recent the best solution, which seems to occur soon CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6 ...) {DSA-922-1 DSA-921-1} - kernel-source-2.4.27 2.4.27-11 (bug #322237; medium) - linux-2.6 2.6.12-1 CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 al ...) {DSA-798-1} - phpgroupware 0.9.16.008-1 CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in N ...) {DSA-796-1} - affix 2.1.2-3 (bug #325444; medium) CVE-2005-XXXX [Insecure tempfile usage in tleds] - tleds 1.05beta10-9 (bug #276789; low) CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...) {DSA-806-1 DSA-802-1} NOTE: cvsbug was removed from the cvs binary package in 1:1.11.5-4. NOTE: The copy in the cvs source package was fixed in 1:1.12.9-15. - cvs 1:1.11.5-4 (bug #325106; low) - gcvs 1.0final-8 (bug #324969; low) CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...) NOT-FOR-US: RunCMS CVE-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract functi ...) NOT-FOR-US: RunCMS CVE-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke 0.760- ...) NOT-FOR-US: PostNuke CVE-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760- ...) NOT-FOR-US: PostNuke CVE-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3 ...) NOT-FOR-US: SaveWebPortal CVE-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows re ...) NOT-FOR-US: SaveWebPortal CVE-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote a ...) NOT-FOR-US: SaveWebPortal CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP cod ...) NOT-FOR-US: SaveWebPortal CVE-2005-XXXX [Insecure temp files in firehol] - firehol 1.231-4 (unimportant) NOTE: Only exploitable inside modified binary installation CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ex ...) NOT-FOR-US: Virtual Edge Netquery CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote at ...) NOT-FOR-US: PHPKit CVE-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...) NOT-FOR-US: DTLink AreaEdit CVE-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic i ...) NOT-FOR-US: Cisco CVE-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...) NOT-FOR-US: BEA WebLogic Portal CVE-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other versi ...) NOT-FOR-US: Sysinternals Process Explorer CVE-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NA ...) NOT-FOR-US: MSIE CVE-2005-2677 (ACNews stores the database in a file under the web document root with ...) NOT-FOR-US: ACNews CVE-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in Copper ...) NOT-FOR-US: Coppermine CVE-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. Multiple SQL ...) NOT-FOR-US: Land Down Under CVE-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. Multiple cros ...) NOT-FOR-US: Land Down Under CVE-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2. ...) NOT-FOR-US: Burning Board CVE-2005-2671 REJECTED CVE-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products includi ...) NOT-FOR-US: HAURI CVE-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 befor ...) NOT-FOR-US: Computer Associates CVE-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...) NOT-FOR-US: Computer Associates CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...) NOT-FOR-US: Computer Associates CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other implement ...) - openssh 1:4.0p1-1 (unimportant) NOTE: Lack of a security feature, not a vulnerability CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, a ...) NOT-FOR-US: elm-me+ is no longer in unstable or testing CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in pl ...) NOT-FOR-US: Whisper CVE-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...) {DSA-848-1} - masqmail 0.2.21-1 (low; bug #329307) CVE-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary co ...) {DSA-848-1} - masqmail 0.2.21-1 (high; bug #329307) CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function i ...) {DSA-852-1} - up-imapproxy 1.2.4-2 (high) CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...) {DSA-839-1} - apachetop 0.12.5-3 CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as ...) {DSA-886-1} - chmlib 0.37-2 (medium) CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...) {DSA-812-1} - turqstat 2.2.4-1 (medium) CVE-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier allow ...) {DSA-811-2} - common-lisp-controller 4.18 (bug #328633; medium) CVE-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with world- ...) {DSA-794-1} NOTE: Fix in -8 had problems - polygen 1.0.6-9 (bug #325468; low) CVE-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before exec ...) {DSA-791-1 DTSA-11-1} - maildrop 2.0.2-7 (bug #325135; medium) CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous a ...) {DSA-790-1} - phpldapadmin 0.9.6c-5 (bug #322423; medium) - egroupware (copy included is older and not vulnerable; bug #339583) CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks] - cplay 1.49-8 (bug #324913; low) [woody] - cplay (CPLAY_TMP doesn't exist in this version) [sarge] - cplay (Hardly exploitable) CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurel ...) {DSA-814-1 DTSA-17-1} - lm-sensors 1:2.9.1-7 (bug #324193; medium) CVE-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...) NOT-FOR-US: BBCaffe CVE-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...) NOT-FOR-US: Zorum CVE-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitra ...) NOT-FOR-US: Zorum CVE-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestboo ...) NOT-FOR-US: Emefa Guestbook CVE-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...) NOT-FOR-US: ATutor CVE-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ea ...) NOT-FOR-US: W-Agora CVE-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Serv ...) NOT-FOR-US: Xerox MicroServer Web Server in Document Centre CVE-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document Cent ...) NOT-FOR-US: Xerox MicroServer Web Server in Document Centre CVE-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document Cent ...) NOT-FOR-US: Xerox MicroServer Web Server in Document Centre CVE-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl al ...) NOT-FOR-US: JaguarControl CVE-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...) - tor 0.1.0.14-1 (bug #323786; medium) CVE-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...) - mutt (bug #323956; high) NOTE: Status is not clear; upstream is unresponsive. NOTE: this bug was closed as it was unreproducable in Debian CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...) {DSA-785-1} - libpam-ldap 178-1sarge1 (bug #324899) CVE-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN runni ...) NOT-FOR-US: Juniper CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 all ...) NOT-FOR-US: World Poker Championship CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.4 ...) NOT-FOR-US: PHPFreeNews CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...) NOT-FOR-US: PHPFreeNews CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew an ...) NOT-FOR-US: phpAdsNew CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...) NOT-FOR-US: phpAdsNew CVE-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...) NOT-FOR-US: WinFTP Server CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) bo ...) NOT-FOR-US: PHPTB Topic Board CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in mediabox ...) NOT-FOR-US: Mediabox 404 CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...) NOT-FOR-US: Cisco CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 1 ...) - helix-player (Only Windows version of Real are affected) CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne P ...) {DSA-915-1} - helix-player 1.0.6-1 (bug #340270; medium) CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execut ...) - flashplugin-nonfree 7.0.61-1.1 (bug #339290; high) [sarge] - flashplugin-nonfree (Only affects proprietary Flash plugin) CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote a ...) {DSA-788-1 DTSA-1-1} - kismet 2005.08.R1-1 (bug #323386; high) CVE-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote at ...) {DSA-788-1 DTSA-1-1} - kismet 2005.08.R1-1 (bug #323386; high) CVE-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in C ...) NOT-FOR-US: CPAINT ajax toolkit CVE-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...) NOT-FOR-US: CPAINT ajax toolkit CVE-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of the ...) NOT-FOR-US: ECW Shop CVE-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0. ...) NOT-FOR-US: ECW Shop CVE-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: ECW Shop CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the p ...) NOT-FOR-US: Novell GroupWise CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly ...) NOT-FOR-US: Autonomy CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) Ke ...) NOT-FOR-US: Autonomy CVE-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6 ...) {DTSA-16-1} NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html - amd64 specific DOS - linux-2.6 2.6.12-6 CVE-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...) NOT-FOR-US: ezUpload CVE-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...) NOT-FOR-US: EQdkp CVE-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are upl ...) NOT-FOR-US: Discuz CVE-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows atta ...) NOT-FOR-US: CPAINT Ajax CVE-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier a ...) - wordpress 1.5.2-1 (bug #323040; high) CVE-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...) NOT-FOR-US: VERITAS Backup Exec for Windows Servers CVE-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1 ...) NOT-FOR-US: VegaDNS CVE-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...) NOT-FOR-US: VegaDNS CVE-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...) NOT-FOR-US: SafeHTML CVE-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity Simpli ...) NOT-FOR-US: PHPSimplicity CVE-2005-2606 (Unknown vulnerability in the "frontend authentication" in PHlyMail 3.0 ...) NOT-FOR-US: PHlyMail CVE-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allo ...) NOT-FOR-US: Lasso Professional Server CVE-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...) NOT-FOR-US: My Image Gallery (Mig) CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image Gal ...) NOT-FOR-US: My Image Gallery (Mig) CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to o ...) - mozilla-firefox (According to Bugzilla Windows/Mac only) CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to exe ...) NOT-FOR-US: MidiCart CVE-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products su ...) {DSA-899-1 DSA-798-1} - egroupware 1.0.0.009.dfsg-3-2 (bug #323928; medium) - phpgroupware 0.9.16.008-1 (bug #323929; medium) CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial en ...) NOT-FOR-US: Hummingbird FTP for Connectivity CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier ...) NOT-FOR-US: Dokeos CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...) NOT-FOR-US: AOL Client CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...) {DSA-879-1} - gallery 1.5-2 (medium) CVE-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alph ...) NOT-FOR-US: Dada Mail CVE-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ca ...) NOT-FOR-US: Apple Safari CVE-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with un ...) NOT-FOR-US: MindAlign CVE-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions allo ...) NOT-FOR-US: MindAlign CVE-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to li ...) NOT-FOR-US: MindAlign CVE-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...) NOT-FOR-US: MindAlign CVE-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...) NOT-FOR-US: WRT54GS wireless router CVE-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 a ...) NOT-FOR-US: DVBBS CVE-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...) NOT-FOR-US: PHPTB Topic Boards CVE-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web adm ...) NOT-FOR-US: Mentor ADSL-FR4II router CVE-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote atta ...) NOT-FOR-US: Mentor ADSL-FR4II router CVE-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running f ...) NOT-FOR-US: Mentor ADSL-FR4II router CVE-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumente ...) NOT-FOR-US: Mentor ADSL-FR4II router CVE-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writ ...) NOT-FOR-US: Kaspersky CVE-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibl ...) NOT-FOR-US: Grandstream BudgeTone CVE-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...) NOT-FOR-US: Contivity CVE-2005-2578 REJECTED CVE-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...) NOT-FOR-US: Wyse Winterm CVE-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers t ...) NOT-FOR-US: CaLogic CVE-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows r ...) NOT-FOR-US: XMB Forum CVE-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables ...) NOT-FOR-US: XMB Forum CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...) - mysql (Windows specific mysql holes) - mysql-dfsg-4.1 (Windows specific mysql holes) - mysql-dfsg-5.0 (Windows specific mysql holes) CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...) - mysql (Windows specific mysql holes) - mysql-dfsg-4.1 (Windows specific mysql holes) - mysql-dfsg-5.0 (Windows specific mysql holes) CVE-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly res ...) NOT-FOR-US: FunkBoard CVE-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote attacke ...) NOT-FOR-US: FunkBoard CVE-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66C ...) NOT-FOR-US: FunkBoard CVE-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 a ...) NOT-FOR-US: SysCP CVE-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier al ...) NOT-FOR-US: SysCP CVE-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...) NOT-FOR-US: OpenBB CVE-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Gravity Board X (GBX) CVE-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity B ...) NOT-FOR-US: Gravity Board X (GBX) CVE-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...) NOT-FOR-US: Gravity Board X (GBX) CVE-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...) NOT-FOR-US: Gravity Board X (GBX) CVE-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attac ...) NOT-FOR-US: MYFAQ CVE-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 al ...) NOT-FOR-US: CFBB CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows rem ...) NOT-FOR-US: e107 portal CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 bef ...) {DSA-833-2 DSA-831-1 DSA-829-1} - mysql-dfsg-4.1 4.1.13 (medium) - mysql-dfsg-5.0 5.0.7beta-1 (medium) - mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium) CVE-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...) {DSA-778-1} - mantis 0.19.2-4 (low) CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with registe ...) {DSA-778-1} - mantis 0.19.2-4 (medium) CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...) {DSA-1018-1 DSA-1017-1 DTSA-16-1} - linux-2.6 2.6.12-6 (medium) CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs] - clamav 0.86.2-1 (low) [sarge] - clamav 0.84-2.sarge.2 CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...) NOT-FOR-US: Network Associated ePolicy Orchestrator Agent CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x befor ...) {DSA-921-1} - kernel-source-2.4.27 2.4.27-12 (bug #323363; medium) CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...) NOT-FOR-US: Integrated Light Out in HP servers CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 o ...) NOT-FOR-US: Novell eDirectory CVE-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attack ...) {DSA-782-1 DTSA-9-1} - bluez-utils 2.19-1 (bug #323365; medium) CVE-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Arab Portal CVE-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0 ...) NOT-FOR-US: PHPOpenChat CVE-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev eComme ...) NOT-FOR-US: Comdev eCommerce CVE-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev eComme ...) NOT-FOR-US: Comdev eCommerce CVE-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arb ...) NOT-FOR-US: Invision Power Board CVE-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or s ...) NOTE: This is intended behaviour, after all tar is an archiving tool and you NOTE: need to give -p as a command line flag - tar (bug #328228; unimportant) CVE-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ve ...) NOT-FOR-US: FlatNuke CVE-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...) NOT-FOR-US: FlatNuke CVE-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers t ...) NOT-FOR-US: FlatNuke CVE-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers t ...) NOT-FOR-US: FlatNuke CVE-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when c ...) {DSA-792-1} - pstotext 1.9-2 (bug #319758; medium) CVE-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...) NOT-FOR-US: ARCserve Backup CVE-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ena ...) {DSA-851-1} - openvpn 2.0.2-1 (bug #324167; high) CVE-2005-2533 (OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode ...) {DSA-851-1} - openvpn 2.0.2-1 (bug #324167; high) CVE-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue w ...) {DSA-851-1} - openvpn 2.0.2-1 (bug #324167; high) CVE-2005-2531 (OpenVPN before 2.0.1, when running with "verb 0" and without TLS authe ...) {DSA-851-1} - openvpn 2.0.2-1 (bug #324167; high) CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac O ...) NOT-FOR-US: Java / Apple CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Appl ...) NOT-FOR-US: Java / Apple CVE-2005-2528 REJECTED CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X ...) NOT-FOR-US: Java / Apple CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...) NOT-FOR-US: MacOS X CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descri ...) NOT-FOR-US: MacOS X CVE-2005-2524 (Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to b ...) NOT-FOR-US: MacOS X CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server i ...) NOT-FOR-US: Weblog Server in Mac OS X CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs wit ...) NOT-FOR-US: Mac OS X CVE-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...) NOT-FOR-US: Mac OS X CVE-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...) NOT-FOR-US: Mac OS X CVE-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure tempora ...) NOT-FOR-US: Mac OS X CVE-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows rem ...) NOT-FOR-US: Mac OS X CVE-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatt ...) NOT-FOR-US: Mac OS X CVE-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...) NOT-FOR-US: Mac OS X CVE-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...) NOT-FOR-US: Mac OS X CVE-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execu ...) NOT-FOR-US: Mac OS X CVE-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOve ...) NOT-FOR-US: Mac OS X CVE-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...) NOT-FOR-US: Mac OS X CVE-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerbe ...) NOT-FOR-US: Mac OS X CVE-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4. ...) NOT-FOR-US: Mac OS X CVE-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, w ...) NOT-FOR-US: Mac OS X CVE-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...) NOT-FOR-US: Mac OS X CVE-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 al ...) NOT-FOR-US: Mac OS X CVE-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10. ...) NOT-FOR-US: Mac OS X CVE-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...) NOT-FOR-US: Mac OS X CVE-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...) NOT-FOR-US: Mac OS X CVE-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical a ...) NOT-FOR-US: Mac OS X CVE-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in a ...) NOT-FOR-US: Mac OS X CVE-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows extern ...) NOT-FOR-US: Mac OS X CVE-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ker ...) - linux-2.6 2.6.12-1 (medium) CVE-2005-2499 (slocate before 2.7 does not properly process very long paths, which al ...) - slocate (Uses secure glibc code, see #324951) CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML- ...) {DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1} - drupal 4.5.5-1 (bug #323347; high) - phpgroupware 0.9.16.008-1 (bug #323349; high) - egroupware 1.0.0.009.dfsg-1 (bug #323350; high) - phpwiki (unimportant) NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway - php4 4:4.3.10-16 (bug #323366; high) - php5 5.0.5-1 (high) CVE-2005-2497 REJECTED CVE-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...) {DSA-801-1} NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu?? - ntp 1:4.2.0a+stable-2sarge1 (medium) [etch] - ntp 1:4.2.0a+stable-2sarge1 (medium) CVE-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted ...) {DSA-816-1} - xorg-x11 6.8.2.dfsg.1-7 (medium) CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ac ...) {DSA-815-1} - kdebase 4:3.4.2-3 (bug #327039; medium) CVE-2005-2493 RESERVED CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allow ...) - linux-2.6 2.6.12-7 (bug #327416; medium) CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular Expressi ...) {DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1} - pcre3 6.3-1 (bug #324531; medium) - gnumeric 1.5.1-1 (bug #326628; bug #326898; unimportant) - goffice 0.1.0-3 (bug #326898; unimportant) - vfu (does not include the vulnerable part of pcre) NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used - python2.1 2.1.3dfsg-3 (medium) - python2.2 2.2.3dfsg-4 (medium) - python2.3 2.3.5-8 (medium) CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...) {DSA-1017-1} - linux-2.6 2.6.12-7 (bug #327416; medium) CVE-2005-XXXX [Buffer overflow in Description parsing] - bidwatcher (bug #319489; low) [sarge] - bidwatcher (Totally broken due to Ebay changes, no users, no exploits) CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working] - dbmail 2.2.1-1 (bug #303991; bug #290833; medium) CVE-2005-XXXX [downloads.ini writable by group users, world-readable] - mldonkey 2.5.28.1-1 (bug #300560; low) CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere] - classpath 2:0.92-1 (bug #267040; bug #301134; high) [etch] - classpath (Doesn't build the gcjwebplugin binary package) CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c] - dbmail 2.2.1-1 (bug #290833; medium) CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attac ...) {DSA-922-1 DTSA-16-1} NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2 - kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low) NOTE: 2.6.12-1 contained a partially broken fix - linux-2.6 2.6.12-6 (bug #309308; low) CVE-2005-2489 (Web Content Management News System allows remote attackers to create a ...) NOT-FOR-US: Web Content Management News System CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management New ...) NOT-FOR-US: Web Content Management News System CVE-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...) NOT-FOR-US: Sun switches CVE-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in PortailPH ...) NOT-FOR-US: PortailPHP CVE-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...) NOT-FOR-US: Logicampus CVE-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 mig ...) NOT-FOR-US: Denora IRC stats CVE-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote a ...) NOT-FOR-US: Karrigell CVE-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...) NOT-FOR-US: Metasploit Framework CVE-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: Fusebox CVE-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 a ...) NOT-FOR-US: Fusebox CVE-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...) NOT-FOR-US: Quick 'n Easy FTP Server CVE-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote attacker ...) NOT-FOR-US: Silvernews CVE-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote at ...) NOT-FOR-US: Naxtor Shopping Cart CVE-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxto ...) NOT-FOR-US: Naxtor Shopping Cart CVE-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...) {DSA-903-1} - unzip 5.52-4 (bug #321927; low) CVE-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive informa ...) NOT-FOR-US: ChurchInfo CVE-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote atta ...) NOT-FOR-US: ChurchInfo CVE-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote attacke ...) NOT-FOR-US: BusinessMail CVE-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when call ...) {DSA-1021-1} - netpbm-free 2:10.0-9 (bug #319757; low) CVE-2005-2470 (Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 t ...) NOT-FOR-US: Adobe CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C ...) NOT-FOR-US: Novell NetMail CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...) {DSA-922-1 DSA-921-1 DTSA-16-1} - linux-2.6 2.6.12-3 (bug #323173) - kernel-source-2.4.27 2.4.27-12 (medium) CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 all ...) {DSA-922-1 DSA-921-1 DTSA-16-1} - linux-2.6 2.6.12-3 (bug #323173; medium) - kernel-source-2.4.27 2.4.27-12 (medium) CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher] - wine 0.0.20050830-1 (bug #321470; unimportant) NOTE: Not shipped in binary package CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links] - metamail 2.7-48 (bug #321473; low) [sarge] - metamail (Hardly exploitable, minor Dos) CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues] - xfree86 (bug #321447; low) [woody] - xfree86 (Hardly exploitable) [sarge] - xfree86 (Hardly exploitable) - x11-apps 7.7~1 (bug #321447; low) [squeeze] - x11-apps (Minor issue) CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code] - ghostscript 8.61.dfsg.1~svn8187-1 (bug #291452; unimportant) NOTE: Not included in the binary package CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources] NOTE: binary not shipped - sysklogd (bug #281448; unimportant) CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script] - fftw3 3.0.1-12 (low; bug #321566) [sarge] - fftw3 (Minor issue) CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files] - clamav-getfiles 0.5-1 (bug #321446; medium) [sarge] - clamav-getfiles (Sarge version uses mktemp) CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect m ...) {DTSA-6-1} - cgiwrap 3.9-3.1 (bug #316881; low) [sarge] - cgiwrap (Minor impact) CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/ ...) {DTSA-6-1} - cgiwrap 3.9-3.1 (bug #316901; low) [sarge] - cgiwrap (Minor information disclosure, only debugging libs) CVE-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows re ...) {DSA-1016-1 DTSA-13-1} - evolution 2.2.3-3 (high; bug #322535) CVE-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6. ...) {DSA-1016-1 DTSA-13-1} - evolution 2.2.3-3 (high; bug #322535) CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure] - libnet-ssleay-perl 1.25-1.1 (bug #296112; low) CVE-2005-XXXX [nvi: init.d recover file security bugs] - nvi 1.79-22 (bug #298114; medium) CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way] [woody] - bugzilla (Vulnerable script is not present) [sarge] - bugzilla (Vulnerable script is not present) - bugzilla 2.18.3-2 (bug #321567; low) CVE-2005-XXXX [Crypto weakness in Tor's handshaking process] - tor 0.1.0.14-1 (medium) CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux kerne ...) {DSA-1018-1 DSA-1017-1 DTSA-16-1} - linux-2.6 2.6.12-3 (medium) CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in xfrm_use ...) {DSA-922-1 DSA-921-1 DTSA-16-1} - linux-2.6 2.6.12-2 (bug #321401; medium) - kernel-source-2.4.27 2.4.27-11 (medium) CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitr ...) NOT-FOR-US: Greasemonkey CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure de ...) NOT-FOR-US: IBM Lotus Notes CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1. ...) NOT-FOR-US: NetworkActiv Web Server CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of servi ...) NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7 - tiff 3.7.0-1 - tiff3 (fixed prior to initial upload) CVE-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...) NOT-FOR-US: IOS CVE-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file f ...) {DSA-776-1 DTSA-3-1} - clamav 0.86.2-1 (medium) CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create o ...) NOT-FOR-US: sandbox CVE-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow rem ...) {DSA-1318-1 DSA-813-1 DTSA-2-1 DTSA-4-1} - ekg 1:1.5+20050718+1.6rc3-1 (low) - centericq 4.20.0-9 (bug #323185; medium) CVE-2005-2447 REJECTED CVE-2005-2446 REJECTED CVE-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...) NOT-FOR-US: Product Cart CVE-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the pas ...) NOT-FOR-US: Cerulean Trillian CVE-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root wit ...) NOT-FOR-US: KShout CVE-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebIns ...) NOT-FOR-US: SPI Dynamics Web Inspect CVE-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow re ...) NOT-FOR-US: VBzoom CVE-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...) NOT-FOR-US: Thomson Web Skill Vantage Manager CVE-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quo ...) NOT-FOR-US: UseBB CVE-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier al ...) NOT-FOR-US: UseBB CVE-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...) NOT-FOR-US: Website Baker CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website Bake ...) NOT-FOR-US: Website Baker CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ev ...) NOT-FOR-US: Linksys hardware CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...) - phplist (bug #612288) CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to modi ...) - phplist (bug #612288) CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 d ...) - gforge 4.5.14-2 (bug #328224; unimportant) NOTE: Direct flooding is possible as well in most circumstances. NOTE: (Upstream fix was in gforge 4.5.0.1.) CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allo ...) {DSA-1094-1} - gforge 4.5.14-9 (bug #328224; medium) CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...) - mozilla-firefox (Only affects Firefox on Windows platforms) CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" en ...) NOT-FOR-US: Lotus Domino CVE-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ al ...) NOT-FOR-US: CartWIZ CVE-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a deni ...) NOT-FOR-US: FTPshell Server CVE-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote attack ...) NOT-FOR-US: Ares FileShare CVE-2005-2424 (The management interface for Siemens SANTIS 50 running firmware 4.2.8. ...) NOT-FOR-US: Siemens hardware CVE-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Beehive CVE-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...) NOT-FOR-US: Beehive CVE-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...) NOT-FOR-US: Beehive CVE-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbit ...) NOT-FOR-US: FtpLocate CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication a ...) NOT-FOR-US: hardware issue CVE-2005-2418 REJECTED CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive info ...) NOT-FOR-US: Contrexx CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...) NOT-FOR-US: Contrexx CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...) NOT-FOR-US: Contrexx CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as F ...) - firefox 1.5.dfsg-1 (unimportant) - mozilla-firefox 1.5.dfsg-1 (bug #327549; unimportant) - mozilla 1.5.dfsg-1 (bug #327550; unimportant) - iceweasel NOTE: The turned out to be non-exploitable CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in A ...) NOT-FOR-US: Atomic Photo Album CVE-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...) NOT-FOR-US: First Post CVE-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and t ...) {DSA-808-1} - tdiary 2.0.2-1 (bug #319315; medium) CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...) NOT-FOR-US: Network Manager CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, whil ...) NOT-FOR-US: nbsmtp CVE-2005-2408 REJECTED CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted attacker ...) NOT-FOR-US: Opera CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting (XS ...) NOT-FOR-US: Opera CVE-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is install ...) NOT-FOR-US: Opera CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows r ...) NOT-FOR-US: Sendcard CVE-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, whi ...) NOT-FOR-US: RealChat CVE-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearc ...) NOT-FOR-US: PHPSiteSearch CVE-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...) NOT-FOR-US: PHP-Fusion CVE-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...) NOT-FOR-US: PHPFinance CVE-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via mi ...) NOT-FOR-US: PHP Surveyor CVE-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows rem ...) NOT-FOR-US: PHP Surveyor CVE-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1 ...) NOT-FOR-US: phpBook CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlie ...) - mediawiki 1.4.9 (bug #276057) CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...) - firefox (bug #320539; unimportant) - iceweasel (bug #320539; unimportant) - mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant) - mozilla (bug #320538; unimportant) NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security NOTE: feature (client-side preference for stronger methods) and not a vulnerabilit NOTE: This also seems like a rare setup. CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...) NOT-FOR-US: CuteNews CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remo ...) NOT-FOR-US: CuteNews CVE-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...) NOT-FOR-US: CMSimple CVE-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...) NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP CVE-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allo ...) {DSA-795-2} - proftpd 1.2.10-20 (low) NOTE: ftpshut fixed in -19, SQLShowInfo in -20 CVE-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denia ...) NOT-FOR-US: Veritas NetBackup CVE-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...) NOT-FOR-US: some windows USB driver CVE-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 all ...) NOT-FOR-US: GoodTech SMTP server CVE-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1. ...) NOT-FOR-US: CartWIZ CVE-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...) NOT-FOR-US: UNACEV2.DLL CVE-2005-2384 (Directory traversal vulnerability in a third-party compression library ...) NOT-FOR-US: UNACEV2.DLL CVE-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...) NOT-FOR-US: PHPNews CVE-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM priv ...) NOT-FOR-US: Oray PeanutHull CVE-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: PHP Surveyor CVE-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 all ...) NOT-FOR-US: PHP Surveyor CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...) NOT-FOR-US: Oracle Reports CVE-2005-2378 (Directory traversal vulnerability in Oracle Reports allows remote atta ...) NOT-FOR-US: Oracle Reports CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate Ser ...) - libnss-ldap (Mandrake specfic vulnerability) CVE-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote attacker ...) NOT-FOR-US: Race Driver CVE-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows rem ...) NOT-FOR-US: Race Driver CVE-2005-2374 (Belkin 54g wireless routers do not properly set an administrative pass ...) NOT-FOR-US: Belkin 54g wireless routers CVE-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...) NOT-FOR-US: SlimFTPd CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary di ...) NOT-FOR-US: Oracle Forms CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 1 ...) NOT-FOR-US: Oracle Reports CVE-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before 1 ...) {DSA-1318-1 DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1} - gaim 1:1.4.0-5 (low) - centericq 4.20.0-9 (bug #323185; low) - ekg 1:1.5+20050712+1.6rc2-1 (low) CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before 1 ...) {DSA-813-1 DTSA-2-1} - centericq 4.20.0-9 (bug #323185; medium) - gaim 1:1.5.0-1 (bug #350071; medium) [woody] - gaim (affected code libgadu not present in woody) [sarge] - gaim (old version of libgadu in gaim is not affected) - ekg 1:1.5+20050712+1.6rc2-1 (medium) [sarge] - ekg NOTE: The fixes from centericq for integer overflows are all present in ekg from stable CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external user-a ...) {DTSA-12-1} - vim 1:6.3-085+1 (bug #320017; medium) [sarge] - vim 1:6.3-071+1sarge1 NOTE: For some reason this was fixed through an upload to s-p-u, not stable-security CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function in Eth ...) {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; bug #320192; medium) CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...) {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) CVE-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0 ...) {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) CVE-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAM ...) {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) CVE-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...) {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.1 ...) - ethereal 0.10.12-1 (bug #320183; low) NOTE: This affects partially Woody and Sarge CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...) {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) CVE-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...) {DSA-853-1} - ethereal 0.10.12-1 (bug #320183; low) CVE-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...) - kfreebsd-5 5.3-1 (medium) CVE-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbit ...) NOT-FOR-US: EMC Navisphere Manager CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...) NOT-FOR-US: EMC Navisphere Manager CVE-2005-2355 REJECTED CVE-2005-2347 RESERVED CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...) NOT-FOR-US: Novell CVE-2005-2345 REJECTED CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) BlackBer ...) NOT-FOR-US: Research in Motion CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerr ...) NOT-FOR-US: Research in Motion CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote attackers to ...) NOT-FOR-US: Research in Motion CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Atta ...) NOT-FOR-US: Research in Motion CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remo ...) NOT-FOR-US: Apple Quicktime CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of mse ...) NOT-FOR-US: unicode msearch CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...) NOT-FOR-US: Xoops CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...) {DSA-864-1 DSA-862-1 DSA-860-1} - ruby - ruby1.6 1.6.8-13 (medium) - ruby1.8 1.8.3-1 (bug #332742; medium) - ruby1.9 1.9.0+20050921-1 (medium) CVE-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...) [sarge] - hiki (code not present in sarge) - hiki 0.8.2-1 CVE-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...) NOT-FOR-US: Y.SAK CVE-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-B ...) NOT-FOR-US: smilies_popup.php CVE-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a allo ...) NOT-FOR-US: PHPPageProtect CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...) NOT-FOR-US: MooseGallery CVE-2005-2330 (Directory traversal vulnerability in extras/update.php in osCommerce 2 ...) NOT-FOR-US: osCommerce CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, wh ...) NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S CVE-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 an ...) NOT-FOR-US: Laffer CVE-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier all ...) NOT-FOR-US: e107 CVE-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a a ...) NOT-FOR-US: Clever Copy CVE-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full pa ...) NOT-FOR-US: Clever Copy CVE-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a a ...) NOT-FOR-US: Clever Copy CVE-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.2 ...) NOT-FOR-US: Class-1 Forum CVE-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0 ...) NOT-FOR-US: Class-1 Forum CVE-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...) NOT-FOR-US: CaLogic CVE-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and earlie ...) NOT-FOR-US: Yawp CVE-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 S ...) NOT-FOR-US: DVBBS CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0 ...) {DSA-849-1} - shorewall 2.4.1-2 (bug #318946; medium) CVE-2005-2316 (Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers ...) NOT-FOR-US: dnrd CVE-2005-2315 (Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allow ...) NOT-FOR-US: dnrd CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to o ...) NOT-FOR-US: PHPsFTPd CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows att ...) NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote atta ...) NOT-FOR-US: Realnode Emilda CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...) - sms-pl 2.1.0-1 (bug #320540; unimportant) NOTE: vulnerable contrib file only in source package CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions be ...) NOT-FOR-US: Winamp CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU c ...) NOT-FOR-US: Opera CVE-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote attacker ...) NOT-FOR-US: MSIE CVE-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows loc ...) NOT-FOR-US: Microsoft CVE-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...) NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0 CVE-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a deni ...) NOT-FOR-US: DG Remote Control Server CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote at ...) NOT-FOR-US: Microsoft CVE-2005-2303 REJECTED CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...) {DSA-771-1} - pdns 2.9.18-1 (medium; bug #318798) CVE-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not pr ...) {DSA-771-1} - pdns 2.9.18-1 (medium; bug #318798) CVE-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary f ...) NOT-FOR-US: Skype CVE-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...) NOT-FOR-US: Simple Message Board CVE-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all attach ...) NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian CVE-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...) NOT-FOR-US: Sybase EAServer CVE-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...) NOT-FOR-US: YabbSE CVE-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...) - netpanzer 0.8+svn20060319-1 (bug #318329; low) [sarge] - netpanzer (Minor DoS against a game) CVE-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of reco ...) NOT-FOR-US: Oracle CVE-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...) NOT-FOR-US: Oracle CVE-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...) NOT-FOR-US: Oracle CVE-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext passwo ...) NOT-FOR-US: Oracle CVE-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...) NOT-FOR-US: WPS CVE-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: PHPCounter CVE-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remo ...) NOT-FOR-US: PHPCounter CVE-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a d ...) NOT-FOR-US: SoftiaCom wMailServer CVE-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...) NOT-FOR-US: WebEOC CVE-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...) NOT-FOR-US: WebEOC CVE-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow re ...) NOT-FOR-US: WebEOC CVE-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...) NOT-FOR-US: WebEOC CVE-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6 ...) NOT-FOR-US: WebEOC CVE-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...) NOT-FOR-US: WebEOC CVE-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a deni ...) NOT-FOR-US: Cisco CVE-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2 ...) NOT-FOR-US: Cisco CVE-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable P ...) NOT-FOR-US: MailEnable CVE-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows rem ...) {DSA-762-1} - affix 2.1.2-2 (bug #318328; medium) CVE-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...) NOT-FOR-US: Novell Groupwise WebAccess CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6] NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html NOTE: maintainer says does not apply to debian, see #320608 CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding] - ffmpeg 0.cvs20050811-1 (bug #320150; medium) - xmovie CVE-2005-XXXX [xgalaga score file segfault] - xgalaga 2.0.34-31 (bug #319686; low) [sarge] - xgalaga (Minor issue) CVE-2005-XXXX [xemeraldia games file overwrite] - xemeraldia 0.4-1 (bug #319661; low) [sarge] - xemeraldia (Very minor issue) CVE-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...) {DSA-774-1} NOTE: previous fix in -15 was broken - fetchmail 6.2.5-16 (bug #320357; bug #212762; medium) CVE-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to assistan ...) {DSA-766-1} - webcalendar 0.9.45-7 (bug #315671; medium) CVE-2005-2437 (Website Baker Project does not properly verify the file extensions of ...) NOT-FOR-US: Website Baker CVE-2005-2275 RESERVED CVE-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a Javascrip ...) NOT-FOR-US: MSIE CVE-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript di ...) NOT-FOR-US: Opera CVE-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript dialo ...) NOT-FOR-US: Sfari CVE-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...) NOT-FOR-US: iCab CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...) {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (high) - mozilla 2:1.7.9-1 (bug #318062; bug #325851; high) - mozilla-thunderbird 1.0.6-1 (high) CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does no ...) {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (high) - mozilla 2:1.7.9-1 (medium; bug #318062) - mozilla-thunderbird 1.0.6-1 (medium; bug #318728) CVE-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associa ...) {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (medium) - mozilla 2:1.7.9-1 (medium; bug #318062) CVE-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...) {DSA-779-2 DSA-779-1 DTSA-8-2} - mozilla-firefox 1.0.4-2sarge3 (medium) CVE-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...) {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (medium) - mozilla 2:1.7.9-1 (medium; bug #318062) - mozilla-thunderbird 1.0.6-1 (low; bug #318728) CVE-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...) {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (high) - mozilla 2:1.7.9-1 (medium; bug #318062) - mozilla-thunderbird 1.0.6-1 (medium; bug #318728) CVE-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive inform ...) {DSA-779-2 DSA-779-1 DTSA-8-2} - mozilla-firefox 1.0.4-2sarge3 (medium) CVE-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...) {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (medium) - mozilla 2:1.7.9-1 (medium; bug #318062) CVE-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers t ...) {DSA-779-2 DSA-779-1 DTSA-8-2} - mozilla-firefox 1.0.4-2sarge3 (medium) CVE-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...) {DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (medium) - mozilla 2:1.7.9-1 (medium; bug #318062) - mozilla-thunderbird 1.0.6-1 (medium; bug #318728) CVE-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before 1.7 ...) {DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.5-1 (medium) - mozilla 2:1.7.9-1 (medium; bug #318062) CVE-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet Cr ...) NOT-FOR-US: USANet CVE-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...) NOT-FOR-US: Squito Gallery CVE-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...) NOT-FOR-US: PhpSlash CVE-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 a ...) {DSA-759-1} - phppgadmin 3.5.4-1 (bug #318284; medium) CVE-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote atta ...) NOT-FOR-US: PhpAuction CVE-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...) NOT-FOR-US: PhpAuction CVE-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers t ...) NOT-FOR-US: PhpAuction CVE-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ga ...) NOT-FOR-US: PhpAuction CVE-2005-2251 (PHP remote file inclusion vulnerability in secure.php in PHPSecurePage ...) NOT-FOR-US: PHPSecurePages (phpSP) CVE-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 a ...) {DSA-762-1} - affix 2.1.2-2 (bug #318327; medium) CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...) NOT-FOR-US: Jinzora CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 allo ...) NOT-FOR-US: DownloadProtect CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown i ...) NOTE: no details available - moodle 1.5.1-1 CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...) NOT-FOR-US: iPhotoAlbum CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...) NOT-FOR-US: BIG-IP CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ear ...) NOT-FOR-US: Cisco CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier ...) NOT-FOR-US: Cisco CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) NOT-FOR-US: Cisco CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...) NOT-FOR-US: Cisco CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...) {DSA-1003-1} - xpvm 1.2.5-8 (bug #318285; medium) CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...) - oftpd 20040304-1 (bug #318286; medium) NOTE: This was fixed in the patch set maintained by Werner Koch, it's included CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...) NOT-FOR-US: AIX CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...) NOT-FOR-US: AIX CVE-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...) NOT-FOR-US: AIX CVE-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...) NOT-FOR-US: AIX CVE-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...) NOT-FOR-US: AIX CVE-2005-2233 (Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 m ...) NOT-FOR-US: AIX CVE-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...) NOT-FOR-US: AIX CVE-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...) {DSA-761-2} - heartbeat 1.2.3-12 (bug #318287; medium) CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmos ...) - elmo 1.3.0-1.1 (bug #318291; low) [sarge] - elmo (Minor issue) CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web doc ...) NOT-FOR-US: Blog Torrent CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message tit ...) NOT-FOR-US: Web Wiz Forums CVE-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite ...) NOT-FOR-US: Softiacom wMailserver CVE-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account wh ...) NOT-FOR-US: Outlook CVE-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of s ...) NOT-FOR-US: Microsoft CVE-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote attacker ...) NOT-FOR-US: Microsoft CVE-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard befor ...) NOT-FOR-US: MailEnable CVE-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Profession ...) NOT-FOR-US: MailEnable CVE-2005-2221 NOT-FOR-US: Dragonfly CVE-2005-2220 NOT-FOR-US: Dragonfly CVE-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...) NOT-FOR-US: Hosting Controller CVE-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...) - kfreebsd5-source 5.3-17 (medium) CVE-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...) NOT-FOR-US: Dansie Shopping Cart CVE-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...) NOT-FOR-US: PhotoGal CVE-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x bef ...) - mediawiki 1.4.9 CVE-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...) - apt-setup (bug #305142; unimportant) NOTE: That's by design. We want to provide non-root users access to the source code, NOTE: thus it needs to be world-readable. Also, the password can't be too sensitive NOTE: as it'll be sent non-encrypted over the wire. CVE-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS Ripp ...) NOT-FOR-US: MMS Ripper CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world readabl ...) NOTE: duplicate of CVE-2005-1856 NOTE: Mitre contacted - micah April 20, 2006 NOTE: Mitre re-contacted - micah June 5, 2006 CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...) NOTE: duplicate of CVE-2005-1855 NOTE: Mitre contacted - micah April 20, 2006 NOTE: Mitre re-contacted - micah June 5, 2006 CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows r ...) NOT-FOR-US: Internet Download Manager CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...) NOT-FOR-US: ScanShare CVE-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: PrivaShare CVE-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...) NOT-FOR-US: CartWIZ CVE-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote attacke ...) NOT-FOR-US: CartWIZ CVE-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...) NOT-FOR-US: kaiseki.cgi CVE-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) e ...) NOT-FOR-US: SiteMinder CVE-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to bypa ...) NOT-FOR-US: phpWishlist CVE-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...) NOT-FOR-US: Xerox Hardware issue CVE-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox WorkCent ...) NOT-FOR-US: Xerox hardware CVE-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for Xer ...) NOT-FOR-US: Xerox hardware CVE-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in PP ...) NOT-FOR-US: PPA web photo gallery CVE-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3 ...) NOT-FOR-US: SPiD CVE-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows re ...) NOT-FOR-US: Id Board CVE-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...) NOT-FOR-US: Apple Airport CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...) NOT-FOR-US: Apple Darwin Streaming Server CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 a ...) NOT-FOR-US: Apple CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in profile ...) NOT-FOR-US: PunBB CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...) NOT-FOR-US: SimplePHPBlog CVE-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus shoppi ...) NOT-FOR-US: Comersus CVE-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...) NOT-FOR-US: Comersus CVE-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 store ...) NOT-FOR-US: Lantronix SecureLinx CVE-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...) NOT-FOR-US: McAfee IntruShield CVE-2005-2187 (McAfee IntruShield Security Management System allows remote authentica ...) NOT-FOR-US: McAfee IntruShield CVE-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShi ...) NOT-FOR-US: McAfee IntruShield CVE-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote atta ...) NOT-FOR-US: eRoom CVE-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...) NOT-FOR-US: eRoom CVE-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle l ...) NOT-FOR-US: PhpXmail CVE-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not prop ...) NOT-FOR-US: PhpXmail CVE-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...) NOT-FOR-US: SIP phone hardware issue CVE-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ins ...) - gnats 4.0 (bug #318481; high) CVE-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...) NOT-FOR-US: Jaws CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via sh ...) NOTE: How bizarre, they assign a CVE Id without knowing which product contains NOTE: the affected probe.cgi CVE-2005-2177 (Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when ...) {DSA-873-1} - net-snmp 5.2.1.2-1 (bug #318420; low) - ucd-snmp 4.2.5-5.1 (bug #337394; low) [sarge] - ucd-snmp (Minor issue) CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without p ...) NOT-FOR-US: Novell NetMail CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...) NOT-FOR-US: Notes CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 i ...) [woody] - bugzilla (Only Bugzilla >= 2.17 is affected) [sarge] - bugzilla (Only Bugzilla >= 2.17 is affected) - bugzilla 2.18.3-1 (low) CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2. ...) [woody] - bugzilla (Only Bugzilla >= 2.17 is affected) [sarge] - bugzilla (Only Bugzilla >= 2.17 is affected) - bugzilla 2.18.3-1 (low) CVE-2005-2172 RESERVED CVE-2005-2171 RESERVED CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint a ...) NOT-FOR-US: Tivoli CVE-2005-2348 REJECTED CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty P ...) NOT-FOR-US: PHPSource Printer CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote unauthe ...) NOT-FOR-US: Plague CVE-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News S ...) NOT-FOR-US: Plague CVE-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...) NOT-FOR-US: Plague CVE-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute arbitr ...) NOT-FOR-US: GlobalNoteScript CVE-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote atta ...) NOT-FOR-US: Covide CVE-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...) NOT-FOR-US: AutoIndex PHP Script CVE-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestboo ...) NOT-FOR-US: MyGuestbook CVE-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...) {DSA-768-1} - phpbb2 2.0.13+1-6sarge1 (bug #317739; high) CVE-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which a ...) NOT-FOR-US: IMail CVE-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attacke ...) NOT-FOR-US: PlanetDNS CVE-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows rem ...) NOT-FOR-US: JBoss CVE-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...) NOT-FOR-US: nabopoll CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...) NOT-FOR-US: PHPNews CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and e ...) NOT-FOR-US: EasyPHPCalender CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) open.ph ...) NOT-FOR-US: osTicket CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...) NOT-FOR-US: osTicket CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote att ...) NOT-FOR-US: Geeklog CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures whe ...) {DSA-784-1} - courier 0.47-6 (bug #320290; low) CVE-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...) NOT-FOR-US: Microsoft CVE-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...) {DSA-764-1} - cacti 0.8.6f-1 (bug #316590; high) CVE-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to p ...) {DSA-764-1} - cacti 0.8.6f-1 (bug #316590; high) CVE-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...) {DSA-739-1} - trac 0.8.4-1 [sarge] - trac 0.8.1-3sarge1 CVE-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...) NOT-FOR-US: SSH Tectia Server CVE-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...) NOT-FOR-US: Prevx Pro CVE-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and mo ...) NOT-FOR-US: Prevx Pro CVE-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service (cr ...) NOT-FOR-US: Microsoft CVE-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows rem ...) NOT-FOR-US: Golden FTP Server CVE-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service (cra ...) NOT-FOR-US: TCP Chat CVE-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 allow ...) NOT-FOR-US: FSboard CVE-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta A ...) NOT-FOR-US: Pavsta CVE-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev eComme ...) NOT-FOR-US: Comdev eCommerce CVE-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...) NOT-FOR-US: NateOn Messenger CVE-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, an ...) NOT-FOR-US: Raritan Dominion SX CVE-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Websi ...) NOT-FOR-US: EtoShop CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...) NOT-FOR-US: NetBSD CVE-2005-2133 REJECTED CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1. ...) NOT-FOR-US: SCO UnixWare CVE-2005-2131 RESERVED CVE-2005-2130 RESERVED CVE-2005-2129 RESERVED CVE-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...) NOT-FOR-US: Windows CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers t ...) NOT-FOR-US: Windows CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet Explore ...) NOT-FOR-US: Windows CVE-2005-2125 RESERVED CVE-2005-2124 (Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) ...) NOT-FOR-US: Windows CVE-2005-2123 (Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL ...) NOT-FOR-US: Windows CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Serv ...) NOT-FOR-US: Windows CVE-2005-2121 RESERVED CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPM ...) NOT-FOR-US: Windows CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed Transacti ...) NOT-FOR-US: Microsoft CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Serv ...) NOT-FOR-US: Windows CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...) NOT-FOR-US: Windows CVE-2005-2116 REJECTED CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...) NOT-FOR-US: Soldier of Fortune CVE-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Mele ...) NOTE: cannot reproduce with firefox 1.0.5-1 and Sarge's Mozilla using POC exploits [sarge] - mozilla (Unreproducible) - mozilla 2:1.7.10-1 (bug #318723; medium) CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC se ...) NOT-FOR-US: Xoops CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 an ...) NOT-FOR-US: Xoops CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...) NOT-FOR-US: Community Link Pro Web Editor CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensit ...) - wordpress 1.5.1.3-1 (bug #316402) CVE-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...) - wordpress 1.5.1.3-1 (bug #316402) CVE-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...) - wordpress 1.5.1.3-1 (bug #316402) CVE-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in Wor ...) - wordpress 1.5.1.3-1 (bug #316402) CVE-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...) {DSA-745-1} - drupal 4.5.4-1 (bug #316362) CVE-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authent ...) NOT-FOR-US: IOS CVE-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive informat ...) NOT-FOR-US: sysreport CVE-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...) {DTSA-5-1} - gaim 1:1.4.0-5 (high; bug #323706) CVE-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cau ...) {DTSA-5-1} - gaim 1:1.4.0-5 (medium; bug #323706) CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in / ...) {DSA-818-1} - kdeedu 4:3.4.2-1 (low) CVE-2005-2100 (The rw_vm function in usercopy.c in the 4GB split patch for the Linux ...) - linux-2.6 (Red Hat specific according to Horms) - kernel-source-2.4.27 (Red Hat specific according to Horms) CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring t ...) {DTSA-16-1} NOTE: 2.6.8 and 2.4.27 not affected - linux-2.6 2.6.12-3 (bug #323039; medium) CVE-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2 ...) {DTSA-16-1} NOTE: 2.6.8 and 2.4.27 not affected - linux-2.6 2.6.12-3 (bug #323039; medium) CVE-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files, ...) {DSA-1136-1 DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1} - kdegraphics 4:3.4.2-1 (bug #322458; low) - xpdf 3.00-15 (bug #322462; low) [woody] - tetex-bin (pdftex doesn't include or use the vulnerable code) - tetex-bin 3.0-12 NOTE: tetex links to poppler since 3.0-12 [sarge] - tetex-bin (tetex2 uses an older version, which is not affected) - gpdf 2.10.0-4 (bug #334454; low) NOTE: Cups switched to xpdf-utils - cupsys 1.1.22-7 (bug #324464) - cups 1.1.22-7 (bug #324464) [woody] - cupsys (Vulnerable code not present) - poppler 0.4.0-1 (low) - libextractor 0.5.8-1 (medium) CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...) {DSA-1026-1 DSA-797-2 DSA-797-1 DSA-740-1} NOTE: Several packages ship embedded copies of zlib, there are a lot probably more NOTE: Florian Weimer is doing a comprehensive audit using clamav NOTE: to search for static zlib signatures in binaries in Debian NOTE: Not all of the listed packages have been checked for actual NOTE: exploitability using this hole. NOTE: oldstable (woody) had zlib 1.1, which is not affected [woody] - dpkg (Woody contains zlib 1.1, which is not affected) - dpkg 1.13.11 (bug #317967; unimportant) NOTE: You need to trust debs anyway, when installing them - zsync 0.4.0-2 (bug #317968; medium) [woody] - dump (Woody contains zlib 1.1, which is not affected) [sarge] - dump (Backups do not contain untrusted data) - dump 0.4b40-1 (bug #317966; low) [woody] - aide (Woody contains zlib 1.1, which is not affected) - aide 0.10-6.1.1 (bug #317523; unimportant) NOTE: aide only uses zlib to compress/decompress internal data [woody] - amd64-libs (Woody contains zlib 1.1, which is not affected) - amd64-libs 1.3 (bug #317970; medium) [woody] - ia32-libs (Woody contains zlib 1.1, which is not affected) - ia32-libs 1.6 (bug #317971; medium) - dar (zlib not used on unstrusted input, see #317989) [woody] - bacula (Woody contains zlib 1.1, which is not affected) - bacula 1.36.3-2 (bug #318014; medium) [sarge] - bacula (Backups do not contain untrusted data) [woody] - sash (Woody contains zlib 1.1, which is not affected) - sash 3.7-6 (bug #318246; bug #318069; medium) [woody] - libphysfs (Woody contains zlib 1.1, which is not affected) - libphysfs 1.0.0-5 (bug #318091; unimportant) - oops 1.5.23.cvs-3 (bug #318097; medium) [woody] - rpm (Woody contains zlib 1.1, which is not affected) - rpm 4.0.4-31.1 (bug #318099; unimportant) NOTE: You need to trust rpms anyway, when installing them - rageircd 2.0.0-3sid1 (bug #309196; medium) - systemimager-ssh (bug #318101; unimportant) NOTE: see dannf's first bug comment; systemimager-ssh doesn't use compression [woody] - texmacs (Woody contains zlib 1.1, which is not affected) - texmacs 1:1.0.5-3 (bug #318100; medium) [sarge] - texmacs (Hardly exploitable) - zlib 1:1.2.2-7 (bug #317133; medium) - pvpgn 1.7.8-2 (bug #332236) - mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant) - mrtg (Only used for internal compression, current versions link dynamically) - rsync (Uses zlib 1.1, which is not affected) NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real need, NOTE: as the included version was never affected, despite claiming them so. CVE-2005-2095 (options_identities.php in SquirrelMail 1.4.4 and earlier uses the extr ...) {DSA-756-1} - squirrelmail 2:1.4.4-6sarge1 (bug #317094) CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the we ...) NOT-FOR-US: Sun CVE-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attacker ...) NOT-FOR-US: Oracle CVE-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...) NOT-FOR-US: BEA WebLogic CVE-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...) NOT-FOR-US: Websphere CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allo ...) - tomcat4 4.1.28-1 NOTE: tomcat5 in experimental has this fix as well CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ca ...) NOT-FOR-US: Microsoft CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ac ...) {DSA-805-1 DSA-803-1} - apache 1.3.33-8 (bug #322607; medium) - apache2 2.0.54-5 (bug #316173; medium) CVE-2005-2087 (Internet Explorer 5.01 SP4 up to 6 on various Windows operating system ...) NOT-FOR-US: Microsoft CVE-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0. ...) - phpbb2 (phpbb versions in Debian not affected) CVE-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...) NOT-FOR-US: Inframail CVE-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Comm ...) NOT-FOR-US: Community Forum CVE-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate Editi ...) NOT-FOR-US: IA eMailServer CVE-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ex ...) NOT-FOR-US: imTRSET CVE-2005-2081 (Stack-based buffer overflow in the function that parses commands in As ...) - asterisk 1:1.0.9.dfsg-1 (bug #315532; unimportant) NOTE: Can only be exploited by users who already have the privilege to execute arbitrary commands CVE-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VE ...) NOT-FOR-US: Veritas Backup CVE-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS B ...) NOT-FOR-US: Veritas Backup CVE-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows remot ...) NOT-FOR-US: Lpanel CVE-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...) NOT-FOR-US: GoodTech SMTP Server CVE-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a deni ...) NOT-FOR-US: BisonFTP Server CVE-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting Cont ...) NOT-FOR-US: Hosting Controller CVE-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...) NOT-FOR-US: HP Version Control Repository Manager CVE-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable fil ...) NOT-FOR-US: PHP-Fusion CVE-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...) NOT-FOR-US: PHP-Fusion CVE-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...) NOT-FOR-US: DB2 CVE-2005-2072 (The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT ...) NOT-FOR-US: Solaris CVE-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to exec ...) NOT-FOR-US: Solaris CVE-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used i ...) {DSA-737-1 DTSA-3-1} - clamav 0.86.1 (bug #318755; medium) CVE-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a sla ...) {DSA-785-1} - openldap2.2 2.2.26-3 (bug #316674; medium) - openldap2 2.1.30-11 (medium) - libpam-ldap 178-1sarge1 (bug #316972; medium) - libnss-ldap 238-1.1 (bug #316973; medium) CVE-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers t ...) - kfreebsd-source CVE-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of aspn ...) NOT-FOR-US: ASP Nuke CVE-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allow ...) NOT-FOR-US: ASP Nuke CVE-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP Nu ...) NOT-FOR-US: ASP Nuke CVE-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow r ...) NOT-FOR-US: ASP Nuke CVE-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSel ...) NOT-FOR-US: ActiveBuyAndSell CVE-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow r ...) NOT-FOR-US: ActiveBuyAndSell CVE-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to inclu ...) NOT-FOR-US: Infopop UBB.Threads CVE-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php ...) NOT-FOR-US: Infopop UBB.Threads CVE-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) adda ...) NOT-FOR-US: Infopop UBB.Threads CVE-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6 ...) NOT-FOR-US: Infopop UBB.Threads CVE-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Thr ...) NOT-FOR-US: Infopop UBB.Threads CVE-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.8 ...) {DSA-737-1 DTSA-3-1} - clamav 0.86.1-1 (bug #318756; medium) CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...) NOT-FOR-US: Affected only Real Player, not Helix Player NOTE: http://service.real.com/help/faq/security/050623_player/EN/ CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...) NOT-FOR-US: Real Player NOTE: This didn't affected Helix, although the changelog claimed so, see NOTE: http://service.real.com/help/faq/security/050623_player/EN/ CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote attack ...) NOT-FOR-US: JAF CMS CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6 ...) NOT-FOR-US: Real Player NOTE: This didn't affected Helix, although the changelog claimed so, see NOTE: http://service.real.com/help/faq/security/050623_player/EN/ CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...) NOT-FOR-US: BEWAC CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers t ...) - tor 0.0.9.10-1 (medium) CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...) NOT-FOR-US: Duware CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and poss ...) NOT-FOR-US: Duware CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allo ...) NOT-FOR-US: Duware CVE-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...) NOT-FOR-US: Duware CVE-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 al ...) NOT-FOR-US: Duware CVE-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 an ...) NOT-FOR-US: ATutor CVE-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...) NOT-FOR-US: XAMPP CVE-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allo ...) NOT-FOR-US: ajax-spell CVE-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other p ...) NOT-FOR-US: ViRobot CVE-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd f ...) {DSA-758-1} - heimdal 0.6.3-11 (bug #315065; bug #315086; high) CVE-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and e ...) - nanoblogger (3.1 version in Debian was not affected by this vulnerability, see #315492) CVE-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ot ...) NOT-FOR-US: Fortibus CMS CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow rem ...) NOT-FOR-US: Fortibus CMS CVE-2005-2036 (modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote ...) NOT-FOR-US: Cool Cafe Chat CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe (Cool Café ...) NOT-FOR-US: Cool Cafe Chat CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCol ...) NOT-FOR-US: iGallery CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for Blue-Collar Pr ...) NOT-FOR-US: iGallery CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows loc ...) NOT-FOR-US: Solaris CVE-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote attac ...) NOT-FOR-US: socialMPN CVE-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...) NOT-FOR-US: Ultimate PHP Board CVE-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...) NOT-FOR-US: external script that allow interaction between amarok and a browser CVE-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ea ...) NOT-FOR-US: MercuryBoard CVE-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does no ...) NOT-FOR-US: Enterasys hardware issue CVE-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a h ...) NOT-FOR-US: Enterasys hardware issue CVE-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...) NOT-FOR-US: Cisco CVE-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...) {DSA-738-1} NOTE: varying and apparently innacurate info about what versions fix it - razor 2.720-1 (low) CVE-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Li ...) - gnupg2 1.9.15-1 CVE-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...) NOT-FOR-US: iPlanet CVE-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier all ...) NOT-FOR-US: cPanel CVE-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network S ...) NOT-FOR-US: 3com Network Supervisor CVE-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) o ...) NOT-FOR-US: FreeBSD ipfw CVE-2005-2018 RESERVED CVE-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain priv ...) NOT-FOR-US: Symantec AntiVirus CVE-2005-2016 RESERVED CVE-2005-2015 RESERVED CVE-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...) NOT-FOR-US: paFAQ CVE-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: paFAQ CVE-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 al ...) NOT-FOR-US: paFAQ CVE-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...) NOT-FOR-US: paFAQ CVE-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Rel ...) NOT-FOR-US: Ublog Reload CVE-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow rem ...) NOT-FOR-US: Ublog Reload CVE-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...) - yaws 1.56-1 (low) CVE-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier a ...) - trac 0.8.4-1 (bug #315145) [sarge] - trac 0.8.1-3sarge1 CVE-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...) NOT-FOR-US: JBOSS CVE-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat f ...) NOT-FOR-US: Ultimate PHP Board CVE-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (U ...) NOT-FOR-US: Ultimate PHP Board CVE-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...) NOT-FOR-US: Ultimate PHP Board CVE-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlie ...) NOT-FOR-US: Mambo CVE-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...) NOT-FOR-US: paFileDB CVE-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier all ...) NOT-FOR-US: paFileDB CVE-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...) NOT-FOR-US: paFileDB CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...) NOT-FOR-US: McGallery CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to arbitr ...) NOT-FOR-US: McGallery CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix Site Ma ...) NOT-FOR-US: Bitrix Site Manager CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...) NOT-FOR-US: Bitrix Site Manager CVE-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download b ...) NOT-FOR-US: Finjan SurfinGate CVE-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-comman ...) {DSA-735-2 DSA-735-1} - sudo 1.6.8p9-1 (bug #315718; bug #315115; medium) CVE-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...) {DSA-748-1} - ruby1.8 1.8.2-8 (bug #315064; medium) - ruby1.9 1.9.0+20050623-1 (bug #315064; medium) CVE-2005-1991 RESERVED CVE-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...) NOT-FOR-US: MSIE CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows re ...) NOT-FOR-US: MSIE CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows re ...) NOT-FOR-US: MSIE CVE-2005-1987 (Buffer overflow in Collaboration Data Objects (CDO), as used in Micros ...) NOT-FOR-US: Microsoft CVE-2005-1986 RESERVED CVE-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, X ...) NOT-FOR-US: Microsoft CVE-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microso ...) NOT-FOR-US: Spoolsv.exe CVE-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for Mic ...) NOT-FOR-US: Microsoft CVE-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 200 ...) NOT-FOR-US: Microsoft CVE-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows Ser ...) NOT-FOR-US: Microsoft CVE-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote ...) NOT-FOR-US: Microsoft CVE-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote ...) NOT-FOR-US: Microsoft CVE-2005-1978 (COM+ in Microsoft Windows does not properly "create and use memory str ...) NOT-FOR-US: Microsoft CVE-2005-1977 RESERVED CVE-2005-1976 (Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets ...) NOT-FOR-US: Novell NetMail CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1 ...) NOT-FOR-US: Annuaire CVE-2005-1974 (Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) ...) NOT-FOR-US: Sun Java CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...) NOT-FOR-US: Sun Java CVE-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...) NOT-FOR-US: InteractivePHP FusionBB CVE-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...) NOT-FOR-US: InteractivePHP FusionBB CVE-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Wind ...) NOT-FOR-US: pcAnywhere CVE-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserve ...) NOT-FOR-US: Pragma Telnetserver CVE-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce befo ...) NOT-FOR-US: ProductCart Ecommerce CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...) NOT-FOR-US: ProductCart Ecommerce CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...) NOT-FOR-US: e107 CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for Broadpool ...) NOT-FOR-US: Broadpool Siteframe CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for Ovidentia Po ...) NOT-FOR-US: Ovidentia Portal CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: Cerberus Helpdesk CVE-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 a ...) NOT-FOR-US: Cerberus Helpdesk CVE-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allo ...) NOT-FOR-US: C-JDBC CVE-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers t ...) NOT-FOR-US: C.J. Steele Tattle CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute a ...) NOT-FOR-US: JamMail CVE-2005-1958 REJECTED CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user authentic ...) NOT-FOR-US: File Upload Manager CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...) NOT-FOR-US: File Upload Manager CVE-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9 ...) NOT-FOR-US: singapore CVE-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: singapore CVE-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server (pServ ...) NOT-FOR-US: Pico Server CVE-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows re ...) NOT-FOR-US: Pico Server CVE-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Mil ...) NOT-FOR-US: osCommerce CVE-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Webhints CVE-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...) NOT-FOR-US: e107 CVE-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before 1.3. ...) NOT-FOR-US: Invision Gallery CVE-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery be ...) NOT-FOR-US: Invision Gallery CVE-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 F ...) NOT-FOR-US: Invision Blog CVE-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...) NOT-FOR-US: Invision Blog CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary fil ...) NOT-FOR-US: xmysqladmin CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 al ...) NOT-FOR-US: Loki download manager CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...) NOT-FOR-US: Cisco CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-st ...) NOT-FOR-US: SilverCity CVE-2005-1940 RESERVED CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2 ...) NOT-FOR-US: Ipswitch WhatsUp CVE-2005-1938 REJECTED CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote at ...) {DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1} - mozilla-firefox 1.0.6-1 (medium) - mozilla 2:1.7.10-1 (medium) [woody] - mozilla (regression of a previous security fix) CVE-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network Controlle ...) NOT-FOR-US: Xerox hardware issue CVE-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in Microsof ...) NOT-FOR-US: Microsoft CVE-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arb ...) NOT-FOR-US: Apple CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) {DSA-734-1} - gaim 1:1.3.1-1 (bug #315356; low) CVE-2005-1930 (Directory traversal vulnerability in the Crystal Report component (rpt ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2005-1929 (Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2005-1928 (Trend Micro ServerProtect EarthAgent for Windows Management Console 5. ...) NOT-FOR-US: Trend Micro ServerProtect CVE-2005-1927 RESERVED CVE-2005-1926 RESERVED CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...) NOT-FOR-US: Tikiwiki CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote a ...) NOT-FOR-US: External Squirrelmail plugin not packaged in Debian CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, an ...) {DSA-737-1 DTSA-3-1} - clamav 0.86.1 (bug #316401; bug #316462; medium) CVE-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 all ...) {DSA-737-1 DTSA-3-1} - clamav 0.86.1-1 (low) CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XM ...) {DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1} - serendipity 1.0-1 - drupal 4.5.4-1 (high; bug #316362) - phpgroupware 0.9.16.006-1 (high) - egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high) - phpwiki 1.3.7-4 (bug #316714; high) - php4 4:4.3.10-16 (high; bug #316447) - horde3 (horde3 ships different XMLRPC code) CVE-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4. ...) {DSA-804-2} - kdelibs 4:3.4.2-1 (bug #319016; medium) CVE-2005-1919 REJECTED CVE-2005-1918 (The original patch for a GNU tar directory traversal vulnerability (CV ...) - tar 1.14-2.2 NOTE: 1.14-2.2 is ok, maybe Debian was not-affected anyway CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite arb ...) NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is not the same one CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...) {DSA-760-1 DTSA-4-1} - ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low) CVE-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...) NOT-FOR-US: log4sh CVE-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...) {DSA-754-1 DTSA-2-1} - centericq 4.20.0-7 (medium) CVE-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a den ...) {DTSA-16-1} - linux-2.6 2.6.12-1 (medium) - kernel-source-2.6.11 2.6.11-6 (medium) CVE-2005-1912 REJECTED CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang whil ...) - leafnode 1.11.3.rel-1 (bug #338886; low) [sarge] - leafnode 1.11.2.rel-1.0sarge0 CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events Sys ...) NOT-FOR-US: WWWeb Concepts Events System CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote attack ...) NOT-FOR-US: 602LAN SUITE CVE-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls f ...) NOT-FOR-US: Perception LiteWeb CVE-2005-1907 (The ISA Firewall service in Microsoft Internet Security and Accelerati ...) NOT-FOR-US: Microsoft CVE-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows r ...) NOT-FOR-US: livingmailing CVE-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...) NOT-FOR-US: Kaspersky CVE-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...) NOT-FOR-US: JiRo's Upload Systems CVE-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 all ...) NOT-FOR-US: SPA-PRO Mail CVE-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...) NOT-FOR-US: SPA-PRO Mail CVE-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...) NOT-FOR-US: Sawmill CVE-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...) NOT-FOR-US: Sawmill CVE-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released befo ...) NOT-FOR-US: RakNet CVE-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before 1.5 ...) NOT-FOR-US: phpThumb CVE-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...) NOT-FOR-US: FlexCast CVE-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allow ...) NOT-FOR-US: FlatNuke CVE-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remo ...) NOT-FOR-US: FlatNuke CVE-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote at ...) NOT-FOR-US: FlatNuke CVE-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: FlatNuke CVE-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...) NOT-FOR-US: FlatNuke CVE-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...) NOT-FOR-US: AOL Instant Messenger CVE-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...) NOT-FOR-US: Mortiforo CVE-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenanc ...) NOT-FOR-US: Sun ONE CVE-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 all ...) - mediawiki 1.4.9 (bug #276057) CVE-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and libprojec ...) NOT-FOR-US: Solaris CVE-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0 ...) NOT-FOR-US: YaPiG CVE-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ob ...) NOT-FOR-US: YaPiG CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir comman ...) NOT-FOR-US: YaPiG CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...) NOT-FOR-US: YaPiG CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0 ...) NOT-FOR-US: YaPiG CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...) NOT-FOR-US: YaPiG CVE-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...) NOT-FOR-US: everybuddy CVE-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary f ...) NOT-FOR-US: LutelWall CVE-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite arb ...) NOT-FOR-US: GIPTables CVE-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...) NOT-FOR-US: Lpanel CVE-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier allo ...) NOT-FOR-US: CuteNews CVE-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ( ...) NOT-FOR-US: Exhibit Engine CVE-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote att ...) NOT-FOR-US: Dzip CVE-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier vers ...) NOT-FOR-US: Crob CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere Applica ...) NOT-FOR-US: WebSphere CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...) - drupal 4.5.3-1 CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php in Popp ...) NOT-FOR-US: Popper CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6 ...) NOT-FOR-US: MWChat CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to e ...) NOT-FOR-US: I-Man CVE-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ad ...) NOT-FOR-US: Symantec CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...) NOT-FOR-US: Calendarix CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allo ...) NOT-FOR-US: Calendarix CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in Calenda ...) NOT-FOR-US: Calendarix CVE-2005-1863 REJECTED CVE-2005-1862 REJECTED CVE-2005-1861 REJECTED CVE-2005-1860 REJECTED CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...) NOT-FOR-US: arshell CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ma ...) {DSA-786-1} - simpleproxy 3.2-4 (medium) CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixe ...) {DSA-787-1} - backup-manager 0.5.8-2 (bug #315582; low) NOTE: maybe a duplicate of CVE-2005-2212, author contacted CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...) {DSA-787-1} - backup-manager 0.5.8-2 (medium) NOTE: maybe a duplicate of CVE-2005-2211, author contacted CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...) {DSA-772-1} - apt-cacher 0.9.10 (high) CVE-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...) {DSA-770-1} - gopher 3.0.8 (low) CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...) {DSA-767-1 DTSA-4-1} - kdenetwork 4:3.3.2-5 (bug #319443; unimportant) NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when NOTE: no shared lib version is found. As the Debian package has a dependency on NOTE: it the maintainer does not intent to fix it, see # 319443 - ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium) CVE-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...) {DSA-760-1 DTSA-4-1} - ekg 1:1.5+20050712+1.6rc2-1 (low) CVE-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier c ...) {DSA-760-1 DTSA-4-1} - ekg 1:1.5+20050712+1.6rc2-1 (low) CVE-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...) {DSA-1026-1 DSA-797-2 DSA-797-1 DSA-763-1} NOTE: This is only contrib code not built in the binary packages AFAIK - zlib 1:1.2.3-1 (low) - zsync 0.4.1-1 (low) - sash 3.7-5sarge1 (low) NOTE: zsync 0.4.0-2 (mentioned in DSA-797-1) was never uploaded. CVE-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...) {DSA-750-1} - dhcpcd 1:1.3.22pl4-22 (medium) CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to exec ...) NOT-FOR-US: YaMT CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allo ...) NOT-FOR-US: YaMT CVE-2005-1845 REJECTED CVE-2005-1844 REJECTED CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suit ...) NOT-FOR-US: Windows CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suit ...) NOT-FOR-US: Windows CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX ...) NOT-FOR-US: acroread CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory f ...) {DSA-744-1} - fuse 2.3.0-1 CVE-2005-2349 (Zoo 2.10 has Directory traversal ...) - zoo 2.10-4 (low; bug #309594) CVE-2005-2350 (Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remo ...) - websieve (bug #311838; low) CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...) NOT-FOR-US: phpCMS CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...) NOT-FOR-US: Liberum CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in Li ...) NOT-FOR-US: Liberum CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded username wi ...) NOT-FOR-US: Fortinet firewall CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: NEXTWEB CVE-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with insu ...) NOT-FOR-US: NEXTWEB CVE-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows rem ...) NOT-FOR-US: NEXTWEB CVE-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-1831 - sudo (Unreproducable, seems like a broken PAM setup on the submitter's side) CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 al ...) NOT-FOR-US: SoftICE CVE-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a d ...) NOT-FOR-US: Microsoft CVE-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the rou ...) NOT-FOR-US: D-Link hardware issue CVE-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and g ...) NOT-FOR-US: D-Link hardware issue CVE-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadig ...) NOT-FOR-US: HP Radia CVE-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP R ...) NOT-FOR-US: HP Radia CVE-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL aut ...) - mailutils 1:0.6.1-2 CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Car ...) NOT-FOR-US: Qualiteam X-Cart CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...) NOT-FOR-US: Qualiteam X-Cart CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php in Power ...) NOT-FOR-US: PowerDownload CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attacke ...) NOT-FOR-US: Zeroboard CVE-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0. ...) NOT-FOR-US: NikoSoft WebMail CVE-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...) NOT-FOR-US: NewLife Blogger CVE-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...) NOT-FOR-US: Invision Power Board CVE-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...) NOT-FOR-US: Invision Power Board CVE-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 a ...) NOT-FOR-US: Hummingbird Connectivity CVE-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote attacke ...) NOT-FOR-US: PicoWebServer CVE-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...) NOT-FOR-US: FutureSoft TFTP Server CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server Evalua ...) NOT-FOR-US: FutureSoft TFTP Server CVE-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinB ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-1810 (SQL injection vulnerability in template-functions-category.php in Word ...) - wordpress 1.5.1.2-1 CVE-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...) NOT-FOR-US: Sony hardware issue CVE-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers t ...) NOT-FOR-US: Stronghold game CVE-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier all ...) - libphp-phpmailer 1.73 CVE-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows remo ...) NOT-FOR-US: PeerCast CVE-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by Onli ...) NOT-FOR-US: Online Solutions for Educators CVE-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System (N ...) NOT-FOR-US: Net Portal Dynamic System CVE-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dyna ...) NOT-FOR-US: Net Portal Dynamic System CVE-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a d ...) NOT-FOR-US: Nortel hardware CVE-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of s ...) NOT-FOR-US: Nokia hardware CVE-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 t ...) NOT-FOR-US: Jaws glossary gadget CVE-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and W ...) NOT-FOR-US: FreeStyle Wiki CVE-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...) NOT-FOR-US: ServersCheck CVE-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...) NOTE: Cryptographic attack on AES, cannot be fixed CVE-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...) {DSA-749-1} - ettercap 1:0.7.1-1.1 (bug #311615) CVE-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85 ...) NOT-FOR-US: ClamAV on Mac OS X CVE-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stor ...) NOT-FOR-US: Microsoft CVE-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating sys ...) NOT-FOR-US: Microsoft CVE-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...) NOT-FOR-US: Microsoft CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the use ...) NOT-FOR-US: Microsoft CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and ...) {CVE-2005-3896} NOT-FOR-US: Microsoft NOTE: The exploit causes Mozilla to crash, see CVE-2005-3896. CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution s ...) NOT-FOR-US: India Software Solution shopping cart CVE-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting Contro ...) NOT-FOR-US: Hosting Controller CVE-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass authenticat ...) NOT-FOR-US: phpStat CVE-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 all ...) NOT-FOR-US: FunkyASP CVE-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...) NOT-FOR-US: ZonGG CVE-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...) NOT-FOR-US: Hosting Controller CVE-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...) NOT-FOR-US: BookReview CVE-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...) NOT-FOR-US: BookReview CVE-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows rem ...) NOT-FOR-US: MailEnable CVE-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...) NOT-FOR-US: Active News Manager CVE-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36 ...) NOT-FOR-US: MaxWebPortal CVE-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0 ...) NOT-FOR-US: PostNuke CVE-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows r ...) NOT-FOR-US: PostNuke CVE-2005-1776 (Buffer overflow in the READ_TCP_STRING function in game_message_functi ...) NOT-FOR-US: C'Nedra CVE-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote attac ...) NOT-FOR-US: Terminator game CVE-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Uni ...) - davfs2 0.2.4-1 (bug #310757; medium) CVE-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1. ...) NOT-FOR-US: Listserv CVE-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...) NOT-FOR-US: Terminator game CVE-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...) NOT-FOR-US: HPUX CVE-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...) NOT-FOR-US: Avast CVE-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...) {DSA-756-1} - squirrelmail 2:1.4.4-6sarge1 (bug #314374; medium) CVE-2005-1768 (Race condition in the ia32 compatibility code for the execve system ca ...) {DSA-921-1} - kernel-source-2.4.27 2.4.27-11 (medium; bug #319629) CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment fau ...) {DSA-922-1 DSA-921-1} - linux-2.6 2.6.12-1 - kernel-source-2.4.27 2.4.27-11 NOTE: amd64 is not supported for 2.4 (the issue is amd64 speficic) CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1 ...) {DSA-826-1} - helix-player 1.0.5-1 (bug #316276; high) NOTE: Helix Player is affected according to: NOTE: CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...) {DSA-922-1 DTSA-16-1} - linux-2.6 2.6.12-1 (medium) - kernel-source-2.4.27 CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard pag ...) - linux-2.6 (Fixed before upload into archive; 2.6.11) - kernel-source-2.4.27 CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...) {DSA-922-1} - linux-2.6 (Fixed before upload into archive; 2.6.12-rc5) CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 p ...) {DSA-922-1 DSA-921-1 DTSA-16-1} - linux-2.6 (Fixed before upload into archive; 2.6.12-rc5) - kernel-source-2.4.27 2.4.27-11 CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users t ...) {DSA-1018-1 DSA-922-1 DTSA-16-1} - linux-2.6 2.6.12-1 (medium) CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...) NOT-FOR-US: sysreport CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to modif ...) - shtool 2.0.1-2 (low) [sarge] - shtool (Minor issue) - mysql-ocaml 1.0.3-6 (unimportant) - php4 4:4.4.0-1 (unimportant) CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell Ne ...) NOT-FOR-US: Novell CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.5 ...) NOT-FOR-US: Novell CVE-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novel ...) NOT-FOR-US: Novell CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to creat ...) {DSA-789-1 DTSA-15-1} - shtool 2.0.1-2 (bug #311206; low) [sarge] - shtool (Minor issue) - mysql-ocaml 1.0.3-6 (bug #314464; unimportant) - php4 4:4.3.10-16 (low) CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php] - moodle 1.4.4.dfsg.1-3 CVE-2005-2351 (Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of ser ...) - mutt 1.5.20-7 (bug #311296; unimportant) [sarge] - mutt (Minor annoyance, not a real DoS) NOTE: An "attacker" could achieve the same by simply filling up /tmp CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php] NOTE: viewFile.php has been removed along with other files in -26, so Debian is NOTE: no longer affected. - gforge 3.1-26 CVE-2005-XXXX [osh buffer overflow] - osh 1.7-13 (bug #311369) CVE-2005-XXXX [xile buffer overrun in terminal code] - zile 2.0.4-2 CVE-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 all ...) NOT-FOR-US: ezwdc NewsletterEz CVE-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Servic ...) NOT-FOR-US: BEA Weblogic CVE-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 throug ...) NOT-FOR-US: BEA Weblogic CVE-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Se ...) NOT-FOR-US: BEA Weblogic CVE-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through Ser ...) NOT-FOR-US: BEA Weblogic CVE-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...) NOT-FOR-US: BEA Weblogic CVE-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 do ...) NOT-FOR-US: BEA Weblogic CVE-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 an ...) NOT-FOR-US: BEA Weblogic CVE-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...) NOT-FOR-US: BEA Weblogic CVE-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to c ...) NOT-FOR-US: Halo CVE-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecu ...) - net-snmp (fixproc not installed in Debian package) CVE-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick befo ...) - imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812) CVE-2005-1738 (Format string vulnerability in the logPrintBadfile function in delbadf ...) NOT-FOR-US: Iron Bars Shell CVE-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized u ...) NOT-FOR-US: PROMS CVE-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights," ...) NOT-FOR-US: PROMS CVE-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0. ...) NOT-FOR-US: PROMS CVE-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remo ...) NOT-FOR-US: PROMS CVE-2005-1733 (Cookie Cart stores the password file under the web document root with ...) NOT-FOR-US: Cookie Cart CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification lis ...) NOT-FOR-US: Cookie Cart CVE-2005-1731 REJECTED CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novel ...) NOT-FOR-US: Novell iManager CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Novell CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Port ...) NOT-FOR-US: Apple CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writ ...) NOT-FOR-US: Apple CVE-2005-1726 (The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users w ...) NOT-FOR-US: Apple CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users t ...) NOT-FOR-US: Apple CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the - ...) NOT-FOR-US: Apple CVE-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...) NOT-FOR-US: Apple CVE-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 1 ...) NOT-FOR-US: Apple CVE-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...) NOT-FOR-US: Apple CVE-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...) NOT-FOR-US: Apple CVE-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earli ...) NOT-FOR-US: avast! antivirus CVE-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote a ...) NOT-FOR-US: War Times CVE-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remo ...) NOT-FOR-US: Zyxel hardware CVE-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the w ...) NOT-FOR-US: TOPo CVE-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2. ...) NOT-FOR-US: TOPo CVE-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 all ...) NOT-FOR-US: SurgeMail CVE-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...) NOT-FOR-US: Serendipity CVE-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple auth ...) NOT-FOR-US: Serendipity CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0. ...) NOT-FOR-US: Gibraltar Firewall CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Repor ...) NOT-FOR-US: Blue Coat CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...) NOT-FOR-US: Blue Coat CVE-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter befor ...) NOT-FOR-US: Blue Coat CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) NOT-FOR-US: Gentoo CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "i ...) - mailscanner 4.42.9 (bug #310774; low) [sarge] - mailscanner (Minor issue) CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the .gdb ...) - gdb 6.3-6 CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb b ...) - gdb 6.3-6 CVE-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to cau ...) NOT-FOR-US: Warrior Kings: Battles CVE-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...) NOT-FOR-US: Warrior Kings: Battles CVE-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...) NOT-FOR-US: PortailPHP CVE-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in Po ...) NOT-FOR-US: PostNuke CVE-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia mod ...) NOT-FOR-US: PostNuke CVE-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: PostNuke CVE-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote at ...) NOT-FOR-US: PostNuke CVE-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...) NOT-FOR-US: PostNuke CVE-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...) NOT-FOR-US: PostNuke CVE-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia m ...) NOT-FOR-US: PostNuke CVE-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...) NOT-FOR-US: CA Antivirus CVE-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ve ...) - gxine 0.4.7-0.1 (bug #310712; medium) CVE-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP b ...) NOT-FOR-US: SAP CVE-2005-1690 REJECTED CVE-2005-1689 (Double free vulnerability in the krb5_recvauth function in MIT Kerbero ...) {DSA-757-1} - krb5 1.3.6-4 (medium) CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...) - wordpress 1.5.1-1 CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and e ...) - wordpress 1.5.1-1 CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to cau ...) {DSA-753-1} NOTE: Only exploitable under rare circumstances - gedit 2.10.3-1 (low) CVE-2005-1685 (episodex guestbook allows remote attackers to bypass authentication an ...) NOT-FOR-US: episodex CVE-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex g ...) NOT-FOR-US: episodex CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft W ...) NOT-FOR-US: Microsoft CVE-2005-1682 NOT-FOR-US: Solstice Internet Mail Server CVE-2005-1681 (PHP remote file inclusion vulnerability in common.php in phpATM 1.21, ...) NOT-FOR-US: phpATM CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firm ...) NOT-FOR-US: D-Link hardware CVE-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...) - picasm 1.12c-1 CVE-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, a ...) NOT-FOR-US: Groove CVE-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...) NOT-FOR-US: Groove CVE-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile W ...) NOT-FOR-US: Groove CVE-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, a ...) NOT-FOR-US: Groove CVE-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live al ...) NOT-FOR-US: Help Center Live CVE-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow remot ...) NOT-FOR-US: Help Center Live CVE-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center Liv ...) NOT-FOR-US: Help Center Live CVE-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activat ...) NOT-FOR-US: Yahoo Messenger CVE-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...) NOT-FOR-US: Extreme BlackDiamond hardware CVE-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...) NOT-FOR-US: Opera CVE-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain privilege ...) NOT-FOR-US: YusASP Web Asset Manager CVE-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a denia ...) NOT-FOR-US: DataTrac Activity Console CVE-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remot ...) NOT-FOR-US: Orenosv CVE-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not crypt ...) NOT-FOR-US: Microsoft CVE-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote a ...) NOT-FOR-US: Microsoft CVE-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a deni ...) NOT-FOR-US: Jeuce Personal Web Server CVE-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 al ...) NOT-FOR-US: Jeuce Personal Web Server CVE-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a denia ...) NOT-FOR-US: Jeuce Personal Web Server CVE-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web d ...) NOT-FOR-US: EZGuestbook CVE-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServe ...) NOT-FOR-US: MyServer CVE-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 a ...) NOT-FOR-US: MyServer CVE-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...) NOT-FOR-US: Mercur Messaging CVE-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source c ...) NOT-FOR-US: Mercur Messaging CVE-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to cau ...) NOT-FOR-US: AOL Instant Messenger CVE-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...) NOT-FOR-US: Hosting Controller CVE-2005-XXXX [Two DoS condition in ekg] - ekg 1:1.5+20050411-3 CVE-2005-XXXX [lcrash affected by libbfd integer overflows] - lcrash 7.0.0.pre.cvs.20050322-3 CVE-2005-XXXX [Multiple security problems in lbreakout2] - lbreakout2 2.5.2-2 CVE-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...) NOT-FOR-US: Woppoware CVE-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...) NOT-FOR-US: Woppoware CVE-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware PostMas ...) NOT-FOR-US: Woppoware CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) gener ...) NOT-FOR-US: Woppoware CVE-2005-1649 (The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, wit ...) NOT-FOR-US: Windows CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database f ...) NOT-FOR-US: GASoft CVE-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...) NOT-FOR-US: GASoft CVE-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, whi ...) NOT-FOR-US: Fastream NETFile CVE-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web docum ...) NOT-FOR-US: Keyvan1 Gallery CVE-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Liv ...) NOT-FOR-US: Livre d'Or CVE-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ear ...) NOT-FOR-US: Zoidcom CVE-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab Bu ...) NOT-FOR-US: Woltlab Burning Board CVE-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...) NOT-FOR-US: Ignition Project CVE-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...) NOT-FOR-US: Ignition Project CVE-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 a ...) NOT-FOR-US: Sigma CVE-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ha ...) NOT-FOR-US: SafeHTML CVE-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remot ...) NOT-FOR-US: NPDS CVE-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 crea ...) {DSA-783-1} - mysql-dfsg 4.0.12-2 (bug #319526; low) - mysql-dfsg-4.1 4.1.12 (medium; bug #319526) - mysql-dfsg-5.0 5.0.11beta-3 (medium) CVE-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...) NOT-FOR-US: JGS-Portal CVE-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Port ...) NOT-FOR-US: JGS-Portal CVE-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...) NOT-FOR-US: JGS-Portal CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules befo ...) - cheetah 0.9.16-1 CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view p ...) NOT-FOR-US: Booby CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a "s ...) NOT-FOR-US: phpbb attachment mod CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...) NOT-FOR-US: Photopost CVE-2005-1628 (apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows r ...) NOT-FOR-US: WebAPP CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a potentia ...) - viewglob 2.0.1-1 [sarge] - viewglob (1.x version in Sarge is not vulnerable) CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...) NOT-FOR-US: Pico Server CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...) NOT-FOR-US: Acrobat Reader CVE-2005-1624 RESERVED CVE-2005-1623 RESERVED CVE-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...) NOT-FOR-US: MetaCart CVE-2005-1621 (Directory traversal vulnerability in the pnModFunc function in pnMod.p ...) NOT-FOR-US: Postnuke mod CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1 ...) NOT-FOR-US: Skull-Splitter Guestbook CVE-2005-1619 (Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page. ...) NOT-FOR-US: PHPMyChat CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remot ...) NOT-FOR-US: Yahoo Messenger CVE-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...) NOT-FOR-US: Willings WebCAM CVE-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows rem ...) NOT-FOR-US: Ultimate PHP Board CVE-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...) NOT-FOR-US: Ultimate PHP Board CVE-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...) NOT-FOR-US: Ultimate PHP Board CVE-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open Bulleti ...) NOT-FOR-US: OpenBB CVE-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board (OpenBB ...) NOT-FOR-US: OpenBB CVE-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x a ...) NOT-FOR-US: Web Crossing CVE-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...) NOT-FOR-US: Tru-Zone NukeET CVE-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...) NOT-FOR-US: Sun StorEdge 6130 Arrays CVE-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean AutoT ...) NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke CVE-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart al ...) NOT-FOR-US: Remote Cart CVE-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...) NOT-FOR-US: H-Sphere Winbox CVE-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for SiteStud ...) NOT-FOR-US: guestbook for SiteStudio CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...) NOT-FOR-US: phpATM CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to cau ...) NOT-FOR-US: NiteEnterprises Remote File Manager CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...) NOT-FOR-US: Net56 Browser Based File Manager CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the w ...) NOT-FOR-US: MRO Maximo Self Service CVE-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature ...) NOT-FOR-US: LibTomCrypt CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subje ...) NOT-FOR-US: Kryloff Technologies Subject Search Server CVE-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ea ...) NOT-FOR-US: Invision Power Board CVE-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) top ...) NOT-FOR-US: Invision Power Board CVE-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the extr ...) NOT-FOR-US: Fusion SBX CVE-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, whic ...) NOT-FOR-US: CodeThat ShoppingCart CVE-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1 ...) NOT-FOR-US: CodeThat ShoppingCart CVE-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat S ...) NOT-FOR-US: CodeThat ShoppingCart CVE-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3 ...) NOT-FOR-US: BirdBlog CVE-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote att ...) NOT-FOR-US: Solaris CVE-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows loc ...) NOT-FOR-US: Altiris Client Service for Windows CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines] - clamav 0.85.1-1 (low) [sarge] - clamav 0.84-2.sarge.1 CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] - xfree86 4.3.0.dfsg.1-14 (bug #308783) - xorg-x11 (Xfree-specific, inspected the Subversion tree) CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler (pktc ...) - linux-2.6 (Fixed before upload into archive; 2.6.12-rc5) [sarge] - kernel-source-2.6.8 CVE-2005-1588 NOT-FOR-US: Quick.cart CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0 ...) NOT-FOR-US: Quick.cart CVE-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as use ...) NOT-FOR-US: Quick.Forum CVE-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remo ...) NOT-FOR-US: Quick.Forum CVE-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...) NOT-FOR-US: Quick.Forum CVE-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new sto ...) NOT-FOR-US: 1Two News CVE-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1. ...) NOT-FOR-US: 1Two News CVE-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remo ...) NOT-FOR-US: bug_list.php CVE-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...) NOT-FOR-US: BoastMachine CVE-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...) NOT-FOR-US: Apple CVE-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration Ov ...) NOT-FOR-US: EnCase CVE-2005-1577 (APG Technology ClassMaster does not properly restrict access to sensit ...) NOT-FOR-US: APG Classmaster CVE-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) NOTE: appears windows specific CVE-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...) NOTE: appears windows specific CVE-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content protec ...) NOT-FOR-US: Windows CVE-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News Ma ...) NOT-FOR-US: ASP Virtual News Manager CVE-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service (s ...) NOT-FOR-US: ShowOff CVE-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow r ...) NOT-FOR-US: ShowOff CVE-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full pa ...) NOTE: for-for-us (bttlxeForum) CVE-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 a ...) NOT-FOR-US: DirectTopics CVE-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtai ...) NOT-FOR-US: DirectTopics CVE-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 a ...) NOT-FOR-US: DirectTopics CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...) NOT-FOR-US: Acrowave AAP-3100AR wireless router CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is promp ...) [woody] - bugzilla (Only Bugzilla >= 2.17 is affected) [sarge] - bugzilla (Only Bugzilla >= 2.17 is affected) - bugzilla 2.18-7 (bug #308789; medium) CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...) - bugzilla 2.16.7-7sarge1 CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different er ...) - bugzilla 2.16.7-7sarge1 CVE-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earli ...) NOT-FOR-US: MaxWebPortal CVE-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in Max ...) NOT-FOR-US: MaxWebPortal CVE-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...) NOT-FOR-US: Nexusway CVE-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...) NOT-FOR-US: Nexusway CVE-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass a ...) NOT-FOR-US: Nexusway CVE-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestboo ...) NOT-FOR-US: WebApp Guestbook PRO CVE-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a de ...) NOT-FOR-US: Gamespy cd-key validation system CVE-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in Col ...) NOT-FOR-US: JRun CVE-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1 ...) NOT-FOR-US: WowBB CVE-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a w ...) NOT-FOR-US: GeoVision Digital Video Surveillance System CVE-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when se ...) NOT-FOR-US: GeoVision Digital Video Surveillance System CVE-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses whe ...) NOT-FOR-US: Sophos Anti-Virus CVE-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute a ...) NOT-FOR-US: easy message board CVE-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...) NOT-FOR-US: easy message board CVE-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 a ...) NOT-FOR-US: Advanced Guestbook CVE-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, an ...) NOT-FOR-US: Bakbone Netvault CVE-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remo ...) {DSA-743-1} - ht 0.8.0-3 (bug #308587) CVE-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows re ...) {DSA-743-1} - ht 0.8.0-3 (bug #308587) CVE-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote atta ...) {DSA-755-1} NOTE: CVE info about vulnerable version number is bogus - tiff 3.7.2-3 (bug #309739) - tiff3 (fixed prior to initial upload) CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote Managem ...) NOT-FOR-US: Novell Zenworks CVE-2005-1542 RESERVED CVE-2005-1541 RESERVED CVE-2005-1540 RESERVED CVE-2005-1539 RESERVED CVE-2005-1538 RESERVED CVE-2005-1537 RESERVED CVE-2005-1536 RESERVED CVE-2005-1535 RESERVED CVE-2005-1534 RESERVED CVE-2005-1533 RESERVED CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly li ...) {DSA-781-1} - mozilla-firefox 1.0.4 - mozilla 2:1.7.8 - mozilla-thunderbird 1.0.6-1 (bug #318728; high) CVE-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...) - mozilla-firefox 1.0.4 - mozilla 2:1.7.8 CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, all ...) NOT-FOR-US: Sophos CVE-2005-1529 RESERVED CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX Neut ...) NOT-FOR-US: QNX CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...) {DSA-892-1} - awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium) CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php in Cact ...) {DSA-764-1} - cacti 0.8.6e-1 (bug #315703; high) CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before 0. ...) {DSA-764-1} - cacti 0.8.6e-1 (bug #315703; high) CVE-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8. ...) {DSA-764-1} - cacti 0.8.6e-1 (bug #315703; high) CVE-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...) {DSA-732-1} - mailutils 1:0.6.1-3 CVE-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions be ...) {DSA-732-1} - mailutils 1:0.6.1-3 CVE-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...) {DSA-732-1} - mailutils 1:0.6.1-3 CVE-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...) {DSA-732-1} - mailutils 1:0.6.1-3 CVE-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...) {DSA-751-1} - squid 2.5.9-9 (bug #309504) CVE-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated Nam ...) NOT-FOR-US: Solaris CVE-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 a ...) NOT-FOR-US: Cisco CVE-2005-XXXX [Buffer overflow in libotr] - libotr 2.0.2-1 CVE-2005-XXXX [vpnc: config file path security hole] - vpnc 0.3.2+SVN20050326-2 CVE-2005-XXXX [Several buffer overflows in termpkg] - termpkg 3.3-2 CVE-2005-XXXX [Integer overflow in binutils' ELF parsing] NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's NOTE: already fixed since 2.15-6 - binutils 2.15-6 CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability] - kmd 0.9.19-1.1 CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt] NOTE: Source package has been renamed from unrar to unrar-free - unrar-free 1:0.0.1-2 CVE-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded pict ...) NOT-FOR-US: PwsPHP CVE-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...) NOT-FOR-US: PwsPHP CVE-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: PwsPHP CVE-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remot ...) NOT-FOR-US: PwsPHP CVE-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 al ...) NOT-FOR-US: PwsPHP CVE-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...) NOT-FOR-US: WebSTAR CVE-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0. ...) NOT-FOR-US: CJ Ultra Plus CVE-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configurin ...) NOT-FOR-US: MacOS CVE-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, a ...) NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit CVE-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart a ...) NOT-FOR-US: MidiCart CVE-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...) NOT-FOR-US: MidiCart CVE-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...) NOT-FOR-US: MidiCart CVE-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...) NOT-FOR-US: myBloggie CVE-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ar ...) NOT-FOR-US: myBloggie CVE-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...) NOT-FOR-US: myBloggie CVE-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain sensiti ...) NOT-FOR-US: myBloggie CVE-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE J ...) NOT-FOR-US: Oracle CVE-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...) NOT-FOR-US: Oracle CVE-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in Me ...) NOT-FOR-US: MegaBook CVE-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote attac ...) NOT-FOR-US: SimpleCam CVE-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threa ...) NOT-FOR-US: Gossamer Threads Links CVE-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote auth ...) NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox. ...) NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 CVE-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...) NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Serv ...) NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 CVE-2005-1487 NOT-FOR-US: FishCart CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow re ...) NOT-FOR-US: FishCart CVE-2005-1485 (Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Golden FTP Server Pro CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...) NOT-FOR-US: Golden FTP Server Pro CVE-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 200 ...) NOT-FOR-US: ArticleLive CVE-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by modifyi ...) NOT-FOR-US: ArticleLive CVE-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Cor ...) NOT-FOR-US: ASP Inline Corporate Calendar CVE-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...) NOT-FOR-US: RaidenFTPD CVE-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...) NOT-FOR-US: JGS-Portal CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...) NOT-FOR-US: DMail CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass auth ...) NOT-FOR-US: DMail CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions i ...) {DSA-4692-1 DLA-2234-1} - qmail 1.03-38 - netqmail 1.06-6.2 NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large amo ...) {DSA-4692-1 DLA-2234-1} - qmail 1.03-38 - netqmail 1.06-6.2 NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when run ...) {DSA-4692-1 DLA-2234-1} - qmail 1.03-38 - netqmail 1.06-6.2 NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 NOTE: https://www.openwall.com/lists/oss-security/2020/06/16/2 CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the b ...) - mozilla-firefox 1.0.4-1 CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...) - mozilla-firefox 1.0.4-1 CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...) NOT-FOR-US: Opera CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...) NOT-FOR-US: Apple CVE-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...) NOT-FOR-US: Apple CVE-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...) NOT-FOR-US: Apple CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 al ...) NOT-FOR-US: RSA SecurID Web Agent CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module] - mailutils 1:0.6.1-2 CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks] - maradns 1.0.27-1 CVE-2005-2352 (I race condition in Temp files was found in gs-gpl before 8.56 addons ...) - gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant) CVE-2005-XXXX [Possible SQL injection in freeradius] - freeradius 1.0.2-4 CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local us ...) {DSA-1051-1 DSA-1046-1} - mozilla-thunderbird 1.0.6-1 (bug #306893; low) [sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low) - firefox 1.5.dfsg+1.5.0.2-1 - thunderbird 1.5.0.2-1 - xulrunner 1.8.0.1-9 CVE-2005-XXXX [Directory traversal in unzoo] - unzoo 4.4-4 CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng] - syslog-ng 1.6.5-2.1 CVE-2005-XXXX [trackballs: Follows symlinks as gid games] - trackballs 1.1.1-1 (bug #302454; medium) [sarge] - trackballs (Hardly exploitable) NOTE: CVE request sent to mitre (who sent this? any response?) NOTE: Trackballs doesn't run as gid games anymore, high-score files are NOTE: stored in user's home directories instead. CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...) - ethereal 0.10.10-2sarge2 CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...) - ethereal 0.10.10-2sarge2 CVE-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...) - ethereal 0.10.10-2sarge2 CVE-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...) - ethereal 0.10.10-2sarge2 CVE-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.1 ...) - ethereal 0.10.10-2sarge2 CVE-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...) - ethereal 0.10.10-2sarge2 CVE-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...) - ethereal 0.10.10-2sarge2 CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...) - ethereal 0.10.10-2sarge2 CVE-2005-1462 (Double free vulnerability in the ICEP dissector in Ethereal before 0.1 ...) - ethereal 0.10.10-2sarge2 CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...) - ethereal 0.10.10-2sarge2 CVE-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote at ...) - ethereal 0.10.10-2sarge2 CVE-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...) - ethereal 0.10.10-2sarge2 CVE-2005-1458 (Multiple unknown "other problems" in the KINK dissector in Ethereal be ...) - ethereal 0.10.10-2sarge2 CVE-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreCh ...) - ethereal 0.10.10-2sarge2 CVE-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissec ...) - ethereal 0.10.10-2sarge2 CVE-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...) - freeradius 1.0.2-4 CVE-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL mod ...) - freeradius 1.0.2-4 CVE-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to c ...) - leafnode 1.11.2.rel-1 CVE-2005-XXXX [Missing input validation in xtradius] - xtradius 1.2.1-beta2-2 (bug #307796; unimportant) CVE-2005-XXXX [fai tempfile vulnerability] - fai 2.8.2 CVE-2005-2354 (Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in ...) NOTE: have not checked to see which security holes are in it exactly - nvu (bug #306822; medium) CVE-2005-2356 RESERVED NOTE: This was assigned to an eskuel non-issue before due to Red Hat typos CVE-2005-XXXX [Buffer overflow in elog's header buffer] - elog 2.5.7+r1558-3 (bug #349528; high) CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support] - ipsec-tools 1:0.5.2-1 CVE-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed b ...) - serendipity 1.0-1 CVE-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...) - serendipity 1.0-1 CVE-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...) - serendipity 1.0-1 CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for Serendip ...) - serendipity 1.0-1 CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for Sere ...) - serendipity 1.0-1 CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 ...) NOT-FOR-US: SitePanel CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to up ...) NOT-FOR-US: SitePanel CVE-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ea ...) NOT-FOR-US: SitePanel CVE-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...) NOT-FOR-US: SitePanel CVE-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for I ...) NOT-FOR-US: Invision Power Board CVE-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...) NOT-FOR-US: Lotus Domino CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5 ...) NOT-FOR-US: Lotus Domino CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Ente ...) NOT-FOR-US: ViArt Shop CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket allow ...) NOT-FOR-US: osTicket CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket allows ...) NOT-FOR-US: osTicket CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote attack ...) NOT-FOR-US: osTicket CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...) NOT-FOR-US: osTicket CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated us ...) - openwebmail CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...) NOT-FOR-US: HP OpenView CVE-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation Servic ...) NOT-FOR-US: HP OpenView CVE-2005-1432 RESERVED CVE-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...) - gnutls11 1.0.16-13.1 (bug #309111; bug #307641) CVE-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ter ...) NOT-FOR-US: Mac OS X CVE-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows re ...) NOT-FOR-US: WWWguestbook CVE-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers t ...) NOT-FOR-US: Uapplication Uphotogallery CVE-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...) NOT-FOR-US: Uapplication Uphotogallery CVE-2005-1426 (Uapplication Ublog Reload stores sensitive information under the web r ...) NOT-FOR-US: Uapplication Ublog CVE-2005-1425 (Uapplication Uguestbook 1.0 stores sensitive information under the web ...) NOT-FOR-US: Uapplication Uguestbook CVE-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...) NOT-FOR-US: GoText CVE-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...) NOT-FOR-US: 602 LAN SUITE CVE-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) NOT-FOR-US: Raysoft Video Cam Server CVE-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...) NOT-FOR-US: Raysoft Video Cam Server CVE-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...) NOT-FOR-US: Raysoft Video Cam Server CVE-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 Maili ...) NOT-FOR-US: Ocean12 Mailing list manager CVE-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...) NOT-FOR-US: Netleaf CVE-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...) NOT-FOR-US: MaxWebPortal CVE-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote at ...) NOT-FOR-US: 04WebServer CVE-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote a ...) NOT-FOR-US: GlobalSCAPE Secure FTP Server CVE-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, includin ...) NOT-FOR-US: FilePocket CVE-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote atta ...) NOT-FOR-US: enVivo CVE-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional Guest ...) NOT-FOR-US: ECommPro CVE-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the world-readabl ...) NOT-FOR-US: ICUII CVE-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) d ...) - postgresql 7.4.7-6 CVE-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...) - postgresql 7.4.7-6 CVE-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...) NOT-FOR-US: Apple CVE-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) NOT-FOR-US: Skype CVE-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly cle ...) - kfreebsd5-source 5.3-10 CVE-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function i ...) NOT-FOR-US: Lotus Domino CVE-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by modif ...) NOT-FOR-US: MyPHP Forum CVE-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's A ...) NOT-FOR-US: JW Amazon Web Store CVE-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...) NOT-FOR-US: NeL libarary CVE-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ear ...) NOT-FOR-US: Mtp-Target CVE-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 all ...) - kfreebsd5-source 5.3-10 CVE-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions f ...) - kfreebsd5-source 5.3-10 CVE-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product p ...) NOT-FOR-US: PHPCart CVE-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before 0.10 ...) NOT-FOR-US: PHPCalender CVE-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows lo ...) NOT-FOR-US: ARPUS Ceterm CVE-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allo ...) NOT-FOR-US: ARPUS Ceterm CVE-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...) NOT-FOR-US: ArcGIS CVE-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 a ...) NOT-FOR-US: ArcGIS CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with world-reada ...) - phpmyadmin (Only part of examples that an admin would need to modify anyway) CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earl ...) {DSA-934-1} [sarge] - pound 1.8.2-1sarge1 - pound 1.8.2-1.1 (bug #307852; bug #311548; medium) CVE-2005-1390 REJECTED CVE-2005-1389 REJECTED CVE-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allo ...) NOT-FOR-US: SURVIVOR CVE-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrat ...) NOT-FOR-US: Mac OS X CVE-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive i ...) NOT-FOR-US: PHP-Nuke CVE-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service (appli ...) NOT-FOR-US: Safari CVE-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote a ...) NOT-FOR-US: phpCoin CVE-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...) NOT-FOR-US: Oracle CVE-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...) NOT-FOR-US: Oracle CVE-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...) NOT-FOR-US: Oracle CVE-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allo ...) NOT-FOR-US: BEA Weblogic CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandra ...) - lam (Mandrake specific packaging flaw) CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module f ...) NOT-FOR-US: phpbb mod CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 ...) NOT-FOR-US: Claroline CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or (2 ...) NOT-FOR-US: Claroline CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...) NOT-FOR-US: Claroline CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...) NOT-FOR-US: Claroline CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CM ...) NOT-FOR-US: Koobi CMS CVE-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...) NOT-FOR-US: NetVault CVE-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not proper ...) NOT-FOR-US: NetVault CVE-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView R ...) NOT-FOR-US: HP OpenView CVE-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6 ...) - kernel-source-2.4.27 - kernel-source-2.6.8 2.6.8-16 - linux-2.6 (Fixed before upload into archive; 2.6.11.8) CVE-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel 2. ...) [sarge] - kernel-source-2.6.8 - kernel-source-2.4.27 - linux-2.6 (Fixed before upload into archive; 2.6.11.8) CVE-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read arbitra ...) NOT-FOR-US: pServ CVE-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...) NOT-FOR-US: pServ CVE-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...) NOT-FOR-US: pServ CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd] - shadow 4.0.8 [sarge] - shadow (was introduced after version 4.0.3) [woody] - shadow (was introduced after version 4.0.3) CVE-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow remot ...) NOT-FOR-US: MetaBid Auctions CVE-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow all ...) NOT-FOR-US: MetaCart CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allo ...) NOT-FOR-US: MetaCart CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow re ...) NOT-FOR-US: MetaCart CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 al ...) NOT-FOR-US: GrayCMS CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows rem ...) NOT-FOR-US: text.cgi CVE-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: text.cgi CVE-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...) NOT-FOR-US: text.cgi CVE-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...) NOT-FOR-US: includer.cgi CVE-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...) NOT-FOR-US: includer.cgi CVE-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary comma ...) NOT-FOR-US: forum.pl CVE-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files vi ...) NOT-FOR-US: forum.pl CVE-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows r ...) NOT-FOR-US: ad.cgi CVE-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary command ...) NOT-FOR-US: ad.cgi CVE-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...) NOT-FOR-US: ad.cgi CVE-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...) {DSA-727-1} - libconvert-uulib-perl 1.0.5.1 CVE-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...) NOT-FOR-US: MailEnable CVE-2005-1347 NOT-FOR-US: acrobat CVE-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...) NOT-FOR-US: Symantec CVE-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it i ...) {DSA-721-1} - squid 2.5.9-7 CVE-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ex ...) - apache2 2.0.54-3 (bug #322604) CVE-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X befo ...) NOT-FOR-US: vpnd for Mac OS X CVE-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3. ...) NOT-FOR-US: Apple Terminal CVE-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands vi ...) NOT-FOR-US: Apple Terminal CVE-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not re ...) NOT-FOR-US: Mac OS X CVE-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to esca ...) - lukemftpd (our lukemftpd uses pw->pw_name when checking /etc/ftpchroot) CVE-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ldap_exte ...) NOT-FOR-US: Mac OS X CVE-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote att ...) NOT-FOR-US: Mac OS X CVE-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...) NOT-FOR-US: Mac OS X CVE-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain pr ...) NOT-FOR-US: Mac OS X CVE-2005-1334 REJECTED CVE-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object exc ...) NOT-FOR-US: Mac OS X CVE-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth fil ...) NOT-FOR-US: Mac OS X CVE-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display sc ...) NOT-FOR-US: Mac OS X CVE-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of servic ...) NOT-FOR-US: Mac OS X CVE-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sen ...) NOT-FOR-US: OneWorldStore CVE-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service (ap ...) NOT-FOR-US: OneWorldStore CVE-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burnin ...) NOT-FOR-US: Woltlab Burning Board CVE-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote au ...) NOT-FOR-US: VooDoo cIRCle BOTNET CVE-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and i ...) NOT-FOR-US: phpMyVisites CVE-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for p ...) NOT-FOR-US: phpMyVisites CVE-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...) NOT-FOR-US: NetTerm CVE-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manage ...) - nag 1.1-3.1 (bug #307173) CVE-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module befo ...) - sork-vacation 2.2.2-1 CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager b ...) - mnemo 1.1-2.1 (bug #307180) - mnemo2 (fixed before 2.1.1) CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client b ...) - imp4 - imp3 3.2.8-1 (bug #328218; low) CVE-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forw ...) - sork-forwards 2.2.2-1 CVE-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...) NOT-FOR-US: Hord Chora module CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module befo ...) - sork-accounts 2.1.2-1 CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...) - turba 1.2.5-1 CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module bef ...) - kronolith 1.1.4-1 CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...) - sork-passwd 2.2.2-1 CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allow ...) NOT-FOR-US: Yappa-NG CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allo ...) NOT-FOR-US: Yappa-NG CVE-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...) NOT-FOR-US: bBlog CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...) NOT-FOR-US: bBlog CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or HT ...) - courier (bug #307575; unimportant) CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version ...) NOT-FOR-US: Adobe Version Cue CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 all ...) NOT-FOR-US: Adobe Reader 7 CVE-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files v ...) NOT-FOR-US: hyper.cgi CVE-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...) NOT-FOR-US: citat.pl CVE-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files vi ...) NOT-FOR-US: citat.pl CVE-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...) NOT-FOR-US: Confixx CVE-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...) NOT-FOR-US: nProtect:Netizen CVE-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script al ...) NOT-FOR-US: inserter.cgi CVE-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary c ...) NOT-FOR-US: inserter.cgi CVE-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary file ...) NOT-FOR-US: inserter.cgi CVE-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script all ...) NOT-FOR-US: include.cgi CVE-2005-1296 (include.cgi script allows remote attackers to execute arbitrary comman ...) NOT-FOR-US: include.cgi CVE-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...) NOT-FOR-US: include.cgi CVE-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for Linu ...) - affix-kernel 2.1.1-1.1 CVE-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal 2 ...) NOT-FOR-US: StorePortal CVE-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Car ...) NOT-FOR-US: CartWIZ ASP Cart CVE-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remot ...) NOT-FOR-US: CartWIZ ASP Cart CVE-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 an ...) - phpbb2 2.0.13-6sarge1 (low) CVE-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ex ...) NOT-FOR-US: E-Cart CVE-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...) NOT-FOR-US: ACS Blog CVE-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote at ...) NOT-FOR-US: BK Forum CVE-2005-1286 (Unquoted Windows search path vulnerability in BitDefender 8 allows loc ...) NOT-FOR-US: Bitdefender CVE-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burn ...) NOT-FOR-US: Woltlab Burning Board CVE-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote at ...) NOT-FOR-US: Argosoft Mail Server Pro CVE-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server P ...) NOT-FOR-US: Argosoft Mail Server Pro CVE-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail S ...) NOT-FOR-US: Argosoft Mail Server Pro CVE-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...) - ethereal 0.10.10-2 CVE-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote att ...) - ethereal 0.10.10-2 - tcpdump 3.8.3-4 CVE-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...) {DSA-850-1} - tcpdump 3.8.3-4 CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...) - tcpdump 3.8.3-4 (bug #307920) CVE-2005-1277 REJECTED CVE-2005-1276 RESERVED CVE-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for I ...) - imagemagick 6:6.0.6.2-2.3 (bug #306424) CVE-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...) - maxdb-7.5.00 7.5.00.24-3 CVE-2005-1273 RESERVED CVE-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL Serv ...) NOT-FOR-US: Backup Agent for Microsoft SQL CVE-2005-1271 REJECTED CVE-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter befo ...) - rkhunter 1.2.7-14 (medium) CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] - libconvert-uulib-perl 1.0.5.1-1 CVE-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...) {DSA-734-1} - gaim 1:1.3.1-1 (bug #315356; low) CVE-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) veri ...) {DSA-805-1} - apache2 2.0.54-5 (bug #320048; bug #320063; bug #322613; low) - apache (Not affected, see #322613) CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...) {DSA-854-1} - tcpdump 3.9.0.cvs.20050614-1 (medium) CVE-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...) {DSA-736-2 DSA-736-1} - spamassassin 3.0.4-1 (bug #314447; medium) CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create mem ...) {DSA-922-1} - linux-2.6 2.6.12-1 CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...) - linux-2.6 (Fixed before upload into archive; 2.6.11.10) [sarge] - kernel-source-2.6.8 2.6.8-16 CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2 ...) - linux-2.6 (Fixed before upload into archive; 2.6.12-rc4) [sarge] - kernel-source-2.6.8 2.6.8-16 [sarge] - kernel-source-2.4.27 2.4.27-10 NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of se ...) - gaim 1:1.2.1-1.1 CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...) - gaim 1:1.2.1-1.1 CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...) {DSA-741-1} - bzip2 1.0.2-7 CVE-2005-1259 RESERVED CVE-2005-1258 RESERVED CVE-2005-1257 RESERVED CVE-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...) NOT-FOR-US: IMail CVE-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...) NOT-FOR-US: IMail CVE-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...) NOT-FOR-US: IMail CVE-2005-1253 RESERVED CVE-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in Ips ...) NOT-FOR-US: IMail CVE-2005-1251 RESERVED CVE-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ( ...) NOT-FOR-US: IpSwitch CVE-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) al ...) NOT-FOR-US: IMail CVE-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) NOT-FOR-US: Apple iTunes CVE-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ca ...) NOT-FOR-US: Novell Nsure Audit CVE-2005-1246 (Format string vulnerability in the snmppd_log function in snmppd_util. ...) NOT-FOR-US: snmppd CVE-2005-XXXX [Multiple security problems in Quake 2] NOTE: this release added lots of warnings about the security problems - quake2 1:0.3-1.1 CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, wh ...) - mediawiki 1.4.9 (bug #276057) CVE-2005-1244 NOT-FOR-US: AS/400 FTP server addon CVE-2005-1243 (Directory traversal vulnerability in the third party tool from SafeSto ...) NOT-FOR-US: AS/400 FTP server addon CVE-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...) NOT-FOR-US: AS/400 FTP server addon CVE-2005-1241 (Directory traversal vulnerability in the third party tool from Powerte ...) NOT-FOR-US: AS/400 FTP server addon CVE-2005-1240 (Directory traversal vulnerability in the third party tool from Castleh ...) NOT-FOR-US: AS/400 FTP server addon CVE-2005-1239 (Directory traversal vulnerability in the third party tool from Raz-Lee ...) NOT-FOR-US: AS/400 FTP server addon CVE-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...) NOT-FOR-US: AS/400 FTP server CVE-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows re ...) NOT-FOR-US: FlexPHPNews CVE-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3. ...) NOT-FOR-US: DUPortal CVE-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remot ...) NOT-FOR-US: phpbb-Auction CVE-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote a ...) NOT-FOR-US: phpbb-Auction CVE-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proF ...) NOT-FOR-US: PHP Labs proFile CVE-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...) NOT-FOR-US: Sun ONE Proxy Server CVE-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in Gl ...) NOT-FOR-US: JAWS CVE-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote attack ...) NOT-FOR-US: Yawcan CVE-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows remot ...) {DSA-846-1} - cpio 2.6-6 (bug #306693; medium) CVE-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1 ...) {DSA-752-1} - gzip 1.3.5-10 CVE-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...) NOT-FOR-US: PHPProjekt CVE-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which al ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows r ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allo ...) NOT-FOR-US: DUPortal CVE-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.0 ...) NOT-FOR-US: Ocean12 Calender manager CVE-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to exec ...) NOT-FOR-US: Annuaire Netref CVE-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...) NOT-FOR-US: ECommPro CVE-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain se ...) NOT-FOR-US: Shoutbox CVE-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows a ...) NOT-FOR-US: Microsoft Color Management Module CVE-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...) NOT-FOR-US: Microsoft Color Management Module CVE-2005-1217 RESERVED CVE-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to servic ...) NOT-FOR-US: Microsoft CVE-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ca ...) NOT-FOR-US: Microsoft CVE-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet cont ...) NOT-FOR-US: Microsoft CVE-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook E ...) NOT-FOR-US: Microsoft CVE-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32 ...) NOT-FOR-US: Microsoft CVE-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft Inte ...) NOT-FOR-US: Microsoft CVE-2005-1210 RESERVED CVE-2005-1209 RESERVED CVE-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, an ...) NOT-FOR-US: Microsoft CVE-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...) NOT-FOR-US: Microsoft CVE-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for Mi ...) NOT-FOR-US: Microsoft CVE-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and W ...) NOT-FOR-US: Microsoft CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications] - libpam-ssh 1.91.0-9 CVE-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote attack ...) NOT-FOR-US: Desktop Rover CVE-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware befo ...) - egroupware 1.0.0.007-2.dfsg-1 CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware befo ...) - egroupware 1.0.0.007-2.dfsg-1 CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board (AZb ...) NOT-FOR-US: AZbb CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ Bullet ...) NOT-FOR-US: AZbb CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows r ...) NOT-FOR-US: UBB.threads CVE-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...) NOT-FOR-US: Anaconda Foundation Directory CVE-2005-1197 (SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CH ...) NOT-FOR-US: Oracle CVE-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...) NOT-FOR-US: PHPBB Knowledgebase Mod CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) MM ...) - xine-lib 1.0.1-1 - mplayer (fixed in 1.0-pre7, which was released before etch) CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm 0.9 ...) - nasm 0.98.38-1.2 (bug #309049) CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php fo ...) - phpbb2 2.0.13-6sarge1 (medium) CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...) NOT-FOR-US: HP-UX CVE-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2 ...) NOT-FOR-US: Windows CVE-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...) NOT-FOR-US: WebcamXP CVE-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...) NOT-FOR-US: WebcamXP CVE-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...) NOT-FOR-US: ComersusCart CVE-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other v ...) NOT-FOR-US: WinHex CVE-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com doma ...) NOT-FOR-US: Musicmatch CVE-2005-1185 (Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00 ...) NOT-FOR-US: Musicmatch CVE-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...) NOT-FOR-US: Apparently bogus report. at least on Linux it couldn't be reproduced CVE-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows re ...) NOT-FOR-US: mvnForum CVE-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for W ...) NOT-FOR-US: iSeries OS CVE-2005-1181 NOT-FOR-US: Ariadne CMS CVE-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuk ...) NOT-FOR-US: PHP-Nuke CVE-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various Work ...) NOT-FOR-US: Xerox CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote attacker ...) NOT-FOR-US: Oracle CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 cause ...) - webmin NOTE: I haven't found further information on this, but this appears to only NOTE: affect non-Debian setups CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...) NOT-FOR-US: AIX CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...) {DSA-757-1} - krb5 1.3.6-4 (bug #318437; medium) CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...) {DSA-757-1} - krb5 1.3.6-4 (bug #318437; medium) CVE-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote atta ...) NOT-FOR-US: PMSoftware Simple Web Server CVE-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank m ...) NOT-FOR-US: moddb phpbb2 add-on CVE-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for php ...) NOT-FOR-US: moddb phpbb2 add-on CVE-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, whic ...) NOT-FOR-US: Mafia Blog CVE-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...) NOT-FOR-US: Musicmatch CVE-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...) NOT-FOR-US: Musicmatch CVE-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...) NOT-FOR-US: Dameware CVE-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of se ...) NOT-FOR-US: Yager game CVE-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of se ...) NOT-FOR-US: Yager game CVE-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote attac ...) NOT-FOR-US: Yager game CVE-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore a ...) NOT-FOR-US: OneWorldStore CVE-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote a ...) NOT-FOR-US: OneWorldStore CVE-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Su ...) {DSA-781-1} - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 - mozilla-thunderbird 1.0.6-1 (bug #318728; high) CVE-2005-1159 (The native implementations of InstallTrigger and other functions in Fi ...) {DSA-781-1} - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) CVE-2005-1158 (Multiple "missing security checks" in Firefox before 1.0.3 allow remot ...) - mozilla-firefox 1.0.3-1 CVE-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 all ...) - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 CVE-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 all ...) - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 CVE-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite be ...) - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 CVE-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote atta ...) - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 CVE-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a p ...) - mozilla-firefox 1.0.3-1 - mozilla 2:1.7.7-1 CVE-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the umask ...) {DSA-728-1} - qpopper 4.0.5-4sarge1 CVE-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before pro ...) {DSA-728-1} - qpopper 4.0.5-4sarge1 CVE-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlie ...) NOT-FOR-US: Sun Java CVE-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1 ...) NOT-FOR-US: ACNews CVE-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain s ...) NOT-FOR-US: CalenderScript CVE-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain s ...) NOT-FOR-US: CalenderScript CVE-2005-1146 NOT-FOR-US: CalenderScript CVE-2005-1145 NOT-FOR-US: CalenderScript CVE-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to o ...) NOT-FOR-US: EasyPHPCalender CVE-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalend ...) NOT-FOR-US: EasyPHPCalender CVE-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0 ...) - gocr 0.39-5 CVE-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...) - gocr 0.39-5 CVE-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows rem ...) NOT-FOR-US: MyBloggie CVE-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital certificate ...) NOT-FOR-US: Opera CVE-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allo ...) NOT-FOR-US: Kerio CVE-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sen ...) NOT-FOR-US: sphpBlog CVE-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) c ...) NOT-FOR-US: sphpBlog CVE-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...) NOT-FOR-US: sphpBlog CVE-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and earlie ...) NOT-FOR-US: Serendipity CVE-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...) NOT-FOR-US: AS/400 system software CVE-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ser ...) NOT-FOR-US: LG mobile phone CVE-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...) NOT-FOR-US: Veritas Focalpoint Server CVE-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...) NOT-FOR-US: PinnacleCart CVE-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attac ...) - egroupware 1.0.0.007-2.dfsg-1 CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow r ...) NOT-FOR-US: VHCS CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 an ...) {DSA-1122 DSA-1121} - libnet-server-perl 0.89-1 (bug #378640) NOTE: Net::Server was already fixed in 0.87-1, although the changelog doesn't mention NOTE: the security implication, which was noticed later. I've verified both fixes NOTE: are identical NOTE: but DSA-1122 thinks it was fixed in 0.89-1, so mark that version to make NOTE: scripts happy (at time of writing, 0.90-1 is in testing) - postgrey 1.22-1 CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 an ...) NOT-FOR-US: Free BSD CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in multi-th ...) - libsafe CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...) NOT-FOR-US: Solaris CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...) NOT-FOR-US: monkeyd CVE-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) befor ...) NOT-FOR-US: monkeyd CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...) {DSA-726-1} - oops 1.5.23.cvs-2.2 (bug #307360; high) CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.1 ...) {DSA-1010-1} - ilohamail 0.8.14-0rc3sarge1 (bug #304525; medium) CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...) - sudo (bug #283161; unimportant) NOTE: That's a policy violation, but not a security problem CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the R ...) NOT-FOR-US: RSA authentication agent CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in All4WWW-Homepa ...) NOT-FOR-US: All4WWW Homepage creator CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ph ...) NOT-FOR-US: phpbb2 calendar addon CVE-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0 ...) NOT-FOR-US: Photo Album CVE-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo Al ...) NOT-FOR-US: Photo Album CVE-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...) NOT-FOR-US: PhpBB Plus CVE-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the doc ...) NOT-FOR-US: IBM Websphere CVE-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify pe ...) {DSA-846-1} - cpio 2.6-6 (bug #305372; low) CVE-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in t ...) NOT-FOR-US: Sumus web server CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote atta ...) {DSA-713-1} - junkbuster (bug #304793) - privoxy CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-thre ...) {DSA-713-1} - junkbuster - privoxy CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ins ...) NOT-FOR-US: McAfee CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey] - postgrey 1.21-1 CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers t ...) NOT-FOR-US: Windows CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName meth ...) - libgnumail-java (bug #304712; unimportant) NOTE: This just provides an Java API function to receive a file name, sanitising NOTE: this file name for further use must be done inside the application calling NOTE: the function CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow ...) NOT-FOR-US: Centra CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4. ...) NOT-FOR-US: Sygate Secure Enterprise CVE-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in template-functi ...) NOTE: Upstream developers don't consider this an issue, see bug #304468 CVE-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...) NOT-FOR-US: Lotus Domino Server CVE-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in Greyl ...) - postfix-gld 1.5-1 CVE-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in G ...) - postfix-gld 1.5-1 CVE-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in plain ...) NOT-FOR-US: GetDataBack for NTFS (Windows) CVE-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...) NOT-FOR-US: Rebrand P2P Share Spy CVE-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...) NOT-FOR-US: Ocean12 Membership Manager Pro CVE-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membe ...) NOT-FOR-US: Ocean12 Membership Manager Pro CVE-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xm ...) NOT-FOR-US: FTP Now CVE-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...) NOT-FOR-US: Miranda IM CVE-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...) NOT-FOR-US: DeluxeFTP CVE-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...) NOT-FOR-US: Maxthon CVE-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API fo ...) NOT-FOR-US: Maxthon CVE-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...) NOT-FOR-US: DC++ CVE-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mi ...) NOT-FOR-US: DameWare NT Utilities and Mini Remote Control CVE-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Serv ...) NOT-FOR-US: AN HTTPD CVE-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allo ...) NOT-FOR-US: AN HTTPD CVE-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in aeDat ...) NOT-FOR-US: aeDating CVE-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows remo ...) NOT-FOR-US: aeDating CVE-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...) NOT-FOR-US: aeDating CVE-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 all ...) NOT-FOR-US: AtDGDatingPlatinum CVE-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlat ...) NOT-FOR-US: AtDGDatingPlatinum CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) utili ...) NOT-FOR-US: JAR in J2SE SDK CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...) NOT-FOR-US: zOOm Media Gallery CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows attac ...) NOT-FOR-US: XAMPP Apache distribution specific issue CVE-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x all ...) NOT-FOR-US: XAMPP Apache distribution specific issue CVE-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board funct ...) NOT-FOR-US: WebCT CVE-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadB ...) NOT-FOR-US: RadScripts RadBids Gold CVE-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...) NOT-FOR-US: RadScripts RadBids Gold CVE-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...) NOT-FOR-US: RadScripts RadBids Gold CVE-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...) NOT-FOR-US: PunBB CVE-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2. ...) NOT-FOR-US: JPortal CVE-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...) NOT-FOR-US: Invision Power Board CVE-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact ...) NOT-FOR-US: sCssBoard CVE-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...) NOT-FOR-US: sCssBoard CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to g ...) NOT-FOR-US: Access_user class CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users t ...) - pine 4.63-1 (unimportant) - alpine (alpine is based on pine 4.64, this bug was in a previous version of pine) NOTE: Not shipped in the binary package CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ex ...) - tetex-base (/var/cache/fonts is not writable by normal users in Debian) CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ch ...) - rsnapshot 1.2.1-1 CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0. ...) NOT-FOR-US: Kerio CVE-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0. ...) NOT-FOR-US: Kerio CVE-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...) - logwatch 5.0-1 CVE-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novel ...) NOT-FOR-US: Novell Netware CVE-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password wit ...) NOT-FOR-US: Linksys WET11 CVE-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile tha ...) NOT-FOR-US: Cisco CVE-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH vers ...) NOT-FOR-US: Cisco CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 th ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web roo ...) NOT-FOR-US: TowerBlog CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in ModernBill 4.3. ...) NOT-FOR-US: ModernBill CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...) NOT-FOR-US: ModernBill CVE-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not proper ...) NOT-FOR-US: Microsoft CVE-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remot ...) NOT-FOR-US: PunBB CVE-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows rem ...) NOT-FOR-US: PostNuke CVE-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 al ...) NOT-FOR-US: PostNuke CVE-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allow ...) NOT-FOR-US: PostNuke CVE-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not proper ...) NOT-FOR-US: PunBB CVE-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote atta ...) {DSA-714-1} - kdelibs 4:3.3.2-6 CVE-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings befo ...) NOT-FOR-US: OpenText CVE-2005-1044 REJECTED CVE-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...) - php4 4:4.3.10-10 (bug #306003) CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...) - php4 4:4.3.10-10 (bug #306003) CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...) - linux-2.6 (Fixed before upload into archive; 2.6.11.5) [sarge] - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...) - netapplet (Not vulnerable, see bug #310833) CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2 ...) - coreutils 6.10-1 (bug #304556; unimportant) NOTE: Minor issue, generic UNIX design issue, see discussion in #304556) CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows loc ...) NOTE: long fixed in Debian's cron CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...) NOT-FOR-US: AIX CVE-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permis ...) NOT-FOR-US: FreeBSD CVE-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack v ...) - pavuk 0.9.32-1 CVE-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (a ...) NOT-FOR-US: SurgeFTP CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: CubeCart CVE-2005-1032 REJECTED CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), wh ...) NOT-FOR-US: exoops CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...) NOT-FOR-US: Active Auction House CVE-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow r ...) NOT-FOR-US: Active Auction House CVE-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: PHP-Nuke CVE-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x th ...) NOT-FOR-US: PHP-Nuke CVE-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...) NOT-FOR-US: SnailSource phpBB mod CVE-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...) NOT-FOR-US: IBM CVE-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain s ...) NOT-FOR-US: PHP-Nuke CVE-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...) NOT-FOR-US: PHP-Nuke CVE-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root i ...) NOT-FOR-US: ColdFusion CVE-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...) NOT-FOR-US: IOS CVE-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote atta ...) NOT-FOR-US: IOS CVE-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier all ...) NOT-FOR-US: Aeon CVE-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) Bri ...) NOT-FOR-US: CA ArcServe Backup CVE-2005-XXXX [Some security issues in mod_security] NOTE: I don't understand mod_security fully, so I'm not entirely sure which of NOTE: the changelog entries matches the security criteria, but the changelog NOTE: claims so. - libapache-mod-security 1.8.7-1 CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping] NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix - imms 2.0.3-1 CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings] - smarty 2.6.9-1 CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client] - obexftp 0.10.7-3 CVE-2005-1017 (SQL injection vulnerability in the Update_Events function in events_fu ...) NOT-FOR-US: MaxWebPortal CVE-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for Max ...) NOT-FOR-US: MaxWebPortal CVE-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attacke ...) NOT-FOR-US: MailEnable CVE-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...) NOT-FOR-US: MailEnable CVE-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and Profess ...) NOT-FOR-US: MailEnable CVE-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows re ...) NOT-FOR-US: SiteEnable CVE-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...) NOT-FOR-US: SiteEnable CVE-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows rem ...) NOT-FOR-US: ComersusCart CVE-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) re ...) NOT-FOR-US: NetVault CVE-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM F ...) NOT-FOR-US: XM Forum CVE-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro bef ...) NOT-FOR-US: CommuniGate Pro CVE-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...) NOT-FOR-US: SonicWALL CVE-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass authentica ...) NOT-FOR-US: PayProCart CVE-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCo ...) NOT-FOR-US: PayProCart CVE-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode PayProCa ...) NOT-FOR-US: PayProCart CVE-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows re ...) NOT-FOR-US: LOG-FT File Transfer CVE-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information v ...) NOT-FOR-US: PHP-Nuke CVE-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 al ...) NOT-FOR-US: PHP-Nuke CVE-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...) NOT-FOR-US: PHP-Nuke CVE-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtai ...) NOT-FOR-US: PHP-Nuke CVE-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for PHP ...) NOT-FOR-US: PHP-Nuke CVE-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for PHP ...) NOT-FOR-US: PHP-Nuke CVE-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...) NOT-FOR-US: ProductCart CVE-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...) NOT-FOR-US: ProductCart CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...) NOT-FOR-US: SCO CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin be ...) - phpmyadmin 3:2.6.2-rc1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2005-3/ CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location f ...) NOT-FOR-US: AIX CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite a ...) - sharutils 1:4.2.1-13 CVE-2005-0989 (The find_replen function in jsstr.c in the Javascript engine for Mozil ...) {DSA-781-1} - mozilla 2:1.7.7-1 (bug #306001) - mozilla-firefox 1.0.2-3 - mozilla-thunderbird 1.0.6-1 (bug #318728; medium) CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...) {DSA-752-1} - gzip 1.3.5-10 CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...) NOT-FOR-US: IRC Services NickServ CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0. ...) NOT-FOR-US: Lotus Domino CVE-2005-0985 (Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows ...) NOT-FOR-US: Apple CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jed ...) NOT-FOR-US: Star Wars game CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...) NOT-FOR-US: Quake 3 based games CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another For ...) NOT-FOR-US: Yet Another Forum.net CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...) NOT-FOR-US: Alstrasoft EPay CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in AlstraSoft EPa ...) NOT-FOR-US: Alstrasoft EPay CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote attack ...) NOT-FOR-US: Rumba CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT Bl ...) NOT-FOR-US: IVT BlueSoleil CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ker ...) [sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177) - linux-2.6 (Fixed before upload into archive) CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...) NOT-FOR-US: Apple CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...) NOT-FOR-US: Apple CVE-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ear ...) NOT-FOR-US: Apple CVE-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...) NOT-FOR-US: Apple CVE-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ea ...) NOT-FOR-US: Apple CVE-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X 10.3. ...) NOT-FOR-US: Apple CVE-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and execu ...) NOT-FOR-US: Apple CVE-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in M ...) NOT-FOR-US: Apple CVE-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...) NOT-FOR-US: CA eTrust IDS CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service (appli ...) - gaim 1:1.2.1-1 CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts] - openwebmail CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...) - gaim 1:1.2.1-1 (bug #303581) CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlie ...) - gaim 1:1.2.1-1 (bug #303581) CVE-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier all ...) NOT-FOR-US: Kerio firewall CVE-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...) NOT-FOR-US: ACPI BIOS hardware issue CVE-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart a ...) NOT-FOR-US: SquirrelCart CVE-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-R ...) - horde3 3.0.4-1 - horde2 2.2.8-1 CVE-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...) NOT-FOR-US: OpenBSD CVE-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may a ...) NOT-FOR-US: YepYep mtftpd CVE-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...) NOT-FOR-US: YepYep mtftpd CVE-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attacker ...) NOT-FOR-US: BayTech RPC CVE-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kar ...) NOT-FOR-US: InterAKT MX Kart CVE-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote at ...) NOT-FOR-US: InterAKT MX Shop CVE-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remo ...) NOT-FOR-US: Windows CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...) {DSA-730-1} - bzip2 1.0.2-6 NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local) NOTE: attacker would have to exploit the minimal time span between uncompressing NOTE: the file and chmodding it to delete the file and place a hardlink to another NOTE: file of the "attacked" user. Additionally the attacker needs write permissions NOTE: to the directory where the file is being uncompressed, ruling out /~ etc. CVE-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 all ...) NOT-FOR-US: PafileDB CVE-2005-0951 REJECTED CVE-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...) NOT-FOR-US: FastStone 4in1 Browser CVE-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...) NOT-FOR-US: PortalApp CVE-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows remot ...) NOT-FOR-US: PortalApp CVE-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...) NOT-FOR-US: phpCoin CVE-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remot ...) NOT-FOR-US: phpCoin CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remo ...) NOT-FOR-US: ACS Blog CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.86 ...) NOT-FOR-US: Microsoft CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlie ...) NOT-FOR-US: Cisco CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...) NOT-FOR-US: Sybase ASE CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...) - openoffice.org 1.1.3-9 CVE-2005-0939 RESERVED CVE-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ro ...) NOT-FOR-US: UBlog CVE-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform get_use ...) - kernel-source-2.6.8 2.6.8-16 CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv] - freeciv 2.0.1-1 CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack] - mailscanner 4.40.11-1 CVE-2005-XXXX [KDE Kopete ICQ remote DoS] - kdenetwork 4:3.3.2-2 CVE-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal St ...) NOT-FOR-US: ESMI PayPal Storefront CVE-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...) NOT-FOR-US: ESMI PayPal Storefront CVE-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 al ...) NOT-FOR-US: WackoWiki CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b an ...) NOT-FOR-US: phpCOIN CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier a ...) NOT-FOR-US: phpCOIN CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 al ...) NOT-FOR-US: The Includer CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness 2. ...) NOT-FOR-US: Chatness CVE-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...) NOT-FOR-US: PhotoPost PHP Pro CVE-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP P ...) NOT-FOR-US: PhotoPost PHP Pro CVE-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...) NOT-FOR-US: WebAPP CVE-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ca ...) - sylpheed 1.0.4-1 - sylpheed-claws 1.0.4-1 CVE-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...) NOT-FOR-US: Uapplication Ublog CVE-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...) NOT-FOR-US: Adventia E-Data CVE-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton A ...) NOT-FOR-US: Norton AntiVirus CVE-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton An ...) NOT-FOR-US: Norton AntiVirus CVE-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...) NOT-FOR-US: Lotus CVE-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow r ...) NOT-FOR-US: Bugtracker.NET CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...) NOT-FOR-US: Adventia E-Data CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...) NOT-FOR-US: Adobe SVG Viewer CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for Encaps ...) NOT-FOR-US: EncapsBB CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...) - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 - linux-2.6 (Fixed before upload into archive) CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypas ...) NOT-FOR-US: Webmasters-Debutants WD Guestbook CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9 ...) NOT-FOR-US: CPG Dragonfly CVE-2005-0913 (Unknown vulnerability in the regex_replace modifier (modifier.regex_re ...) - smarty 2.6.8-1 CVE-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, p ...) NOT-FOR-US: deplate CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote atta ...) NOT-FOR-US: exoops CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow re ...) NOT-FOR-US: exoops CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for TKai's Sho ...) NOT-FOR-US: THai's Shoutbox CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shop ...) NOT-FOR-US: Valdersoft Shopping Cart CVE-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...) NOT-FOR-US: Valdersoft Shopping Cart CVE-2005-0906 (Buffer overflow in a player logging function in the Tincat network lib ...) NOT-FOR-US: Tincat network library CVE-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...) NOT-FOR-US: Maxthon CVE-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the "Force shutdown f ...) NOT-FOR-US: Microsoft CVE-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attacke ...) NOT-FOR-US: QuickTime PictureViewer CVE-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP- ...) NOT-FOR-US: NukeBookmarks for php-nuke CVE-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0 ...) NOT-FOR-US: NukeBookmarks for php-nuke CVE-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...) NOT-FOR-US: NukeBookmarks for php-nuke CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which a ...) NOT-FOR-US: AS/400 running OS400 CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in E-Stor ...) NOT-FOR-US: E-Store Kit-2 PayPal Edition CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in E-Store Kit- ...) NOT-FOR-US: E-Store Kit-2 PayPal Edition CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in p ...) NOT-FOR-US: phpMyDirectory CVE-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...) NOT-FOR-US: Netcomm 1300NB DSL Modem CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...) - openmosixview 1.5-7 CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain uns ...) - smail (bug #335042; unimportant) NOTE: cording to upstream impossible to exploit CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local us ...) {DSA-722-1} - smail 3.2.0.115-7 (bug #301428; high) CVE-2005-0891 (Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote a ...) NOTE: The description is wrong; 2.6 is affected as well - gtk+2.0 2.6.4-1 - gdk-pixbuf 0.22.0-7.1 CVE-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote at ...) NOT-FOR-US: Dream4 Koobi CMS CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...) NOT-FOR-US: Dream4 Koobi CMS CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.p ...) - dcl (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/1:0.9.4.4-1 CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allo ...) - dcl (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/1:0.9.4.4-1 CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...) NOT-FOR-US: Invision Power Board CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...) NOT-FOR-US: XMB Forum CVE-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by d ...) NOT-FOR-US: DigitalHive CVE-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for Di ...) NOT-FOR-US: DigitalHive CVE-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...) NOT-FOR-US: BirdBlog CVE-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for In ...) NOT-FOR-US: Interspire ArticleLive CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain sensiti ...) NOT-FOR-US: Vortex Portal CVE-2005-0879 (PHP remote file include vulnerability in (1) content.php and (2) index ...) NOT-FOR-US: Vortex Portal CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...) NOT-FOR-US: MercuryBoard CVE-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache vi ...) - dnsmasq 2.21 CVE-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...) - dnsmasq 2.21 CVE-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...) NOT-FOR-US: Cerulean Trillian CVE-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...) NOT-FOR-US: Cerulean Trillian CVE-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Ora ...) NOT-FOR-US: Oracle CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...) NOT-FOR-US: Topic Calendar phpbb2 plugin CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...) NOT-FOR-US: Topic Calendar phpbb2 plugin CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...) {DSA-899-1 DSA-898-1 DSA-897-1 DSA-724-1} NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete. - phpsysinfo 2.3-7 - egroupware 1.0.0.009.dfsg-3-3 - phpgroupware 0.9.16.008-2 CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...) - phpsysinfo 2.3-3 (bug #301118; unimportant) CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) I ...) - tn5250 (cannot find STRPCO or STRPCCMD in tn5250) CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite k ...) - kernel-source-2.4.27 (kernel 2.4 doesn't have sysfs) - linux-2.6 (Fixed before upload into archive) [sarge] - kernel-source-2.6.8 (Not vulnerable, see #306137) CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ov ...) - cdrtools 4:2.01+01a01-4 (bug #291376; low) [sarge] - cdrtools (Only exploitable in rare debugging mode) [woody] - cdrtools (Only exploitable in rare debugging mode) CVE-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) roo ...) NOT-FOR-US: Samsung ADSL modems CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and pos ...) NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows re ...) NOT-FOR-US: PHPOpenChat CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0. ...) NOT-FOR-US: PHPOpenChat CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow attacker ...) NOT-FOR-US: Delegate CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0 allows ...) NOT-FOR-US: TRG News Script CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows remot ...) NOT-FOR-US: CzarNews CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier al ...) NOT-FOR-US: CoolForum CVE-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0 ...) NOT-FOR-US: CoolForum CVE-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...) NOT-FOR-US: CoolForum CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sen ...) NOT-FOR-US: CoolForum CVE-2005-0854 (betaparticle blog (bp blog), posisbly before version 4, allows remote ...) NOT-FOR-US: betaparticle blog CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, wh ...) NOT-FOR-US: betaparticle blog CVE-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of servi ...) NOT-FOR-US: Microsoft Windows CVE-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression ...) NOT-FOR-US: FileZilla FTP server CVE-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a d ...) NOT-FOR-US: FileZilla FTP server CVE-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) NOT-FOR-US: Multiple commercial games by FUN Labs CVE-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...) NOT-FOR-US: Multiple commercial games by FUN Labs CVE-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Code Ocean FTP Server CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email auto- ...) NOT-FOR-US: SurgeMail CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in SurgeMai ...) NOT-FOR-US: SurgeMail CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory of ...) NOT-FOR-US: Nortel Contivity CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows re ...) NOT-FOR-US: Phorum CVE-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako eSuppo ...) NOT-FOR-US: Kayako eSupport CVE-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit ...) NOT-FOR-US: phpmyfamily CVE-2005-0840 REJECTED CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...) - linux-2.6 (Fixed before upload into archive; 2.6.11) [sarge] - kernel-source-2.6.8 2.6.8-16 CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...) - icecast2 (bug #301368; unimportant) NOTE: According to upstream a non-issue CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and obta ...) - icecast2 (bug #301368; unimportant) NOTE: According to upstream a non-issue CVE-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up t ...) NOT-FOR-US: Java Web Start for proprietary Sun Java CVE-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows re ...) NOT-FOR-US: Belkin 54G router CVE-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a mann ...) NOT-FOR-US: Belkin 54G router CVE-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...) NOT-FOR-US: Belkin 54G router CVE-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allow ...) NOT-FOR-US: PHP-Post CVE-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...) NOT-FOR-US: PHP-Post CVE-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...) NOT-FOR-US: Xzabite DynDNS Updater CVE-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the Digitan ...) NOT-FOR-US: PHP-Fusion Addon CVE-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1. ...) NOT-FOR-US: e-Xoops based products CVE-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev ...) NOT-FOR-US: e-Xoops based products CVE-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: OllyDbg MS Windows debugger CVE-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute a ...) - ltris 1.0.6-1.1 (bug #291620) CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1. ...) - mathopd 1.5p5-1 CVE-2005-XXXX [Various /tmp related security issues in cernlib] - cernlib 2004.11.04-3 CVE-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usern ...) NOT-FOR-US: iSnooker CVE-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...) NOT-FOR-US: Citrix CVE-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 all ...) NOT-FOR-US: Citrix CVE-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in t ...) NOT-FOR-US: MS Office CVE-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attacke ...) NOT-FOR-US: Novell Netware CVE-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...) NOT-FOR-US: Pun BB CVE-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway S ...) NOT-FOR-US: Symantec Gateway CVE-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...) NOT-FOR-US: Solaris CVE-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in L ...) - kernel-source-2.4.27 2.4.27-10 (bug #300783; medium) - linux-2.6 (Fixed before upload into archive; 2.6.12-rc1) [sarge] - kernel-source-2.6.8 2.6.8-16 CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...) {DSA-717-1} - lsh-utils 2.0.1-1 CVE-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0 ...) NOT-FOR-US: ir CVE-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...) NOT-FOR-US: NotifyLink CVE-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...) NOT-FOR-US: NotifyLink CVE-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote att ...) NOT-FOR-US: NotifyLink CVE-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote at ...) NOT-FOR-US: NotifyLink CVE-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...) NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/ CVE-2005-0807 (Multiple buffer overflows in Cain & Abel before 2.67 allow remote ...) NOT-FOR-US: Cain & Abel CVE-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ( ...) - evolution 2.0.4-2 CVE-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when mag ...) NOT-FOR-US: Subdreamer CVE-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...) NOT-FOR-US: MailEnable CVE-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allo ...) NOT-FOR-US: Windows CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...) NOT-FOR-US: ACS Blog CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer allo ...) NOT-FOR-US: The Includer CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in mcNews 1.3 a ...) NOT-FOR-US: mcNews CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers wi ...) NOT-FOR-US: MySQL on Windows CVE-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...) NOT-FOR-US: Novell iChain CVE-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages if ...) NOT-FOR-US: Novell iChain CVE-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote att ...) NOT-FOR-US: Hola CMS CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes direct ...) NOT-FOR-US: Hola CMS CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scr ...) NOT-FOR-US: ZPanel CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows ...) NOT-FOR-US: ZPanel CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to e ...) NOT-FOR-US: ZPanel CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2 ...) NOT-FOR-US: phpAdsNew CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: phpAdsNew CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote atta ...) NOT-FOR-US: SimpGB CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2 ...) NOT-FOR-US: YaBB CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5 ...) NOT-FOR-US: Phorum CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allo ...) NOT-FOR-US: Phorum CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ca ...) NOT-FOR-US: paFileDB CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...) NOT-FOR-US: paFileDB CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive i ...) NOT-FOR-US: paFileDB CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attac ...) NOT-FOR-US: PlatinumFTP CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is a ...) NOT-FOR-US: PhotoPost CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5 ...) NOT-FOR-US: PhotoPost CVE-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify admini ...) NOT-FOR-US: PhotoPost CVE-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not l ...) NOT-FOR-US: PhotoPost CVE-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts i ...) NOT-FOR-US: PhotoPost CVE-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 th ...) NOT-FOR-US: VERITAS Backup Exec CVE-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...) NOT-FOR-US: VERITAS Backup Exec CVE-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...) NOT-FOR-US: VERITAS Backup Exec CVE-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...) NOT-FOR-US: IDA Pro CVE-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet S ...) NOT-FOR-US: GoodTech Telnet Server CVE-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allow ...) - kernel-source-2.6.8 2.6.8-15 CVE-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 throug ...) - ethereal 0.10.10-1 CVE-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...) - ethereal 0.10.10-1 CVE-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...) - rxvt-unicode 5.3-1 CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allo ...) {DSA-698-1} - mc 1:4.6.0-4.6.1-pre3-1 NOTE: Sarge-specific regression correcting a previous DSA. CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...) {DSA-702-1} - imagemagick 5:6.0.0-1 NOTE: Does only affect imagemagick releases prior to 6 CVE-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote attack ...) - imagemagick 5:6.0.2.5 (bug #301110) CVE-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...) {DSA-702-1} - imagemagick 5:6.0.0-1 NOTE: Does only affect imagemagick releases prior to 6 CVE-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of se ...) {DSA-702-1} - imagemagick 5:6.0.0-1 NOTE: Does only affect imagemagick releases prior to 6 CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...) NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626 - gzip 1.3.5-10 (low) - bzip2 1.0.2-8.1 (bug #321286; low) [sarge] - bzip2 (Minor issue) CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...) {DSA-922-1 DSA-921-1} - kernel-source-2.4.27 2.4.27-11 (bug #311164) - linux-2.6 (Fixed before upload in archive) CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on t ...) {DSA-922-1 DSA-921-1} - kernel-source-2.4.27 2.4.27-11 (medium) - linux-2.6 (Fixed before upload into archive; 2.6.12-rc5) CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...) - helix-player 1.0.4-1 CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without con ...) - kdewebdev 1:3.3.2-6 CVE-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to execu ...) {DSA-742-1} - cvs 1:1.12.9-13 CVE-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...) - mozilla-firefox 1.0.3-1 CVE-2005-0751 REJECTED CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...) - kernel-source-2.4.27 2.4.27-10 [sarge] - kernel-source-2.6.8 2.6.8-16 - linux-2.6 (Fixed before upload into archive; 2.6.11.5) CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...) [sarge] - kernel-source-2.6.8 2.6.8-16 - kernel-source-2.4.27 2.4.27-10 - linux-2.6 (Fixed before upload into archive; 2.6.11.6) CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4] - omniorb4 4.0.5-2 CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allo ...) NOT-FOR-US: not part of Woody, has been removed from sarge/sid CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...) NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable permi ...) - wine 0.0.20050310-1.1 CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attacke ...) - openslp 1.0.11a-2 CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mai ...) NOT-FOR-US: WEBInsta CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive info ...) NOT-FOR-US: ApplyYourself CVE-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allow ...) NOT-FOR-US: Novell iChain CVE-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local use ...) NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...) NOT-FOR-US: Novell iChain CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 a ...) NOT-FOR-US: Xoops CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System Applicatio ...) NOT-FOR-US: Sun Java System Application Server CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 a ...) NOT-FOR-US: YaBB CVE-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attac ...) NOT-FOR-US: OpenBSD CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does n ...) {DSA-718-1} - ethereal 0.10.10-1 CVE-2005-0738 (Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 ...) NOT-FOR-US: Microsoft CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...) NOT-FOR-US: Yahoo Messenger CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...) - kernel-source-2.4.27 (There is no epoll in kernel 2.4) - linux-2.6 (Fixed before upload into archive; 2.6.11.1) [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2005-0735 (newsscript.pl for NewsScript allows remote attackers to gain privilege ...) NOT-FOR-US: newsscript CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...) NOT-FOR-US: PY Software Active Webcam WebServer CVE-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...) NOT-FOR-US: PY Software Active Webcam WebServer CVE-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...) NOT-FOR-US: PY Software Active Webcam WebServer CVE-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...) NOT-FOR-US: PY Software Active Webcam WebServer CVE-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...) NOT-FOR-US: PY Software Active Webcam WebServer CVE-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...) NOT-FOR-US: Xpand Rally CVE-2005-0728 REJECTED CVE-2005-0727 REJECTED CVE-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...) NOT-FOR-US: UBB.threads CVE-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in wfsfile ...) NOT-FOR-US: wfsections CVE-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive i ...) NOT-FOR-US: paFileDB CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in f ...) NOT-FOR-US: paFileDB CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the we ...) NOT-FOR-US: eXPerience2 CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in eXPerience2 ...) NOT-FOR-US: eXPerience2 CVE-2005-0720 (PHP remote file inclusion vulnerability in admin/header.php in PHP mcN ...) NOT-FOR-US: mcNews CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix 4. ...) NOT-FOR-US: Tru64 CVE-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denia ...) - squid 2.5.8 (bug #305605) CVE-2005-0717 RESERVED CVE-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...) NOT-FOR-US: Mac OS CVE-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Dr ...) NOT-FOR-US: Mac OS CVE-2005-0714 REJECTED CVE-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launch ...) NOT-FOR-US: Mac OS CVE-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain di ...) NOT-FOR-US: Mac OS CVE-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable fil ...) {DSA-707-1} - mysql-dfsg 4.0.24 - mysql-dfsg-4.1 4.1.10a CVE-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authen ...) {DSA-707-1} - mysql-dfsg 4.0.24 - mysql-dfsg-4.1 4.1.10a CVE-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authen ...) {DSA-707-1} - mysql-dfsg 4.0.24 - mysql-dfsg-4.1 4.1.10a CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...) - kfreebsd-8 (Fixed before initial release; bug #613311) - kfreebsd-7 (Fixed before initial release; bug #613311) CVE-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collabo ...) NOT-FOR-US: Ipswitch Collaboration Suite CVE-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...) [sarge] - gnome-vfs2 (does not install the module with the vulnerable code) - grip 3.2.0-4 (low) - libcdaudio 0.99.9-2.1 (bug #304799; low) - gnome-vfs 1.0.5-5.1 (bug #305163; low) - gnome-vfs2 2.10.1-3 CVE-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ig ...) - ethereal 0.10.10-1 CVE-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0. ...) - ethereal 0.10.10-1 CVE-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...) NOT-FOR-US: Xerox MicroServer Web Server CVE-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote atta ...) NOT-FOR-US: phpMyFAQ CVE-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...) NOT-FOR-US: Oracle CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows remo ...) NOT-FOR-US: Aztek CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the CD ...) - ethereal 0.10.9-2 CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier ...) NOT-FOR-US: PHPWebLog CVE-2005-0697 (SQL injection vulnerability in the process_picture function xp_publish ...) NOT-FOR-US: CopperExport CVE-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authentic ...) NOT-FOR-US: ArGoSoft CVE-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting Controll ...) NOT-FOR-US: Hosting Controller CVE-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under t ...) NOT-FOR-US: Hosting Controller CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attack ...) NOT-FOR-US: JoWood Chaser (for Windows) CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fu ...) NOT-FOR-US: PHP-Fusion CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for modules.ph ...) NOT-FOR-US: SocialMPN CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control cons ...) NOT-FOR-US: Gene6 FTP Server for Win CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute arbitr ...) NOT-FOR-US: The Includer CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, allo ...) NOT-FOR-US: Windows CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers t ...) - hashcash 1.17-1 CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf suppor ...) - mlterm 2.9.2 (bug #298621) CVE-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ( ...) NOT-FOR-US: OutStart Participate Enterprise CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.0 ...) - maxdb-7.5.00 7.5.00.24-3 CVE-2005-0683 REJECTED CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal befor ...) - drupal 4.5.2 CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Nokia CVE-2005-0680 (PHP remote file inclusion vulnerability in download_center_lite.inc.ph ...) NOT-FOR-US: Download Center Lite CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php for T ...) NOT-FOR-US: Tell A Friend Script CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for Form M ...) NOT-FOR-US: Form Mail Script CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain act ...) NOT-FOR-US: Zorum CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL error ...) NOT-FOR-US: Zorum CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 al ...) NOT-FOR-US: Zorum CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...) NOT-FOR-US: Pabox for PHPNuke CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ph ...) - phpbb2 2.0.13-2 CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows re ...) NOT-FOR-US: Ca3DE CVE-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...) NOT-FOR-US: Ca3DE CVE-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2. ...) NOT-FOR-US: phpCOIN CVE-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 th ...) NOT-FOR-US: phpCOIN CVE-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prev ...) NOT-FOR-US: HAVP CVE-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9 ...) - sylpheed 1.0.3-1 - sylpheed-claws 1.0.3-1 CVE-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 be ...) - kernel-patch-adamantix 1.7 CVE-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...) NOT-FOR-US: XV CVE-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...) {DSA-709-1} - libexif 0.6.9-5 CVE-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...) NOT-FOR-US: Mercury Board CVE-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...) NOT-FOR-US: Mercury Board CVE-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in session. ...) NOT-FOR-US: Woltlab Burning Board CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 al ...) NOT-FOR-US: D-Forum CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive i ...) - phpbb2 (unimportant) CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...) NOT-FOR-US: TYPO3 extension CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4. ...) NOT-FOR-US: Computalynx CProxy CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 all ...) NOT-FOR-US: auraCMS CVE-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: auraCMS CVE-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote att ...) NOTE: this is not a security issue according to maintainer CVE-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...) - phpmyadmin 3:2.6.1-pl3-1 CVE-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...) NOT-FOR-US: OpenVMS CVE-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remo ...) NOT-FOR-US: ProjectBB CVE-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5 ...) NOT-FOR-US: ProjectBB CVE-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cro ...) NOT-FOR-US: Pixel-Apes SafeHTML CVE-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow rem ...) NOT-FOR-US: Pixel-Apes SafeHTML CVE-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject arb ...) NOT-FOR-US: paNews CVE-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...) NOT-FOR-US: paNews CVE-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1 ...) NOT-FOR-US: CuteNews CVE-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before 443 ...) NOT-FOR-US: McAfee Virus Scanners CVE-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before 435 ...) NOT-FOR-US: McAfee Virus Scanners CVE-2005-0642 (SQL injection vulnerability in the Query Designer for Computer Associa ...) NOT-FOR-US: Computer Associates UAM CVE-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...) NOT-FOR-US: Computer Associates UAM CVE-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...) NOT-FOR-US: Computer Associates UAM CVE-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...) {DSA-695-1 DSA-694-1} - xloadimage 4.1-14.2 - xli 1.17.0-17 CVE-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to exe ...) {DSA-695-1 DSA-694-1} - xli 1.17.0-18 - xloadimage 4.1-14.1 (bug #298926) CVE-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...) NOT-FOR-US: OpenBSD CVE-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote attack ...) NOT-FOR-US: Foxmail CVE-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to execu ...) NOT-FOR-US: Foxmail CVE-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to e ...) NOT-FOR-US: Golden FTP Server CVE-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...) NOT-FOR-US: Cerulean Trillian CVE-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 a ...) NOT-FOR-US: PHPNews CVE-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete a ...) NOT-FOR-US: PBLang CVE-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ar ...) NOT-FOR-US: PBLang CVE-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) NOT-FOR-US: 427BB CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 all ...) NOT-FOR-US: Forumwa CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be wo ...) - qt-x11-free (RPATH disabled in Debian's build) CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Net ...) - squid 2.5.9-2 CVE-2005-0940 REJECTED CVE-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, whic ...) - reportbug 3.8 (bug #295407) CVE-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...) - reportbug 3.8 (bug #295407) CVE-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions bef ...) NOT-FOR-US: RaidenHTTPD CVE-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...) NOT-FOR-US: RaidenHTTPD CVE-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Scrapland CVE-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the world- ...) NOT-FOR-US: Einstein CVE-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and pass ...) NOT-FOR-US: Einstein CVE-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...) NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware CVE-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.7 ...) NOT-FOR-US: PostNuke CVE-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download mo ...) NOT-FOR-US: PostNuke CVE-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.p ...) NOT-FOR-US: PostNuke CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ga ...) - phpbb2 2.0.13-1 CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, a ...) - knowledgeroot (fixed before first upload; see bug #381912) CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...) NOT-FOR-US: Cisco CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.105 ...) NOT-FOR-US: Real CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in F ...) NOT-FOR-US: FreeBSD portupgrade CVE-2005-0609 REJECTED CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...) NOT-FOR-US: Half Life WebMod CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...) NOT-FOR-US: CubeCert CVE-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeC ...) NOT-FOR-US: CubeCert CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...) {DSA-723-1} - lesstif2 1:0.93.94-11.1 (bug #298183; bug #299236) NOTE: libxmp4 is the real culprit - xfree86 4.3.0.dfsg.1-13 - xorg-x11 (Fixed before upload into archive) - openmotif 2.2.3-1.1 (bug #308819; medium) [sarge] - openmotif (Non-free) CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the usern ...) NOT-FOR-US: GFI Languard Network Security Scanner CVE-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to o ...) - phpbb2 2.0.13-1 CVE-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...) - unzip 5.52-1 NOTE: um, tar does this too, not really considered a security hole CVE-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...) NOT-FOR-US: Cisco CVE-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...) NOT-FOR-US: Cisco CVE-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...) NOT-FOR-US: Cisco CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...) NOT-FOR-US: Real CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...) NOT-FOR-US: Cisco CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon cra ...) NOTE: Fixed in CVS after 4.3.4 release; see https://bugs.php.net/bug.php?id=27037 - php4 4:4.3.8-1 CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to ...) NOT-FOR-US: BadBlue CVE-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...) NOT-FOR-US: Apple CVE-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...) - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 CVE-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefo ...) - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 - mozilla-thunderbird 1.0.2-1 CVE-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...) - mozilla-firefox 1.0.1 CVE-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, Thunderb ...) - mozilla-firefox 1.0.1 - mozilla-thunderbird 1.0.2-1 CVE-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...) - mozilla-firefox 1.0.1 CVE-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:in ...) - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 CVE-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) NOTE: windows only CVE-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...) - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 CVE-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domai ...) - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 CVE-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTT ...) - mozilla-firefox 1.0.1 - mozilla 2:1.7.6-1 CVE-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...) NOT-FOR-US: Computer Associates (CA) License Client CVE-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 al ...) NOT-FOR-US: Computer Associates (CA) License Client CVE-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client a ...) NOT-FOR-US: Computer Associates (CA) License Client CVE-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges be ...) NOT-FOR-US: cmd5checkpw CVE-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTH ...) NOT-FOR-US: FreeNX CVE-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...) - mozilla-firefox 1.0.1-1 CVE-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...) NOT-FOR-US: MKBold-MKItalic CVE-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...) NOT-FOR-US: STSF in Solaris CVE-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...) NOT-FOR-US: Stormy Studios Knet CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows remot ...) NOT-FOR-US: CIS Webserver CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a denia ...) NOTE: Historic Gaim on Windows CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...) NOT-FOR-US: phpWebSite CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitr ...) NOT-FOR-US: PunBB CVE-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial o ...) NOT-FOR-US: PunBB CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote att ...) NOT-FOR-US: PunBB CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a den ...) NOT-FOR-US: Soldier of Fortune II CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...) - phpmyadmin 3:2.6.1-pl2-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2005-1/ CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remot ...) NOT-FOR-US: Golden FTP Server CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote att ...) NOT-FOR-US: phpWebSite CVE-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...) NOT-FOR-US: Microsoft Word CVE-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Acce ...) NOT-FOR-US: Microsoft CVE-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...) NOT-FOR-US: MSN Messenger CVE-2005-0561 RESERVED CVE-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in x ...) NOT-FOR-US: Exchange server CVE-2005-0559 RESERVED CVE-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allow ...) NOT-FOR-US: Microsoft Word CVE-2005-0557 RESERVED CVE-2005-0556 RESERVED CVE-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...) NOT-FOR-US: MSIE CVE-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer 5. ...) NOT-FOR-US: MSIE CVE-2005-0553 (Race condition in the memory management routines in the DHTML object p ...) NOT-FOR-US: MSIE CVE-2005-0552 RESERVED CVE-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...) NOT-FOR-US: Microsoft CVE-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...) NOT-FOR-US: Microsoft CVE-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Docume ...) NOT-FOR-US: Solaris CVE-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Docume ...) NOT-FOR-US: Solaris CVE-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11 ...) NOT-FOR-US: ftpd on HP-UX CVE-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attac ...) - cyrus21-imapd 2.1.18-1 CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Activ ...) NOT-FOR-US: MS Office CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of th ...) - phpmyadmin 3:2.6.1-pl2-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2005-2/ CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows re ...) - phpmyadmin 3:2.6.1-pl2-1 CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 a ...) NOT-FOR-US: Cyclades AlterPath Manager CVE-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...) NOT-FOR-US: Cyclades AlterPath Manager CVE-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote at ...) NOT-FOR-US: Cyclades AlterPath Manager CVE-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...) NOT-FOR-US: IBM CVE-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ( ...) NOT-FOR-US: ginp CVE-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) S ...) NOT-FOR-US: iGeneric (iG) Shop CVE-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...) - mediawiki 1.4.9 (bug #276057) CVE-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x bef ...) - mediawiki 1.4.9 (bug #276057) CVE-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...) - mediawiki 1.4.9 (bug #276057) CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI befo ...) NOT-FOR-US: Trend Micro AntiVirus CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...) - linux-2.6 (Fixed before upload into archive; 2.6.11-rc4) [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...) - linux-2.6 (Fixed before upload into archive; 2.6.11-rc4) [sarge] - kernel-source-2.6.8 2.6.8-14 - kernel-source-2.4.27 2.4.27-9 CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for Lin ...) - kernel-source-2.6.8 2.6.8-14 NOTE: affects only 2.6 (see #296906) CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for of ...) - linux-2.6 (Fixed before upload into archive) [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2005-0528 REJECTED CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via plug ...) - mozilla-firefox 1.0.1 NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already.. - mozilla 2:1.7.6 CVE-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 all ...) NOT-FOR-US: PBLang CVE-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 a ...) {DSA-729-1 DSA-708-1} - php4 4:4.3.10-10 - php3 3:3.0.18-31 CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 an ...) - php3 - php4 4:4.3.10-10 CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows rem ...) {DSA-719-1} - prozilla 1:1.3.7.4-1 CVE-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...) NOT-FOR-US: Chat Anywhere CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including password ...) NOT-FOR-US: SendLink CVE-2005-0520 (ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arb ...) NOT-FOR-US: ArGoSoft CVE-2005-0519 (ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arb ...) NOT-FOR-US: ArGoSoft CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...) NOT-FOR-US: eXeem CVE-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...) NOT-FOR-US: PeerFTP CVE-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...) NOT-FOR-US: ImageGalleryPlugin for Twiki CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other version ...) NOT-FOR-US: My Firewall Plus CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5. ...) NOT-FOR-US: Verity Ultraseek CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php in the E ...) NOT-FOR-US: pMachine CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allo ...) NOT-FOR-US: Mambo CVE-2005-0511 (misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in H ...) NOT-FOR-US: vBulletin CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...) NOT-FOR-US: fallback-reboot CVE-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...) NOTE: default config of Mono not vulnerable - mono 1.1.6-4 (medium) CVE-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attack ...) - batik 1.5.1-1 CVE-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier allo ...) NOT-FOR-US: SD Server CVE-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP S ...) NOT-FOR-US: Avaya IP Office Phone Manager CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before 1.5 ...) - irm 1.5.3.1-1 CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial dr ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - kernel-source-2.6.8 2.6.8-12 - kernel-source-2.6.9 2.6.9-5 - kernel-source-2.6.10 2.6.10-2 - kernel-source-2.4.27 2.4.27-8 CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...) - uim 1:0.4.6beta2-1 CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows r ...) NOT-FOR-US: Xinkaa CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers to ...) NOT-FOR-US: Bontago CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spo ...) NOT-FOR-US: MSIE6 CVE-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...) NOT-FOR-US: Gigafast router CVE-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain s ...) NOT-FOR-US: Gigafast router CVE-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain pr ...) NOT-FOR-US: ADP Elite System CVE-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...) NOT-FOR-US: Arkeia Network Backup CVE-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote at ...) NOT-FOR-US: ZeroBoard CVE-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable mo ...) NOT-FOR-US: Thomson TCW690 cable modem CVE-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2. ...) NOT-FOR-US: Biz Mail From CVE-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...) NOT-FOR-US: Acrobat Reader CVE-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...) NOT-FOR-US: Arkeia Server Backup CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...) - curl 7.13.0-2 CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before initial release) CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...) - krb4 (unimportant) [woody] - krb4 (Documented behaviour in MIT Kerberos) [sarge] - krb4 (Documented behaviour in MIT Kerberos) - krb5 1.8.3+dfsg-4 (unimportant) [woody] - krb5 (Documented behaviour in MIT Kerberos) [sarge] - krb5 (Documented behaviour in MIT Kerberos) - netkit-telnet (netkit-telnet is not affected) NOTE: telnet code was removed earlier than 1.8.3, but that's the version that was available to check CVE-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupp ...) NOT-FOR-US: Kyako ESupport CVE-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...) NOT-FOR-US: Tarantella Secure Global Desktop CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0 ...) NOT-FOR-US: paNews CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...) NOT-FOR-US: GProFTPD CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk ...) NOT-FOR-US: Glftpd CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: TrackerCam CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...) NOT-FOR-US: TrackerCam CVE-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlie ...) NOT-FOR-US: TrackerCam CVE-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...) NOT-FOR-US: TrackerCam CVE-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...) NOT-FOR-US: TrackerCam CVE-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...) NOT-FOR-US: Invision Power Board CVE-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows r ...) NOT-FOR-US: hpm_guestbook.cgi CVE-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other version ...) NOT-FOR-US: paFAQ CVE-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in user.p ...) - webcalendar 0.9.45-3 CVE-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...) - gaim 1:1.1.3-1 CVE-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...) {DSA-716-1} - gaim 1:1.1.3-1 CVE-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long file ...) NOT-FOR-US: SUN JRE CVE-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...) - wpasupplicant 0.3.8-1 CVE-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based Tel ...) {DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1} - krb4 1.2.2-11.2 (bug #306141) - krb5 1.3.6-2 - netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036) - netkit-telnet 0.17-28 - heimdal 0.6.3-10 CVE-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...) {DSA-731-1 DSA-703-1} - krb5 1.3.6-2 - krb4 1.2.2-11.2 (bug #306141) CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_r ...) - putty 0.57-1 CVE-2005-0466 RESERVED CVE-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, w ...) NOT-FOR-US: SGI IRIX CVE-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does no ...) NOT-FOR-US: SGI IRIX CVE-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to inpu ...) NOT-FOR-US: ulog-php CVE-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1 ...) NOT-FOR-US: MercuryBoard CVE-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote at ...) NOT-FOR-US: NewsBruiser CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to o ...) NOT-FOR-US: MercuryBoard CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote att ...) - phpmyadmin 4:2.6.2 (unimportant) NOTE: From maintainer Piotr Roszatycki : NOTE: I think it is not a problem on Debian as far as everybody knows the full NOTE: path of phpMyAdmin is /usr/share/phpmyadmin. CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in osCommer ...) - oscommerce (bug #532489) CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugi ...) NOT-FOR-US: Opera CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded binar ...) NOT-FOR-US: Opera CVE-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed f ...) NOT-FOR-US: Real CVE-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...) NOT-FOR-US: DCP-Portal CVE-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not p ...) NOT-FOR-US: Lighttpd CVE-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.N ...) NOT-FOR-US: Microsoft CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Sami HTTP Server CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows rem ...) NOT-FOR-US: Sami HTTP Server CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote at ...) {DSA-1018-1 DSA-1017-1} - linux-2.6 (Vulnerable code was removed betwen 2.6.11 and 2.6.12) CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...) {DSA-1678-1 DSA-696-1} - perl 5.8.4-7 CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote a ...) NOT-FOR-US: Quake 3 CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Solaris CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denia ...) {DSA-688-1} - squid 2.5.8-3 CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows re ...) - openwebmail CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries u ...) NOT-FOR-US: VMware CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...) NOT-FOR-US: CubeCart CVE-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 allo ...) NOT-FOR-US: CubeCart CVE-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server Enterp ...) NOT-FOR-US: Sybase CVE-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...) - elog 2.5.7+r1558-1 CVE-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 allow ...) - elog 2.5.7+r1558-1 CVE-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain se ...) - awstats 6.3-1 CVE-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...) - awstats 6.3-1 CVE-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6 ...) - awstats 6.3-1 CVE-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read serv ...) - awstats 6.3-1 CVE-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 al ...) NOT-FOR-US: PHP-Nuke CVE-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...) NOT-FOR-US: PHP-Nuke CVE-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pa ...) NOT-FOR-US: BEA WebLogic Server CVE-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domai ...) NOT-FOR-US: Barracuda Spam Firewall CVE-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin 3 ...) NOT-FOR-US: vBulletin CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...) - pdns 2.9.16-6 CVE-2005-0427 (The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encr ...) - webmin (Gentoo specific) CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ca ...) NOT-FOR-US: Solaris CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, an ...) NOT-FOR-US: Websphere CVE-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...) NOT-FOR-US: ASPjar Guestbook CVE-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows re ...) NOT-FOR-US: ASPjar Guestbook CVE-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...) NOT-FOR-US: DelphiTurk CVE-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat f ...) NOT-FOR-US: DelphiTurk CVE-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows re ...) NOT-FOR-US: Microsoft CVE-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote aut ...) NOT-FOR-US: 3com CVE-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up t ...) NOT-FOR-US: Sun Java CVE-2005-0417 (Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and ea ...) NOT-FOR-US: IBM DB2 CVE-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows 20 ...) NOT-FOR-US: Windows CVE-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...) NOT-FOR-US: Emdros CVE-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...) NOT-FOR-US: MercuryBoard CVE-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...) NOT-FOR-US: MyPHP Forum CVE-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows re ...) NOT-FOR-US: Spidean PostWrap CVE-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...) NOT-FOR-US: CitrusDB CVE-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ear ...) NOT-FOR-US: CitrusDB CVE-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) i ...) NOT-FOR-US: CitrusDB CVE-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...) NOT-FOR-US: CitrusDB CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibl ...) NOT-FOR-US: Openconf CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images m ...) - imagemagick (bug #298051; unimportant) NOTE: The EXIF spec says "if your app can't handle $foo, don't touch $foo" NOTE: 'convert -strip' will remove exif data according to http://web.archive.org/web/20130922031724/http://www.imagemagick.org:80/pipermail/magick-users/2006-May/017538.html CVE-2005-0405 RESERVED CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email inform ...) NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020 - kdepim 3.4-1 (bug #305601; low) [sarge] - kdepim (Hardly exploitable) NOTE: According to the KDE bug the URL bar in 3.4 cannot be manipulated. Kmail also NOTE: warns that HTML mails introduce the risk of phishing. This could as well NOTE: be unimportant CVE-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterp ...) - glibc (Specific to the NPTL backport for RHEL 3) CVE-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...) - mozilla-firefox 1.0.2-1 CVE-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...) - mozilla-firefox 1.0.2-1 - mozilla-thunderbird 1.0.2-1 CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...) - linux-2.6 (Fixed before upload into archive; 2.6.11.6) - kernel-source-2.4.27 2.4.27-10 (bug #303294) CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozill ...) - mozilla-firefox 1.0.2-1 - mozilla-thunderbird 1.0.2-1 CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote attacke ...) - ipsec-tools 1:0.5-5 CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c fo ...) {DSA-702-1} - imagemagick 6:6.0.6.2-2.2 (bug #297990) - graphicsmagick 1.1.7-1 CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE b ...) NOTE: fix in -4 was broken - kdelibs 4:3.3.2-6 CVE-2005-0395 REJECTED CVE-2005-0394 RESERVED CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, w ...) {DSA-733-1} - crip 3.5-1sarge2 (low) CVE-2005-0392 (ppxp does not drop root privileges before opening log files, which all ...) {DSA-725-2 DSA-725-1} - ppxp 0.2001080415-11 CVE-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...) {DSA-712-1} - geneweb 4.10-7 (bug #304405) CVE-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...) {DSA-706-1} - axel 1.0b-1 CVE-2005-0389 REJECTED CVE-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...) {DSA-704-1} - remstats 1.0.13a-5 CVE-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...) {DSA-704-1} - remstats 1.0.13a-5 CVE-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...) {DSA-700-1} - mailreader 2.3.29-11 CVE-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure s ...) {DSA-693-1} - luxman 0.41-20 (bug #299857) CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 a ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-9 CVE-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote attac ...) NOT-FOR-US: Trend Micro Control Manager CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Breed game CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 all ...) NOT-FOR-US: forumKIT CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) print_catego ...) NOT-FOR-US: ZeroBoard CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and e ...) NOT-FOR-US: ZeroBoard CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...) - horde2 - horde3 3.0.1-1 CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...) NOT-FOR-US: sgallery CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows local ...) NOT-FOR-US: sgallery CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain sensi ...) NOT-FOR-US: sgallery CVE-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier a ...) NOT-FOR-US: bitboard CVE-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...) NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there NOTE: cyrus-sasl2 already has patch applied NOTE: oldstable version not affected, thus marking it as done with the oldstable version - cyrus-sasl (cyrus-sasl code seems too old for any of the problems to apply) - cyrus-sasl2 2.1.19.dfsg1-0sarge2 CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allow ...) {DSA-686-1} - gftp 2.0.18-1 NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong. CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ear ...) - armagetron 0.2.8.2.1-1 (bug #296840; low) [sarge] - armagetron (Remaining vulnerabilities are minor) [etch] - armagetron (Remaining vulnerabilities are minor) CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ear ...) - armagetron 0.2.7.0-1 NOTE: Sarge has this version number, but oldstable is affected CVE-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...) - armagetron 0.2.7.0-1 NOTE: Sarge has this version number, but olstable is affected CVE-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote attacke ...) NOT-FOR-US: CMScore CVE-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1 ...) NOT-FOR-US: ArGoSoft Mail Server CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message that w ...) - gnupg 1.4.1-1 CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.1 ...) - bind9 (Bind on hp-ux) CVE-2005-0361 RESERVED CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...) NOT-FOR-US: Microsoft CVE-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...) NOT-FOR-US: EMC Legato CVE-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterp ...) NOT-FOR-US: EMC Legato CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge En ...) NOT-FOR-US: EMC Legato CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...) - linux-2.6 (Linux is not vulnerable, see #310804) - kernel-source-2.4.27 (Linux is not vulnerable, see #310804) - kfreebsd5-source 5.3-15 (medium) CVE-2005-0355 RESERVED CVE-2005-0354 RESERVED CVE-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel L ...) NOT-FOR-US: Sentinel License Manager CVE-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop SY ...) NOT-FOR-US: Servers Alive CVE-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO Op ...) NOT-FOR-US: SCO OpenServer CVE-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and Interne ...) NOT-FOR-US: F-Secure Anti-Virus CVE-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor AR ...) NOT-FOR-US: BrightStor ARCserve Backup CVE-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files wi ...) - kdelibs 4:3.3.2-2 CVE-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute a ...) {DSA-682-1} - awstats 6.2-1.2 CVE-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...) - awstats 6.2-1.2 NOTE: http://patches.ubuntu.com/patches/awstats.more-CVE-2005-0016.diff NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf CVE-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book 1. ...) NOT-FOR-US: Woltlab Burning Book CVE-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows remot ...) NOT-FOR-US: RealArcade CVE-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote att ...) NOT-FOR-US: RealArcade CVE-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...) NOT-FOR-US: SafeNet CVE-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2 ...) NOT-FOR-US: php-fusion CVE-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allow ...) NOT-FOR-US: 602LAN SUITE CVE-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...) NOT-FOR-US: PerlDesk CVE-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite arb ...) NOT-FOR-US: Apple CVE-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP he ...) NOT-FOR-US: Apple CVE-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows rem ...) NOT-FOR-US: Apple CVE-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a deni ...) NOT-FOR-US: Foxmail CVE-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ex ...) NOT-FOR-US: Savant Web Server CVE-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_ ...) - postfix 2.1.4-5 CVE-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web S ...) NOT-FOR-US: eMotion MediaPartner CVE-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server 5 ...) NOT-FOR-US: eMotion MediaPartner CVE-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...) NOT-FOR-US: Linksys CVE-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial o ...) NOT-FOR-US: LanChat CVE-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration Se ...) NOT-FOR-US: DeskNow Mail server CVE-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...) NOT-FOR-US: Winrar CVE-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ver ...) NOT-FOR-US: Painkiller CVE-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...) NOT-FOR-US: ZipGenius CVE-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest fir ...) NOT-FOR-US: Netgear CVE-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arb ...) NOT-FOR-US: PafileDB CVE-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...) NOT-FOR-US: PafileDB CVE-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game s ...) NOT-FOR-US: Xpand Rally CVE-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain s ...) NOT-FOR-US: Infinite Mobile Delivery Webmail CVE-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery W ...) NOT-FOR-US: Infinite Mobile Delivery Webmail CVE-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7. ...) NOT-FOR-US: Merak Mail server CVE-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote auth ...) NOT-FOR-US: Merak Mail server CVE-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6 ...) NOT-FOR-US: Merak Mail server CVE-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdm ...) NOT-FOR-US: Webadmin CVE-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validat ...) NOT-FOR-US: Webadmin CVE-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Al ...) NOT-FOR-US: Webadmin CVE-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...) NOT-FOR-US: WebWasher CVE-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...) NOT-FOR-US: Magic Winmail CVE-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...) NOT-FOR-US: Magic Winmail CVE-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server 4 ...) NOT-FOR-US: Magic Winmail CVE-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote authent ...) NOT-FOR-US: WarFTPD under NT CVE-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...) NOT-FOR-US: Ingate CVE-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Exponent CVE-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php o ...) NOT-FOR-US: Exponent CVE-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier a ...) NOT-FOR-US: W32Dasm CVE-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Me ...) NOT-FOR-US: MercuryBoard CVE-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive informati ...) NOT-FOR-US: MercuryBoard CVE-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlie ...) NOT-FOR-US: Siteman CVE-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier allow ...) NOT-FOR-US: DivX Player CVE-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_su ...) NOT-FOR-US: BackOffice Lite CVE-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...) NOT-FOR-US: BackOffice Lite CVE-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allo ...) NOT-FOR-US: BackOffice Lite CVE-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...) - jsboard 2.0.10-1 CVE-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows rem ...) - gforge 3.1-26 CVE-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the loca ...) NOT-FOR-US: Oracle CVE-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows remot ...) NOT-FOR-US: Oracle CVE-2005-0296 NOT-FOR-US: Novell CVE-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any pro ...) NOT-FOR-US: nProtect CVE-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Minis CVE-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows r ...) NOT-FOR-US: Minis CVE-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift Regist ...) NOT-FOR-US: phpGiftReg CVE-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...) NOT-FOR-US: NetGear CVE-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, allo ...) NOT-FOR-US: NetGear CVE-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, confi ...) NOT-FOR-US: Apple CVE-2005-0288 (The change password functionality in Bottomline Webseries Payment Appl ...) NOT-FOR-US: BottomLine WebSeries CVE-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to re ...) NOT-FOR-US: BottomLine WebSeries CVE-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...) NOT-FOR-US: eMotion MediaPartner CVE-2005-0285 (Webseries Payment Application does not properly restrict privileged op ...) NOT-FOR-US: BottomLine WebSeries CVE-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows rem ...) NOT-FOR-US: QwikiWiki CVE-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) al ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in Soldn ...) NOT-FOR-US: Soldner Secret CVE-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier a ...) NOT-FOR-US: Soldner Secret CVE-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the "me ...) NOT-FOR-US: Soldner Secret CVE-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attacke ...) NOT-FOR-US: 3COM 3CDaemon CVE-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 al ...) NOT-FOR-US: 3COM 3CDaemon CVE-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com 3CDa ...) NOT-FOR-US: 3COM 3CDaemon CVE-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...) NOT-FOR-US: 3COM 3CDaemon CVE-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...) NOT-FOR-US: PhotoPost CVE-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...) NOT-FOR-US: PhotoPost CVE-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and e ...) NOT-FOR-US: ReviewPost CVE-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2. ...) NOT-FOR-US: ReviewPost CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...) NOT-FOR-US: ReviewPost CVE-2005-0269 (The file extension check in GNUBoard 3.40 and earlier only verifies ex ...) NOT-FOR-US: GNU Board CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote at ...) NOT-FOR-US: FlatNuke CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an admin ...) NOT-FOR-US: FlatNuke CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0. ...) NOT-FOR-US: OWL intranet CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in O ...) NOT-FOR-US: OWL intranet CVE-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...) NOT-FOR-US: AIX CVE-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local us ...) NOT-FOR-US: AIX CVE-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop p ...) NOT-FOR-US: AIX CVE-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor AR ...) NOT-FOR-US: ARCserve Backup CVE-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ava ...) - phpbb2 2.0.12-1 CVE-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) u ...) - phpbb2 2.0.12-1 CVE-2005-0257 RESERVED CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 all ...) {DSA-705-1} - wu-ftpd 2.6.2-19 CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbi ...) - mozilla-firefox 1.0.1 NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already.. - mozilla 2:1.7.6 CVE-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...) NOT-FOR-US: BibORB CVE-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and p ...) NOT-FOR-US: BibORB CVE-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier vers ...) NOT-FOR-US: BibORB CVE-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1. ...) NOT-FOR-US: BibORB CVE-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5. ...) NOT-FOR-US: AIX CVE-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec AntiViru ...) NOT-FOR-US: Symantec AntiVirus Library CVE-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when cre ...) NOT-FOR-US: Solaris CVE-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier m ...) {DSA-683-1} - postgresql 7.4.7-2 CVE-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows atta ...) - postgresql 7.4.7-1 CVE-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow a ...) {DSA-683-1} - postgresql 7.4.7-1 CVE-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...) - postgresql 7.4.7-1 CVE-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0. ...) NOT-FOR-US: Yahoo! Messenger CVE-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and p ...) NOT-FOR-US: Yahoo! Messenger CVE-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 an ...) - squid 2.5.7-7 CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...) NOT-FOR-US: AIX CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...) NOT-FOR-US: S/MIME plugin CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...) NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381 - epiphany-browser 1.4.8-2 CVE-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...) - kdelibs 4:3.3.2-3 CVE-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...) NOT-FOR-US: Omniweb CVE-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows remot ...) NOT-FOR-US: Opera CVE-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows rem ...) NOT-FOR-US: Safari CVE-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino .8. ...) NOTE: IDN is now disabled by default in firefox, but there may be a more elegant NOTE: solution in the future - mozilla-firefox 1.0.1-1 - mozilla 2:1.7.6-1 CVE-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration pa ...) - mozilla-firefox 1.0+dfsg.1-6 CVE-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a use ...) - mozilla-firefox 1.0+dfsg.1-6 CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...) NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet. - mozilla-firefox (Affects only Firefox on Windows) CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...) NOT-FOR-US: CitrusDB CVE-2005-0228 REJECTED CVE-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...) {DSA-668-1} - postgresql 7.4.7-1 CVE-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...) NOT-FOR-US: ngIRCd CVE-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with predic ...) - firehol 1.214-4 CVE-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 throug ...) NOT-FOR-US: HP-UX CVE-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4. ...) NOT-FOR-US: Java SDK and RTE for Tru64 UNIX CVE-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitiv ...) - gallery 1.4.4-pl5-1 CVE-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 A ...) - gallery 1.4.4-pl5-1 CVE-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 a ...) - gallery 1.4.4-pl5-1 CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-p ...) - gallery 1.4.4-pl5-1 CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog al ...) NOT-FOR-US: Invision Community Blog CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Bu ...) NOT-FOR-US: Woltlab Burning Board Lite CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to cau ...) - mozilla (Mozilla 1.6 for Windows) CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...) NOT-FOR-US: SPHPBlog CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote attacke ...) NOT-FOR-US: WinHKI CVE-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier a ...) NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier CVE-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remot ...) {DSA-667-1} - squid 2.5.7-6 CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a de ...) - linux-2.6 (Fixed before upload into archive) [sarge] - kernel-source-2.6.8 2.6.8-15 - kernel-source-2.4.27 2.4.27-9 (bug #300838) CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a d ...) - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-9 CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...) - gaim 1:1.1.4 CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows N ...) - linux-2.6 (Fixed before upload into archive) [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CV ...) - xpdf (Initial Debian fix was already correct) - gpdf (Initial Debian fix was already correct) - kdegraphics (Initial Debian fix was already correct) - tetex-bin (Initial Debian fix was already correct) - pdftohtml (Initial Debian fix was already correct) - cups 1.1.22-7 - cupsys 1.1.22-7 NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393 NOTE: cupsys uses an external xpdf now. CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...) {DSA-692-1} - kdenetwork 4:3.1.6 CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T a ...) - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-9 (bug #296700; high) CVE-2005-0203 REJECTED CVE-2005-0202 (Directory traversal vulnerability in the true_path function in private ...) {DSA-674-1} - mailman 2.1.5-6 CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a socket ...) - dbus 0.22 CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...) NOT-FOR-US: TikiWiki CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ngIRC ...) NOT-FOR-US: ngIRCd CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Labe ...) NOT-FOR-US: Cisco CVE-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp lo ...) NOT-FOR-US: Cisco CVE-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a deni ...) NOT-FOR-US: Cisco CVE-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...) {DSA-667-1} - squid 2.5.7-7 CVE-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...) NOT-FOR-US: mRouter in iSync in OS X CVE-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...) NOT-FOR-US: RealPlayer CVE-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...) NOT-FOR-US: RealPlayer CVE-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...) NOT-FOR-US: RealPlayer CVE-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...) NOT-FOR-US: RealPlayer CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc toolba ...) NOT-FOR-US: AtHoc toolbar CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar a ...) NOT-FOR-US: AtHoc toolbar CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS T ...) NOT-FOR-US: Cisco CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows re ...) NOT-FOR-US: NodeManager Professional CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin 0. ...) NOT-FOR-US: vacation plugin CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allow ...) NOT-FOR-US: vacation plugin CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...) NOT-FOR-US: mod_dosevasive module for apache CVE-2005-0181 RESERVED CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in sc ...) [sarge] - kernel-source-2.6.8 2.6.8-12 - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 (intlen and outlen are unsigned in 2.4) CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of s ...) [sarge] - kernel-source-2.6.8 (Vulnerable code was only introduced in 2.6.9) - linux-2.6 (Fixed before initial release) CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows l ...) - kernel-source-2.4.27 (v2.4 is safe because back there current->signal was not shared.) - linux-2.6 (Fixed before upload into archive; 2.6.8.1) [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, whic ...) - kernel-source-2.4.27 (According to joshk, doesn't apply to 2.4.27) - linux-2.6 (Fixed before upload into archive; 2.6.8.1) [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to u ...) - linux-2.6 (Fixed before upload into archive) CVE-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus scanni ...) - clamav 0.81 CVE-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington IM ...) - uw-imap 7:2002edebian1-6 CVE-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cach ...) {DSA-667-1} - squid 2.5.7-6 CVE-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cach ...) - squid 2.5.7-6 CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated u ...) {DSA-667-1} - squid 2.5.7-4 CVE-2005-0172 REJECTED CVE-2005-0171 REJECTED CVE-2005-0170 REJECTED CVE-2005-0169 REJECTED CVE-2005-0168 REJECTED CVE-2005-0167 REJECTED CVE-2005-0166 REJECTED CVE-2005-0165 REJECTED CVE-2005-0164 RESERVED CVE-2005-0163 RESERVED CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...) - openswan 2.3.0-2 - freeswan CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow attac ...) - unace 1.2b-3 CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute arb ...) - unace 1.2b-3 CVE-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU ...) {DSA-679-1} - toolchain-source 3.4-5 CVE-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...) {DSA-687-1} - bidwatcher 1.3.17-1 CVE-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to s ...) {DSA-720-1} - smartlist 3.15-18 CVE-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when insta ...) - perl 5.8.4-6 CVE-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid su ...) - perl 5.8.4-6 - mooix 1.0rc5.pre4 CVE-2005-0154 RESERVED CVE-2005-0153 RESERVED CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows r ...) {DSA-662-1} - squirrelmail 1:1.2.7-1 NOTE: This bug exists only in version 1.2.6. CVE-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...) NOT-FOR-US: Adobe License Management Software CVE-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) d ...) - mozilla-firefox 1.0 CVE-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obe ...) - mozilla-thunderbird 0.7 - mozilla 2:1.7.4 CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the defa ...) - mozilla-thunderbird (Affects only Thunderbird on Windows) CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...) - mozilla-firefox 1.0 - mozilla 2:1.7.5 CVE-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) - mozilla-firefox 1.0 - mozilla 2:1.7.5 CVE-2005-0145 (Firefox before 1.0 does not properly distinguish between user-generate ...) - mozilla-firefox 1.0 CVE-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lo ...) - mozilla-firefox 1.0 - mozilla 2:1.7.5 CVE-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...) - mozilla-firefox 1.0 - mozilla 2:1.7.5 CVE-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozill ...) - mozilla-firefox 1.0 - mozilla-thunderbird 0.7 - mozilla 2:1.7.5 CVE-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...) - mozilla-firefox 1.0 - mozilla 2:1.7.5 CVE-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...) NOT-FOR-US: PeID CVE-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6. ...) NOT-FOR-US: Irix CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly a ...) NOT-FOR-US: Irix CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...) - linux-2.6 - kernel-source-2.4.27 2.4.27-10 (bug #308584) CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has certai ...) [sarge] - kernel-source-2.6.8 2.6.8-14 - linux-2.6 2.6.11 CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) architec ...) {DSA-1082-1 DSA-1070-1 DSA-1067-1} - linux-2.6 [sarge] - kernel-source-2.6.8 2.6.8-14 CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...) NOT-FOR-US: SCO UnixWare CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of s ...) - clamav 0.80-0.81rc1-1 CVE-2005-0132 RESERVED CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses th ...) - konversation 0.15-3 CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ex ...) - konversation 0.15-3 CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...) - konversation 0.15-3 CVE-2005-0128 REJECTED CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, generate ...) NOT-FOR-US: MacOS CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ar ...) NOT-FOR-US: MacOS CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop ...) NOT-FOR-US: MacOS CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for Linu ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1} - linux-2.6 2.6.12-1 CVE-2005-0123 REJECTED CVE-2005-0122 REJECTED CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...) NOT-FOR-US: golddig CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary file ...) NOT-FOR-US: helvis CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...) NOT-FOR-US: helvis CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable dir ...) NOT-FOR-US: helvis CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute a ...) - xshisen 1.51-1-1.1 (bug #289784) CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...) - awstats 6.2-1.1 CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler (ID ...) NOT-FOR-US: DataRescue Interactive Disassembler CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wirel ...) NOT-FOR-US: ZoneAlarm CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands v ...) NOT-FOR-US: IRIX CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...) NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7 ...) - maxdb-7.5.00 7.5.00.18 CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypas ...) NOT-FOR-US: MSIE CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating sys ...) NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical NOTE: attack, paranoid people should disable hyper threading - kfreebsd5-source 5.3-11 CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malic ...) {DSA-659-1} - libapache-mod-auth-radius 1.5.7-6 - libpam-radius-auth 1.3.16-3 CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, wh ...) {DSA-690-1} - bsmtpd 2.3pl8b-16 CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...) - libnet-ssleay-perl 1.25-1.1 CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local user ...) {DSA-684-1} - typespeed 0.4.4-8 CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMai ...) {DSA-662-1} - squirrelmail 2:1.4.4 CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...) - squirrelmail 2:1.4.4-1 CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier a ...) {DSA-673-1} - evolution 2.0.3-1.2 (bug #295548) CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and e ...) - newspost 2.1.1-2 CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...) {DSA-685-1 DSA-671-1 DSA-670-1} - emacs21 21.3+1-9 - xemacs21 21.4.16-2 CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop p ...) {DSA-691-1} - abuse CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...) {DSA-691-1} - abuse CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote atta ...) - squid 2.5.7-4 CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...) - squid 2.5.7-4 CVE-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...) {DSA-651-1} - squid 2.5.7-4 CVE-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply parse ...) {DSA-651-1} - squid 2.5.7-4 CVE-2005-0093 REJECTED CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) - linux-2.6 (Apparently specific to Red hat hugemem kernel) CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...) - linux-2.6 (Apparently specific to Red hat hugemem kernel) CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB sp ...) - linux-2.6 (Apparently specific to Red hat hugemem kernel) CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...) {DSA-666-1} - python2.2 2.2.3-14 - python2.3 2.3.4+2.3.5c1-2 - python2.4 2.4-5 CVE-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote a ...) {DSA-689-1} - libapache2-mod-python 3.1.3-3 - libapache-mod-python 2:2.7.10-4 CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...) NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9 - alsa-lib 1.0.9-1 (unimportant) CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allow ...) - less (Red Hat specific less bug) CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3. ...) {DSA-680-1} - htdig 1:3.1.6-11 (bug #305996) CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...) {DSA-653-1} - ethereal 0.10.9-1 CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and othe ...) - maxdb-7.5.00 7.5.00.24-1 CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ver ...) - maxdb-7.5.00 7.5.00.21-1 CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...) - maxdb-7.5.00 7.5.00.21-1 CVE-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...) - mailman 2.1.5-5 CVE-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...) {DSA-649-1} - xtrlock 2.0-9 CVE-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the r ...) {DSA-660-1} - kdebase 4:3.0.5 CVE-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...) {DSA-658-1} - libdbi-perl 1.46-6 CVE-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local use ...) {DSA-672-1} - xview 3.2p1.4-19 CVE-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...) - squirrelmail 2:1.4.4-1 CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to exec ...) {DSA-676-1} - xpcd 2.08-11.1 (bug #294793) CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when r ...) {DSA-677-1} - sympa 4.1.2-2.1 CVE-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user config ...) {DSA-655-1} - zhcon 1:0.2.3-8.1 (bug #292210) CVE-2005-0071 (vdr before 1.2.6 does not securely create files, which allows attacker ...) {DSA-656-1} - vdr 1.2.6-6 CVE-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when instal ...) {DSA-681-1} - synaesthesia 2.1-3 NOTE: does not apply for sarge, program is not setuid anymore CVE-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local user ...) - vim 1:6.3-058+1 CVE-2005-0068 (The original design of ICMP does not require authentication for host-g ...) NOTE: general icmp design error CVE-2005-0067 (The original design of TCP does not require that port numbers be assig ...) NOTE: general tcp design error, no indication it affects linux CVE-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...) NOTE: general tcp design error CVE-2005-0065 (The original design of TCP does not check that the TCP sequence number ...) NOTE: general tcp design error CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc fo ...) {DSA-648-1 DSA-645-1} - xpdf 3.00-13 - gpdf 2.8.2-1.2 - pdftohtml 0.36-11 - kdegraphics 4:3.3.2-2 - tetex-bin 2.0.2-26 - cupsys 1.1.22-6 (bug #324459) - cups 1.1.22-6 (bug #324459) NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6. NOTE: In version 1.1.23-13, the dormant code in the source NOTE: package was fixed. CVE-2005-0063 (The document processing application used by the Windows Shell in Micro ...) NOT-FOR-US: Microsoft CVE-2005-0062 RESERVED CVE-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Wind ...) NOT-FOR-US: Microsoft CVE-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2005-0058 (Buffer overflow in the Telephony Application Programming Interface (TA ...) NOT-FOR-US: TAPI for Windows CVE-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...) NOT-FOR-US: Microsoft CVE-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...) NOT-FOR-US: Microsoft CVE-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...) NOT-FOR-US: Microsoft CVE-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...) NOT-FOR-US: Microsoft CVE-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2005-0052 RESERVED CVE-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remot ...) NOT-FOR-US: Microsoft CVE-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 Server ...) NOT-FOR-US: Microsoft CVE-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows S ...) NOT-FOR-US: Microsoft CVE-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, a ...) NOT-FOR-US: Microsoft CVE-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use ...) NOT-FOR-US: Microsoft CVE-2005-0046 RESERVED CVE-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, 2000 ...) NOT-FOR-US: Microsoft CVE-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchan ...) NOT-FOR-US: Microsoft CVE-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...) NOT-FOR-US: iTunes CVE-2005-0042 RESERVED CVE-2005-0041 RESERVED CVE-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke befo ...) NOT-FOR-US: DotNetNuke CVE-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security Pay ...) NOTE: These are known issues of IPSEC and basically every VPN system using NOTE: encryption without authentication. NOTE: openswan even prevents such configurations CVE-2005-0038 (The DNS implementation of PowerDNS 2.9.16 and earlier allows remote at ...) - pdns 2.9.17-1 CVE-2005-0037 (The DNS implementation of DNRD before 2.10 allows remote attackers to ...) NOT-FOR-US: dnrd CVE-2005-0036 (The DNS implementation in DeleGate 8.10.2 and earlier allows remote at ...) NOT-FOR-US: DeleGate CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ea ...) NOT-FOR-US: Adobe CVE-2005-0034 (An "incorrect assumption" in the authvalidated validator function in B ...) - bind9 1:9.3.1 [woody] - bind9 [sarge] - bind9 NOTE: only affects bind9 9.3.0, sarge and woody have an earlier versions CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND 8. ...) - bind 1:8.4.6-1 CVE-2005-0032 RESERVED CVE-2005-0031 RESERVED CVE-2005-0030 RESERVED CVE-2005-0029 RESERVED CVE-2005-0028 RESERVED CVE-2005-0027 RESERVED CVE-2005-0026 RESERVED CVE-2005-0025 RESERVED CVE-2005-0024 RESERVED CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to sp ...) - gnome-libs (bug #329156; unimportant) - vte (bug #330907; unimportant) NOTE: Not considered a security problem, see #329156 CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before 4.43 ...) - exim4 4.34-10 CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to e ...) {DSA-637-1 DSA-635-1} - exim4 4.34-10 - exim 3.36-13 (bug #290036) - exim-tls CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute a ...) {DSA-641-1} - playmidi 2.4debian-3 CVE-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to e ...) {DSA-675-1} - hztty 2.0-6.1 CVE-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...) {DSA-661-2} - f2c 20020621-3.4 (bug #292792) CVE-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read a ...) {DSA-661-2} - f2c 20020621-3.4 (bug #292792) CVE-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos be ...) {DSA-640-1} - gatos 0.0.5-15 CVE-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitra ...) {DSA-650-1} - sword 1.5.7-7 (bug #291433) CVE-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malici ...) - ncpfs 2.2.6-1 CVE-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...) {DSA-665-1} - ncpfs 2.2.6-1 CVE-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo b ...) - dillo 0.8.3-1 CVE-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...) - kdeedu 4:3.3.2-2 CVE-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...) - ethereal 0.10.9-1 CVE-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 thr ...) - ethereal 0.10.9-1 CVE-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...) - ethereal 0.10.9-1 CVE-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...) - ethereal 0.10.9-1 CVE-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote att ...) - ethereal 0.10.9-1 CVE-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...) {DSA-646-1} - imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033) CVE-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.1 ...) {DSA-647-1} - mysql-dfsg-4.1 4.1.8a-6 - mysql-dfsg 4.0.23-3 CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ar ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 (Fixed before upload into archive; 2.6.10) - kernel-source-2.4.27 2.4.27-9 [sarge] - kernel-source-2.6.8 2.6.8-9 CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...) NOT-FOR-US: poppassd_pam CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel 2. ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} NOTE: i386 and smp specific - linux-2.6 (Fixed before upload into archive) - kernel-source-2.4.27 2.4.27-8 [sarge] - kernel-source-2.6.8 2.6.8-13