summaryrefslogtreecommitdiffstats
path: root/data/CVE/2005.list
blob: 200aae0ebe5bcfe6d4df6b8033c73b71a11432ca (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983
4984
4985
4986
4987
4988
4989
4990
4991
4992
4993
4994
4995
4996
4997
4998
4999
5000
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210
5211
5212
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271
5272
5273
5274
5275
5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
5300
5301
5302
5303
5304
5305
5306
5307
5308
5309
5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345
5346
5347
5348
5349
5350
5351
5352
5353
5354
5355
5356
5357
5358
5359
5360
5361
5362
5363
5364
5365
5366
5367
5368
5369
5370
5371
5372
5373
5374
5375
5376
5377
5378
5379
5380
5381
5382
5383
5384
5385
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399
5400
5401
5402
5403
5404
5405
5406
5407
5408
5409
5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420
5421
5422
5423
5424
5425
5426
5427
5428
5429
5430
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
5563
5564
5565
5566
5567
5568
5569
5570
5571
5572
5573
5574
5575
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632
5633
5634
5635
5636
5637
5638
5639
5640
5641
5642
5643
5644
5645
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709
5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
5843
5844
5845
5846
5847
5848
5849
5850
5851
5852
5853
5854
5855
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873
5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930
5931
5932
5933
5934
5935
5936
5937
5938
5939
5940
5941
5942
5943
5944
5945
5946
5947
5948
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
6001
6002
6003
6004
6005
6006
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
6042
6043
6044
6045
6046
6047
6048
6049
6050
6051
6052
6053
6054
6055
6056
6057
6058
6059
6060
6061
6062
6063
6064
6065
6066
6067
6068
6069
6070
6071
6072
6073
6074
6075
6076
6077
6078
6079
6080
6081
6082
6083
6084
6085
6086
6087
6088
6089
6090
6091
6092
6093
6094
6095
6096
6097
6098
6099
6100
6101
6102
6103
6104
6105
6106
6107
6108
6109
6110
6111
6112
6113
6114
6115
6116
6117
6118
6119
6120
6121
6122
6123
6124
6125
6126
6127
6128
6129
6130
6131
6132
6133
6134
6135
6136
6137
6138
6139
6140
6141
6142
6143
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
6155
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
6198
6199
6200
6201
6202
6203
6204
6205
6206
6207
6208
6209
6210
6211
6212
6213
6214
6215
6216
6217
6218
6219
6220
6221
6222
6223
6224
6225
6226
6227
6228
6229
6230
6231
6232
6233
6234
6235
6236
6237
6238
6239
6240
6241
6242
6243
6244
6245
6246
6247
6248
6249
6250
6251
6252
6253
6254
6255
6256
6257
6258
6259
6260
6261
6262
6263
6264
6265
6266
6267
6268
6269
6270
6271
6272
6273
6274
6275
6276
6277
6278
6279
6280
6281
6282
6283
6284
6285
6286
6287
6288
6289
6290
6291
6292
6293
6294
6295
6296
6297
6298
6299
6300
6301
6302
6303
6304
6305
6306
6307
6308
6309
6310
6311
6312
6313
6314
6315
6316
6317
6318
6319
6320
6321
6322
6323
6324
6325
6326
6327
6328
6329
6330
6331
6332
6333
6334
6335
6336
6337
6338
6339
6340
6341
6342
6343
6344
6345
6346
6347
6348
6349
6350
6351
6352
6353
6354
6355
6356
6357
6358
6359
6360
6361
6362
6363
6364
6365
6366
6367
6368
6369
6370
6371
6372
6373
6374
6375
6376
6377
6378
6379
6380
6381
6382
6383
6384
6385
6386
6387
6388
6389
6390
6391
6392
6393
6394
6395
6396
6397
6398
6399
6400
6401
6402
6403
6404
6405
6406
6407
6408
6409
6410
6411
6412
6413
6414
6415
6416
6417
6418
6419
6420
6421
6422
6423
6424
6425
6426
6427
6428
6429
6430
6431
6432
6433
6434
6435
6436
6437
6438
6439
6440
6441
6442
6443
6444
6445
6446
6447
6448
6449
6450
6451
6452
6453
6454
6455
6456
6457
6458
6459
6460
6461
6462
6463
6464
6465
6466
6467
6468
6469
6470
6471
6472
6473
6474
6475
6476
6477
6478
6479
6480
6481
6482
6483
6484
6485
6486
6487
6488
6489
6490
6491
6492
6493
6494
6495
6496
6497
6498
6499
6500
6501
6502
6503
6504
6505
6506
6507
6508
6509
6510
6511
6512
6513
6514
6515
6516
6517
6518
6519
6520
6521
6522
6523
6524
6525
6526
6527
6528
6529
6530
6531
6532
6533
6534
6535
6536
6537
6538
6539
6540
6541
6542
6543
6544
6545
6546
6547
6548
6549
6550
6551
6552
6553
6554
6555
6556
6557
6558
6559
6560
6561
6562
6563
6564
6565
6566
6567
6568
6569
6570
6571
6572
6573
6574
6575
6576
6577
6578
6579
6580
6581
6582
6583
6584
6585
6586
6587
6588
6589
6590
6591
6592
6593
6594
6595
6596
6597
6598
6599
6600
6601
6602
6603
6604
6605
6606
6607
6608
6609
6610
6611
6612
6613
6614
6615
6616
6617
6618
6619
6620
6621
6622
6623
6624
6625
6626
6627
6628
6629
6630
6631
6632
6633
6634
6635
6636
6637
6638
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649
6650
6651
6652
6653
6654
6655
6656
6657
6658
6659
6660
6661
6662
6663
6664
6665
6666
6667
6668
6669
6670
6671
6672
6673
6674
6675
6676
6677
6678
6679
6680
6681
6682
6683
6684
6685
6686
6687
6688
6689
6690
6691
6692
6693
6694
6695
6696
6697
6698
6699
6700
6701
6702
6703
6704
6705
6706
6707
6708
6709
6710
6711
6712
6713
6714
6715
6716
6717
6718
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728
6729
6730
6731
6732
6733
6734
6735
6736
6737
6738
6739
6740
6741
6742
6743
6744
6745
6746
6747
6748
6749
6750
6751
6752
6753
6754
6755
6756
6757
6758
6759
6760
6761
6762
6763
6764
6765
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775
6776
6777
6778
6779
6780
6781
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791
6792
6793
6794
6795
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
6831
6832
6833
6834
6835
6836
6837
6838
6839
6840
6841
6842
6843
6844
6845
6846
6847
6848
6849
6850
6851
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861
6862
6863
6864
6865
6866
6867
6868
6869
6870
6871
6872
6873
6874
6875
6876
6877
6878
6879
6880
6881
6882
6883
6884
6885
6886
6887
6888
6889
6890
6891
6892
6893
6894
6895
6896
6897
6898
6899
6900
6901
6902
6903
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922
6923
6924
6925
6926
6927
6928
6929
6930
6931
6932
6933
6934
6935
6936
6937
6938
6939
6940
6941
6942
6943
6944
6945
6946
6947
6948
6949
6950
6951
6952
6953
6954
6955
6956
6957
6958
6959
6960
6961
6962
6963
6964
6965
6966
6967
6968
6969
6970
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
6990
6991
6992
6993
6994
6995
6996
6997
6998
6999
7000
7001
7002
7003
7004
7005
7006
7007
7008
7009
7010
7011
7012
7013
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
7062
7063
7064
7065
7066
7067
7068
7069
7070
7071
7072
7073
7074
7075
7076
7077
7078
7079
7080
7081
7082
7083
7084
7085
7086
7087
7088
7089
7090
7091
7092
7093
7094
7095
7096
7097
7098
7099
7100
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7150
7151
7152
7153
7154
7155
7156
7157
7158
7159
7160
7161
7162
7163
7164
7165
7166
7167
7168
7169
7170
7171
7172
7173
7174
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
7225
7226
7227
7228
7229
7230
7231
7232
7233
7234
7235
7236
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7257
7258
7259
7260
7261
7262
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
7288
7289
7290
7291
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418
7419
7420
7421
7422
7423
7424
7425
7426
7427
7428
7429
7430
7431
7432
7433
7434
7435
7436
7437
7438
7439
7440
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463
7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
7485
7486
7487
7488
7489
7490
7491
7492
7493
7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505
7506
7507
7508
7509
7510
7511
7512
7513
7514
7515
7516
7517
7518
7519
7520
7521
7522
7523
7524
7525
7526
7527
7528
7529
7530
7531
7532
7533
7534
7535
7536
7537
7538
7539
7540
7541
7542
7543
7544
7545
7546
7547
7548
7549
7550
7551
7552
7553
7554
7555
7556
7557
7558
7559
7560
7561
7562
7563
7564
7565
7566
7567
7568
7569
7570
7571
7572
7573
7574
7575
7576
7577
7578
7579
7580
7581
7582
7583
7584
7585
7586
7587
7588
7589
7590
7591
7592
7593
7594
7595
7596
7597
7598
7599
7600
7601
7602
7603
7604
7605
7606
7607
7608
7609
7610
7611
7612
7613
7614
7615
7616
7617
7618
7619
7620
7621
7622
7623
7624
7625
7626
7627
7628
7629
7630
7631
7632
7633
7634
7635
7636
7637
7638
7639
7640
7641
7642
7643
7644
7645
7646
7647
7648
7649
7650
7651
7652
7653
7654
7655
7656
7657
7658
7659
7660
7661
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676
7677
7678
7679
7680
7681
7682
7683
7684
7685
7686
7687
7688
7689
7690
7691
7692
7693
7694
7695
7696
7697
7698
7699
7700
7701
7702
7703
7704
7705
7706
7707
7708
7709
7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
7721
7722
7723
7724
7725
7726
7727
7728
7729
7730
7731
7732
7733
7734
7735
7736
7737
7738
7739
7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751
7752
7753
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
7919
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
8001
8002
8003
8004
8005
8006
8007
8008
8009
8010
8011
8012
8013
8014
8015
8016
8017
8018
8019
8020
8021
8022
8023
8024
8025
8026
8027
8028
8029
8030
8031
8032
8033
8034
8035
8036
8037
8038
8039
8040
8041
8042
8043
8044
8045
8046
8047
8048
8049
8050
8051
8052
8053
8054
8055
8056
8057
8058
8059
8060
8061
8062
8063
8064
8065
8066
8067
8068
8069
8070
8071
8072
8073
8074
8075
8076
8077
8078
8079
8080
8081
8082
8083
8084
8085
8086
8087
8088
8089
8090
8091
8092
8093
8094
8095
8096
8097
8098
8099
8100
8101
8102
8103
8104
8105
8106
8107
8108
8109
8110
8111
8112
8113
8114
8115
8116
8117
8118
8119
8120
8121
8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
8146
8147
8148
8149
8150
8151
8152
8153
8154
8155
8156
8157
8158
8159
8160
8161
8162
8163
8164
8165
8166
8167
8168
8169
8170
8171
8172
8173
8174
8175
8176
8177
8178
8179
8180
8181
8182
8183
8184
8185
8186
8187
8188
8189
8190
8191
8192
8193
8194
8195
8196
8197
8198
8199
8200
8201
8202
8203
8204
8205
8206
8207
8208
8209
8210
8211
8212
8213
8214
8215
8216
8217
8218
8219
8220
8221
8222
8223
8224
8225
8226
8227
8228
8229
8230
8231
8232
8233
8234
8235
8236
8237
8238
8239
8240
8241
8242
8243
8244
8245
8246
8247
8248
8249
8250
8251
8252
8253
8254
8255
8256
8257
8258
8259
8260
8261
8262
8263
8264
8265
8266
8267
8268
8269
8270
8271
8272
8273
8274
8275
8276
8277
8278
8279
8280
8281
8282
8283
8284
8285
8286
8287
8288
8289
8290
8291
8292
8293
8294
8295
8296
8297
8298
8299
8300
8301
8302
8303
8304
8305
8306
8307
8308
8309
8310
8311
8312
8313
8314
8315
8316
8317
8318
8319
8320
8321
8322
8323
8324
8325
8326
8327
8328
8329
8330
8331
8332
8333
8334
8335
8336
8337
8338
8339
8340
8341
8342
8343
8344
8345
8346
8347
8348
8349
8350
8351
8352
8353
8354
8355
8356
8357
8358
8359
8360
8361
8362
8363
8364
8365
8366
8367
8368
8369
8370
8371
8372
8373
8374
8375
8376
8377
8378
8379
8380
8381
8382
8383
8384
8385
8386
8387
8388
8389
8390
8391
8392
8393
8394
8395
8396
8397
8398
8399
8400
8401
8402
8403
8404
8405
8406
8407
8408
8409
8410
8411
8412
8413
8414
8415
8416
8417
8418
8419
8420
8421
8422
8423
8424
8425
8426
8427
8428
8429
8430
8431
8432
8433
8434
8435
8436
8437
8438
8439
8440
8441
8442
8443
8444
8445
8446
8447
8448
8449
8450
8451
8452
8453
8454
8455
8456
8457
8458
8459
8460
8461
8462
8463
8464
8465
8466
8467
8468
8469
8470
8471
8472
8473
8474
8475
8476
8477
8478
8479
8480
8481
8482
8483
8484
8485
8486
8487
8488
8489
8490
8491
8492
8493
8494
8495
8496
8497
8498
8499
8500
8501
8502
8503
8504
8505
8506
8507
8508
8509
8510
8511
8512
8513
8514
8515
8516
8517
8518
8519
8520
8521
8522
8523
8524
8525
8526
8527
8528
8529
8530
8531
8532
8533
8534
8535
8536
8537
8538
8539
8540
8541
8542
8543
8544
8545
8546
8547
8548
8549
8550
8551
8552
8553
8554
8555
8556
8557
8558
8559
8560
8561
8562
8563
8564
8565
8566
8567
8568
8569
8570
8571
8572
8573
8574
8575
8576
8577
8578
8579
8580
8581
8582
8583
8584
8585
8586
8587
8588
8589
8590
8591
8592
8593
8594
8595
8596
8597
8598
8599
8600
8601
8602
8603
8604
8605
8606
8607
8608
8609
8610
8611
8612
8613
8614
8615
8616
8617
8618
8619
8620
8621
8622
8623
8624
8625
8626
8627
8628
8629
8630
8631
8632
8633
8634
8635
8636
8637
8638
8639
8640
8641
8642
8643
8644
8645
8646
8647
8648
8649
8650
8651
8652
8653
8654
8655
8656
8657
8658
8659
8660
8661
8662
8663
8664
8665
8666
8667
8668
8669
8670
8671
8672
8673
8674
8675
8676
8677
8678
8679
8680
8681
8682
8683
8684
8685
8686
8687
8688
8689
8690
8691
8692
8693
8694
8695
8696
8697
8698
8699
8700
8701
8702
8703
8704
8705
8706
8707
8708
8709
8710
8711
8712
8713
8714
8715
8716
8717
8718
8719
8720
8721
8722
8723
8724
8725
8726
8727
8728
8729
8730
8731
8732
8733
8734
8735
8736
8737
8738
8739
8740
8741
8742
8743
8744
8745
8746
8747
8748
8749
8750
8751
8752
8753
8754
8755
8756
8757
8758
8759
8760
8761
8762
8763
8764
8765
8766
8767
8768
8769
8770
8771
8772
8773
8774
8775
8776
8777
8778
8779
8780
8781
8782
8783
8784
8785
8786
8787
8788
8789
8790
8791
8792
8793
8794
8795
8796
8797
8798
8799
8800
8801
8802
8803
8804
8805
8806
8807
8808
8809
8810
8811
8812
8813
8814
8815
8816
8817
8818
8819
8820
8821
8822
8823
8824
8825
8826
8827
8828
8829
8830
8831
8832
8833
8834
8835
8836
8837
8838
8839
8840
8841
8842
8843
8844
8845
8846
8847
8848
8849
8850
8851
8852
8853
8854
8855
8856
8857
8858
8859
8860
8861
8862
8863
8864
8865
8866
8867
8868
8869
8870
8871
8872
8873
8874
8875
8876
8877
8878
8879
8880
8881
8882
8883
8884
8885
8886
8887
8888
8889
8890
8891
8892
8893
8894
8895
8896
8897
8898
8899
8900
8901
8902
8903
8904
8905
8906
8907
8908
8909
8910
8911
8912
8913
8914
8915
8916
8917
8918
8919
8920
8921
8922
8923
8924
8925
8926
8927
8928
8929
8930
8931
8932
8933
8934
8935
8936
8937
8938
8939
8940
8941
8942
8943
8944
8945
8946
8947
8948
8949
8950
8951
8952
8953
8954
8955
8956
8957
8958
8959
8960
8961
8962
8963
8964
8965
8966
8967
8968
8969
8970
8971
8972
8973
8974
8975
8976
8977
8978
8979
8980
8981
8982
8983
8984
8985
8986
8987
8988
8989
8990
8991
8992
8993
8994
8995
8996
8997
8998
8999
9000
9001
9002
9003
9004
9005
9006
9007
9008
9009
9010
9011
9012
9013
9014
9015
9016
9017
9018
9019
9020
9021
9022
9023
9024
9025
9026
9027
9028
9029
9030
9031
9032
9033
9034
9035
9036
9037
9038
9039
9040
9041
9042
9043
9044
9045
9046
9047
9048
9049
9050
9051
9052
9053
9054
9055
9056
9057
9058
9059
9060
9061
9062
9063
9064
9065
9066
9067
9068
9069
9070
9071
9072
9073
9074
9075
9076
9077
9078
9079
9080
9081
9082
9083
9084
9085
9086
9087
9088
9089
9090
9091
9092
9093
9094
9095
9096
9097
9098
9099
9100
9101
9102
9103
9104
9105
9106
9107
9108
9109
9110
9111
9112
9113
9114
9115
9116
9117
9118
9119
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
9143
9144
9145
9146
9147
9148
9149
9150
9151
9152
9153
9154
9155
9156
9157
9158
9159
9160
9161
9162
9163
9164
9165
9166
9167
9168
9169
9170
9171
9172
9173
9174
9175
9176
9177
9178
9179
9180
9181
9182
9183
9184
9185
9186
9187
9188
9189
9190
9191
9192
9193
9194
9195
9196
9197
9198
9199
9200
9201
9202
9203
9204
9205
9206
9207
9208
9209
9210
9211
9212
9213
9214
9215
9216
9217
9218
9219
9220
9221
9222
9223
9224
9225
9226
9227
9228
9229
9230
9231
9232
9233
9234
9235
9236
9237
9238
9239
9240
9241
9242
9243
9244
9245
9246
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
9271
9272
9273
9274
9275
9276
9277
9278
9279
9280
9281
9282
9283
9284
9285
9286
9287
9288
9289
9290
9291
9292
9293
9294
9295
9296
9297
9298
9299
9300
9301
9302
9303
9304
9305
9306
9307
9308
9309
9310
9311
9312
9313
9314
9315
9316
9317
9318
9319
9320
9321
9322
9323
9324
9325
9326
9327
9328
9329
9330
9331
9332
9333
9334
9335
9336
9337
9338
9339
9340
9341
9342
9343
9344
9345
9346
9347
9348
9349
9350
9351
9352
9353
9354
9355
9356
9357
9358
9359
9360
9361
9362
9363
9364
9365
9366
9367
9368
9369
9370
9371
9372
9373
9374
9375
9376
9377
9378
9379
9380
9381
9382
9383
9384
9385
9386
9387
9388
9389
9390
9391
9392
9393
9394
9395
9396
9397
9398
9399
9400
9401
9402
9403
9404
9405
9406
9407
9408
9409
9410
9411
9412
9413
9414
9415
9416
9417
9418
9419
9420
9421
9422
9423
9424
9425
9426
9427
9428
9429
9430
9431
9432
9433
9434
9435
9436
9437
9438
9439
9440
9441
9442
9443
9444
9445
9446
9447
9448
9449
9450
9451
9452
9453
9454
9455
9456
9457
9458
9459
9460
9461
9462
9463
9464
9465
9466
9467
9468
9469
9470
9471
9472
9473
9474
9475
9476
9477
9478
9479
9480
9481
9482
9483
9484
9485
9486
9487
9488
9489
9490
9491
9492
9493
9494
9495
9496
9497
9498
9499
9500
9501
9502
9503
9504
9505
9506
9507
9508
9509
9510
9511
9512
9513
9514
9515
9516
9517
9518
9519
9520
9521
9522
9523
9524
9525
9526
9527
9528
9529
9530
9531
9532
9533
9534
9535
9536
9537
9538
9539
9540
9541
9542
9543
9544
9545
9546
9547
9548
9549
9550
9551
9552
9553
9554
9555
9556
9557
9558
9559
9560
9561
9562
9563
9564
9565
9566
9567
9568
9569
9570
9571
9572
9573
9574
9575
9576
9577
9578
9579
9580
9581
9582
9583
9584
9585
9586
9587
9588
9589
9590
9591
9592
9593
9594
9595
9596
9597
9598
9599
9600
9601
9602
9603
9604
9605
9606
9607
9608
9609
9610
9611
9612
9613
9614
9615
9616
9617
9618
9619
9620
9621
9622
9623
9624
9625
9626
9627
9628
9629
9630
9631
9632
9633
9634
9635
9636
9637
9638
9639
9640
9641
9642
9643
9644
9645
9646
9647
9648
9649
9650
9651
9652
9653
9654
9655
9656
9657
9658
9659
9660
9661
9662
9663
9664
9665
9666
9667
9668
9669
9670
9671
9672
9673
9674
9675
9676
9677
9678
9679
9680
9681
9682
9683
9684
9685
9686
9687
9688
9689
9690
9691
9692
9693
9694
9695
9696
9697
9698
9699
9700
9701
9702
9703
9704
9705
9706
9707
9708
9709
9710
9711
9712
9713
9714
9715
9716
9717
9718
9719
9720
9721
9722
9723
9724
9725
9726
9727
9728
9729
9730
9731
9732
9733
9734
9735
9736
9737
9738
9739
9740
9741
9742
9743
9744
9745
9746
9747
9748
9749
9750
9751
9752
9753
9754
9755
9756
9757
9758
9759
9760
9761
9762
9763
9764
9765
9766
9767
9768
9769
9770
9771
9772
9773
9774
9775
9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
9787
9788
9789
9790
9791
9792
9793
9794
9795
9796
9797
9798
9799
9800
9801
9802
9803
9804
9805
9806
9807
9808
9809
9810
9811
9812
9813
9814
9815
9816
9817
9818
9819
9820
9821
9822
9823
9824
9825
9826
9827
9828
9829
9830
9831
9832
9833
9834
9835
9836
9837
9838
9839
9840
9841
9842
9843
9844
9845
9846
9847
9848
9849
9850
9851
9852
9853
9854
9855
9856
9857
9858
9859
9860
9861
9862
9863
9864
9865
9866
9867
9868
9869
9870
9871
9872
9873
9874
9875
9876
9877
9878
9879
9880
9881
9882
9883
9884
9885
9886
9887
9888
9889
9890
9891
9892
9893
9894
9895
9896
9897
9898
9899
9900
9901
9902
9903
9904
9905
9906
9907
9908
9909
9910
9911
9912
9913
9914
9915
9916
9917
9918
9919
9920
9921
9922
9923
9924
9925
9926
9927
9928
9929
9930
9931
9932
9933
9934
9935
9936
9937
9938
9939
9940
9941
9942
9943
9944
9945
9946
9947
9948
9949
9950
9951
9952
9953
9954
9955
9956
9957
9958
9959
9960
9961
9962
9963
9964
9965
9966
9967
9968
9969
9970
9971
9972
9973
9974
9975
9976
9977
9978
9979
9980
9981
9982
9983
9984
9985
9986
9987
9988
9989
9990
9991
9992
9993
9994
9995
9996
9997
9998
9999
10000
10001
10002
10003
10004
10005
10006
10007
10008
10009
10010
10011
10012
10013
10014
10015
10016
10017
10018
10019
10020
10021
10022
10023
10024
10025
10026
10027
10028
10029
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
10046
10047
10048
10049
10050
10051
10052
10053
10054
10055
10056
10057
10058
10059
10060
10061
10062
10063
10064
10065
10066
10067
10068
10069
10070
10071
10072
10073
10074
10075
10076
10077
10078
10079
10080
10081
10082
10083
10084
10085
10086
10087
10088
10089
10090
10091
10092
10093
10094
10095
10096
10097
10098
10099
10100
10101
10102
10103
10104
10105
10106
10107
10108
10109
10110
10111
10112
10113
10114
10115
10116
10117
10118
10119
10120
10121
10122
10123
10124
10125
10126
10127
10128
10129
10130
10131
10132
10133
10134
10135
10136
10137
10138
10139
10140
10141
10142
10143
10144
10145
10146
10147
10148
10149
10150
10151
10152
10153
10154
10155
10156
10157
10158
10159
10160
10161
10162
10163
10164
10165
10166
10167
10168
10169
10170
10171
10172
10173
10174
10175
10176
10177
10178
10179
10180
10181
10182
10183
10184
10185
10186
10187
10188
10189
10190
10191
10192
10193
10194
10195
10196
10197
10198
10199
10200
10201
10202
10203
10204
10205
10206
10207
10208
10209
10210
10211
10212
10213
10214
10215
10216
10217
10218
10219
10220
10221
10222
10223
10224
10225
10226
10227
10228
10229
10230
10231
10232
10233
10234
10235
10236
10237
10238
10239
10240
10241
10242
10243
10244
10245
10246
10247
10248
10249
10250
10251
10252
10253
10254
10255
10256
10257
10258
10259
10260
10261
10262
10263
10264
10265
10266
10267
10268
10269
10270
10271
10272
10273
10274
10275
10276
10277
10278
10279
10280
10281
10282
10283
10284
10285
10286
10287
10288
10289
10290
10291
10292
10293
10294
10295
10296
10297
10298
10299
10300
10301
10302
10303
10304
10305
10306
10307
10308
10309
10310
10311
10312
10313
10314
10315
10316
10317
10318
10319
10320
10321
10322
10323
10324
10325
10326
10327
10328
10329
10330
10331
10332
10333
10334
10335
10336
10337
10338
10339
10340
10341
10342
10343
10344
10345
10346
10347
10348
10349
10350
10351
10352
10353
10354
10355
10356
10357
10358
10359
10360
10361
10362
10363
10364
10365
10366
10367
10368
10369
10370
10371
10372
10373
10374
10375
10376
10377
10378
10379
10380
10381
10382
10383
10384
10385
10386
10387
10388
10389
10390
10391
10392
10393
10394
10395
10396
10397
10398
10399
10400
10401
10402
10403
10404
10405
10406
10407
10408
10409
10410
10411
10412
10413
10414
10415
10416
10417
10418
10419
10420
10421
10422
10423
10424
10425
10426
10427
10428
10429
10430
10431
10432
10433
10434
10435
10436
10437
10438
10439
10440
10441
10442
10443
10444
10445
10446
10447
10448
10449
10450
10451
10452
10453
10454
10455
10456
10457
10458
10459
10460
10461
10462
10463
10464
10465
10466
10467
10468
10469
10470
10471
10472
10473
10474
10475
10476
10477
10478
10479
10480
10481
10482
10483
10484
10485
10486
10487
10488
10489
10490
10491
10492
10493
10494
10495
10496
10497
10498
10499
10500
10501
10502
10503
10504
10505
10506
10507
10508
10509
10510
10511
10512
10513
10514
10515
10516
10517
10518
10519
10520
10521
10522
10523
10524
10525
10526
10527
10528
10529
10530
10531
10532
10533
10534
10535
10536
10537
10538
10539
10540
10541
10542
10543
10544
10545
10546
10547
10548
10549
10550
10551
10552
10553
10554
10555
10556
10557
10558
10559
10560
10561
10562
10563
10564
10565
10566
10567
10568
10569
10570
10571
10572
10573
10574
10575
10576
10577
10578
10579
10580
10581
10582
10583
10584
10585
10586
10587
10588
10589
10590
10591
10592
10593
10594
10595
10596
10597
10598
10599
10600
10601
10602
10603
10604
10605
10606
10607
10608
10609
10610
10611
10612
10613
10614
10615
10616
10617
10618
10619
10620
10621
10622
10623
10624
10625
10626
10627
10628
10629
10630
10631
10632
10633
10634
10635
10636
10637
10638
10639
10640
10641
10642
10643
10644
10645
10646
10647
10648
10649
10650
10651
10652
10653
10654
10655
10656
10657
10658
10659
10660
10661
10662
10663
10664
10665
10666
10667
10668
10669
10670
10671
10672
10673
10674
10675
10676
10677
10678
10679
10680
10681
10682
10683
10684
10685
10686
10687
10688
10689
10690
10691
10692
10693
10694
10695
10696
10697
10698
10699
10700
10701
10702
10703
10704
10705
10706
10707
10708
10709
10710
10711
10712
10713
10714
10715
10716
10717
10718
10719
10720
10721
10722
10723
10724
10725
10726
10727
10728
10729
10730
10731
10732
10733
10734
10735
10736
10737
10738
10739
10740
10741
10742
10743
10744
10745
10746
10747
10748
10749
10750
10751
10752
10753
10754
10755
10756
10757
10758
10759
10760
10761
10762
10763
10764
10765
10766
10767
10768
10769
10770
10771
10772
10773
10774
10775
10776
10777
10778
10779
10780
10781
10782
10783
10784
10785
10786
10787
10788
10789
10790
10791
10792
10793
10794
10795
10796
10797
10798
10799
10800
10801
10802
10803
10804
10805
10806
10807
10808
10809
10810
10811
10812
10813
10814
10815
10816
10817
10818
10819
10820
10821
10822
10823
10824
10825
10826
10827
10828
10829
10830
10831
10832
10833
10834
10835
10836
10837
10838
10839
10840
10841
10842
10843
10844
10845
10846
10847
10848
10849
10850
10851
10852
10853
10854
10855
10856
10857
10858
10859
10860
10861
10862
10863
10864
10865
10866
10867
10868
10869
10870
10871
10872
10873
10874
10875
10876
10877
10878
10879
10880
10881
10882
10883
10884
10885
10886
10887
10888
10889
10890
10891
10892
10893
10894
10895
10896
10897
10898
10899
10900
10901
10902
10903
10904
10905
10906
10907
10908
10909
10910
10911
10912
10913
10914
10915
10916
10917
10918
10919
10920
10921
10922
10923
10924
10925
10926
10927
10928
10929
10930
10931
10932
10933
10934
10935
10936
10937
10938
10939
10940
10941
10942
10943
10944
10945
10946
10947
10948
10949
10950
10951
10952
10953
10954
10955
10956
10957
10958
10959
10960
10961
10962
10963
10964
10965
10966
10967
10968
10969
10970
10971
10972
10973
10974
10975
10976
10977
10978
10979
10980
10981
10982
10983
10984
10985
10986
10987
10988
10989
10990
10991
10992
10993
10994
10995
10996
10997
10998
10999
11000
11001
11002
11003
11004
11005
11006
11007
11008
11009
11010
11011
11012
11013
11014
11015
11016
11017
11018
11019
11020
11021
11022
11023
11024
11025
11026
11027
11028
11029
11030
11031
11032
11033
11034
11035
11036
11037
11038
11039
11040
11041
11042
11043
11044
11045
11046
11047
11048
11049
11050
11051
11052
11053
11054
11055
11056
11057
11058
11059
11060
11061
11062
11063
11064
11065
11066
11067
11068
11069
11070
11071
11072
11073
11074
11075
11076
11077
11078
11079
11080
11081
11082
11083
11084
11085
11086
11087
11088
11089
11090
11091
11092
11093
11094
11095
11096
11097
11098
11099
11100
11101
11102
11103
11104
11105
11106
11107
11108
11109
11110
11111
11112
11113
11114
11115
11116
11117
11118
11119
11120
11121
11122
11123
11124
11125
11126
11127
11128
11129
11130
11131
11132
11133
11134
11135
11136
11137
11138
11139
11140
11141
11142
11143
11144
11145
11146
11147
11148
11149
11150
11151
11152
11153
11154
11155
11156
11157
11158
11159
11160
11161
11162
11163
11164
11165
11166
11167
11168
11169
11170
11171
11172
11173
11174
11175
11176
11177
11178
11179
11180
11181
11182
11183
11184
11185
11186
11187
11188
11189
11190
11191
11192
11193
11194
11195
11196
11197
11198
11199
11200
11201
11202
11203
11204
11205
11206
11207
11208
11209
11210
11211
11212
11213
11214
11215
11216
11217
11218
11219
11220
11221
11222
11223
11224
11225
11226
11227
11228
11229
11230
11231
11232
11233
11234
11235
11236
11237
11238
11239
11240
11241
11242
11243
11244
11245
11246
11247
11248
11249
11250
11251
11252
11253
11254
11255
11256
11257
11258
11259
11260
11261
11262
11263
11264
11265
11266
11267
11268
11269
11270
11271
11272
11273
11274
11275
11276
11277
11278
11279
11280
11281
11282
11283
11284
11285
11286
11287
11288
11289
11290
11291
11292
11293
11294
11295
11296
11297
11298
11299
11300
11301
11302
11303
11304
11305
11306
11307
11308
11309
11310
11311
11312
11313
11314
11315
11316
11317
11318
11319
11320
11321
11322
11323
11324
11325
11326
11327
11328
11329
11330
11331
11332
11333
11334
11335
11336
11337
11338
11339
11340
11341
11342
11343
11344
11345
11346
11347
11348
11349
11350
11351
11352
11353
11354
11355
11356
11357
11358
11359
11360
11361
11362
11363
11364
11365
11366
11367
11368
11369
11370
11371
11372
11373
11374
11375
11376
11377
11378
11379
11380
11381
11382
11383
11384
11385
11386
11387
11388
11389
11390
11391
11392
11393
11394
11395
11396
11397
11398
11399
11400
11401
11402
11403
11404
11405
11406
11407
11408
11409
11410
11411
11412
11413
11414
11415
11416
11417
11418
11419
11420
11421
11422
11423
11424
11425
11426
11427
11428
11429
11430
11431
11432
11433
11434
11435
11436
11437
11438
11439
11440
11441
11442
11443
11444
11445
11446
11447
11448
11449
11450
11451
11452
11453
11454
11455
11456
11457
11458
11459
11460
11461
11462
11463
11464
11465
11466
11467
11468
11469
11470
11471
11472
11473
11474
11475
11476
11477
11478
11479
11480
11481
11482
11483
11484
11485
11486
11487
11488
11489
11490
11491
11492
11493
11494
11495
11496
11497
11498
11499
11500
11501
11502
11503
11504
11505
11506
11507
11508
11509
11510
11511
11512
11513
11514
11515
11516
11517
11518
11519
11520
11521
11522
11523
11524
11525
11526
11527
11528
11529
11530
11531
11532
11533
11534
11535
11536
11537
11538
11539
11540
11541
11542
11543
11544
11545
11546
11547
11548
11549
11550
11551
11552
11553
11554
11555
11556
11557
11558
11559
11560
11561
11562
11563
11564
11565
11566
11567
CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version  ...)
	- glibc 2.3.5-3
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=661
CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for context-de ...)
	NOT-FOR-US: Generic protocol issue
CVE-2005-4899
	RESERVED
CVE-2005-4898
	RESERVED
CVE-2005-4897
	RESERVED
CVE-2005-4896
	RESERVED
CVE-2005-XXXX [more related to CVE-2005-4890]
	- shadow <unfixed> (unimportant; bug #628843)
	NOTE: only affects the su executable, so if you use sudo you're not affected
CVE-2005-4895 (Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools bef ...)
	- google-perftools 0.7-1
CVE-2005-4894
	RESERVED
CVE-2005-4893
	RESERVED
CVE-2005-4892
	RESERVED
CVE-2005-4891 (Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL inje ...)
	NOT-FOR-US: Simple Machine Forum (SMF)
CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo  ...)
	- shadow 1:4.1.5-1 (low; bug #628843)
	[squeeze] - shadow <no-dsa> (Minor issue)
	[lenny] - shadow <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008
	- sudo 1.7.4p4 (low; bug #657784)
	NOTE: sudo might be fixed earlier, use_pty present in stable
CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of  ...)
	- rpm 4.7.0-1 (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows r ...)
	NOT-FOR-US: Novell NetWare
CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5  ...)
	NOT-FOR-US: Novell NetWare
CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...)
	- linux-2.6 2.6.12-1
	- linux-2.6.24 <not-affected> (fixed before 2.6.24)
CVE-2005-4885 (Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Contro ...)
	NOT-FOR-US: Sun StorEdge 6130
CVE-2005-4884 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database Server
CVE-2005-4883 (Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote at ...)
	NOT-FOR-US: Tftpd32
CVE-2005-4882 (tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse Sim ...)
	NOT-FOR-US: Tftpd32
CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2. ...)
	- linux-2.6 2.6.13-1 (low)
	- linux-2.6.24 <not-affected> (fixed prior to first upload of 2.6.24)
CVE-2005-4880 (Jax Guestbook 3.1 and 3.31 stores sensitive information under the web  ...)
	NOT-FOR-US: Jax Guestbook
CVE-2005-4879 (Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.p ...)
	NOT-FOR-US: Jax Guestbook
CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_ma ...)
	- acidbase 1.2.1-1
CVE-2005-4877 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2005-4876 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive in ...)
	- typo3-src 4.0.2-1
CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE met ...)
	- iceweasel <not-affected> (old version and CVE)
CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for CU ...)
	- cups 1.1.23-10sarge1
	- cupsys 1.1.23-10sarge1
CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2 does not  ...)
	- pcre3 6.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 in ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4870 (Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclo ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4869 (The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local u ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4868 (Shared memory sections and events in IBM DB2 8.1 have default permissi ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4867 (Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4866 (Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allow ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4865 (Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remo ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4864 (Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4863 (Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows lo ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user passw ...)
	NOT-FOR-US: Xwiki
CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows re ...)
	NOT-FOR-US: Ragnarok
CVE-2005-4860 (Spectrum Cash Receipting System before 6.504 uses weak cryptography (s ...)
	NOT-FOR-US: Spectrum Cash Receipting System
CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information unde ...)
	NOT-FOR-US: mimicboard2
CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in m ...)
	NOT-FOR-US: mimicboard2
CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3 ...)
	- ezpublish <removed>
CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5,  ...)
	- ezpublish <removed>
CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's rea ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 befor ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through 3. ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissio ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and crea ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password att ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://issues.apache.org/jira/browse/DERBY-530
	NOTE: http://issues.apache.org/jira/browse/DERBY-559
CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion B ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack  ...)
	NOT-FOR-US: Spey
CVE-2005-4846 (Format string vulnerability in Logger.cc for Spey 0.3.3 allows attacke ...)
	NOT-FOR-US: Spey
CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and  ...)
	NOT-FOR-US: Sun Java on Microsoft Windows
CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to cause a den ...)
	NOT-FOR-US: Microsoft
CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause a deni ...)
	NOT-FOR-US: Microsoft
CVE-2005-4842 (The System Monitor Source Properties control allows remote attackers t ...)
	NOT-FOR-US: Microsoft
CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to cause a de ...)
	NOT-FOR-US: Microsoft
CVE-2005-4840 (The Outlook Express Address Book control, when using Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and Algorithm. ...)
	NOT-FOR-US: PureTLS
CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the example web ...)
	- tomcat5.5 5.5.15-1 (low)
CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3 ...)
	- net-snmp 5.2.2-1 (medium)
CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not ...)
	[sarge] - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only)
CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample co ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2005-4834 (IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4833 (IBM WebSphere Application Server (WAS) 6.0 before 20050201, when servi ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows r ...)
	NOT-FOR-US: Oracle Database Server
CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Ty ...)
	- viewvc 0.9.4+svn20060318-1 (low)
CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...)
	- viewvc 0.9.4+svn20060318-1 (low)
	NOTE: referring to http://www.securityfocus.com/archive/1/461427/100/0/threaded this
	NOTE: has been fixed in cvs for 0.9.3
CVE-2005-4829 (VirtueMart before 1.0.1 does not properly handle errors when a user is ...)
	NOT-FOR-US: VirtueMart
CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large ema ...)
	- kolabd <not-affected> (Only vulnerable in 2.0-2.1; not packaged Debian)
CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature  ...)
	NOT-FOR-US: Cisco
CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allow ...)
	NOT-FOR-US: Cisco
CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in Sitefram ...)
	NOT-FOR-US: siteframe
CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-e ...)
	NOT-FOR-US: HP
CVE-2005-4822 (SQL injection vulnerability in projects/project-edit.asp in Digger Sol ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2005-4821 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 a ...)
	NOT-FOR-US: Land Down Under
CVE-2005-4820 (SMC Wireless Router model SMC7904WBRA allows remote attackers to cause ...)
	NOT-FOR-US: SMC
CVE-2005-4819 (Cross-site scripting (XSS) vulnerability in Lotus Domino versions befo ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-4818 (Multiple SQL injection vulnerabilities in Copernicus Europa allow remo ...)
	NOT-FOR-US: Copernicus Europa
CVE-2005-4817 (Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) be ...)
	- tmsnc 0.2.5-1
CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...)
	{DSA-1245-1}
	- proftpd-dfsg 1.2.10+1.3.0rc5-1 (bug #404751; medium)
CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4. ...)
	NOT-FOR-US: SAP
CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...)
	NOT-FOR-US: Segue CMS
CVE-2005-4813 (Unspecified vulnerability in Report Application Server (Crystalras.exe ...)
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...)
	NOT-FOR-US: SISCO OSI stack for Windows
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
	{DSA-1304}
	- linux-2.6 2.6.14
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla a ...)
	- mozilla <removed> (low)
	- firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
	- xulrunner <not-affected>
	[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a backport)
CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) a ...)
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c in th ...)
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earl ...)
	NOT-FOR-US: MySQL Eventum
CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1 ...)
	NOT-FOR-US: MySQL Eventum
CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ad ...)
	NOT-FOR-US: OpenBook
CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS a ...)
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass authenti ...)
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the password  ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature in Kaya ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResp ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web Proxy Serv ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 Stan ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server Platfo ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll C ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2005-1754
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1753
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows remote a ...)
	- gforge 3.1-30
	NOTE: viewFile.php disabled in 3.1-30
CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files  ...)
	{DSA-857-1}
	- graphviz 2.2.1-1sarge1 (bug #336985; low)
CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...)
	{DSA-1216}
	- flexbackup 1.2.1-3 (bug #334350; low)
CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Anot ...)
	NOT-FOR-US: YaPIG
CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP Image Ga ...)
	NOT-FOR-US: YaPIG
CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP ...)
	NOT-FOR-US: YaPIG
CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 <not-affected>
CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd)  ...)
	NOT-FOR-US: Solaris
CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in Solari ...)
	- xview <not-affected> (xview on Solaris)
	NOTE: Is only relevant for suid binaries, but xview is not really suitable for
	NOTE: those anyway. Exact information is not available, but a similar problem
	NOTE: is already fixed in the Debian package.
CVE-2005-4795 (Unspecified vulnerability in the multi-language environment library (l ...)
	NOT-FOR-US: Solaris
CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and  ...)
	NOT-FOR-US: Cisco
CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in Hi ...)
	NOT-FOR-US: Hitachi
CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State Universi ...)
	NOT-FOR-US: phpWebSite
CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 caus ...)
	{DTSA-107-1}
	- beagle 0.2.13-1 (low)
	[etch] - beagle <no-dsa> (Minor issue)
	- banshee 0.11.2+dfsg-1 (low)
	- liferea 1.4.9-1 (low; bug #451548)
	[etch] - liferea <no-dsa> (Minor issue)
	- blam 1.8.4-1 (low)
	[etch] - blam <no-dsa> (Minor issue)
	NOTE: lintian bug filed: #451559
CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 1 ...)
	- tomboy 0.8.1-2 (low)
	[etch] - tomboy <no-dsa> (Minor issue)
CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, do ...)
	- resmgr <not-affected>
CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, al ...)
	- resmgr <not-affected>
CVE-2005-4787
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll 5.8 ...)
	NOT-FOR-US: HAURI anti-virus
CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earli ...)
	NOT-FOR-US: QuickBlogger
CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in  ...)
	NOTE: this does not affect linux
CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not chec ...)
	NOT-FOR-US: NetBSD
CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is c ...)
	NOT-FOR-US: NetBSD
CVE-2005-4781 (Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 ...)
	NOT-FOR-US: SergiD Top Music module
CVE-2005-4780
	NOT-FOR-US: LightHouse CMS
CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with ...)
	NOT-FOR-US: NetBSD
CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspeci ...)
	- powersave 0.12.7-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=119628&x=18&y=11&=Find
CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP pa ...)
	NOT-FOR-US: Tashcom ASPEdit
CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...)
	NOT-FOR-US: NetBSD
CVE-2005-4775 (Michael Scholz and Sebastian Stein Contineo 2.0, when the admin accoun ...)
	NOT-FOR-US: Contineo
CVE-2005-4774 (Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote  ...)
	NOT-FOR-US: Xerver
CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x al ...)
	NOT-FOR-US: VMware
CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 200510 ...)
	NOT-FOR-US: YaST
CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Sui ...)
	NOT-FOR-US: Trusted Mobility Agent
CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated Enterprise S ...)
	NOT-FOR-US: Accelerated E Solutions
CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry vCard  ...)
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-4768 (SQL injection vulnerability in manage_account.php in Tux Racer TuxBank ...)
	NOT-FOR-US: Tux Racer TuxBank
CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4765 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 S ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4764 (BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out th ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4763 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4762 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4761 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4760 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4759 (BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migrati ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4758 (Unspecified vulnerability in the Administration server in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4757 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4756 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4755 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) store ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4754 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow rem ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4753 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4752 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4751 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Se ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4750 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4749 (HTTP request smuggling vulnerability in BEA WebLogic Server and WebLog ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4748 (PHP remote file include vulnerability in functions_admin.php in Virtua ...)
	NOT-FOR-US: Virtual War
CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Hel ...)
	NOT-FOR-US: WebHost Automation Ltd Helm
CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote a ...)
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...)
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRA ...)
	{DSA-1089-1}
	- freeradius 1.0.5-1
CVE-2005-4743 (Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp P ...)
	NOT-FOR-US: NeLogic Nephp Publisher
CVE-2005-4742 (Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploi ...)
	NOT-FOR-US: Echelog
CVE-2005-4741 (NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 ...)
	NOT-FOR-US: NetBSD
CVE-2005-4740 (IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4739 (IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s0508 ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4738 (IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4737 (IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows r ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4736 (IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote aut ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4735 (IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote aut ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication ...)
	NOT-FOR-US: RSA Authentication Agent for Web
CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow lo ...)
	NOT-FOR-US: NetBSD
CVE-2005-4732 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tu ...)
	NOT-FOR-US: TuxBank
CVE-2005-XXXX [xsupplicant information leak]
	- xsupplicant 1.0.1-5 (bug #317703; low)
CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the S ...)
	NOT-FOR-US: PEAR HTML_QuickForm_Controller
CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...)
	NOT-FOR-US: PEAR Text_Password
CVE-2005-4729 (SQL injection vulnerability in show.php in VBZooM Forum allows remote  ...)
	NOT-FOR-US: VBZooM
CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian G ...)
	- amaya 9.4-1 (bug #341424)
	[sarge] - amaya <not-affected> (The Sarge version doesn't have an rpath set)
CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before  ...)
	NOT-FOR-US: gBook
CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows remot ...)
	NOT-FOR-US: MUTE
CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ac ...)
	NOT-FOR-US: Geeklog
CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows rem ...)
	NOT-FOR-US: PhpTagCool
CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allo ...)
	NOT-FOR-US: D-Link hardware
CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ob ...)
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...)
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to  ...)
	{DSA-1044-1}
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- firefox 1.5.dfsg-1
CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6  ...)
	NOT-FOR-US: Sysbotz Systems Panel
CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Opera
CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 S ...)
	NOT-FOR-US: Microsoft
CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote  ...)
	NOT-FOR-US: Hitachi TP1
CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...)
	NOT-FOR-US: OpenVMPS
CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6 ...)
	- pam-mysql 0.6.2-1 (bug #353589; low)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper  ...)
	NOT-FOR-US: Handicapper
CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allo ...)
	NOT-FOR-US: Land Down Under
CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products an ...)
	NOT-FOR-US: AutoCAD
CVE-2005-4709 (The popSubjectContext method in the SecurityAssociation class in JBoss ...)
	NOT-FOR-US: JBoss Enterprise Java Beans
CVE-2005-4708 (Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute ...)
	NOT-FOR-US: Adobe Macromedia MX products (Captivate, Contribute and eLicensing client)
CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before  ...)
	NOT-FOR-US: PHP GEN
CVE-2005-4706 (Unspecified vulnerability in the "privilege management" feature of Sun ...)
	NOT-FOR-US: Solaris 10
CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers  ...)
	NOT-FOR-US: Windows Tomcat vulnerability
CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in IP ...)
	NOT-FOR-US: IPBProArcade
CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun Solar ...)
	NOT-FOR-US: Solaris 10
CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) o ...)
	NOT-FOR-US: TellMe
CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows remo ...)
	NOT-FOR-US: TellMe
CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier all ...)
	NOT-FOR-US: TellMe
CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local u ...)
	NOT-FOR-US: Microsoft
CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP key ...)
	NOT-FOR-US: Microsoft
CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...)
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain B ...)
	NOT-FOR-US: WebGUI
CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to caus ...)
	- gaim-encryption 3.0~beta5-3 (low; bug #337127)
	[sarge] - gaim-encryption <no-dsa> (Minor issue)
CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5 ...)
	NOT-FOR-US: mroovca
CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...)
	NOT-FOR-US: NetBSD
CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation priv ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes i ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail a ...)
	NOT-FOR-US: PunBB
CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's I ...)
	NOT-FOR-US: PunBB
CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.p ...)
	NOT-FOR-US: PunBB
CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when  ...)
	NOTE: see CVE-2005-4684
	- firefox <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- mozilla <removed> (unimportant)
	[sarge] - mozilla <no-dsa> (Hardly exploitable)
	- xulrunner <unfixed> (unimportant)
CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS re ...)
	NOTE: http://www.redhat.com/archives/fedora-extras-commits/2006-August/msg01104.html says "ignore (kdebase) not fixed upstream, low, can't fix"
	- kdebase <unfixed> (unimportant)
	[sarge] - kdebase <no-dsa> (Hardly exploitable)
CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of /etc ...)
	- migrationtools 46-2.1 (bug #338920; unimportant)
	NOTE: The temp fix makes use of TMPDIR
CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView  ...)
	NOT-FOR-US: AudienceView
CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allo ...)
	NOT-FOR-US: mIRC
CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote attack ...)
	NOT-FOR-US: Internet Explorer 6
CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the U ...)
	NOT-FOR-US: Apple
CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the Addition ...)
	NOT-FOR-US: osCommerce
CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null termi ...)
	- exiv2 0.9
CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in Complete PHP C ...)
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete PHP Cou ...)
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on whether  ...)
	NOT-FOR-US: ioFTPD
CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php  ...)
	NOT-FOR-US: CityPost Simple Image-Editor
CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in Ci ...)
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost Au ...)
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin a ...)
	NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin
CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK  ...)
	NOT-FOR-US: ParoxProxy
CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-assisted attacke ...)
	{DSA-1012-1}
	- unzip 5.52-7 (low; bug #349794)
CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1  ...)
	NOT-FOR-US: PHlyMail
CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier al ...)
	NOT-FOR-US: PunBB
CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other version ...)
	NOT-FOR-US: OcoMon
CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly  ...)
	NOT-FOR-US: OcoMon
CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly ea ...)
	NOT-FOR-US: OcoMon
CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail me ...)
	NOT-FOR-US: Campsite
CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow ...)
	NOT-FOR-US: IPCop
CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permission ...)
	NOT-FOR-US: IPCop
CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers ...)
	NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase
CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass au ...)
	NOT-FOR-US: Ocean12
CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earl ...)
	NOT-FOR-US: TClanPortal
CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1. ...)
	NOT-FOR-US: Oracle
CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier a ...)
	NOT-FOR-US: AL-Caricatier
CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote attacker ...)
	NOT-FOR-US: PHlyMail
CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 al ...)
	NOT-FOR-US: AlstraSoft EPay Pro
CVE-2005-4650 (Joomla! 1.03 does not restrict the number of "Search" Mambots, which a ...)
	NOT-FOR-US: Joomla!
CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestb ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earl ...)
	NOT-FOR-US: Illustrate dBpowerAMP Music Converter
CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4  ...)
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4  ...)
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote attacke ...)
	NOT-FOR-US: 3CFR
CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in  ...)
	{DSA-951-2}
	- trac 0.9.3-1
	[sarge] - trac 0.8.1-3sarge4 (medium)
CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS  ...)
	NOT-FOR-US: Antharia OnContent
CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 B ...)
	NOT-FOR-US: HydroBB
CVE-2005-4641 (SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote a ...)
	NOT-FOR-US: eazyCMS
CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll Software 0.4  ...)
	NOT-FOR-US: class-1 Poll
CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/C ...)
	- linux-2.6 2.6.15-1 (low)
CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow remote atta ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ka ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, doe ...)
	- openoffice.org <unfixed> (unimportant)
	NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser.
	NOTE: If the admin doesn't web browsing, why is one installed/enabled?
CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel before ...)
	NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms
CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-4633
	REJECTED
CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ear ...)
	NOT-FOR-US: Vote!Pro
CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier a ...)
	NOT-FOR-US: Zina
CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 allows remo ...)
	NOT-FOR-US: ClientExec
CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to e ...)
	NOT-FOR-US: SMBCMS
CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ear ...)
	NOT-FOR-US: HelpDeskPoint
CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...)
	NOT-FOR-US: GmailSite
CVE-2005-4626 (The default configuration of Recruitment Software installs admin/site. ...)
	NOT-FOR-US: Recruitment Software
CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...)
	NOT-FOR-US: Strange Windows drivers
CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows rem ...)
	NOT-FOR-US: PTnet ircd
CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: eFileGo
CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote attack ...)
	NOT-FOR-US: eFileGo
CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page in vBu ...)
	NOT-FOR-US: vBulletin
CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to execu ...)
	NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
	NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.15-1
CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
	- b2evolution 0.9.1b-4 (bug #344000)
CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...)
	NOT-FOR-US: cSupport
CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows remot ...)
	NOT-FOR-US: iSupport
CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlie ...)
	NOT-FOR-US: DapperDesk
CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier  ...)
	NOT-FOR-US: digiSHOP
CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remo ...)
	NOT-FOR-US: VUBB alpha
CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote  ...)
	NOT-FOR-US: VUBB alpha
CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ea ...)
	NOT-FOR-US: Free ClickBank
CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12,  ...)
	- dopewars <not-affected> (According to upstream Windows-specific)
CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to obta ...)
	NOT-FOR-US: BugPort
CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows remot ...)
	NOT-FOR-US: BugPort
CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...)
	NOT-FOR-US: BugPort
CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz prod ...)
	NOT-FOR-US: Web Wiz
CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions bef ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-1
	- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
	- xshisen 1.51-1-2 (bug #291613)
CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package allows l ...)
	- mtink <not-affected> (mtink not installed SUID root)
CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1. ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4600 (Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Comp ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
	- moodle <not-affected> (has newer version)
	- wordpress 2.5.1-3
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: this was possibly fixed before 2.5.1 in wordpress but since 2.5.1-3 wordpress
	NOTE: uses the system copy of tinymce and the exact fixed version is not
	NOTE: really determinably anymore
CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyM ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestboo ...)
	NOT-FOR-US: OoApp Guestbook
CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei Guestboo ...)
	NOT-FOR-US: iPei Guestbook
CVE-2005-4596 (Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook  ...)
	NOT-FOR-US: AdesGuestbook
CVE-2005-4595 (Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4 ...)
	NOT-FOR-US: NView and XnView, different from nview from nvi
CVE-2005-4594 (Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers  ...)
	NOT-FOR-US: TUGZip
CVE-2005-4593 (PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and ...)
	NOT-FOR-US: phpDocumentor
CVE-2005-4592 (Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows r ...)
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Only some 0.96 CVS versions were affected)
CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94 ...)
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Sarge version doesn't include Unicode)
CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on  ...)
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the re ...)
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4588 (Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote atta ...)
	NOT-FOR-US: Koobi
CVE-2005-4587 (Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote ...)
	NOT-FOR-US: Juniper
CVE-2005-4586 (Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 all ...)
	NOT-FOR-US: PHPSurveyor
CVE-2005-XXXX [snort: DoS in verbose mode]
	- snort 2.3.3-2 (bug #328134; low)
	[woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
	[sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
CVE-2005-4601 (The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers t ...)
	{DSA-957-2}
	- imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
	NOTE: Exploitable through Gnus and Thunderbird.
	- graphicsmagick 1.1.7-1
CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0 ...)
	- ethereal 0.10.14-1 (bug #345243; low)
	NOTE: This affects Woody and Sarge
CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause a den ...)
	- bzflag 2.0.6.20060412-1 (bug #345245; low)
	[sarge] - bzflag <no-dsa> (Minor DoS against a game)
CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX Se ...)
	NOT-FOR-US: VMWare
CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity chec ...)
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: Even an authenticated server might serve unwanted content, so
	NOTE: this can't be considered a real vulnerability.
CVE-2005-4581 (Buffer overflow in Electric Sheep 2.6.3 client allows local users to e ...)
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: This does not seem to be exploitable.
CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4 allows re ...)
	NOT-FOR-US: Day Communique
CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi Business L ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic - Con ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4577 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Busines ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4576 (Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngin ...)
	NOT-FOR-US: Fatwire Update Engine
CVE-2005-4575 (PaperThin CommonSpot Content Server 4.5 and earlier allow remote attac ...)
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4574 (Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin Co ...)
	{DSA-1201-1}
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4573 (PHP remote file include vulnerability in plog-admin-functions.php in P ...)
	NOT-FOR-US: Plogger
CVE-2005-4572 (Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow ...)
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4571 (Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart all ...)
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4570 (The Internet Key Exchange version 1 (IKEv1) implementations in Fortine ...)
	NOT-FOR-US: FortiOS
CVE-2005-4569 (Stack-based buffer overflow in index.fts in FTGate Technology (formerl ...)
	NOT-FOR-US: FTGate
CVE-2005-4568 (Multiple format string vulnerabilities in FTGate Technology (formerly  ...)
	NOT-FOR-US: FTGate
CVE-2005-4567 (Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technolo ...)
	NOT-FOR-US: FTGate
CVE-2005-4566 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) impleme ...)
	NOT-FOR-US: NetVanta
CVE-2005-4565 (Format string vulnerability in the Internet Key Exchange version 1 (IK ...)
	NOT-FOR-US: NetVanta
CVE-2005-4564 (The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN N ...)
	NOT-FOR-US: NetVanta
CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart Enterprise ...)
	NOT-FOR-US: Enterprise Heart Enterprise Connector
CVE-2005-4562
	REJECTED
CVE-2005-4561
	REJECTED
CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in Microsof ...)
	{CVE-2006-0106}
	NOT-FOR-US: Microsoft
CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Ser ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4558 (IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNet ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4557 (dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Serv ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4556 (PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as us ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4555 (Cross-site scripting (XSS) vulnerability in add.php in DEV web managem ...)
	NOT-FOR-US: DEV web management system
CVE-2005-4554 (Multiple SQL injection vulnerabilities in DEV web management system 1. ...)
	NOT-FOR-US: DEV web management system
CVE-2005-4553 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to e ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-4552 (The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 ...)
	NOT-FOR-US: Sun Solaris PC NetLink
CVE-2005-4551 (Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpB ...)
	NOT-FOR-US: codegrrl SimpBook
CVE-2005-4550 (The PORTAL schema in Oracle Application Server (OracleAS) Discussion F ...)
	NOT-FOR-US: Oracle
CVE-2005-4549 (Cross-site scripting (XSS) vulnerability in Oracle Application Server  ...)
	NOT-FOR-US: Oracle
CVE-2005-4548 (SQL injection vulnerability in the "user area" in RWS Statistics Count ...)
	NOT-FOR-US: RWS Statistics Counter
CVE-2005-4547 (Cross-site scripting (XSS) vulnerability in home/search.php in eggblog ...)
	NOT-FOR-US: eggblog
CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the full p ...)
	NOT-FOR-US: eggblog
CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect Sh ...)
	NOT-FOR-US: NetDirect ShopEngine
CVE-2005-4544
	REJECTED
CVE-2005-4543
	REJECTED
CVE-2005-4542
	REJECTED
CVE-2005-4541
	REJECTED
CVE-2005-4540
	REJECTED
CVE-2005-4539
	REJECTED
CVE-2005-4538
	REJECTED
CVE-2005-4537
	REJECTED
CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enable ...)
	{DSA-960-3}
	- libmail-audit-perl 2.1-5.1 (bug #344029; medium)
CVE-2005-4535
	REJECTED
CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and earlie ...)
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system support ...)
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4531
	REJECTED
CVE-2005-4530 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
	NOT-FOR-US: EPay Enterprise
CVE-2005-4529 (The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to  ...)
	NOT-FOR-US: phpBB addon
CVE-2005-4528 (SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB a ...)
	NOT-FOR-US: phpBB addon
CVE-2005-4527 (Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote ...)
	NOT-FOR-US: Direct News
CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 all ...)
	NOT-FOR-US: MIMEsweeper For Web
CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local user ...)
	NOT-FOR-US: Sygate
CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle "Make note private" when a bu ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feed ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the view_filter ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows rem ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4520 (Unspecified "port injection" vulnerabilities in filters in Mantis 1.0. ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page (manage ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 al ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4515
	NOT-FOR-US: WebDB
CVE-2005-4514
	NOT-FOR-US: Webwasher
CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows r ...)
	NOT-FOR-US: WANDSOFT e-SEARCH
CVE-2005-4512 (Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier ...)
	NOT-FOR-US: WAXTRAPP
CVE-2005-4511 (Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows lo ...)
	NOT-FOR-US: TN3270 Resource Gateway
CVE-2005-4510 (Directory traversal vulnerability in server.np in NetPublish Server 7  ...)
	NOT-FOR-US: Netpublish Server
CVE-2005-4509 (SQL injection vulnerability in index.asp in pTools allows remote attac ...)
	NOT-FOR-US: pTools
CVE-2005-4508 (Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to o ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4507 (Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts  ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4506 (Nexus Concepts Dev Hound 2.24 and earlier stores username and password ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan Enterpr ...)
	NOT-FOR-US: McAfee
CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in A ...)
	- kdelibs <not-affected>
	NOTE: Konqueror from sid doesn't crash, will test an older version later
CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote  ...)
	NOT-FOR-US: httprint
CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and possibl ...)
	NOT-FOR-US: httprint
CVE-2005-4501 (MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string" ...)
	- mediawiki 1.4.13-1 (bug #345280)
CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...)
	NOT-FOR-US: MusicBox
CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concent ...)
	NOT-FOR-US: Cisco
CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier a ...)
	NOT-FOR-US: Text-e
CVE-2005-4497 (Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and ...)
	NOT-FOR-US: Tangora Portal
CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1  ...)
	NOT-FOR-US: Syntax CMS
CVE-2005-4495
	NOT-FOR-US: SpireMedia
CVE-2005-4494 (Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier all ...)
	- spip 2.0.6-1 (medium; bug #352078)
CVE-2005-4493 (Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier a ...)
	NOT-FOR-US: SpearTek
CVE-2005-4492 (Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18  ...)
	NOT-FOR-US: Starphire SiteSage
CVE-2005-4491 (Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 ...)
	NOT-FOR-US: Sitekit CMS
CVE-2005-4490 (Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and  ...)
	NOT-FOR-US: SCOOP!
CVE-2005-4489 (Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier  ...)
	NOT-FOR-US: Scoop
CVE-2005-4488 (Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Re ...)
	NOT-FOR-US: Redakto WCMS
CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and ea ...)
	NOT-FOR-US: RAMSite
CVE-2005-4486
	NOT-FOR-US: Quantum Art
CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3  ...)
	NOT-FOR-US: ProjectApp
CVE-2005-4484 (Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 ...)
	NOT-FOR-US: IntranetApp
CVE-2005-4483 (Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3. ...)
	NOT-FOR-US: SiteEnable
CVE-2005-4482 (Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 ...)
	NOT-FOR-US: PortalApp
CVE-2005-4481
	NOT-FOR-US: Polypoly
CVE-2005-4480 (Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlie ...)
	NOT-FOR-US: Plexcor CMS
CVE-2005-4479 (SQL injection vulnerability in article.php in phpSlash 0.8.1 and earli ...)
	NOT-FOR-US: phpSlash
CVE-2005-4478 (Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allo ...)
	NOT-FOR-US: Papoo
CVE-2005-4477 (Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earli ...)
	NOT-FOR-US: papaya CMS
CVE-2005-4476 (Cross-site scripting (XSS) vulnerability in store/search/results.html  ...)
	NOT-FOR-US: OpenEdit
CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier  ...)
	NOT-FOR-US: OpenCms
CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.1 ...)
	{DSA-1208-1}
	- bugzilla 2.18 (bug #329387; low)
	NOTE: The vulnerable script has been removed in the 2.18 upstream release
CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran]
	- libjpeg6b 6b-11 (bug #340079; low)
	[woody] - libjpeg6b <not-affected> (Does not include exifautotran)
	[sarge] - libjpeg6b <no-dsa> (Creates tempfile in cwd, only very far-fetched attack vectors applicable)
CVE-2005-4474 (Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows  ...)
	NOT-FOR-US: WinRAR
CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...)
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS)  ...)
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2 ...)
	NOT-FOR-US: Avaya Modular Messaging Message Storage Server
CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in  ...)
	{DSA-1039-1 DTSA-29-1}
	- blender 2.40-1 (bug #344398; medium)
	[woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only)
CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView 3. ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in PHPGedV ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in PHPGedView  ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll i ...)
	NOT-FOR-US: SIP Proxy
CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIV ...)
	NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote  ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive inf ...)
	- wordpress 1.5.2-1 (unimportant)
	NOTE: Only path disclosure
CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP web ...)
	NOT-FOR-US: Tolva PHP website system
CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ea ...)
	NOT-FOR-US: Beehive Forum
CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ea ...)
	NOT-FOR-US: Beehive Forum
CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe  ...)
	NOT-FOR-US: VMWare
CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly  ...)
	NOT-FOR-US: Metadot Portal Server
CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote attacker ...)
	NOT-FOR-US: MailEnable
CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and Enterpri ...)
	NOT-FOR-US: MailEnable
CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote ...)
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJour ...)
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote aut ...)
	NOT-FOR-US: Ultraapps Issue Manager
CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under t ...)
	NOT-FOR-US: Information Call Center
CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 all ...)
	NOT-FOR-US: HP-UX
CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 al ...)
	NOTE: According to the description possibly a dupe of the non-issue CVE-2005-4349
CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated administrator ...)
	NOT-FOR-US: FlatNuke
CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an MD5 che ...)
	NOT-FOR-US: FlatNuke
CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in phpCOIN  ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x a ...)
	NOT-FOR-US: ASPBite
CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow ...)
	NOT-FOR-US: Pegasus Mail
CVE-2005-4444 (Stack-based buffer overflow in the trace message functionality in Pega ...)
	NOT-FOR-US: Pegasus Mail
CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gento ...)
	- gauche <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Ge ...)
	- openldap2 <not-affected> (Gentoo-specific packaging flaw)
	- openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network segmentat ...)
	NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass network seg ...)
	NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to c ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; high)
CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in  ...)
	NOT-FOR-US: Dec2Rar
CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing Proto ...)
	NOT-FOR-US: IOS
CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented ...)
	NOT-FOR-US: IOS
CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man ...)
	NOT-FOR-US: AbleDesign D-Man
CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x al ...)
	NOT-FOR-US: AbleDesign ReSearch
CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in Esselbach St ...)
	NOT-FOR-US: Esselbach Storyteller CMS
CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 a ...)
	NOT-FOR-US: PlaySMS
CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote attackers to e ...)
	NOT-FOR-US: WowBB
CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...)
	NOT-FOR-US: LogicBill
CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers t ...)
	NOT-FOR-US: CS-Cart
CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus Help ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4427 (Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remo ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4426 (Interpretation conflict in YaBB before 2.1 allows remote authenticated ...)
	NOT-FOR-US: YaBB
CVE-2005-4425 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allo ...)
	NOT-FOR-US: Kerio Firewall
CVE-2005-4424 (Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might ...)
	NOT-FOR-US: PHPKIT
CVE-2005-4423 (Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows re ...)
	NOT-FOR-US: PHPFM
CVE-2005-4422 (Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stabl ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory outside ...)
	NOT-FOR-US: Dev-Editor
CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterpri ...)
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honey ...)
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1 ...)
	NOT-FOR-US: Widcomm Bluetooth for Windows
CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows remote  ...)
	NOT-FOR-US: TML CMS
CVE-2005-4415 (Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 a ...)
	NOT-FOR-US: TML CMS
CVE-2005-4414 (Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown i ...)
	NOT-FOR-US: Teamwork 3
CVE-2005-4413 (Multiple cross-site scripting (XSS) vulnerabilities in sample scripts  ...)
	NOT-FOR-US: Websphere
CVE-2005-4412 (Citrix Program Neighborhood client before 9.150 caches the user passwo ...)
	NOT-FOR-US: Citrix
CVE-2005-4411 (Buffer overflow in Mercury Mail Transport System 4.01b allows remote a ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2005-4410 (Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote  ...)
	NOT-FOR-US: NQcontent
CVE-2005-4409 (Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier a ...)
	NOT-FOR-US: MMBase
CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earli ...)
	NOT-FOR-US: Miraserver
CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4 ...)
	NOT-FOR-US: Mercury CMS
CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlie ...)
	NOT-FOR-US: Mercury CMS
CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Red Queen
CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x all ...)
	NOT-FOR-US: Media2 CMS
CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier all ...)
	NOT-FOR-US: Marwel
CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and Enter ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier a ...)
	NOT-FOR-US: Lutece
CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Li ...)
	NOT-FOR-US: Liferay Portal Professional
CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in Libert ...)
	NOT-FOR-US: Libertas Enterprise CMS
CVE-2005-4398
	NOT-FOR-US: lemoon
CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote attack ...)
	NOT-FOR-US: iCMS
CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS  ...)
	NOT-FOR-US: iCMS
CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier all ...)
	NOT-FOR-US: FarCry
CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier all ...)
	NOT-FOR-US: EPiX
CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS  ...)
	NOT-FOR-US: e-publish CMS
CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2 ...)
	NOT-FOR-US: e-publish CMS
CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote attac ...)
	NOT-FOR-US: damoon
CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and earlie ...)
	NOT-FOR-US: ContentServ
CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtai ...)
	NOT-FOR-US: CONTENS
CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0  ...)
	NOT-FOR-US: CONTENS
CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...)
	NOT-FOR-US: contenite
CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlie ...)
	NOT-FOR-US: Colony CMS
CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC ...)
	NOT-FOR-US: Cofax
CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain th ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Comm ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x allow ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...)
	NOT-FOR-US: Caravel CMS
CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...)
	NOT-FOR-US: Bitweaver
CVE-2005-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 a ...)
	NOT-FOR-US: Bitweaver
CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earli ...)
	NOT-FOR-US: Baseline CMS
CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1 ...)
	NOT-FOR-US: Baseline CMS
CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows remot ...)
	NOT-FOR-US: Amaxus
CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allow ...)
	NOT-FOR-US: Amaxus
CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 a ...)
	NOT-FOR-US: Allinta
CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote attack ...)
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive W ...)
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...)
	NOT-FOR-US: Acidcat
CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and  ...)
	NOT-FOR-US: Acidcat
CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows re ...)
	NOT-FOR-US: Acuity CMS
CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ($rcmail_co ...)
	- roundcube <not-affected> (Quotes are stripped now and if the task can't be found there is a default of mail)
CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in DRZ ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote a ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...)
	NOT-FOR-US: FLIP
CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana We ...)
	NOT-FOR-US: Hot Banana Web Content Management Suite
CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in Komod ...)
	NOT-FOR-US: Komodo CMS
CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remot ...)
	NOT-FOR-US: Komodo CMS
CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia Co ...)
	NOT-FOR-US: Magnolia Content Management Suite
CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on ...)
	NOT-FOR-US: IIS
CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 al ...)
	NOT-FOR-US: ODFaq
CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ob ...)
	- phpbb2 <unfixed> (unimportant)
CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowe ...)
	- phpbb2 2.0.21-1 (bug #344674; low)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to execu ...)
	NOT-FOR-US: UStore
CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow re ...)
	NOT-FOR-US: UStore
CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimp ...)
	NOT-FOR-US: Webglimpse
CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when co ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2 ...)
	- linux-2.6 2.6.18-3
CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up ...)
	- linux-2.6 2.6.18-3
CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 an ...)
	NOT-FOR-US: WBEM Services
CVE-2005-4349 [SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7....]
	- phpmyadmin 4:3.2.0-1 (unimportant)
	NOTE: A big commit that included a lot of fixes/versions
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/644366eaf1bd10dd087bfc8c46ed98a337c04ab4#diff-4cb9ef0ba2c5556cd595ceb5dd85fd33R2070
	NOTE: Only for authenticated used, will possibly be rejected
CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidr ...)
	{DSA-939-1}
	- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5. ...)
	{DSA-1011-1}
	- util-vserver 0.30.208-1
CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and  ...)
	{DSA-1011-1}
	- util-vserver 0.30.208-1 (bug #329090; medium)
	- kernel-patch-vserver 2.3 (bug #329087; medium)
	NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability
CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier a ...)
	NOT-FOR-US: phpBB Blog
CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password has ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the  ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6 ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite 6.3. ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4340
	REJECTED
CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and Co ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in  ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in A ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ear ...)
	NOT-FOR-US: ProjectForum
CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a deni ...)
	NOT-FOR-US: ProjectForum
CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers t ...)
	NOT-FOR-US: ZixForum
CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board Sy ...)
	NOT-FOR-US: Binary Board System
CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allow ...)
	NOT-FOR-US: Secure Smart Manager
CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant Versio ...)
	NOT-FOR-US: iHTML Merchant
CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall all ...)
	NOT-FOR-US: iHTML Merchant
CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extr ...)
	NOT-FOR-US: paFileDB
CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimp ...)
	NOT-FOR-US: WebGlimpse
CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt W ...)
	NOT-FOR-US: Michael Arndt WebCal
CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute Netwo ...)
	NOT-FOR-US: APC hardware issue
CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have unk ...)
	NOT-FOR-US: Driverse
CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07 ...)
	NOT-FOR-US: Hitachi Groupmax Mail SMTP
CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 0 ...)
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosmine ...)
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani Ne ...)
	NOT-FOR-US: Apani Networks EpiForce
CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the in ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 a ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earl ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not pro ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers t ...)
	NOT-FOR-US: HP-UX
CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART  ...)
	NOT-FOR-US: Plexum PLEXCART
CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shoppin ...)
	NOT-FOR-US: PPCal Shopping Cart
CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond Personal ...)
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond Classifi ...)
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier,  ...)
	NOT-FOR-US: DCForum
CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authen ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows rem ...)
	NOT-FOR-US: ezUpload Pro
CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to i ...)
	NOT-FOR-US: ezUpload Pro
CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...)
	NOT-FOR-US: ScareCrow
CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...)
	NOT-FOR-US: SiteNet BBS
CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1,  ...)
	- trac 0.9.3-1 (bug #344006)
	[sarge] - trac <unfixed> (medium)
	NOTE: upstream bts at http://trac.edgewall.org/ticket/2473 claims this is
	NOTE: fixed in http://trac.edgewall.org/changeset/2724 but it's a fairly
	NOTE: invasive set of patches to backport. basically most instances
	NOTE: of input being escape()'d are no longer done so, and instead a
	NOTE: Markup() function replaces them, and special checks are done
	NOTE: on rendered HTML output to prevent XSS code from being displayed.
CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to o ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earl ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earl ...)
	NOT-FOR-US: pgpXplorer
CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in libre ...)
	NOT-FOR-US: libremail
CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...)
	NOT-FOR-US: Atlant Pro
CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.0 ...)
	NOT-FOR-US: AtlantForum
CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier a ...)
	NOT-FOR-US: bbBoard
CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: AppServ Open Project
CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE  ...)
	NOT-FOR-US: Absolute Image Gallery XE
CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0 ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...)
	NOT-FOR-US: ClickCartPro
CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlie ...)
	NOT-FOR-US: CommerceSQL
CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Online ...)
	NOT-FOR-US: ECTOOLS Onlineshop
CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...)
	NOT-FOR-US: ECW-Cart
CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...)
	NOT-FOR-US: eDatCat
CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E- ...)
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows  ...)
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote atta ...)
	NOT-FOR-US: PhpLogCon
CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copit ...)
	NOT-FOR-US: Dick Copits PDEstore
CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine  ...)
	NOT-FOR-US: StaticStore Search Engine
CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earl ...)
	NOT-FOR-US: The CITY Shop
CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and e ...)
	NOT-FOR-US: Zaygo DomainCart
CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and  ...)
	NOT-FOR-US: Zaygo HostingCart
CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...)
	- cmake <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on  ...)
	- qt-x11-free <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo  ...)
	- perl <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS bef ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Westell Versalink
CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to caus ...)
	NOT-FOR-US: Scientific Atlanta DPX2100 Cable Modem
CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x all ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) getComman ...)
	NOT-FOR-US: AIX
CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote at ...)
	NOT-FOR-US: AIX
CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...)
	NOT-FOR-US: AIX
CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows rem ...)
	NOT-FOR-US: Watchfire AppScan
CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...)
	- cpio 2.6-10 (bug #344134; medium)
	[sarge] - cpio <unfixed> (medium)
	[woody] - cpio <unfixed> (medium)
CVE-2005-4267 (Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote at ...)
	NOT-FOR-US: Qualcomm WorldMail
CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
	NOTE: not reproducible
	- rageircd <not-affected> (bug #343543; medium)
CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Sessio ...)
	NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4265
	REJECTED
CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support Tic ...)
	NOT-FOR-US: PHP Support Tickets
CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows re ...)
	NOT-FOR-US: Envolution
CVE-2005-4262 (Cross-site scripting (XSS) vulnerability in the News module in Envolut ...)
	NOT-FOR-US: Envolution
CVE-2005-4261 (Unspecified vulnerability in Positive Software Corporation CP+ (cpplus ...)
	NOT-FOR-US: CP+
CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and l ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attac ...)
	NOT-FOR-US: ASPBB
CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a  ...)
	NOT-FOR-US: Cisco
CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Linksys hardware
CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Fo ...)
	NOT-FOR-US: ASP-DEV XM Forum
CVE-2005-4255 (Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1. ...)
	NOT-FOR-US: WikkaWiki
CVE-2005-4254 (SQL injection vulnerability in view_Results.php in DreamLevels DreamPo ...)
	NOT-FOR-US: DreamLevels DreamPoll
CVE-2005-4253 (Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1 ...)
	NOT-FOR-US: Torrential
CVE-2005-4252 (Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earl ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4251 (Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlie ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4250 (Directory traversal vulnerability in mcGallery PRO 2.2 and earlier all ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4249 (ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext  ...)
	NOT-FOR-US: ADP Forum
CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 ...)
	NOT-FOR-US: QuickPayPro
CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta  ...)
	NOT-FOR-US: Plogger
CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows remot ...)
	NOT-FOR-US: Plogger
CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe Galler ...)
	NOT-FOR-US: Snipe Gallery
CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows  ...)
	NOT-FOR-US: Snipe Gallery
CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote ...)
	NOT-FOR-US: QuickPayPro
CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in VCD-d ...)
	NOT-FOR-US: VCD-db
CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and earlier a ...)
	NOT-FOR-US: VCD-db
CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php  ...)
	NOT-FOR-US: PHP JackKnife
CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in M ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earl ...)
	NOT-FOR-US: MySQL Auction
CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allow ...)
	NOT-FOR-US: CKGOLD
CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCo ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and  ...)
	NOT-FOR-US: EncapsGallery
CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad Manager  ...)
	NOT-FOR-US: Ad Manager Pro
CVE-2005-4232
	NOT-FOR-US: Jamit Job Board
CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earli ...)
	NOT-FOR-US: Link Up Gold
CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlie ...)
	NOT-FOR-US: Link Up Gold
CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...)
	NOT-FOR-US: EveryAuction
CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earl ...)
	NOT-FOR-US: PhpWebGallery
CVE-2005-4227 (Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-4226 (Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 ...)
	NOT-FOR-US: pgpWebThings
CVE-2005-4225 (Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3  ...)
	NOT-FOR-US: myBloggie
CVE-2005-4224 (Multiple "potential" SQL injection vulnerabilities in e107 0.7 might a ...)
	NOT-FOR-US: e107
CVE-2005-4223 (Multiple "potential" SQL injection vulnerabilities in Utopia News Pro  ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi i ...)
	NOT-FOR-US: Lars Ellingsen Guestserver
CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...)
	NOT-FOR-US: Arab Portal System
CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote  ...)
	NOT-FOR-US: Netgear hardware issue
CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains user ...)
	NOT-FOR-US: Innovative CMS
CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows re ...)
	NOT-FOR-US: PHPWebThings
CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...)
	- perl <not-affected> (MacOS specific vulnerability)
CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Se ...)
	NOT-FOR-US: Macromedia Flash Media Server
CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...)
	NOT-FOR-US: Motorola hardware
CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers to obtain the installation path  ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote  ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1 ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in php ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor (I ...)
	NOT-FOR-US: Opera
CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to  ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote atta ...)
	NOT-FOR-US: Flatnuke
CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script allow ...)
	NOT-FOR-US: BTGrup Admin WebController Script
CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic Suite 6.3. ...)
	NOT-FOR-US: Blackboard Learning and Community Port Systems
CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...)
	NOT-FOR-US: LocazoList
CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows r ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allo ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...)
	NOT-FOR-US: My Album Online
CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) befor ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote a ...)
	NOT-FOR-US: Netref
CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to e ...)
	NOT-FOR-US: Nortel SSL VPN
CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal To ...)
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1 ...)
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming M ...)
	NOT-FOR-US: Sights 'n Sounds Streaming Media Server
CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows re ...)
	NOT-FOR-US: UseBB
CVE-2005-4242 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3  ...)
	- turba2 2.0.5-1 (bug #342946; medium)
CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in templates/notep ...)
	- mnemo2 2.0.3-1 (bug #342944; medium)
CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in templates/taskl ...)
	- nag2 2.0.4-1 (bug #342945; medium)
CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Applicati ...)
	{DSA-1033-1}
	- horde3 3.0.9-1 (bug #342942; bug #354512; medium)
CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
	{DSA-970-1}
	- kronolith2 2.0.6-1 (bug #342943; medium)
	- kronolith <removed> (bug #349261; medium)
CVE-2005-4188
	RESERVED
CVE-2005-4187
	RESERVED
CVE-2005-4186
	RESERVED
CVE-2005-4185
	RESERVED
CVE-2005-4184
	RESERVED
CVE-2005-4183
	RESERVED
CVE-2005-4182
	RESERVED
CVE-2005-4181
	RESERVED
CVE-2005-4180
	RESERVED
CVE-2005-4179
	RESERVED
CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Per ...)
	NOT-FOR-US: Magic Book Personal and Professional
CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after rea ...)
	NOT-FOR-US: AWARD BIOS
CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the  ...)
	NOT-FOR-US: Insyde BIOS
CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow r ...)
	NOT-FOR-US: eFiction
CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eFiction
CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eFiction
CVE-2005-4171 (The "Upload new image" command in the "Manage Images" eFiction 1.1, wh ...)
	NOT-FOR-US: eFiction
CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...)
	NOT-FOR-US: eFiction
CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote at ...)
	NOT-FOR-US: eFiction
CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 a ...)
	NOT-FOR-US: eFiction
CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allow ...)
	NOT-FOR-US: eFiction
CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUp ...)
	NOT-FOR-US: DUportal
CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum  ...)
	NOT-FOR-US: ASP-DEV ASP Resources Forum
CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows authenticated us ...)
	{DSA-923-1}
	- dropbear 0.47-1 (high)
CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows  ...)
	NOT-FOR-US: PHP-addressbook
CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 al ...)
	NOT-FOR-US: Captcha
CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCa ...)
	NOT-FOR-US: ACME PerlCal
CVE-2005-4161
	NOT-FOR-US: MilliScripts
CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 allo ...)
	NOT-FOR-US: Torrential
CVE-2005-4159
	NOT-FOR-US: Simple Machines Forum
CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...)
	{DSA-946-2}
	- sudo 1.6.8p12-1 (bug #342948; medium)
CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allo ...)
	NOT-FOR-US: Kerio Firewall
CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), wi ...)
	NOT-FOR-US: Mambo
CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execut ...)
	NOT-FOR-US: ATutor
CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows u ...)
	- php5 5.1.1-1
	NOTE: PHP 5 in Debian is vulnerable according to the changelog.
CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial  ...)
	{DSA-955-1}
	- mailman 2.1.5-10
CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to tur ...)
	NOT-FOR-US: Soti Pocket Controller-Professional
CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Profes ...)
	NOT-FOR-US: PGP Desktop Home
CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in C ...)
	NOT-FOR-US: CA Clever Path
CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain s ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, include ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote at ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the  ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORD ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allo ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 t ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4141 (Multiple SQL injection vulnerabilities in ASPMForum allow remote attac ...)
	NOT-FOR-US: ASPMForum
CVE-2005-4140 (SQL injection vulnerability in admin/login/index.php in Website Baker  ...)
	NOT-FOR-US: Website Baker
CVE-2005-4139 (Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84  ...)
	NOT-FOR-US: ThWboard
CVE-2005-4138 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before ...)
	NOT-FOR-US: ThWboard
CVE-2005-4137 (SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4136 (Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4135 (Direct static code injection vulnerability in includes/newtopic.php in ...)
	NOT-FOR-US: SimpleBBS
CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.1 ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
	- mozilla 2:1.7.13-0.1 (unimportant)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
	NOTE: Not exploitable beyond a sluggish browser startup, see
	NOTE: http://web.archive.org/web/20141206010602/https://www.mozilla.org/security/history-title.html
CVE-2005-4133 (Sun Update Connection in Sun Solaris 10, when configured to use a web  ...)
	NOT-FOR-US: Solaris
CVE-2005-4132 (Unspecified "security leak" vulnerability in Contenido before 4.6.4, w ...)
	NOT-FOR-US: Contenido
CVE-2005-4131 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in  ...)
	NOT-FOR-US: Excel
CVE-2005-4130
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4129
	REJECTED
CVE-2005-4128
	REJECTED
CVE-2005-4127
	REJECTED
CVE-2005-4126
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4125
	REJECTED
CVE-2005-4124
	REJECTED
CVE-2005-4123
	REJECTED
CVE-2005-4122
	REJECTED
CVE-2005-4121
	REJECTED
CVE-2005-4120
	REJECTED
CVE-2005-4119
	REJECTED
CVE-2005-4118
	REJECTED
CVE-2005-4117
	REJECTED
CVE-2005-4116
	REJECTED
CVE-2005-4115
	REJECTED
CVE-2005-4114
	REJECTED
CVE-2005-4113
	REJECTED
CVE-2005-4112
	REJECTED
CVE-2005-4111
	REJECTED
CVE-2005-4110
	REJECTED
CVE-2005-4109
	REJECTED
CVE-2005-4108
	REJECTED
CVE-2005-4107
	REJECTED
CVE-2005-4106
	REJECTED
CVE-2005-4105
	REJECTED
CVE-2005-4104
	REJECTED
CVE-2005-4103
	REJECTED
CVE-2005-4102
	REJECTED
CVE-2005-4101
	REJECTED
CVE-2005-4100
	REJECTED
CVE-2005-4099
	REJECTED
CVE-2005-4098
	REJECTED
CVE-2005-4097
	REJECTED
CVE-2005-4096
	REJECTED
CVE-2005-4095 (Directory traversal vulnerability in connector.php in the fckeditor2rc ...)
	NOT-FOR-US: DoceboLMS
CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows rem ...)
	NOT-FOR-US: DoceboLMS
CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence R56, N ...)
	NOT-FOR-US: Check Point
CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTi ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1- ...)
	NOT-FOR-US: 1-Script 1-Search
CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is r ...)
	NOT-FOR-US: HP-UX
CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass cross-do ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows rem ...)
	NOT-FOR-US: phpForumPro
CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar Su ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite  ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web c ...)
	NOT-FOR-US: BlueCoat WinProxy
CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allow ...)
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...)
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by def ...)
	NOT-FOR-US: QNX
CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...)
	NOT-FOR-US: Alisveristr E-commerce
CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...)
	- imp4 4.0.4-1 (bug #342654; unimportant)
	NOTE: Internet Explorer bug, most definitely fixed since long, didn't check though
CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote a ...)
	- phpmyadmin <not-affected> (Affects only 2.7.0)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-9/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5f3b086ed22b8ca49472d27a014df3908b0388ac
CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1. ...)
	NOT-FOR-US: Ideal BB.NET
CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local  ...)
	NOT-FOR-US: Appfluent Technology Database IDS 2.0
CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF ...)
	NOT-FOR-US: CF_Nuke
CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earl ...)
	NOT-FOR-US: CF_Nuke
CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in CFMagic Magic List  ...)
	NOT-FOR-US: Magic List Pro
CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Person ...)
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4071 (Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal ...)
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4070
	REJECTED
CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure  ...)
	NOT-FOR-US: Sony root kit
CVE-2005-4068 (Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1  ...)
	NOT-FOR-US: AIX
CVE-2005-4067
	REJECTED
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and p ...)
	NOT-FOR-US: Total Commander
CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac befo ...)
	{DSA-951-2}
	- trac 0.9.2-1 (bug #342232; medium)
	[sarge] - trac 0.8.1-3sarge4
CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attac ...)
	NOT-FOR-US: A-FAQ
CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp  ...)
	NOT-FOR-US: NetAuctionHelp
CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassifi ...)
	NOT-FOR-US: XcClassified
CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlb ...)
	NOT-FOR-US: XcPhotoAlbum
CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pr ...)
	NOT-FOR-US: rwAuction
CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and ea ...)
	NOT-FOR-US: LocazoList
CVE-2005-4058 (SQL injection vulnerability in saralblog 1 and earlier allows remote a ...)
	NOT-FOR-US: saralblog
CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in PluggedOut N ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allo ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and earlie ...)
	NOT-FOR-US: Cars Portal
CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and  ...)
	NOT-FOR-US: PluggedOut Bot
CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote ...)
	NOT-FOR-US: coWiki
CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other web sit ...)
	NOT-FOR-US: e107
CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a downl ...)
	NOT-FOR-US: e107
CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with  ...)
	NOT-FOR-US: MultiVOIP hardware
CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote ...)
	NOT-FOR-US: Blog System
CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function  ...)
	{DSA-1005-1 DSA-1004-1 DSA-992-1}
	- ffmpeg 0.cvs20050918-5.1 (bug #342207; medium)
	- xmovie <removed>
	- xine-lib 1.0.1-1.5 (bug #342208; medium)
	- mplayer <not-affected> (Fixed before initial upload)
	- gst-ffmpeg 0.8.7-5 (bug #343503; medium)
	- vlc 0.8.4.debian-2 (medium)
	NOTE: kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed
	NOTE: smilutils, motion, kino link statically against libavcodec, but don't use the vulnerable function
CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnow ...)
	NOT-FOR-US: IISWorks ASPKnowledgeBase
CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java Sy ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4045 (Unspecified vulnerability in System Communications Services 6 Delegate ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Searc ...)
	NOT-FOR-US: Amazon Search Directory
CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and ea ...)
	NOT-FOR-US: Hobosworld HobSR
CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earli ...)
	NOT-FOR-US: Warm Links
CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy H ...)
	NOT-FOR-US: MR CGI Guy Hot Links SQL
CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier allows remo ...)
	NOT-FOR-US: FileLister
CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future Portal S ...)
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future Portal Sol ...)
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future Affiliate M ...)
	NOT-FOR-US: Web4Future Affiliate Manager
CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future Ke ...)
	NOT-FOR-US: Web4Future Keyboard Frequency Counter
CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterpr ...)
	NOT-FOR-US: Web4Future eCommerce Enterprise Edition
CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating Professio ...)
	NOT-FOR-US: Web4Future eDating Professional
CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data  ...)
	NOT-FOR-US: Nodezilla
CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search  ...)
	NOT-FOR-US: Easy Search System
CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows re ...)
	- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows  ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid usernames  ...)
	NOT-FOR-US: WebEOC
CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember allow r ...)
	NOT-FOR-US: aMember
CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers t ...)
	NOT-FOR-US: SimpleBBS
CVE-2005-4026 (search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr ...)
	NOT-FOR-US: Geeklog
CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect install.p ...)
	NOT-FOR-US: Help Desk Reloaded Free Help Desk
CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 a ...)
	NOT-FOR-US: Interspire FastFind
CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before  ...)
	- gallery2 2.0.2-1 (medium)
CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the "Add Image From Web" f ...)
	- gallery2 2.0.2-1 (medium)
CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install log unde ...)
	- gallery2 2.0.2-1 (low)
CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and ...)
	NOT-FOR-US: Widget Imprint
CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate Syste ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate Commerce ...)
	NOT-FOR-US: Landshop Real Estate Commerce System
CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers to obta ...)
	NOT-FOR-US: Widget Property
CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows remote at ...)
	NOT-FOR-US: Widget Property
CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit the si ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a d ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web root with ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statist ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier allows  ...)
	NOT-FOR-US: Kbase Express
CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2. ...)
	NOT-FOR-US: PHP Lite Calender Express
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 a ...)
	NOT-FOR-US: Jax Calendar
CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 throug ...)
	{DSA-919-2}
	- curl 7.15.1-1 (bug #342339; bug #342696; medium)
CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, rel ...)
	NOT-FOR-US: SAPID CMS
CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: SAPID CMS
CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 all ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSi ...)
	NOT-FOR-US: MyTemplateSite
CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package So ...)
	NOT-FOR-US: Absolute Shopping Package Solutions (ASPS) Shopping Cart
CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, wh ...)
	NOT-FOR-US: WebEOC
CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and  ...)
	NOT-FOR-US: phpYellowTM Pro Edition
CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater  ...)
	NOT-FOR-US: SiteBeater News System
CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater M ...)
	NOT-FOR-US: SiteBeater MP3 Catalog
CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress Ne ...)
	NOT-FOR-US: Solupress News
CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows  ...)
	NOT-FOR-US: Zen Cart
CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in Zen Car ...)
	NOT-FOR-US: Zen Cart
CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX serve ...)
	NOT-FOR-US: Sobexsrv
	NOTE: Checked obexserver source package, not vulnerable
CVE-2005-3994
	REJECTED
CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 an ...)
	NOT-FOR-US: MailEnable
CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan (RAT ...)
	NOT-FOR-US: WinEggDropShell
CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14. ...)
	NOT-FOR-US: phpMyChat
CVE-2005-3990
	REJECTED
CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack befor ...)
	NOT-FOR-US: Avaya hardware
CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies L ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote a ...)
	NOT-FOR-US: Tradesoft CMS
CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and  ...)
	NOT-FOR-US: Instant Photo Gallery
CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro S ...)
	NOT-FOR-US: Astaro Security Linux
CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote attacke ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3981
	NOT-FOR-US: Windows
CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall Tra ...)
	- trac 0.9.1-1 (bug #341697; medium)
	[sarge] - trac <not-affected>
CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 be ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium Editi ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 15 ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware pr ...)
	NOT-FOR-US: Multipke DuWare products
CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and  ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PH ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (low)
CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 th ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in Extre ...)
	NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix M ...)
	NOT-FOR-US: Citrix
CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre1 ...)
	NOT-FOR-US: MXChange
CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allow ...)
	NOT-FOR-US: MXChange
CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier  ...)
	NOT-FOR-US: PHPX
CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action mo ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search  ...)
	NOT-FOR-US: Java Search Engine
CVE-2005-3965
	REJECTED
CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, an ...)
	- openmotif 2.2.3-1.4 (bug #342092; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 al ...)
	NOT-FOR-US: DotClear
CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...)
	{DSA-943-1}
	- perl 5.8.7-9 (bug #341542; medium)
CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers to ove ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Kadu
CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 ...)
	NOT-FOR-US: FreeWebStat
CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0 allows rem ...)
	NOT-FOR-US: Entergal MX
CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in DotClear 1 ...)
	NOT-FOR-US: DotClear
CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 a ...)
	NOT-FOR-US: DMANews
CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1,  ...)
	NOT-FOR-US: MagpieRSS
CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows rem ...)
	NOT-FOR-US: blogBuddies
CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers  ...)
	NOT-FOR-US: Bedeng PSP
CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows remote atta ...)
	NOT-FOR-US: PHP Labs Top Auction
CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey Wizard al ...)
	NOT-FOR-US: PHP Labs Survey Wizard
CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users  ...)
	- nufw 1.0.16-1 (bug #341544; medium)
CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remo ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ea ...)
	NOT-FOR-US: PHPAlbum
CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload Center al ...)
	NOT-FOR-US: PHP Upload Center
CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service (crash ...)
	NOT-FOR-US: Opera
CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 a ...)
	NOT-FOR-US: Microsoft
CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 a ...)
	NOT-FOR-US: ilyav Survey System
CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ear ...)
	NOT-FOR-US: ilyav Survey System
CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca Knowl ...)
	NOT-FOR-US: Orca Knowledgebase
CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier  ...)
	NOT-FOR-US: Orca Blog
CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c an ...)
	NOT-FOR-US: Orca Ringmaker
CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...)
	NOT-FOR-US: WSN Knowledge Base
CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allow ...)
	NOT-FOR-US: Softbiz FAQ
CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script  ...)
	NOT-FOR-US: Softbiz B2B
CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows re ...)
	NOT-FOR-US: SocketKB
CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remot ...)
	NOT-FOR-US: SocketKB
CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 3 ...)
	NOT-FOR-US: pcAnywhere
CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script's Event Calendar  ...)
	NOT-FOR-US: 88Script's Event Calendar
CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and e ...)
	NOT-FOR-US: O-Kiraku Nikki
CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows rem ...)
	NOT-FOR-US: ASP-Rider
CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows remot ...)
	NOT-FOR-US: N-13 News
CVE-2005-3929 (Directory traversal vulnerability in the create function in xarMLSXML2 ...)
	NOT-FOR-US: Xaraya
	NOTE: xarMLSXML2PHPBackend.php, 'nuff said
CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users t ...)
	NOT-FOR-US: QNX
CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlie ...)
	NOT-FOR-US: GuppY
CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...)
	NOT-FOR-US: GuppY
CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC Helpd ...)
	NOT-FOR-US: Central Manchester CLC Helpdesk Issue Manager
CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop  ...)
	NOT-FOR-US: Randshop
CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: NetObjects Fusion
CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus l ...)
	NOT-FOR-US: Panda Antivirus
CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for I ...)
	NOT-FOR-US: IOS
CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers t ...)
	NOT-FOR-US: Babe Logger
CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote  ...)
	NOT-FOR-US: PBLang
CVE-2005-3918
	NOT-FOR-US: OvBB
CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 Onl ...)
	NOT-FOR-US: CommidityRentals
CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...)
	NOT-FOR-US: WSN Forum
CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in Claviste ...)
	NOT-FOR-US: Clavister Web Client
CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remo ...)
	NOT-FOR-US: AFFcommerce
CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual Ho ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin b ...)
	{DSA-1199-1}
	- webmin <not-affected> (Fixed through corrected Perl)
	NOTE: No longer exploitable with Perl 5.8.7-9, thus no dedicated Webmin updated
CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...)
	NOT-FOR-US: BosDates
CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magi ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate P ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in GhostScripte ...)
	NOT-FOR-US: GhostScripter Amazon Shop
CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java JDK and  ...)
	NOT-FOR-US: Sun Java
CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java SDK an ...)
	NOT-FOR-US: Sun Java
CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1 ...)
	NOT-FOR-US: Sun Java
CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java  ...)
	NOT-FOR-US: Sun Java
CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows loc ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficie ...)
	NOT-FOR-US: Flash MX
CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server does 5.1 ...)
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3899 (The automatic update feature in Google Talk allows remote attackers to ...)
	NOT-FOR-US: Google Talk
CVE-2005-3898
	REJECTED
CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Safari
	NOTE: Not reproducible with konqueror 4:3.4.2-4.
CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU cons ...)
	NOTE: maintainers don't believe it is a security bug and can't reproduce after 1.5.dfsg-1
	- firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant)
	- mozilla <removed> (bug #340282; unimportant)
CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 throug ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Ope ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open Ticket Requ ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a we ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers  ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service vi ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenam ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5. ...)
	NOT-FOR-US: Cisco
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.4 ...)
	{DSA-916-1}
	- inkscape 0.42-1 (bug #321501; low)
CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu 2 ...)
	NOT-FOR-US: Zaimu
CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP befor ...)
	- php4 4:4.4.2-1 (bug #341726; medium)
	- php5 5.1.1-1 (bug #341368; medium)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowle ...)
	NOT-FOR-US: FAQRing Knowledge Base
CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Bas ...)
	NOT-FOR-US: AtlantisFAQ Knowledge Base
CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earli ...)
	NOT-FOR-US: Omnistar KBase
CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository  ...)
	NOT-FOR-US: Softbiz Resource Repository Script
CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...)
	NOT-FOR-US: PHP Doc System
CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management S ...)
	NOT-FOR-US: Simple Document Management System
CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center  ...)
	NOT-FOR-US: AD Center ADC2000 NG Pro
CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 a ...)
	NOT-FOR-US: Enterprise Connector
CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earli ...)
	NOT-FOR-US: Netzbrett
CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 all ...)
	NOT-FOR-US: ShockBoard
CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier all ...)
	NOT-FOR-US: Ugroup
CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0 ...)
	NOT-FOR-US: JBB
CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...)
	NOT-FOR-US: edmoBBS
CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API Se ...)
	NOT-FOR-US: Google API
CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier all ...)
	NOT-FOR-US: K-Search
CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...)
	NOT-FOR-US: RevenuePilot Search Engine
CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1 ...)
	NOT-FOR-US: SearchFeed Search Engine
CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and earl ...)
	NOT-FOR-US: AllWeb search
CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and earli ...)
	NOT-FOR-US: SourceWell
CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and e ...)
	{DSA-1088-1 DSA-1083-1 DTSA-23-1}
	- centericq 4.21.0-6 (bug #340959; medium)
	- orpheus 1.5-5 (bug #368402; medium)
	- motor 2:3.4.0-6 (bug #368400; medium)
	NOTE: DTSA is for centericq only
	NOTE: This affects Sarge and Woody centericq
	NOTE: This affects Sarge and Woody motor
CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to execut ...)
	{DSA-959-1}
	- unalz 0.55-1 (bug #340842; medium)
CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz 0. ...)
	NOT-FOR-US: phpGreetz
CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May At ...)
	NOT-FOR-US: Oliver May Athena PHP Website Administration
CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 al ...)
	NOT-FOR-US: Q-News
CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux k ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.12-6
CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1. ...)
	- krusader 1.70.0-1 (bug #336169; low)
	[sarge] - krusader <not-affected>
	NOTE: This seems to be a dupe of CVE-2006-3816, pinged MITRE
CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...)
	NOT-FOR-US: 1-2-3 music store
CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS a ...)
	NOT-FOR-US: EasyPageCMS
CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier allo ...)
	NOT-FOR-US: sNews
CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ( ...)
	NOT-FOR-US: Online Work Order Suite
CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online Atten ...)
	NOT-FOR-US: Online Attendance System
CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online Knowl ...)
	NOT-FOR-US: Online Knowledge Base System
CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ea ...)
	NOT-FOR-US: Fantastic News
CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allo ...)
	NOT-FOR-US: EZ Invoice Inc
CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article Manag ...)
	NOT-FOR-US: phpWordpress, this is not the same as Wordpress
CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows r ...)
	NOT-FOR-US: Nicecode iDesk
CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a an ...)
	NOT-FOR-US: pdjk-support suite
CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...)
	NOT-FOR-US: kPlaylist
CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...)
	NOT-FOR-US: Omnistar Live
CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk all ...)
	NOT-FOR-US: SupportPRO Supportdesk
CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft Suppo ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in sCssB ...)
	NOT-FOR-US: sCssBoard
CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...)
	NOT-FOR-US: DeskLance
CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in DeskLa ...)
	NOT-FOR-US: DeskLance
CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 a ...)
	NOT-FOR-US: Tunez
CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier  ...)
	NOT-FOR-US: Tunez
CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, a ...)
	NOT-FOR-US: SpeedProject products
CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, a ...)
	NOT-FOR-US: SpeedProject products
CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote  ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows re ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBu ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ear ...)
	NOT-FOR-US: AgileBill
CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...)
	NOT-FOR-US: Ezyhelpdesk
CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...)
	NOT-FOR-US: Comdev Vote Caster
CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote attacke ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier a ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger CR ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier a ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2  ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory S ...)
	NOT-FOR-US: Softbiz Web Host Directory
CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 a ...)
	NOT-FOR-US: freeForum
CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlie ...)
	NOT-FOR-US: Orca Forum
CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro al ...)
	NOT-FOR-US: SmartPPC Pro
CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterpri ...)
	NOT-FOR-US: MailEnable
CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic Winm ...)
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2 ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ker ...)
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...)
	NOT-FOR-US: Cisco
CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed" ...)
	NOT-FOR-US: Cisco
CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03  ...)
	NOT-FOR-US: Belkin hardware
CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test possib ...)
	NOT-FOR-US: PasswordSafe
CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak  ...)
	NOT-FOR-US: Macromedia Contribute Publishing Server
CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information v ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Not a real security problem, error messages might disclose the installation
	NOTE: which is known for the Debian package anyway
CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template  ...)
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in Alstr ...)
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affi ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in PHP-Nuk ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6  ...)
	NOT-FOR-US: phpAdsNew and phpPgAds
CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter. ...)
	NOT-FOR-US: phpwcms
CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow re ...)
	NOT-FOR-US: phpwcms
CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0( ...)
	NOT-FOR-US: Cisco
CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #360726)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-7/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0191fc3c33feb809cf668f018ad53dc35061fe4c
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/2e5c10aa2fc10fb1004aac7db78ebdaac21b9220
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/053d90b6019959c3a503d6b12b9cd23dc31df2be
CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZE ...)
	NOT-FOR-US: Novell ZENworks
CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix ...)
	NOT-FOR-US: Ebuild IndeX
CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 inc ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14. ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3 (medium)
CVE-2005-3782 (Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and pass ...)
	NOT-FOR-US: Apple
CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12 ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up  ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in PmWik ...)
	NOT-FOR-US: PmWiki
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
	NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to exe ...)
	NOT-FOR-US: IPUpdate
CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 a ...)
	NOT-FOR-US: HP-UX
CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to dele ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote al ...)
	NOT-FOR-US: PollVote
CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Cisco
CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact a ...)
	NOT-FOR-US: Joomla!
CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow r ...)
	NOT-FOR-US: Joomla!
CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...)
	NOT-FOR-US: PHP-Post
CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...)
	NOT-FOR-US: PHP Download Manager
CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) impleme ...)
	NOT-FOR-US: Symantec appliances
CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly restrict the  ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user pages und ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on uploaded fi ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS 0.96.3 and  ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full installation  ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3762 (SQL injection vulnerability in the navigation module (navigationmodule ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and la ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3760 (Double free vulnerability in the BBOORB module in IBM WebSphere Applic ...)
	NOT-FOR-US: WebSphere
CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search Applian ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly Go ...)
	NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour
	NOTE: is well documented and can be switched off. Let's hope that all users
	NOTE: of saxon are aware of this. A warning has been added to the readme.
	NOTE: Current rdependencies:
	- ooo2dbk <not-affected> (uses it's own xslt unless overridden by command line arg)
CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, al ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search Applian ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2005-3749 (Unspecified "absolute path vulnerabilities" in the diagela command (di ...)
	NOT-FOR-US: AIX
CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3 ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote attacker ...)
	- jetty 5.1.8-1 (bug #340582; medium)
CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows remote att ...)
	NOT-FOR-US: APBoard
CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and p ...)
	- libstruts1.2-java 1.2.8-1 (bug #340583; medium)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlie ...)
	NOT-FOR-US: phpComasy
CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...)
	NOT-FOR-US: SimplePoll
CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2005-3741 (Almond Classifieds does not properly verify the password, which allows ...)
	NOT-FOR-US: Almond Classifieds
CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earl ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when register_glo ...)
	NOT-FOR-US: Mambo
CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 throu ...)
	{DSA-916-1 DTSA-24-1}
	- inkscape 0.43-1 (bug #330894; medium)
CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart al ...)
	NOT-FOR-US: e-Quick Cart
CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow remote at ...)
	NOT-FOR-US: e-Quick Cart
CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the "add content" page in  ...)
	NOT-FOR-US: phpMyFAQ
CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper  ...)
	NOT-FOR-US: Juniper products using IKE
CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg ...)
	{DSA-965-1}
	- ipsec-tools 1:0.6.3-1 (bug #340584; low)
CVE-2005-3808 (Integer overflow in the invalidate_inode_pages2_range function in mm/t ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3809 (The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3810 (ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2. ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3759 (Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3. ...)
	{DSA-909-1}
	- horde3 3.0.7-1 (bug #340323; medium)
CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorS ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain s ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3728 (Idetix Software Systems Revize CMS stores conf/revize.xml under the we ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3727 (SQL injection vulnerability in debug/query_results.jsp in Idetix Softw ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3726 (SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows re ...)
	NOT-FOR-US: ArticleLive NX
CVE-2005-3725 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addr ...)
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3724 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attacker ...)
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3723 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disabl ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3722 (The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows  ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3721 (The default configuration of the HTTP server in Hitachi IP5000 VOIP WI ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3720 (The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI  ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3719 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator pa ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3718 (UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3717 (The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWo ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3716 (The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWork ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3715 (Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWork ...)
	NOT-FOR-US: Senao Wireless VoIP Phone
CVE-2005-3699 (Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers t ...)
	NOT-FOR-US: Opera
CVE-2005-3698 (PHP Easy Download allows remote attackers to bypass authentication via ...)
	NOT-FOR-US: PHP Easy Download
CVE-2005-3697 (Unspecified vulnerability in the administration interface in Uresk Lin ...)
	NOT-FOR-US: Uresk Links Lite
CVE-2005-3696 (SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attac ...)
	NOT-FOR-US: Arki-DB
CVE-2005-3695 (Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php i ...)
	NOT-FOR-US: LiteSpeed Webserver
CVE-2005-3694 (centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allo ...)
	{DSA-912-1}
	- centericq 4.21.0-4 (bug #334089; low)
CVE-2005-3693 (The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm Medi ...)
	NOT-FOR-US: SunnComm MediaMax DRM
CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server  ...)
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailE ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the installati ...)
	NOT-FOR-US: XMB
CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 a ...)
	NOT-FOR-US: XMB
CVE-2005-3687 (cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote a ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2005-3686 (SQL injection vulnerability in search.inc.php in Unclassified NewsBoar ...)
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-3685 (Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Sh ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2005-3684 (Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled,  ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3683 (Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enab ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...)
	NOT-FOR-US: Wizz Forum
CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads modul ...)
	NOT-FOR-US: Xoops
CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS 2.2. ...)
	NOT-FOR-US: Xoops
CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-A ...)
	NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email
CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows r ...)
	NOT-FOR-US: Google Talk
CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote a ...)
	- helix-player <not-affected>
CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allo ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to cau ...)
	NOTE: Generic protocol weakness, likely hard to fix at the kernel
	NOTE: level without performance impact.
CVE-2005-3674 (The Internet Key Exchange version 1 (IKEv1) implementation in the libi ...)
	NOT-FOR-US: libike from Solaris
CVE-2005-3673 (The Internet Key Exchange version 1 (IKEv1) implementation in Check Po ...)
	NOT-FOR-US: Check Point's IKE implementation
CVE-2005-3672 (The Internet Key Exchange version 1 (IKEv1) implementation in Stonesof ...)
	NOT-FOR-US: StoneGate's IKE implementation
CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...)
	- openswan 1:2.4.4-1 (bug #339082; low)
	[sarge] - openswan <no-dsa> (Only exploitable in inherently insecure mode of operation)
	NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report
CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange vers ...)
	NOT-FOR-US: HP-UX's IKE implementation
CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange vers ...)
	NOT-FOR-US: Cisco
CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of I ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified implement ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple unspeci ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-8/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/05c719aba3b99820daa3187e055c6ef4540b53cc
CVE-2005-XXXX [unsafe file permissions in vpnc]
	- vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant)
	NOTE: Only an example file
CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before Firmware Up ...)
	NOT-FOR-US: Apple AirPort
CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remo ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 al ...)
	NOT-FOR-US: Apple
CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote attacke ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote attacke ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3709 (Integer underflow in Apple Quicktime before 7.0.4 allows remote attack ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3708 (Integer overflow in Apple Quicktime before 7.0.4 allows remote attacke ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote attacker ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4. ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3. ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allo ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3703
	REJECTED
CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote att ...)
	NOT-FOR-US: Safari
CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3700 (Unknown vulnerability in iodbcadmintool in the ODBC Administrator util ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in  ...)
	NOT-FOR-US: Kaspersky AV
CVE-2005-3663 (Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 ...)
	NOT-FOR-US: Kaspersky AV
CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the -al ...)
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0. ...)
	NOT-FOR-US: Dell hardware issue
CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Design limitation, for rare corner cases, where this poses a problem advanced
	NOTE: resource management systems can be deployed
CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7 ...)
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x bef ...)
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Cent ...)
	NOT-FOR-US: McAfee
CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in mod_aut ...)
	{DSA-935-1}
	[sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
	- libapache2-mod-auth-pgsql 2.0.2b1-7
	- libapache-mod-auth-pgsql <not-affected> (Does not contain the vulnerable ap_log_rerror() function)
CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server Remote Man ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...)
	NOT-FOR-US: Blue Coat WinProxy
CVE-2005-3653 (Heap-based buffer overflow in the iGateway service for various Compute ...)
	NOT-FOR-US: IGateway
CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 a ...)
	NOT-FOR-US: Citrix
CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix func ...)
	{DSA-920-1}
	- ethereal 0.10.13-1.1 (bug #342911; medium)
CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the  ...)
	NOT-FOR-US: Sony Root Kit Uninstaller
CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users t ...)
	NOTE: only exploitable in certian configurations (non-default)
	NOTE: warning added..
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <not-affected> (Isn't explotable in sarge)
CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in d ...)
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <no-dsa> (Only exploitable in strange PHP setups)
CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from  ...)
	NOT-FOR-US: Folder Guard
CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpA ...)
	NOT-FOR-US: phpAdsNews
CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remo ...)
	NOT-FOR-US: phpAdsNews
CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2 ...)
	NOT-FOR-US: Windows
CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...)
	NOT-FOR-US: DB2
CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...)
	NOT-FOR-US: Informix
CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing enable ...)
	NOT-FOR-US: Oracle
CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of Floosie ...)
	NOT-FOR-US: FTGate
CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...)
	NOT-FOR-US: Help Center Live
CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow re ...)
	NOT-FOR-US: Ekinboard
CVE-2005-3637
	REJECTED
CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Applica ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6. ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web Appli ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3632 (Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow ...)
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3631 (udev does not properly set permissions on certain files in /dev/input, ...)
	- udev <not-affected> (Red Hat specific)
CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to obtain se ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly handle cer ...)
	NOTE: current sudo cleans the environment, so we are not affected
	- sysvconfig <not-affected> (sudo cleans env anyway)
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Strea ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml,  ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.3-2
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpd ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- gpdf 2.10.0-2 (bug #342286)
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR pr ...)
	[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
	- linux-2.6 2.6.14-7
CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain t ...)
	- phpmyadmin <unfixed> (unimportant)
CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 patc ...)
	NOT-FOR-US: VMware ESX
CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface f ...)
	NOT-FOR-US: VMware ESX
CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management inte ...)
	NOT-FOR-US: VMWare ESX
CVE-2005-3617
	RESERVED
CVE-2005-3616
	RESERVED
CVE-2005-3615
	RESERVED
CVE-2005-3614
	RESERVED
CVE-2005-3613
	RESERVED
CVE-2005-3612
	RESERVED
CVE-2005-3611
	RESERVED
CVE-2005-3610
	RESERVED
CVE-2005-3609
	RESERVED
CVE-2005-3608
	RESERVED
CVE-2005-3607
	RESERVED
CVE-2005-3606
	RESERVED
CVE-2005-3605
	RESERVED
CVE-2005-3604
	RESERVED
CVE-2005-3603
	RESERVED
CVE-2005-3602
	RESERVED
CVE-2005-3601
	RESERVED
CVE-2005-3600
	RESERVED
CVE-2005-3599
	RESERVED
CVE-2005-3598
	RESERVED
CVE-2005-3597
	REJECTED
CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote attacker ...)
	NOT-FOR-US: ASPKnowledgebase
CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank pas ...)
	NOT-FOR-US: Windows XP
CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores v ...)
	NOT-FOR-US: e107
CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: CuteNews
CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier a ...)
	- flashplugin-nonfree 7.0.61-1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote a ...)
	NOT-FOR-US: FileZilla Server
CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 all ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...)
	{DSA-947-1}
	- clamav 0.87.1-1 (medium)
	NOTE: sarge is affected (not in oldstable)
CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to  ...)
	NOT-FOR-US: Mambo
CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows  ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings  ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit (S ...)
	NOT-FOR-US: Sun Java
CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group  ...)
	- imagemagick <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to increa ...)
	- gdal <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to incre ...)
	- qdbm <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3579 (ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote at ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3578 (SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3 ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Wal ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ac ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier all ...)
	NOT-FOR-US: Cyphor
CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote at ...)
	NOT-FOR-US: iCMS
CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...)
	{DSA-955-1}
	- mailman 2.1.5-10 (bug #327732; bug #339095; medium)
CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allow ...)
	NOT-FOR-US: Peel
CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHP ...)
	NOT-FOR-US: protection.php from several crappy web apps not in Debian
CVE-2005-3570 (Unspecified cross-site scripting (XSS) vulnerability in Horde before 2 ...)
	{DSA-914-1}
	- horde2 2.2.9-1 (bug #338983)
CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX  ...)
	NOT-FOR-US: DB2
CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allow ...)
	NOT-FOR-US: DB2
CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 bin ...)
	NOT-FOR-US: Tivoli
CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server for U ...)
	NOT-FOR-US: VERITAS Cluster Server
CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and  ...)
	NOT-FOR-US: HP-UX
CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obt ...)
	NOT-FOR-US: HP-UX
CVE-2005-3563
	REJECTED
CVE-2005-3562
	REJECTED
CVE-2005-3561
	REJECTED
CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
	NOT-FOR-US: Zone Labs
CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 throu ...)
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-2 (bug #338116; medium)
CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remot ...)
	NOT-FOR-US: OSTE
CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist 2.1 ...)
	- phplist <itp> (bug #612288)
CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1  ...)
	- phplist <itp> (bug #612288)
CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier a ...)
	- phplist <itp> (bug #612288)
CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1  ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...)
	NOT-FOR-US: toendaCMS
CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before 0.6 ...)
	NOT-FOR-US: toendaCMS
CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power  ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power Bo ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 a ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before  ...)
	NOT-FOR-US: F-Secure Internet Gatekeeper and Antivirus Gateway
CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ibPro ...)
	NOT-FOR-US: ibProArcade
CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allow ...)
	NOT-FOR-US: XMB
CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...)
	NOT-FOR-US: Phorum
CVE-2005-3542
	REJECTED
CVE-2005-3541
	RESERVED
CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to exec ...)
	{DSA-929-1}
	- petris 1.0.1-5
CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier a ...)
	{DSA-933-1}
	- hylafax 2:4.2.4-2 (bug #347298)
	NOTE: First patch had regressions
CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrar ...)
	- hylafax 2:4.2.4-1
	[sarge] - hylafax <not-affected> (Affected only 4.2.3)
	[woody] - hylafax <not-affected> (Affected only 4.2.3)
CVE-2005-3537 (A "missing request validation" error in phpBB 2 before 2.0.18 allows r ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3536 (SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote att ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3535 (Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary  ...)
	{DSA-926-1}
	- ketm 0.0.6-17sarge1 (low)
CVE-2005-3534 (Buffer overflow in the Network Block Device (nbd) server 2.7.5 and ear ...)
	{DSA-924-1}
	- nbd 1:2.8.3-1
CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to execute arb ...)
	{DSA-918-1}
	- osh 1.7-15
CVE-2005-3532 (authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through ...)
	{DSA-917-1}
	- courier 0.47-12 (bug #211920; medium)
CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows loca ...)
	{DTSA-27-1}
	- fuse 2.4.1-0.1 (bug #340398; low)
	[sarge] - fuse <no-dsa> (Minor local DoS)
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
	NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remo ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows l ...)
	- linux-2.6 2.6.14-1 (low)
	- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was introduced later)
	NOTE: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 200 ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the installer fo ...)
	NOT-FOR-US: Adobe
CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine  ...)
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6 ...)
	NOT-FOR-US: e107
CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 ...)
	NOT-FOR-US: MySource
CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow r ...)
	NOT-FOR-US: MySource
CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 all ...)
	NOT-FOR-US: PunBB
CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the insta ...)
	NOT-FOR-US: Chipmunk Scripts Guestbook
CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk  ...)
	NOT-FOR-US: Chipmunk Directory
CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk  ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum  ...)
	NOT-FOR-US: Chipmunk Forum
CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain the inst ...)
	NOT-FOR-US: VUBB
CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc ...)
	NOT-FOR-US: VUBB
CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4 ...)
	NOT-FOR-US: Spymac Web OS
CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denia ...)
	- tomcat5 <not-affected> (Debian's 5.0 version is not vulnerable)
CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote attacke ...)
	NOT-FOR-US: JPortal
CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2. ...)
	NOT-FOR-US: Tonio gallery (not the one in the gallery debian package)
CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows remote atta ...)
	NOT-FOR-US: CuteNews
CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat script in ...)
	NOT-FOR-US: Entropy Chat Script
CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled ...)
	NOT-FOR-US: AIX
CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other o ...)
	NOT-FOR-US: SuSE fork of passwd
CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers to vi ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass protection vi ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5. ...)
	NOT-FOR-US: WebSphere
CVE-2005-3497
	NOT-FOR-US: PHP Handicapper
CVE-2005-3496 (Cross-site scripting (XSS) vulnerability in PHP Handicapper allows rem ...)
	NOT-FOR-US: PHP Handicapper
CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Ar-blog
CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier al ...)
	NOT-FOR-US: Ar-blog
CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a denia ...)
	NOT-FOR-US: Battle Carry
CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: FlatFrag
CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in FlatFr ...)
	NOT-FOR-US: FlatFrag
CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video Secu ...)
	NOT-FOR-US: Asus Video Security
CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...)
	NOT-FOR-US: Asus Video Security
CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a d ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow r ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and ea ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3485 (Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote attacke ...)
	NOT-FOR-US: Glider Collect'n kill
CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allow ...)
	NOT-FOR-US: NeroNET
CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...)
	NOT-FOR-US: GO-Global
CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows rem ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-6/
CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl ...)
	{DSA-896-1}
	- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...)
	- linux-2.6 2.6.14-4
CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before 2.6.15 ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (low)
CVE-2005-XXXX [user logout in drupal has no effect]
	[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
	- drupal 4.5.5-3 (bug #336719; medium)
CVE-2005-XXXX [double free() in libungif]
	- libungif4 4.1.4-1 (bug #338542; medium)
CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote att ...)
	{DSA-891-1}
	- gpsdrive 2.09-2sarge1 (bug #337495; medium)
CVE-2005-XXXX [Insecure temp files in note]
	- note 1.3.1-3 (bug #337492; unimportant)
	NOTE: Second issue not shipped in binary, only example, first issue not sufficiently
	NOTE: predictable for a real world attack
CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) bef ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3501 (The cabd_find function in cabd.c of the libmspack library (mspack) for ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in Lig ...)
	NOT-FOR-US: Cisco
CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitra ...)
	NOT-FOR-US: IOS
CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...)
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail Case ...)
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe.net Tutorials Mana ...)
	NOT-FOR-US: PHPCafe Tutorial Manager
CVE-2005-3477 (Multiple interpretation error in the image upload handling code in Inv ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and O ...)
	NOT-FOR-US: OpenVMS
CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a de ...)
	NOT-FOR-US: Hasbani Web Server
CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...)
	NOT-FOR-US: XCP DRM
CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express 20 ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch fo ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in MailWat ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows re ...)
	NOT-FOR-US: News2Net
CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...)
	NOT-FOR-US: F-Secure
CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...)
	NOT-FOR-US: Oracle
CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle Enterpris ...)
	NOT-FOR-US: Oracle
CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications  ...)
	NOT-FOR-US: Oracle
CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications  ...)
	NOT-FOR-US: Oracle
CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications  ...)
	NOT-FOR-US: Oracle
CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...)
	NOT-FOR-US: Oracle
CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle Applicatio ...)
	NOT-FOR-US: Oracle
CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server 1. ...)
	NOT-FOR-US: Oracle
CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application Se ...)
	NOT-FOR-US: Oracle
CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application Ser ...)
	NOT-FOR-US: Oracle
CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0  ...)
	NOT-FOR-US: Oracle
CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application Ser ...)
	NOT-FOR-US: Oracle
CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server  ...)
	NOT-FOR-US: Oracle
CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database Ser ...)
	NOT-FOR-US: Oracle
CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in  ...)
	NOT-FOR-US: Oracle
CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up t ...)
	NOT-FOR-US: Oracle
CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database Serv ...)
	NOT-FOR-US: Oracle
CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database Ser ...)
	NOT-FOR-US: Oracle
CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up  ...)
	NOT-FOR-US: Oracle
CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up t ...)
	NOT-FOR-US: Oracle
CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database S ...)
	NOT-FOR-US: Oracle
CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remo ...)
	NOT-FOR-US: Nuked-Klan
CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to  ...)
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) se ...)
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers  ...)
	NOT-FOR-US: Mirabilis ICQ
CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protect ...)
	NOT-FOR-US: MiniGal2
CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express be ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express befor ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save logi ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...)
	NOT-FOR-US: IPS Sensors
CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ser ...)
	NOT-FOR-US: Cisco
CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allow ...)
	{DSA-877-1}
	- gnump3d 2.9.6-1
CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allow ...)
	{DSA-877-1}
	- gnump3d 2.9.5-1 (low)
CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remot ...)
	NOT-FOR-US: Subdreamer
CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast Foru ...)
	NOT-FOR-US: ASP Fast Forum
CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attack ...)
	NOT-FOR-US: Hyper Estraier
CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify  ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
	NOTE: http://www.hardened-php.net/advisory_172005.75.html
	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
	NOTE: Remote code execution may be possible, especially in conjunction
	NOTE: with PHP bugs.
CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 all ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 an ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is d ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ses ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection  ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with insuff ...)
	NOT-FOR-US: eyeOS
CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...)
	NOT-FOR-US: eyeOS
CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...)
	NOT-FOR-US: Elite Forum
CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2 ...)
	NOT-FOR-US: Snitz Forums
CVE-2005-3410
	RESERVED
CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote atta ...)
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #337334; low)
CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows  ...)
	NOT-FOR-US: gCards
CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote  ...)
	NOT-FOR-US: phpESP
CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier a ...)
	NOT-FOR-US: phpESP
CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbi ...)
	NOT-FOR-US: ATutor
CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1. ...)
	NOT-FOR-US: ATutor
CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 th ...)
	NOT-FOR-US: ATutor
CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...)
	NOTE: That's a non-issue; only a feature request for an improvement in a corner case.
	NOTE: If someone wants to use security-sensitive communication a TLS-secured server
	NOTE: should be used.
CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote att ...)
	NOT-FOR-US: TheHacker
CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote attac ...)
	NOT-FOR-US: Fortinet
CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attac ...)
	NOT-FOR-US: CAT-QuickHeal
CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...)
	NOT-FOR-US: Solaris Management Console
CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...)
	NOT-FOR-US: Comersus BackOffice
CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3,  ...)
	NOT-FOR-US: AIX
CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote at ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1 ...)
	NOT-FOR-US: oaboard
CVE-2005-3393 (Format string vulnerability in the foreign_option function in options. ...)
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #336751; medium)
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual  ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354681; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: According to CVE, this is a safe mode violation,
	NOTE: therefore low impact. (According to SuSE, it's an
	NOTE: information leak.)
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354678; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5 ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354680; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (Operation with register_globals not supported)
	NOTE: http://www.hardened-php.net/advisory_202005.79.html
	NOTE: http://www.hardened-php.net/globals-problem
CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, whe ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354690; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
	NOTE: http://www.hardened-php.net/advisory_192005.78.html
CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ...)
	{CVE-2002-1954}
	- php4 4:4.4.2-1 (bug #336645; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (not worth an update)
	NOTE: http://www.hardened-php.net/advisory_182005.77.html
	NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue
CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, wh ...)
	- ntop <not-affected> (Red Hat specific packaging flaw)
CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script allo ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script allow ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script allows  ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script allow ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine al ...)
	NOT-FOR-US: Sophos
CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus (UNA) 1. ...)
	NOT-FOR-US: Ukranian National Antivirus
CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01 allows re ...)
	NOT-FOR-US: Panda Titanium
CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1 ...)
	NOT-FOR-US: Trend Micro
CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02 engine a ...)
	NOT-FOR-US: Norman
CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security Suite 7. ...)
	NOT-FOR-US: McAfee
CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote attac ...)
	NOT-FOR-US: Kaspersky
CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows remote att ...)
	NOT-FOR-US: Ikarus
CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote attackers  ...)
	NOT-FOR-US: F-Prot
CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote attackers  ...)
	NOT-FOR-US: Dr. Web
CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 eng ...)
	NOT-FOR-US: eTrust
CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote attackers ...)
	NOT-FOR-US: AVG
CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allow ...)
	NOT-FOR-US: ArcaVir
CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module (info_db. ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog ...)
	NOT-FOR-US: SparkleBlog
CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 t ...)
	NOT-FOR-US: PHP iCalendar
CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier all ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow remote atta ...)
	NOT-FOR-US: DboardGear
CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1  ...)
	NOT-FOR-US: saphp Lesson
CVE-2005-3362
	REJECTED
CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuk ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...)
	NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005
CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...)
	{DSA-1103}
	- linux-2.6 2.6.14
CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ser ...)
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost  ...)
	- apache2 2.0.55-4 (bug #351246; low)
	[sarge] - apache2 2.0.54-5sarge2
CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations,  ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unkn ...)
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in ldif.c of ...)
	{DSA-908-1 DSA-906-1}
	- sylpheed 2.0.4-1 (bug #338434; medium)
	- sylpheed-gtk1 1.0.6-1 (medium)
	- sylpheed-claws 1.0.5-2 (bug #338436; medium)
	- sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium)
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 all ...)
	{DSA-1206-1}
	- php4 4:4.4.2-1 (bug #339577; medium)
	- php5 5.1.1-1 (bug #336654; medium)
CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of Apa ...)
	{DSA-1167-1}
	- apache 1.3.34-2 (bug #343466; low)
	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
	[sarge] - apache2 2.0.54-5sarge2
	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
	NOTE: Means oldstable and stable are affected
CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e- ...)
	- spamassassin 3.1.0a-1 (bug #339526; low)
	[sarge] - spamassassin <no-dsa> (DoS affects only a single message)
	[woody] - spamassassin <no-dsa> (DoS affects only a single message)
CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and p ...)
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; high)
	- giflib 4.1.4-1 (bug #395382)
CVE-2005-3349 (GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitr ...)
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3348 (HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 a ...)
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3347 (Multiple directory traversal vulnerabilities in index.php in phpSysInf ...)
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3346 (Buffer overflow in the environment variable substitution code in main. ...)
	{DSA-918-1}
	- osh 1.7-15 (bug #338312; bug #323424; bug #323482; bug #311369; medium)
CVE-2005-3345 (rssh 2.0.0 through 2.2.3 allows local users to bypass access restricti ...)
	- rssh 2.3.0-1 (bug #344395; bug #344424)
	[sarge] - rssh 2.2.3-1.sarge.1
	NOTE: Update was introduced through s-p-u, not a DSA
CVE-2005-3344 (The default installation of Horde 3.0.4 contains an administrative acc ...)
	{DSA-884-1}
	- horde3 3.0.5-2 (bug #332290; bug #332289; medium)
CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary files vi ...)
	{DSA-927-1}
	- tkdiff 1:4.0.2-2 (low)
CVE-2005-3342 (noweb 2.10c and earlier allows local users to overwrite arbitrary file ...)
	{DSA-968-1}
	- noweb 2.10c-3.2 (low)
CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earli ...)
	{DSA-941-1}
	- tuxpaint 1:0.9.15b-1 (low)
CVE-2005-XXXX [ntop format string vulnerability]
	- ntop 3:4.0.3+dfsg1-1 (bug #335996; unimportant)
	NOTE: Not exploitable
CVE-2005-3341 (DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users  ...)
	{DSA-928-1}
	- dhis-tools-dns 5.0-5
CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which h ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682)
CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using reminder ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0 ...)
	NOTE: This is a duplicate of CVE-2005-3091 (first issue) and CVE-2005-2557 (second
	NOTE: issue). This will be rejected.
CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remot ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (high)
CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php  ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #335938; medium)
CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9. ...)
	{DSA-953-1}
	- flyspray 0.9.8-4 (bug #335997; low)
	NOTE: Sarge is confirmed vulnerable
CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...)
	NOT-FOR-US: eBASEweb
CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in Belch ...)
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary file ...)
	- mgdiff 1.0-28 (bug #335188; unimportant)
CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products such as  ...)
	- wordpress <not-affected> (bug #335817; unimportant)
	NOTE: Upstream claims the modified Snoopy class is secure
CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent f ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 t ...)
	NOT-FOR-US: PunBB
CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators t ...)
	NOT-FOR-US: Data ONTAP
CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) al ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3325 (Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Ana ...)
	{DSA-893-1}
	- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
	NOTE: the fix from 1.2-2 did not address the problem fully
	- acidlab 0.9.6b20-13
CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote at ...)
	NOT-FOR-US: MWChat
CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows re ...)
	{DSA-910-1}
	- zope2.8 2.8.1-7 (bug #334055; bug #334054; high)
	- zope2.7 2.7.8-1 (bug #334055; bug #334054; high)
CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote att ...)
	- squid <not-affected>
	NOTE: see bug #334882 for details
CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify pe ...)
	NOT-FOR-US: SuSE-specific tool
CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pr ...)
	NOT-FOR-US: SiteTurn Domain Manager
CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php ...)
	- php4 4:4.4.2-1 (bug #336004; bug #354684; low)
	- php5 5.1.1-1 (bug #336005; low)
	[sarge] - php4 <not-affected>
	NOTE: can't reproduce, error may not be present in 4.3.
	NOTE: tentatively marking as not-affected in sarge.
CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib (chml ...)
	{DSA-886-1}
	- chmlib 0.37-1 (bug #335931; medium)
CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2 ...)
	NOT-FOR-US: ZipGenius
CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...)
	NOT-FOR-US: Symantec Discovery
CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch Manage ...)
	NOT-FOR-US: Novell ZENworks
CVE-2005-3314 (Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 ...)
	NOT-FOR-US: Novell Netmail
CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...)
	[woody] - ethereal <not-affected> (Only affects version 0.10.13)
	[sarge] - ethereal <not-affected> (Only affects version 0.10.13)
	- ethereal 0.10.14-1 (medium)
CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other platform ...)
	NOT-FOR-US: BMC Software Control-M
CVE-2005-3310 (Interpretation conflict in phpBB 2.0.17, with remote avatars and avata ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #335662; low)
CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote att ...)
	NOT-FOR-US: Zomplog
CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 all ...)
	NOT-FOR-US: Zomplog
CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allo ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote  ...)
	NOT-FOR-US: Nuked Klan
CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote at ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3303 (The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87  ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (high)
CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
	- linux-2.6 2.6.12-2
	[sarge] - kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected>
	NOTE: http://kernel.suse.com/cgit/kernel/commit/?h=v2.6.12.5&id=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
	- thttpd 2.23beta1-4 (low)
	[sarge] - thttpd <no-dsa> (Minor issue in addon package)
CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for phpMyAdmi ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high)
CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...)
	- phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high)
	[sarge] - phpmyadmin <not-affected> (Not affected according to maintainer; #333433)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-4/
CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote att ...)
	NOT-FOR-US: OpenWBEM
CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote at ...)
	NOT-FOR-US: OpenWBEM
CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote att ...)
	NOT-FOR-US: HP-UX
CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...)
	NOT-FOR-US: HP-UX
CVE-2005-3294 (Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows  ...)
	NOT-FOR-US: Typsoft FTP Server
CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of scrip ...)
	NOT-FOR-US: Xerver
CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 al ...)
	NOT-FOR-US: Xeobook
CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with world-writable per ...)
	- spe <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows rem ...)
	NOT-FOR-US: Accelerated Mortgage manager
CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...)
	NOT-FOR-US: AIX
CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files w ...)
	NOT-FOR-US: Mailsite Express
CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote a ...)
	NOT-FOR-US: Mailsite Express
CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1. ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in comersus_backoffice_search ...)
	NOT-FOR-US: Comersus Backoffice Plus
CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0 ...)
	NOT-FOR-US: AhnLab
CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 al ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Splatt Forum
CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 al ...)
	NOT-FOR-US: PHP-Nuke addon
CVE-2005-3280 (Paros 3.2.5 uses a default password for the "sa" account in the underl ...)
	NOT-FOR-US: Paros
CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...)
	- bmv 1.2-18 (bug #335497; unimportant)
	NOTE: Vulnerable code not activated in binary package
CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan Kybi ...)
	{DSA-981-1}
	- bmv 1.2-18 (bug #335497; medium)
	NOTE: Sarge and Woody are affected (and the patch applied to fix this in unstable works on both of them, an easy DSA)
CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote a ...)
	NOT-FOR-US: HP-UX
CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
	- adduser 3.77 (bug #331720; low)
	[sarge] - adduser <no-dsa> (Very minimal security ramifications, admin's reponsibility)
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
	- pavuk 0.9.33-1 (bug #264684; high)
	NOTE: second hole mentioned in bug report
CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows remo ...)
	{DSA-934-1}
	- pound 1.9.4-1 (low)
	NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before 2.6. ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-2
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linu ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.13-1 (low)
	- kernel-source-2.4.27 2.4.27-11 (low)
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4  ...)
	{DSA-922-1}
	- linux-2.6 2.6.13-1 (low)
CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source En ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the bridg ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in multi ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec No ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3269 (Stack-based buffer overflow in help.cgi in the HTTP administrative int ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and  ...)
	- yiff 2.14.2-8 (bug #334616; low)
	[sarge] - yiff <no-dsa> (Only a minor privacy leak)
CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows, before 1. ...)
	NOT-FOR-US: Skype
CVE-2005-3266
	REJECTED
CVE-2005-3265 (Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows r ...)
	NOT-FOR-US: Skype
CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1. ...)
	NOT-FOR-US: Zeroblog
CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 thro ...)
	NOT-FOR-US: WinRAR
CVE-2005-3262 (Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows  ...)
	NOT-FOR-US: WinRAR
CVE-2005-3261 (getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the ve ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3260 (Multiple cross-site scripting (XSS) vulnerabilities in versatileBullet ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ear ...)
	- squid <not-affected> (bug #334882; medium)
	NOTE: Bug was introduced in a patch to squid-2.5.STABLE10,
	NOTE: this patch was never applied to the Debian package.
CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly s ...)
	{DSA-889-1}
	- enigmail 2:0.93-1 (bug #335731; medium)
CVE-2005-3253 (Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5 ...)
	NOT-FOR-US: Avaya Wireless Access Points
CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for  ...)
	- snort <not-affected> (Vulnerable code was introduced later, see bug #334606)
CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...)
	- gallery2 2.0.1-1 (medium)
CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a deni ...)
	NOT-FOR-US: Solaris
CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0 ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause  ...)
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	[sarge] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.14 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3  ...)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attacker ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.3 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow  ...)
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The SLIMP3 issue affects Woody/Sarge, the AgentX issue only Sarge
CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.7 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote  ...)
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-assisted att ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option  ...)
	NOT-FOR-US: Solaris
CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibl ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (bug #334113; medium)
CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote  ...)
	NOT-FOR-US: Cyphor
CVE-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote att ...)
	NOT-FOR-US: Cyphor
CVE-2005-3235 (Multiple interpretation error in unspecified versions of Proland Prote ...)
	NOT-FOR-US: Proland Protector Plus
CVE-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG A ...)
	NOT-FOR-US: Grisoft AVG Antivirus
CVE-2005-3233 (Multiple interpretation error in unspecified versions of Trustix Antiv ...)
	NOT-FOR-US: Trustix Antivirus
CVE-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker all ...)
	NOT-FOR-US: TheHacker
CVE-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick Hea ...)
	NOT-FOR-US: CAT Quick Heal
CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda Antivir ...)
	NOT-FOR-US: Panda Antivirus
CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV Antivi ...)
	- clamav <not-affected> (predates any supported Debian release)
	NOTE: Should rather be fixed in the buggy (fringe, proprietary) RAR unpackers
CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus AntiVi ...)
	NOT-FOR-US: Ikarus Antivirus
CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...)
	NOT-FOR-US: UNA Antivirus
CVE-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir Antiv ...)
	NOT-FOR-US: ArcaVir
CVE-2005-3225 (Multiple interpretation error in unspecified versions of (1) eTrust-Ir ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir Antiv ...)
	NOT-FOR-US: AntiVir
CVE-2005-3223 (Multiple interpretation error in unspecified versions of Rising Antivi ...)
	NOT-FOR-US: Rising Antivirus
CVE-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 Antivir ...)
	NOT-FOR-US: VBA32 Antivirus
CVE-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet Anti ...)
	NOT-FOR-US: Fortinet Antivirus
CVE-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus  ...)
	NOT-FOR-US: Norman Antivirus
CVE-2005-3219 (Multiple interpretation error in unspecified versions of Avira Antivir ...)
	NOT-FOR-US: Avira Antivirus
CVE-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web Antivi ...)
	NOT-FOR-US: Dr. Web Antivirus
CVE-2005-3217 (Multiple interpretation error in unspecified versions of Symantec Anti ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3216 (Multiple interpretation error in unspecified versions of Sophos Antivi ...)
	NOT-FOR-US: Sophos Antivirus
CVE-2005-3215 (Multiple interpretation error in unspecified versions of McAfee Antivi ...)
	NOT-FOR-US: McAfee Antivirus
CVE-2005-3214 (Multiple interpretation error in unspecified versions of Avast Antivir ...)
	NOT-FOR-US: Avast Antovirus
CVE-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot Antivi ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 Antivir ...)
	NOT-FOR-US: NOD32 Antivirus
CVE-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender A ...)
	NOT-FOR-US: BitDefender Antivirus
CVE-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky Ant ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store p ...)
	NOT-FOR-US: aeNovo apps
CVE-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop a ...)
	NOT-FOR-US: aeNovo apps
CVE-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 al ...)
	NOT-FOR-US: Oracle
CVE-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Or ...)
	NOT-FOR-US: Oracle
CVE-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows  ...)
	NOT-FOR-US: Oracle
CVE-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 s ...)
	NOT-FOR-US: Oracle
CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB  ...)
	NOT-FOR-US: Oracle
CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1. ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...)
	NOT-FOR-US: aspReady
CVE-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to dis ...)
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Fire ...)
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a defau ...)
	NOT-FOR-US: Planet Technology switch
CVE-2005-3195
	REJECTED
CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
	NOT-FOR-US: ALZip
CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function i ...)
	{DSA-984-1 DSA-982-1 DSA-979-1 DSA-961-1 DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice <not-affected> (Vulnerable xpdf code not contained)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- cups 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.0 ...)
	{DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.3-2 (bug #342288; medium)
	NOTE: Intial poppler patch in 0.4.2-1.1 was incomplete
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- cups 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) DCTStream::readProgres ...)
	{DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- pdfkit.framework 0.8-4
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cups 1.1.23-13 (unimportant)
	- cupsys 1.1.23-13 (unimportant)
CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 befor ...)
	NOT-FOR-US: iGateway
CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server al ...)
	NOT-FOR-US: Qualcomm WorldMail IMAP Server
CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to ex ...)
	NOT-FOR-US: Winamp
CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a al ...)
	NOT-FOR-US: WinProxy
CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...)
	{DSA-913-1 DSA-911-1}
	- gtk+2.0 2.6.10-2 (bug #339431; medium)
	- gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium)
CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service L ...)
	[woody] - ethereal <not-affected> (Affects only Ethereal 0.10.10 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-lib ...)
	- w3c-libwww 5.4.0-11 (bug #334443; low)
	[sarge] - w3c-libwww <no-dsa> (Minor DoS)
CVE-2005-3182 (Buffer overflow in the HTTP management interface for GFI MailSecurity  ...)
	NOT-FOR-US: GFI MailSecurity
CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
	- xscreensaver 4.23-2 (bug #334193; low)
	[sarge] - xscreensaver <no-dsa> (Unproblematic for users running stable)
CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
	{DSA-919-2}
	- wget 1.10.2-1 (medium)
	[sarge] - wget <not-affected> (Does not contain NTML authentication code)
	[woody] - wget <not-affected> (Does not contain NTML authentication code)
	- curl 7.15.0-1 (bug #333734; medium)
CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows re ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (bug #333566; medium)
CVE-2005-3181 (The audit system in Linux kernel 2.6.6, and other versions before 2.6. ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
	- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL)
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
	- php5 5.0.5-2 (unimportant)
	- php4 4:4.4.0-3 (unimportant)
	NOTE: Safe mode violations not supported
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in request_key_au ...)
	- linux-2.6 2.6.13-2 (low)
	- kernel-source-2.4.27 <not-affected>
	NOTE: 2.6.12 itself not affected, fixed in SVN
CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs w ...)
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow us ...)
	{DSA-859-1 DSA-858-1}
	- xloadimage 4.1-15 (bug #332524; medium)
	- xli 1.17.0-20 (medium)
	NOTE: xli couldn't load the provided test images when I checked?
CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 allows a ...)
	{DSA-1039-1}
	- blender 2.37a-1 (bug #330895; medium)
	[woody] - blender <not-affected> (Woody's blender does not contain the bvh_import.py script)
CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record  ...)
	NOT-FOR-US: Microsoft
CVE-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local a ...)
	NOT-FOR-US: Microsoft
CVE-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to  ...)
	NOT-FOR-US: Microsoft
CVE-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply g ...)
	NOT-FOR-US: Microsoft
CVE-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before Upda ...)
	NOT-FOR-US: Microsoft
CVE-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...)
	NOT-FOR-US: Microsoft
CVE-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for S ...)
	NOT-FOR-US: Microsoft
CVE-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit ...)
	NOT-FOR-US: Microsoft
CVE-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 f ...)
	NOT-FOR-US: Microsoft
CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...)
	- mediawiki 1.4.11-1 (bug #332408; medium)
CVE-2005-3166 (Unspecified vulnerability in "edit submission handling" for MediaWiki  ...)
	- mediawiki 1.4.11-1 (bug #332408)
CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki befor ...)
	- mediawiki 1.4.9
CVE-2005-3164 (The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 throu ...)
	NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
	- polipo 0.9.9-1 (bug #332411; low)
	[sarge] - polipo <no-dsa> (Minor issue)
CVE-2005-3162
	REJECTED
CVE-2005-3161 (Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 a ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusi ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows remot ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 all ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy  ...)
	NOT-FOR-US: EasyGuppy
CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and P ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2005-3154 (Format string vulnerability in the logging functionality in BitDefende ...)
	NOT-FOR-US: Bitdefender Antivirus
CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers  ...)
	NOT-FOR-US: MyBloggie
CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3  ...)
	NOT-FOR-US: CubeCart
CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows attacker ...)
	- blender <unfixed> (bug #332413; unimportant)
	NOTE: To exploit this an attacker would need to trick a user into opening a file
	NOTE: with a very suspicious file, no automatic processing of Blender files
	NOTE: This might even be fixed in 2.42
CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...)
	{DSA-855-1}
	- weex 2.6.1-6sarge1 (bug #332424; medium)
CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handl ...)
	{DSA-895-1 DTSA-22-1}
	- uim 1:0.4.7-2 (bug #331620; medium)
CVE-2005-3148 (StoreBackup before 1.19 does not properly set the uid and guid for sym ...)
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434)
CVE-2005-3147 (StoreBackup before 1.19 creates the backup root with world-readable pe ...)
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434; medium)
CVE-2005-3146 (StoreBackup before 1.19 allows local users to perform unauthorized ope ...)
	{DSA-1022-1}
	- storebackup 1.19-2 (bug #332434; medium)
	NOTE: The upstream fix only mitigated the issue, but didn't fix it
CVE-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ca ...)
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ca ...)
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before  ...)
	NOT-FOR-US: Mailbox Server for 4D WebStar
CVE-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kasper ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions send ...)
	NOT-FOR-US: Procom NetFORCE
CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow  ...)
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...)
	NOT-FOR-US: Virtools Web Player
CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows re ...)
	NOT-FOR-US: Virtools Web Player
CVE-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attacke ...)
	NOT-FOR-US: Citrix
CVE-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2. ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ear ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Serv ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...)
	NOT-FOR-US: lucidCMS
CVE-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 a ...)
	- serendipity 1.0-1
CVE-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add Plu ...)
	NOT-FOR-US: Address Add Plugin for Squirrelmail
CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0. ...)
	NOT-FOR-US: lucidCMS
CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scri ...)
	{DSA-945-1}
	- antiword 0.35-2 (low)
CVE-2005-3125
	REJECTED
CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to write ar ...)
	{DSA-883-1}
	- thttpd 2.23beta1-4
CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remot ...)
	{DSA-877-1}
	- gnump3d 2.9.6-1 (medium)
CVE-2005-3122
	REJECTED
CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file  ...)
	{DSA-867-1}
	- module-assistant 0.9.10
CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and e ...)
	{DSA-1085-1 DSA-876-1 DSA-874-1}
	- lynx 2.8.5-2sarge1 (bug #335033; high)
	- lynx-cur 2.8.6-16 (bug #334423; high)
	- lynx-ssl <removed>
CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user use ...)
	{DSA-845-1}
	- mason 1.0.0-3
CVE-2005-3117
	REJECTED
CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume  ...)
	NOT-FOR-US: VERITAS Backup
CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...)
	NOT-FOR-US: mpeg-tools
CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger (NateonDow ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) a ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-3112 (The "reset password" feature in Macromedia Breeze 5.0 stores passwords ...)
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cau ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to  ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping v ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito  ...)
	{DSA-922-1}
	- kernel-source-2.4.27 <unfixed> (bug #332569; unimportant)
	NOTE: Montecito CPUs are not available on the market yet
	- linux-2.6 2.6.12-1
CVE-2005-XXXX [Minor local DoS as libldap]
	- openldap 2.4.13 (bug #253838; low)
	- openldap2.3 <removed>
	[lenny] - openldap <no-dsa> (Minor issue)
	[etch] - openldap2.3 <no-dsa> (Minor issue)
CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
	- mpack 1.6-1 (bug #216566)
CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
	- coreutils 5.93-1 (bug #306076; low)
	[sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
	[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-XXXX [tar's rmt command may have undesired side effects]
	- tar <unfixed> (bug #290435; unimportant)
	[sarge] - tar <no-dsa> (Hardly exploitable)
CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact  ...)
	- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
	- hdup 2.0.14-2 (bug #302790; low)
	NOTE: Minor issue, workaround and patch documented since version above
	[sarge] - hdup <no-dsa> (Mostly a design limitation, very limited security implications)
CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
	- findutils 4.2.22-1 (bug #313081)
	[woody] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
	[sarge] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earli ...)
	{DSA-847-1}
	- dia 0.94.0-15 (bug #330890; medium)
CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
	- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
CVE-2005-XXXX [Heap overflow in libosip URI parsing]
	- libosip2 2.0.9-1 (bug #308737)
CVE-2005-XXXX [rkhunter: Insecure temporary file]
	- rkhunter 1.2.7-14 (bug #330627; medium)
CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to redirec ...)
	NOT-FOR-US: Movable Type
CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 al ...)
	NOT-FOR-US: Movable Type
CVE-2005-3102 (The administrative interface in Movable Type allows attackers to uploa ...)
	NOT-FOR-US: Movable Type
CVE-2005-3101 (The password reset feature in Movable Type before 3.2 generates differ ...)
	NOT-FOR-US: Movable Type
CVE-2005-3100 (Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4 ...)
	NOT-FOR-US: Astato Security Linux
CVE-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Sol ...)
	NOT-FOR-US: Solaris
CVE-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitr ...)
	- qpopper <not-affected> (bug #330123; Vulnerable code not shipped in binary)
CVE-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka c ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote at ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of servi ...)
	NOT-FOR-US: Nokia cell phones
CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allo ...)
	NOT-FOR-US: Image-Line Software FL Studio
CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 all ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php i ...)
	- mantis 0.19.2-4 (bug #330682; medium)
CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) vi ...)
	- mozilla-firefox 1.0.7-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 create ...)
	{DSA-900-3}
	- fetchmail 6.2.5.4-1 (bug #336096; low)
CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary fil ...)
	{DSA-827-1}
	- backupninja 0.8-2 (medium)
CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
	- microcode.ctl 0.20080131-1 (bug #282583; unimportant)
	NOTE: The validity of the microcode is ensure inside the CPU
CVE-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...)
	NOT-FOR-US: SecureW2 TLS
CVE-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ 3. ...)
	NOT-FOR-US: contentSrv
CVE-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Rive ...)
	NOT-FOR-US: Riverdark Studios RSS Syndicator
CVE-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2 ...)
	NOT-FOR-US: Sony PSP
CVE-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simp ...)
	NOT-FOR-US: CMS Made Simple
CVE-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows rem ...)
	NOT-FOR-US: SEO-Board
CVE-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary c ...)
	{DSA-1006-1}
	- wzdftpd 0.5.5-1 (high)
CVE-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...)
	NOT-FOR-US: GeSHi
CVE-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform "code inclusion" ...)
	NOT-FOR-US: PunBB
CVE-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows  ...)
	NOT-FOR-US: PunBB
CVE-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers t ...)
	NOT-FOR-US: Microsoft
CVE-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL co ...)
	NOT-FOR-US: Simplog
CVE-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote attack ...)
	NOT-FOR-US: Zengaia
CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and be ...)
	NOT-FOR-US: RSyslog
CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...)
	- interchange 5.2.1-1 (bug #329705)
CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange  ...)
	- interchange 5.2.1-1 (bug #329705; medium)
CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the U ...)
	- hylafax 1:4.2.2+rc1 (bug #329384; unimportant)
	NOTE: This was judged non-exploitable
CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwr ...)
	{DSA-865-1}
	- hylafax 1:4.2.2+rc1 (bug #329384; low)
CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ( ...)
	{DSA-869-1}
	- eric 3.7.2-1 (bug #330608; medium)
CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...)
	NOT-FOR-US: PerlDiver
CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver  ...)
	NOT-FOR-US: PerlDiver
CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to caus ...)
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...)
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...)
	NOT-FOR-US: MailGust
CVE-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft E-F ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9. ...)
	NOT-FOR-US: PowerArchiver
CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
	- distcc 2.18.3-3 (bug #298929; low)
	[sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...)
	NOT-FOR-US: AIX
CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Window ...)
	NOT-FOR-US: Opera
CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8 ...)
	NOT-FOR-US: FortiGate
CVE-2005-3057 (The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, ...)
	NOT-FOR-US: FortiGate
CVE-2005-3056 (TWiki allows arbitrary shell command execution via the Include functio ...)
	- twiki 20040902-2 (bug #330733; high)
CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial  ...)
	{DSA-1017-1}
	- linux-2.6 2.6.14-1 (bug #330287; bug #332587; medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not p ...)
	- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
	- php5 5.0.5-2 (bug #353585; medium)
	[sarge] - php4 <no-dsa> (open_basedir violations not supported)
CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x al ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 al ...)
	NOT-FOR-US: jportal
CVE-2005-3051 (Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7- ...)
	NOT-FOR-US: 7-Zip
CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with insu ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allow ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1  ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows r ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and 1 ...)
	NOT-FOR-US: My Little Forum
CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [Insecure pidfile handling in mailleds]
	- mailleds 0.93-11.1 (bug #329365; low)
	[sarge] - mailleds <no-dsa> (Hardly exploitable)
CVE-2005-XXXX [kdebase uses urandom as an entropy source]
	- kdebase <unfixed> (bug #325369; unimportant)
	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
	NOTE: on Linux urandom should provide sufficient entropy
CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attac ...)
	- linux-2.6 2.6.12-7 (low)
CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows  ...)
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "ful ...)
	- webmin 1.230-1 (high; bug #329741)
	[sarge] - webmin <not-affected> (Vulnerable code not present, see #329741)
	- usermin 1.160-1 (high; bug #329742)
	NOTE: SNS Advisory 83, http://marc.info:80/?m=112733083203821
CVE-2005-3041 (Unspecified "drag-and-drop vulnerability" in Opera Web Browser before  ...)
	NOT-FOR-US: Opera
CVE-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll)  ...)
	NOT-FOR-US: TAC Vista
CVE-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...)
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4  ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server  ...)
	NOT-FOR-US: Handy Address Book Server
CVE-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in p ...)
	NOT-FOR-US: File Transfer Anywhere
CVE-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to  ...)
	NOT-FOR-US: vxWeb - WinCE software
CVE-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute a ...)
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3030 (Directory traversal vulnerability in the archive decompression library ...)
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 V ...)
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3028
	REJECTED
CVE-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which a ...)
	NOT-FOR-US: Sybari Antigen anti spam solution
CVE-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro  ...)
	NOT-FOR-US: Epay Pro
CVE-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...)
	NOT-FOR-US: vBulletin
CVE-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier  ...)
	NOT-FOR-US: vBulletin
CVE-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...)
	NOT-FOR-US: vBulletin
CVE-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier  ...)
	NOT-FOR-US: vBulletin
CVE-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with  ...)
	NOT-FOR-US: vBulletin
CVE-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin befor ...)
	NOT-FOR-US: vBulletin
CVE-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...)
	NOT-FOR-US: vBulletin
CVE-2005-3018 (Apple Safari allows remote attackers to cause a denial of service (app ...)
	NOT-FOR-US: Safari
CVE-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 all ...)
	NOT-FOR-US: Content2Web
CVE-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 all ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows r ...)
	NOT-FOR-US: Ensim webppliance
CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE ...)
	NOT-FOR-US: YaST
CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for SimpleC ...)
	NOT-FOR-US: SimpleCDR-X
CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier allo ...)
	{DSA-1219}
	- texinfo 4.8-1 (bug #328365; low)
	[sarge] - texinfo <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-3010 (Direct static code injection vulnerability in the flood protection fea ...)
	NOT-FOR-US: CuteNews
CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote att ...)
	NOT-FOR-US: CuteNews
CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via  ...)
	NOT-FOR-US: Tofu
CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
	NOT-FOR-US: Opera
CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the use ...)
	NOT-FOR-US: Opera
CVE-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: Helpdesk Software Hesk
CVE-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote at ...)
	NOT-FOR-US: Interakt MX Shop
CVE-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release 1 ...)
	NOT-FOR-US: NooTopList
CVE-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ca ...)
	NOT-FOR-US: Multi-Computer Control System
CVE-2005-3001 (Unspecified vulnerability in the "tl" driver in Solaris 10 allows loca ...)
	NOT-FOR-US: Solaris
CVE-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain s ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the admi ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer  ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM s ...)
	NOT-FOR-US: VERITAS storage solutions
CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read sensiti ...)
	- bacula 1.38.9-1 (bug #329271; low)
	NOTE: Sarge affected, didn't exist in Woody
CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ClearQues ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4 ...)
	NOT-FOR-US: HP Tru64
CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary  ...)
	- ncompress <not-affected> (bug #329052; unimportant)
	NOTE: see bug close message,  Debian's ncompress doesn't expose affected scripts
CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files  ...)
	{DSA-843-1}
	- arc 5.21m-1 (low)
CVE-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores sens ...)
	NOT-FOR-US: LineControl Java Client
CVE-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...)
	NOT-FOR-US: DeluxeBB
CVE-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect contr ...)
	NOT-FOR-US: HP printers
CVE-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows  ...)
	NOT-FOR-US: Digital Scribe
CVE-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusB ...)
	NOT-FOR-US: AhnLab antivirus and related products
CVE-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks aeDatin ...)
	NOT-FOR-US: aeDating script
CVE-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote  ...)
	NOT-FOR-US: Avocent hardware issue
CVE-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical Referen ...)
	NOT-FOR-US: Oracle
CVE-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allow ...)
	NOT-FOR-US: CompaqHTTPServer
CVE-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allo ...)
	NOT-FOR-US: Orion
CVE-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcin ...)
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's clas ...)
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses un ...)
	{DSA-878-1}
	- netpbm-free 2:10.0-10
CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to perfor ...)
	- pam 0.99.7.1-2 (bug #336344; low)
	[etch] - pam 0.79-5
	[sarge] - pam <not-affected> (Does not contain SELinux support)
	[woody] - pam <not-affected> (Does not contain SELinux support)
CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...)
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
	- gtk+2.0 2.6.10-2
CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before  ...)
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; low)
	- gtk+2.0 2.6.10-2 (bug #339431; low)
CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of se ...)
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; unimportant)
	- giflib 4.1.4-1 (bug #395382; unimportant)
	NOTE: Just a bug, hardly security implications
CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5,  ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in Abi ...)
	{DSA-894-1}
	- abiword 2.4.1-1 (bug #333740; medium)
CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...)
	{DSA-872-1}
	- koffice 1:1.3.5-5 (bug #333497; medium)
CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain circ ...)
	- apache2 2.0.55-1 (bug #340337; low)
	[sarge] - apache2 2.0.54-5sarge2
	NOTE: this occurs in the binary package apache2-mpm-worker
CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0 ...)
	{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
	- openssl 0.9.8-3 (bug #333500; low)
	- openssl097 0.9.7g-5 (bug #333500; low)
	- openssl094 <removed>
	- openssl095 <removed>
	- openssl096 <removed>
CVE-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
	{DSA-868-1}
	- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high)
CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...)
	{DSA-863-1}
	- xine-lib 1.0.1-1.4 (bug #332919; bug #333682; medium)
CVE-2005-2965
	REJECTED
CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers  ...)
	{DSA-894-1}
	- abiword 2.2.10-1 (bug #329839; medium)
CVE-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with Aut ...)
	{DSA-844-1}
	- mod-auth-shadow 1.4-2 (bug #323789; medium)
CVE-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets world-reada ...)
	{DSA-830-1}
	- ntlmaps 0.9.9-4
CVE-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4  ...)
	{DSA-834-1}
	NOTE: prozilla is not in sarge or etch
CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary fi ...)
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-2959 (Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows lo ...)
	{DSA-870-1}
	- sudo 1.6.8p9-3 (medium)
CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access librar ...)
	{DSA-871-1}
	- libgda2 1.2.2-1 (medium)
CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 wi ...)
	NOT-FOR-US: AVIRA Desktop
CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores temporary chat log ...)
	NOT-FOR-US: ATutor
CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...)
	NOT-FOR-US: ATutor
CVE-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before  ...)
	NOT-FOR-US: ATutor
CVE-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merch ...)
	NOT-FOR-US: MIVA Merchant
CVE-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09 ...)
	NOT-FOR-US: Subscribe Me Pro
CVE-2005-2951 (Directory traversal vulnerability in security.inc.php in AzDGDatingLit ...)
	NOT-FOR-US: AzDGDating lite
CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1. ...)
	NOT-FOR-US: Sawmill
CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes betwe ...)
	NOT-FOR-US: pam_per_user (not in Debian)
CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list re ...)
	NOT-FOR-US: KillProcess
CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted a ...)
	NOT-FOR-US: KillProcess
CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for creatin ...)
	- openssl 0.9.8-1 (bug #314465; unimportant)
	NOTE: MD5 is still good enough for most applications, second preimage attacks
	NOTE: haven't been presented yet
CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center (gw ...)
	NOT-FOR-US: GNOME Workstation Command Center
CVE-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows re ...)
	{DSA-902-1}
	- xmail 1.22-1 (bug #333863; medium)
CVE-2005-2942
	REJECTED
CVE-2005-2941
	RESERVED
CVE-2005-2940 (Unquoted Windows search path vulnerability in Microsoft Antispyware 1. ...)
	NOT-FOR-US: Microsoft Antispyware
CVE-2005-2939 (Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 ...)
	NOT-FOR-US: VMWare
CVE-2005-2938 (Unquoted Windows search path vulnerability in iTunesHelper.exe in iTun ...)
	NOT-FOR-US: iTunes
CVE-2005-2937
	REJECTED
CVE-2005-2936 (Unquoted Windows search path vulnerability in RealNetworks RealPlayer  ...)
	NOT-FOR-US: Real Player
CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft AntiSpyware mi ...)
	NOT-FOR-US: Microsoft AntiSpyware
CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 al ...)
	NOT-FOR-US: SCO
CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c fo ...)
	{DSA-861-1}
	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
	- pine 4.64-1 (medium; bug #348407)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	[sarge] - pine <no-dsa> (pine is non-free; doesn't permit distribution of modified binaries)
CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, incl ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm
CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 i ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attac ...)
	- lynx <not-affected> (Debian's default config is not vulnerable)
CVE-2005-2928
	RESERVED
CVE-2005-2927 (Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, an ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-2926 (Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Open ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...)
	NOT-FOR-US: IRIX
CVE-2005-2924
	RESERVED
CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ( ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple RealNetw ...)
	- helix-player 1.0.7-1 (bug #358754; medium)
CVE-2005-2921
	RESERVED
CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions be ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default con ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default con ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2913
	REJECTED
CVE-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2911
	RESERVED
CVE-2005-2910
	RESERVED
CVE-2005-2909
	RESERVED
CVE-2005-2908
	RESERVED
CVE-2005-2907
	RESERVED
CVE-2005-2906
	RESERVED
CVE-2005-2905
	RESERVED
CVE-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows remo ...)
	NOT-FOR-US: Zebedee
CVE-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 112 ...)
	NOT-FOR-US: NOD32 Anti virus
CVE-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows re ...)
	NOT-FOR-US: class-1 Forum
CVE-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0  ...)
	NOT-FOR-US: CjWeb2Mail
CVE-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 a ...)
	NOT-FOR-US: CjLinkOut
CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in  ...)
	NOT-FOR-US: CjTagBoard
CVE-2005-2898
	NOT-FOR-US: Filezilla
CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: WEB//NEWS
CVE-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers t ...)
	NOT-FOR-US: WEB//NEWS
CVE-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows re ...)
	NOT-FOR-US: PBLang
CVE-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in P ...)
	NOT-FOR-US: PBLang
CVE-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang  ...)
	NOT-FOR-US: PBLang
CVE-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...)
	NOT-FOR-US: PBLang
CVE-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marke ...)
	NOT-FOR-US: WebArchiveX
CVE-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to phy ...)
	NOT-FOR-US: SecureOL
CVE-2005-2889 (Check Point NGX R60 does not properly verify packets against the prede ...)
	NOT-FOR-US: Check Point
CVE-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Previ ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote att ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1 ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versi ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down Un ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2883
	REJECTED
CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCal ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3,  ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encry ...)
	NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect
CVE-2005-2945 (arc 5.21j and earlier create temporary files with world-readable permi ...)
	{DSA-843-1}
	- arc 5.21m-1 (bug #329053; low)
CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication,  ...)
	{DSA-828-1}
	- squid 2.5.10-7
	NOTE: Patch was added to -6, but not listed in dpatch's list of patches
CVE-2005-XXXX [user password file created by gajim is world-readable]
	- gajim 0.8.2-1 (bug #325080; low)
CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
	- zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
	[sarge] - zope2.7 <no-dsa> (Inside the responsibility of the admin)
CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
	- wine 0.0.20050830-1 (bug #327261; bug #327262; low)
	[sarge] - wine <no-dsa> (Minor issue)
CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0 ...)
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; bug #329280; medium)
CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote a ...)
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; medium)
CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlie ...)
	{DSA-822-1}
	- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local u ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (medium)
	- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is no amd64 for 2.4 in Sarge)
CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and earli ...)
	NOTE: proactively fixed by the robustness patch
	- twiki 20040902-2
CVE-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...)
	{DSA-825-1 DSA-823-1}
	- util-linux 2.12p-8 (bug #328141; bug #329063; medium)
	- loop-aes-utils 2.12p-9 (bug #328626; medium)
CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via p ...)
	{DSA-856-1}
	- py2play 0.1.8-1 (bug #326976; medium)
CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in  ...)
	- cups 1.1.23-1
	- cupsys 1.1.23-1
CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in Mozi ...)
	{DSA-868-1 DSA-866-1 DSA-837-1}
	- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium)
	- mozilla 2:1.7.12-1 (bug #327455; medium)
	- mozilla-thunderbird 1.0.7-1
	NOTE: epiphany-browser is apparently fixed fix the mozilla
	NOTE: upload; see bug #327366
CVE-2005-2930 (Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_l ...)
	{DSA-886-1}
	- chmlib 0.36-1 (bug #327431; medium)
CVE-2005-2802
	REJECTED
CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU Ma ...)
	{DSA-841-1 DTSA-20-1}
	- mailutils 1:0.6.90-3 (bug #327424; high)
CVE-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows remot ...)
	NOT-FOR-US: Solaris
CVE-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium)
CVE-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pr ...)
	NOT-FOR-US: ZipTorrent
CVE-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...)
	NOT-FOR-US: BlueWhaleCRM
CVE-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...)
	NOT-FOR-US: Mercora IMRadio
CVE-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3. ...)
	NOT-FOR-US: aMember Pro
CVE-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a sy ...)
	NOT-FOR-US: URBAN
CVE-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in Ope ...)
	NOT-FOR-US: OpenWebmail
CVE-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on  ...)
	NOT-FOR-US: ADSL hardware
CVE-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Editi ...)
	NOT-FOR-US: N-Stealth
CVE-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier all ...)
	- nikto 1.35-1.1 (bug #327339; medium)
CVE-2005-2859 (Savant Web Server stores user credentials in plaintext in the Savant\U ...)
	NOT-FOR-US: Savant Web Server
CVE-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7. ...)
	NOT-FOR-US: Rediff BOL)
CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an o ...)
	NOT-FOR-US: Free SMTP Server
CVE-2005-2856 (Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party comp ...)
	NOT-FOR-US: ALZip
CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5 ...)
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedba ...)
	NOT-FOR-US: thesitewizard.com chfeedback.pl
CVE-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a an ...)
	NOT-FOR-US: GuppY
CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5 ...)
	NOT-FOR-US: Novell Netware
CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read s ...)
	{DTSA-25-1}
	- smb4k 0.6.4-1 (bug #337471; medium)
	NOTE: fix in 0.6.3-1 was incomplete according to maintainer
CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service (cr ...)
	NOT-FOR-US: SlimFTPD
CVE-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running fi ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 a ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2005-2845 (Ariba Spend Management System sends the username and password to the s ...)
	NOT-FOR-US: Ariba Spend Management System
CVE-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows rem ...)
	NOT-FOR-US: Indiatimes Messenger
CVE-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and pas ...)
	NOT-FOR-US: Hesk
CVE-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4. ...)
	NOT-FOR-US: DameWare Mini
CVE-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...)
	NOT-FOR-US: IOS
CVE-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier h ...)
	NOT-FOR-US: MAXdev
CVE-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1 ...)
	NOT-FOR-US: MAXdev
CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and e ...)
	NOT-FOR-US: myBloggie
CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI  ...)
	NOT-FOR-US: WebGUI
CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a  ...)
	NOT-FOR-US: Phorum
CVE-2005-2835
	RESERVED
CVE-2005-2834
	RESERVED
CVE-2005-2833
	RESERVED
CVE-2005-2832
	RESERVED
CVE-2005-2831 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers t ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2830 (Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS prox ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2829 (Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2828
	RESERVED
CVE-2005-2827 (The thread termination routine in the kernel for Windows NT 4.0 and 20 ...)
	NOT-FOR-US: Windows NT
CVE-2005-2826
	RESERVED
CVE-2005-2825
	RESERVED
CVE-2005-2824
	RESERVED
CVE-2005-2823
	RESERVED
CVE-2005-2822
	RESERVED
CVE-2005-2821
	RESERVED
CVE-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows rem ...)
	{DSA-820-1}
	- courier 0.47-9 (bug #327181; medium)
CVE-2005-2819 (DownFile 1.3 allows remote attackers to gain administrator privileges  ...)
	NOT-FOR-US: DownFile
CVE-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...)
	NOT-FOR-US: DownFile
CVE-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote a ...)
	NOT-FOR-US: Greymatter
CVE-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remo ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earli ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P a ...)
	NOT-FOR-US: man2web
CVE-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, o ...)
	- net-snmp <not-affected> (Gentoo Portage specific configuration flaw)
CVE-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow loca ...)
	NOT-FOR-US: urban game
CVE-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0  ...)
	NOT-FOR-US: silc daemon
CVE-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, whic ...)
	- frox 0.7.18-1 (medium)
CVE-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop privileg ...)
	- frox <not-affected> (does not run setuid root in the Debian package)
CVE-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows rem ...)
	NOT-FOR-US: BNBT EasyTracker
CVE-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to non-exis ...)
	NOT-FOR-US: e107
CVE-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and  ...)
	NOT-FOR-US: GroupWise
CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.3-1
CVE-2005-2800 (Memory leak in the seq_file implementation in the SCSI procfs interfac ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-6 (low)
	- kernel-source-2.4.27 <not-affected> (seq_file introduced in 2.6)
CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and po ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: Not enabled in the binary build, see #326065
	- openssh-krb5 <removed> (bug #327233; medium)
	[sarge] - openssh-krb5 <no-dsa> (Intended bahaviour, see #327233)
CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle d ...)
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: GSSAPI features not activated in binary builds
CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ear ...)
	{DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2795
	RESERVED
CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to c ...)
	{DSA-809-3 DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin ...)
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2791 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BF ...)
	NOT-FOR-US: BFCC
CVE-2005-2790 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BF ...)
	NOT-FOR-US: BFCC
CVE-2005-2789 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BF ...)
	NOT-FOR-US: BFCC
CVE-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 an ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to d ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8. ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the dat ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2784 (SQL injection vulnerability in the login function for the administrati ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ea ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for AutoL ...)
	NOT-FOR-US: AutoLinks Pro
CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly  ...)
	{DSA-1063-1}
	- phpgroupware 0.9.16.009-1 (bug #340094; medium)
	- egroupware 1.0.0.009.dfsg-3-4 (bug #340495; medium)
	[woody] - phpgroupware <not-affected> (fudforum not included until 0.9.16)
	NOTE: Sarge affected, woody isn't
CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allo ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to obt ...)
	NOT-FOR-US: iTAN
CVE-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) al ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 2 ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify k ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows  ...)
	NOT-FOR-US: Litium Quake mod
CVE-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote attack ...)
	NOT-FOR-US: HP OpenView
CVE-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota gophe ...)
	{DSA-832-1}
	- gopher 3.0.11 (bug #327722; high)
CVE-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-S ...)
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-S ...)
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possib ...)
	{DSA-820-1}
	- courier 0.47-9 (bug #327727; medium)
CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
	NOT-FOR-US: Sophos AntiVirus
CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: LeapFTP
CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
	- linux-2.6 2.6.12-6 (low)
CVE-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2765 (The user interface in the Windows Firewall does not properly display c ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...)
	NOT-FOR-US: OpenTTD
CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
	NOT-FOR-US: OpenTTD
CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in proce ...)
	NOT-FOR-US: VPNRemote
CVE-2005-2760
	RESERVED
CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton An ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec  ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Serv ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-assisted attackers to overwri ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-assisted attackers to  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does no ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2750 (Software Update in Mac OS X 10.4.2, when the user marks all updates to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2749 (Unspecified vulnerability in the Finder Get Info window for Mac OS X 1 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X 10.3.9  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by appli ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2746 (Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2745 (Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2744 (Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2743 (The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 1 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, c ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9 allows l ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2740
	REJECTED
CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visibl ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent m ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allo ...)
	NOT-FOR-US: PhotoPost
CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier all ...)
	NOT-FOR-US: YaPig
CVE-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earli ...)
	NOT-FOR-US: phpGraphy
CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earl ...)
	{DSA-1148-1}
	- gallery 1.5-2 (bug #325285; medium)
CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly res ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
	NOTE: path disclosure, so not very important on debian systems
	NOTE: unreproducible according to bug #327729
CVE-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when u ...)
	NOT-FOR-US: Astato specific
CVE-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)
	NOT-FOR-US: Astato specific
CVE-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter H ...)
	NOT-FOR-US: Astato specific
CVE-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote attack ...)
	{DSA-805-1}
	NOTE: The CVE description is wrong, this has been merged for 2.0.55
	- apache2 2.0.54-5 (bug #326435; medium)
CVE-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server inf ...)
	NOT-FOR-US: Home Ftp Server
CVE-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remo ...)
	NOT-FOR-US: Home Ftp Server
CVE-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ver ...)
	NOT-FOR-US: QNX
CVE-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmeth ...)
	NOT-FOR-US: PaFileDB
CVE-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php o ...)
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ( ...)
	NOT-FOR-US: HAURI Antivirus
CVE-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Ventrilo
CVE-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remo ...)
	NOT-FOR-US: MPlayer
CVE-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 al ...)
	{DSA-799-1}
	- webcalendar 0.9.45-7 (bug #326223; medium)
CVE-2005-2715 (Format string vulnerability in the Java user interface service (bpjava ...)
	NOT-FOR-US: VERITAS NetBackup Data and Business Center
CVE-2005-2714 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple
CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple
CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, a ...)
	NOT-FOR-US: IBM
CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC P ...)
	NOT-FOR-US: ISS
CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 allo ...)
	{DSA-826-1}
	NOTE: see  http://www.open-security.org/advisories/13
	- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 al ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3
CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on 64 ...)
	- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote att ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and  ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote att ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite b ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (bug #329778; medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyCli ...)
	{DSA-807-1 DSA-805-1}
	- libapache-mod-ssl 2.8.24-1 (medium)
	- apache2 2.0.54-5 (bug #327210; medium)
CVE-2005-2699 (Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1. ...)
	NOT-FOR-US: PHPKit
CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publis ...)
	NOT-FOR-US: Nephp Publisher Enterprise
CVE-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes i ...)
	NOT-FOR-US: Notes
CVE-2005-2695 (Unspecified vulnerability in the SSL certificate checking functionalit ...)
	NOT-FOR-US: Cisco
CVE-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allo ...)
	NOT-FOR-US: WinAce
CVE-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows rem ...)
	{DSA-793-1}
	- courier 0.47-8 (medium; bug #325631)
CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 doe ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
	[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
	[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
	- linux-2.6 2.6.18-1 (bug #332381; low)
	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
	NOTE: of ipt_recent the best solution, which seems to occur soon
CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6 ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
	- linux-2.6 2.6.12-1
CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 al ...)
	{DSA-798-1}
	- phpgroupware 0.9.16.008-1
CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in N ...)
	{DSA-796-1}
	- affix 2.1.2-3 (bug #325444; medium)
CVE-2005-XXXX [Insecure tempfile usage in tleds]
	- tleds 1.05beta10-9 (bug #276789; low)
CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely,  ...)
	{DSA-806-1 DSA-802-1}
	NOTE: cvsbug was removed from the cvs binary package in 1:1.11.5-4.
	NOTE: The copy in the cvs source package was fixed in 1:1.12.9-15.
	- cvs 1:1.11.5-4 (bug #325106; low)
	- gcvs 1.0final-8 (bug #324969; low)
CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...)
	NOT-FOR-US: RunCMS
CVE-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract functi ...)
	NOT-FOR-US: RunCMS
CVE-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke 0.760- ...)
	NOT-FOR-US: PostNuke
CVE-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760- ...)
	NOT-FOR-US: PostNuke
CVE-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3 ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows re ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote a ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP cod ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-XXXX [Insecure temp files in firehol]
	- firehol 1.231-4 (unimportant)
	NOTE: Only exploitable inside modified binary installation
CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ex ...)
	NOT-FOR-US: Virtual Edge Netquery
CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote at ...)
	NOT-FOR-US: PHPKit
CVE-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before  ...)
	NOT-FOR-US: DTLink AreaEdit
CVE-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic i ...)
	NOT-FOR-US: Cisco
CVE-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other versi ...)
	NOT-FOR-US: Sysinternals Process Explorer
CVE-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NA ...)
	NOT-FOR-US: MSIE
CVE-2005-2677 (ACNews stores the database in a file under the web document root with  ...)
	NOT-FOR-US: ACNews
CVE-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in Copper ...)
	NOT-FOR-US: Coppermine
CVE-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. Multiple SQL  ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. Multiple cros ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2. ...)
	NOT-FOR-US: Burning Board
CVE-2005-2671
	REJECTED
CVE-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products includi ...)
	NOT-FOR-US: HAURI
CVE-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 befor ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing  ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other implement ...)
	- openssh 1:4.0p1-1 (unimportant)
	NOTE: Lack of a security feature, not a vulnerability
CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, a ...)
	NOT-FOR-US: elm-me+ is no longer in unstable or testing
CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in pl ...)
	NOT-FOR-US: Whisper
CVE-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...)
	{DSA-848-1}
	- masqmail 0.2.21-1 (low; bug #329307)
CVE-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary co ...)
	{DSA-848-1}
	- masqmail 0.2.21-1 (high; bug #329307)
CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function i ...)
	{DSA-852-1}
	- up-imapproxy 1.2.4-2 (high)
CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...)
	{DSA-839-1}
	- apachetop 0.12.5-3
CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as  ...)
	{DSA-886-1}
	- chmlib 0.37-2 (medium)
CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
	{DSA-812-1}
	- turqstat 2.2.4-1 (medium)
CVE-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier allow ...)
	{DSA-811-2}
	- common-lisp-controller 4.18 (bug #328633; medium)
CVE-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with world- ...)
	{DSA-794-1}
	NOTE: Fix in -8 had problems
	- polygen 1.0.6-9 (bug #325468; low)
CVE-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before exec ...)
	{DSA-791-1 DTSA-11-1}
	- maildrop 2.0.2-7 (bug #325135; medium)
CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous a ...)
	{DSA-790-1}
	- phpldapadmin 0.9.6c-5 (bug #322423; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
	- cplay 1.49-8 (bug #324913; low)
	[woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
	[sarge] - cplay <no-dsa> (Hardly exploitable)
CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurel ...)
	{DSA-814-1 DTSA-17-1}
	- lm-sensors 1:2.9.1-7 (bug #324193; medium)
CVE-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote  ...)
	NOT-FOR-US: BBCaffe
CVE-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...)
	NOT-FOR-US: Zorum
CVE-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitra ...)
	NOT-FOR-US: Zorum
CVE-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestboo ...)
	NOT-FOR-US: Emefa Guestbook
CVE-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...)
	NOT-FOR-US: ATutor
CVE-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ea ...)
	NOT-FOR-US: W-Agora
CVE-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Serv ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document Cent ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document Cent ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl al ...)
	NOT-FOR-US: JaguarControl
CVE-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and  ...)
	- tor 0.1.0.14-1 (bug #323786; medium)
CVE-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...)
	- mutt <not-affected> (bug #323956; high)
	NOTE: Status is not clear; upstream is unresponsive.
	NOTE: this bug was closed as it was unreproducable in Debian
CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle  ...)
	{DSA-785-1}
	- libpam-ldap 178-1sarge1 (bug #324899)
CVE-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN runni ...)
	NOT-FOR-US: Juniper
CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 all ...)
	NOT-FOR-US: World Poker Championship
CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.4 ...)
	NOT-FOR-US: PHPFreeNews
CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
	NOT-FOR-US: PHPFreeNews
CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew an ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to Screen" feature ...)
	NOT-FOR-US: WinFTP Server
CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) bo ...)
	NOT-FOR-US: PHPTB Topic Board
CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in mediabox ...)
	NOT-FOR-US: Mediabox 404
CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to  ...)
	NOT-FOR-US: Cisco
CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 1 ...)
	- helix-player <not-affected> (Only Windows version of Real are affected)
CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne P ...)
	{DSA-915-1}
	- helix-player 1.0.6-1 (bug #340270; medium)
CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execut ...)
	- flashplugin-nonfree 7.0.61-1.1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote a ...)
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote at ...)
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in C ...)
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers  ...)
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of the ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0. ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the p ...)
	NOT-FOR-US: Novell GroupWise
CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly ...)
	NOT-FOR-US: Autonomy
CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) Ke ...)
	NOT-FOR-US: Autonomy
CVE-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6 ...)
	{DTSA-16-1}
	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html - amd64 specific DOS
	- linux-2.6 2.6.12-6
CVE-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...)
	NOT-FOR-US: ezUpload
CVE-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...)
	NOT-FOR-US: EQdkp
CVE-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are upl ...)
	NOT-FOR-US: Discuz
CVE-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows atta ...)
	NOT-FOR-US: CPAINT Ajax
CVE-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier a ...)
	- wordpress 1.5.2-1 (bug #323040; high)
CVE-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec  ...)
	NOT-FOR-US: VERITAS Backup Exec for Windows Servers
CVE-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1 ...)
	NOT-FOR-US: VegaDNS
CVE-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...)
	NOT-FOR-US: VegaDNS
CVE-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...)
	NOT-FOR-US: SafeHTML
CVE-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity Simpli ...)
	NOT-FOR-US: PHPSimplicity
CVE-2005-2606 (Unknown vulnerability in the "frontend authentication" in PHlyMail 3.0 ...)
	NOT-FOR-US: PHlyMail
CVE-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allo ...)
	NOT-FOR-US: Lasso Professional Server
CVE-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...)
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image Gal ...)
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to o ...)
	- mozilla-firefox <not-affected> (According to Bugzilla Windows/Mac only)
CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to exe ...)
	NOT-FOR-US: MidiCart
CVE-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as used in other products su ...)
	{DSA-899-1 DSA-798-1}
	- egroupware 1.0.0.009.dfsg-3-2 (bug #323928; medium)
	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial en ...)
	NOT-FOR-US: Hummingbird FTP for Connectivity
CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier ...)
	NOT-FOR-US: Dokeos
CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...)
	NOT-FOR-US: AOL Client
CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin  ...)
	{DSA-879-1}
	- gallery 1.5-2 (medium)
CVE-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alph ...)
	NOT-FOR-US: Dada Mail
CVE-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ca ...)
	NOT-FOR-US: Apple Safari
CVE-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with un ...)
	NOT-FOR-US: MindAlign
CVE-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions allo ...)
	NOT-FOR-US: MindAlign
CVE-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to li ...)
	NOT-FOR-US: MindAlign
CVE-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and  ...)
	NOT-FOR-US: MindAlign
CVE-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...)
	NOT-FOR-US: WRT54GS wireless router
CVE-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 a ...)
	NOT-FOR-US: DVBBS
CVE-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...)
	NOT-FOR-US: PHPTB Topic Boards
CVE-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web adm ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote atta ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running f ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumente ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writ ...)
	NOT-FOR-US: Kaspersky
CVE-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibl ...)
	NOT-FOR-US: Grandstream BudgeTone
CVE-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...)
	NOT-FOR-US: Contivity
CVE-2005-2578
	REJECTED
CVE-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
	NOT-FOR-US: Wyse Winterm
CVE-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers t ...)
	NOT-FOR-US: CaLogic
CVE-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows r ...)
	NOT-FOR-US: XMB Forum
CVE-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables ...)
	NOT-FOR-US: XMB Forum
CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before  ...)
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...)
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly res ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote attacke ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66C ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 a ...)
	NOT-FOR-US: SysCP
CVE-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier al ...)
	NOT-FOR-US: SysCP
CVE-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
	NOT-FOR-US: OpenBB
CVE-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity B ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attac ...)
	NOT-FOR-US: MYFAQ
CVE-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 al ...)
	NOT-FOR-US: CFBB
CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows rem ...)
	NOT-FOR-US: e107 portal
CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 bef ...)
	{DSA-833-2 DSA-831-1 DSA-829-1}
	- mysql-dfsg-4.1 4.1.13 (medium)
	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
	- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
CVE-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...)
	{DSA-778-1}
	- mantis 0.19.2-4 (low)
CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with registe ...)
	{DSA-778-1}
	- mantis 0.19.2-4 (medium)
CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to  ...)
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-6 (medium)
CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
	- clamav 0.86.2-1 (low)
	[sarge] - clamav 0.84-2.sarge.2
CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x befor ...)
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-12 (bug #323363; medium)
CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated  ...)
	NOT-FOR-US: Integrated Light Out in HP servers
CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 o ...)
	NOT-FOR-US: Novell eDirectory
CVE-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attack ...)
	{DSA-782-1 DTSA-9-1}
	- bluez-utils 2.19-1 (bug #323365; medium)
CVE-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Arab Portal
CVE-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0 ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev eComme ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev eComme ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arb ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or s ...)
	NOTE: This is intended behaviour, after all tar is an archiving tool and you
	NOTE: need to give -p as a command line flag
	- tar <unfixed> (bug #328228; unimportant)
CVE-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ve ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5  ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers t ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers t ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2536 (pstotext before 1.8g does not properly use the "-dSAFER" option when c ...)
	{DSA-792-1}
	- pstotext 1.9-2 (bug #319758; medium)
CVE-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
	NOT-FOR-US: ARCserve Backup
CVE-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ena ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2533 (OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue w ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2531 (OpenVPN before 2.0.1, when running with "verb 0" and without TLS authe ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac O ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Appl ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2528
	REJECTED
CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X  ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a  ...)
	NOT-FOR-US: MacOS X
CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descri ...)
	NOT-FOR-US: MacOS X
CVE-2005-2524 (Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to b ...)
	NOT-FOR-US: MacOS X
CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server i ...)
	NOT-FOR-US: Weblog Server in Mac OS X
CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs wit ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure tempora ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows rem ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatt ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execu ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOve ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerbe ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4. ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, w ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 al ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10. ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with  ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical a ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in a ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows extern ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ker ...)
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-2499 (slocate before 2.7 does not properly process very long paths, which al ...)
	- slocate <not-affected> (Uses secure glibc code, see #324951)
CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML- ...)
	{DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1}
	- drupal 4.5.5-1 (bug #323347; high)
	- phpgroupware 0.9.16.008-1 (bug #323349; high)
	- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
	- phpwiki <unfixed> (unimportant)
	NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
	- php4 4:4.3.10-16 (bug #323366; high)
	- php5 5.0.5-1 (high)
CVE-2005-2497
	REJECTED
CVE-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
	{DSA-801-1}
	NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
	- ntp 1:4.2.0a+stable-2sarge1 (medium)
	[etch] - ntp 1:4.2.0a+stable-2sarge1 (medium)
CVE-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted ...)
	{DSA-816-1}
	- xorg-x11 6.8.2.dfsg.1-7 (medium)
CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ac ...)
	{DSA-815-1}
	- kdebase 4:3.4.2-3 (bug #327039; medium)
CVE-2005-2493
	RESERVED
CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allow ...)
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular Expressi ...)
	{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
	- pcre3 6.3-1 (bug #324531; medium)
	- gnumeric 1.5.1-1 (bug #326628; bug #326898; unimportant)
	- goffice 0.1.0-3 (bug #326898; unimportant)
	- vfu <not-affected> (does not include the vulnerable part of pcre)
	NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used
	- python2.1 2.1.3dfsg-3 (medium)
	- python2.2 2.2.3dfsg-4 (medium)
	- python2.3 2.3.5-8 (medium)
CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux  ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2005-XXXX [Buffer overflow in Description parsing]
	- bidwatcher <removed> (bug #319489; low)
	[sarge] - bidwatcher <no-dsa> (Totally broken due to Ebay changes, no users, no exploits)
CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
	- dbmail 2.2.1-1 (bug #303991; bug #290833; medium)
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
	- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
	- classpath 2:0.92-1 (bug #267040; bug #301134; high)
	[etch] - classpath <not-affected> (Doesn't build the gcjwebplugin binary package)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
	- dbmail 2.2.1-1 (bug #290833; medium)
CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attac ...)
	{DSA-922-1 DTSA-16-1}
	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
	- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
	NOTE: 2.6.12-1 contained a partially broken fix
	- linux-2.6 2.6.12-6 (bug #309308; low)
CVE-2005-2489 (Web Content Management News System allows remote attackers to create a ...)
	NOT-FOR-US: Web Content Management News System
CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management New ...)
	NOT-FOR-US: Web Content Management News System
CVE-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...)
	NOT-FOR-US: Sun switches
CVE-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in PortailPH ...)
	NOT-FOR-US: PortailPHP
CVE-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...)
	NOT-FOR-US: Logicampus
CVE-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 mig ...)
	NOT-FOR-US: Denora IRC stats
CVE-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote a ...)
	NOT-FOR-US: Karrigell
CVE-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and  ...)
	NOT-FOR-US: Metasploit Framework
CVE-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Fusebox
CVE-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 a ...)
	NOT-FOR-US: Fusebox
CVE-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote attacker ...)
	NOT-FOR-US: Silvernews
CVE-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote at ...)
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxto ...)
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions  ...)
	{DSA-903-1}
	- unzip 5.52-4 (bug #321927; low)
CVE-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive informa ...)
	NOT-FOR-US: ChurchInfo
CVE-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote atta ...)
	NOT-FOR-US: ChurchInfo
CVE-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote attacke ...)
	NOT-FOR-US: BusinessMail
CVE-2005-2471 (pstopnm in netpbm does not properly use the "-dSAFER" option when call ...)
	{DSA-1021-1}
	- netpbm-free 2:10.0-9 (bug #319757; low)
CVE-2005-2470 (Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 t ...)
	NOT-FOR-US: Adobe
CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 all ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173; medium)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
	- wine 0.0.20050830-1 (bug #321470; unimportant)
	NOTE: Not shipped in binary package
CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
	- metamail 2.7-48 (bug #321473; low)
	[sarge] - metamail <no-dsa> (Hardly exploitable, minor Dos)
CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
	- xfree86 <removed> (bug #321447; low)
	[woody] - xfree86 <no-dsa> (Hardly exploitable)
	[sarge] - xfree86 <no-dsa> (Hardly exploitable)
	- x11-apps 7.7~1 (bug #321447; low)
	[squeeze] - x11-apps <no-dsa> (Minor issue)
CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
	- ghostscript 8.61.dfsg.1~svn8187-1 (bug #291452; unimportant)
	NOTE: Not included in the binary package
CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
	NOTE: binary not shipped
	- sysklogd <unfixed> (bug #281448; unimportant)
CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
	- fftw3 3.0.1-12 (low; bug #321566)
	[sarge] - fftw3 <no-dsa> (Minor issue)
CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
	- clamav-getfiles 0.5-1 (bug #321446; medium)
	[sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect m ...)
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316881; low)
	[sarge] - cgiwrap <no-dsa> (Minor impact)
CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/ ...)
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316901; low)
	[sarge] - cgiwrap <no-dsa> (Minor information disclosure, only debugging libs)
CVE-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows re ...)
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6. ...)
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
	- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
CVE-2005-XXXX [nvi: init.d recover file security bugs]
	- nvi 1.79-22 (bug #298114; medium)
CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
	[woody] - bugzilla <not-affected> (Vulnerable script is not present)
	[sarge] - bugzilla <not-affected> (Vulnerable script is not present)
	- bugzilla 2.18.3-2 (bug #321567; low)
CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
	- tor 0.1.0.14-1 (medium)
CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux kerne ...)
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (medium)
CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in xfrm_use ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-2 (bug #321401; medium)
	- kernel-source-2.4.27 2.4.27-11 (medium)
CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitr ...)
	NOT-FOR-US: Greasemonkey
CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure de ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1. ...)
	NOT-FOR-US: NetworkActiv Web Server
CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of servi ...)
	NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7
	- tiff 3.7.0-1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled,  ...)
	NOT-FOR-US: IOS
CVE-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file f ...)
	{DSA-776-1 DTSA-3-1}
	- clamav 0.86.2-1 (medium)
CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create o ...)
	NOT-FOR-US: sandbox
CVE-2005-2448 (Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow rem ...)
	{DSA-1318-1 DSA-813-1 DTSA-2-1 DTSA-4-1}
	- ekg 1:1.5+20050718+1.6rc3-1 (low)
	- centericq 4.20.0-9 (bug #323185; medium)
CVE-2005-2447
	REJECTED
CVE-2005-2446
	REJECTED
CVE-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows  ...)
	NOT-FOR-US: Product Cart
CVE-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the pas ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root wit ...)
	NOT-FOR-US: KShout
CVE-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebIns ...)
	NOT-FOR-US: SPI Dynamics Web Inspect
CVE-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow re ...)
	NOT-FOR-US: VBzoom
CVE-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage  ...)
	NOT-FOR-US: Thomson Web Skill Vantage Manager
CVE-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quo ...)
	NOT-FOR-US: UseBB
CVE-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier al ...)
	NOT-FOR-US: UseBB
CVE-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain  ...)
	NOT-FOR-US: Website Baker
CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website Bake ...)
	NOT-FOR-US: Website Baker
CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ev ...)
	NOT-FOR-US: Linksys hardware
CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a  ...)
	- phplist <itp> (bug #612288)
CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to modi ...)
	- phplist <itp> (bug #612288)
CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 d ...)
	- gforge 4.5.14-2 (bug #328224; unimportant)
	NOTE: Direct flooding is possible as well in most circumstances.
	NOTE: (Upstream fix was in gforge 4.5.0.1.)
CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allo ...)
	{DSA-1094-1}
	- gforge 4.5.14-9 (bug #328224; medium)
CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set  ...)
	- mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms)
CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" en ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ al ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a deni ...)
	NOT-FOR-US: FTPshell Server
CVE-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote attack ...)
	NOT-FOR-US: Ares FileShare
CVE-2005-2424 (The management interface for Siemens SANTIS 50 running firmware 4.2.8. ...)
	NOT-FOR-US: Siemens hardware
CVE-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Beehive
CVE-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...)
	NOT-FOR-US: Beehive
CVE-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...)
	NOT-FOR-US: Beehive
CVE-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbit ...)
	NOT-FOR-US: FtpLocate
CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication a ...)
	NOT-FOR-US: hardware issue
CVE-2005-2418
	REJECTED
CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Contrexx
CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
	NOT-FOR-US: Contrexx
CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow  ...)
	NOT-FOR-US: Contrexx
CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as F ...)
	- firefox 1.5.dfsg-1 (unimportant)
	- mozilla-firefox 1.5.dfsg-1 (bug #327549; unimportant)
	- mozilla 1.5.dfsg-1 (bug #327550; unimportant)
	- iceweasel <not-affected>
	NOTE: The turned out to be non-exploitable
CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in A ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost  ...)
	NOT-FOR-US: First Post
CVE-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and t ...)
	{DSA-808-1}
	- tdiary 2.0.2-1 (bug #319315; medium)
CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
	NOT-FOR-US: Network Manager
CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, whil ...)
	NOT-FOR-US: nbsmtp
CVE-2005-2408
	REJECTED
CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted attacker ...)
	NOT-FOR-US: Opera
CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting (XS ...)
	NOT-FOR-US: Opera
CVE-2005-2405 (Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is install ...)
	NOT-FOR-US: Opera
CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows r ...)
	NOT-FOR-US: Sendcard
CVE-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, whi ...)
	NOT-FOR-US: RealChat
CVE-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearc ...)
	NOT-FOR-US: PHPSiteSearch
CVE-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...)
	NOT-FOR-US: PHPFinance
CVE-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via mi ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows rem ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1 ...)
	NOT-FOR-US: phpBook
CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlie ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
	- firefox <removed> (bug #320539; unimportant)
	- iceweasel <removed> (bug #320539; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
	- mozilla <removed> (bug #320538; unimportant)
	NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security
	NOTE: feature (client-side preference for stronger methods) and not a vulnerabilit
	NOTE: This also seems like a rare setup.
CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the  ...)
	NOT-FOR-US: CuteNews
CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remo ...)
	NOT-FOR-US: CuteNews
CVE-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...)
	NOT-FOR-US: CMSimple
CVE-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point  ...)
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
CVE-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allo ...)
	{DSA-795-2}
	- proftpd 1.2.10-20 (low)
	NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CVE-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denia ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...)
	NOT-FOR-US: some windows USB driver
CVE-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 all ...)
	NOT-FOR-US: GoodTech SMTP server
CVE-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1. ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...)
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2384 (Directory traversal vulnerability in a third-party compression library ...)
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...)
	NOT-FOR-US: PHPNews
CVE-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM priv ...)
	NOT-FOR-US: Oray PeanutHull
CVE-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 all ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports  ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2378 (Directory traversal vulnerability in Oracle Reports allows remote atta ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate Ser ...)
	- libnss-ldap <not-affected> (Mandrake specfic vulnerability)
CVE-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote attacker ...)
	NOT-FOR-US: Race Driver
CVE-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows rem ...)
	NOT-FOR-US: Race Driver
CVE-2005-2374 (Belkin 54g wireless routers do not properly set an administrative pass ...)
	NOT-FOR-US: Belkin 54g wireless routers
CVE-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated  ...)
	NOT-FOR-US: SlimFTPd
CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary di ...)
	NOT-FOR-US: Oracle Forms
CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 1 ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2370 (Multiple "memory alignment errors" in libgadu, as used in ekg before 1 ...)
	{DSA-1318-1 DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
	- gaim 1:1.4.0-5 (low)
	- centericq 4.20.0-9 (bug #323185; low)
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before 1 ...)
	{DSA-813-1 DTSA-2-1}
	- centericq 4.20.0-9 (bug #323185; medium)
	- gaim 1:1.5.0-1 (bug #350071; medium)
	[woody] - gaim <not-affected> (affected code libgadu not present in woody)
	[sarge] - gaim <not-affected> (old version of libgadu in gaim is not affected)
	- ekg 1:1.5+20050712+1.6rc2-1 (medium)
	[sarge] - ekg <not-affected>
	NOTE: The fixes from centericq for integer overflows are all present in ekg from stable
CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external user-a ...)
	{DTSA-12-1}
	- vim 1:6.3-085+1 (bug #320017; medium)
	[sarge] - vim 1:6.3-071+1sarge1
	NOTE: For some reason this was fixed through an upload to s-p-u, not stable-security
CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function in Eth ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; bug #320192; medium)
CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows  ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0 ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAM ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector,  ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.1 ...)
	- ethereal 0.10.12-1 (bug #320183; low)
	NOTE: This affects partially Woody and Sarge
CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector,  ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through  ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used  ...)
	- kfreebsd-5 5.3-1 (medium)
CVE-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbit ...)
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0  ...)
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2355
	REJECTED
CVE-2005-2347
	RESERVED
CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2005-2345
	REJECTED
CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) BlackBer ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerr ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote attackers to  ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Atta ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remo ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of mse ...)
	NOT-FOR-US: unicode msearch
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...)
	NOT-FOR-US: Xoops
CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...)
	{DSA-864-1 DSA-862-1 DSA-860-1}
	- ruby <removed>
	- ruby1.6 1.6.8-13 (medium)
	- ruby1.8 1.8.3-1 (bug #332742; medium)
	- ruby1.9 1.9.0+20050921-1 (medium)
CVE-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.2-1
CVE-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell  ...)
	NOT-FOR-US: Y.SAK
CVE-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-B ...)
	NOT-FOR-US: smilies_popup.php
CVE-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a allo ...)
	NOT-FOR-US: PHPPageProtect
CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...)
	NOT-FOR-US: MooseGallery
CVE-2005-2330 (Directory traversal vulnerability in extras/update.php in osCommerce 2 ...)
	NOT-FOR-US: osCommerce
CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, wh ...)
	NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
CVE-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 an ...)
	NOT-FOR-US: Laffer
CVE-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier all ...)
	NOT-FOR-US: e107
CVE-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a a ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full pa ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a a ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.2 ...)
	NOT-FOR-US: Class-1 Forum
CVE-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0 ...)
	NOT-FOR-US: Class-1 Forum
CVE-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...)
	NOT-FOR-US: CaLogic
CVE-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and earlie ...)
	NOT-FOR-US: Yawp
CVE-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 S ...)
	NOT-FOR-US: DVBBS
CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0 ...)
	{DSA-849-1}
	- shorewall 2.4.1-2 (bug #318946; medium)
CVE-2005-2316 (Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers  ...)
	NOT-FOR-US: dnrd
CVE-2005-2315 (Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allow ...)
	NOT-FOR-US: dnrd
CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to o ...)
	NOT-FOR-US: PHPsFTPd
CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows att ...)
	NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence
CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote atta ...)
	NOT-FOR-US: Realnode Emilda
CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
	- sms-pl 2.1.0-1 (bug #320540; unimportant)
	NOTE: vulnerable contrib file only in source package
CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions be ...)
	NOT-FOR-US: Winamp
CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU c ...)
	NOT-FOR-US: Opera
CVE-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote attacker ...)
	NOT-FOR-US: MSIE
CVE-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows loc ...)
	NOT-FOR-US: Microsoft
CVE-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...)
	NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0
CVE-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a deni ...)
	NOT-FOR-US: DG Remote Control Server
CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2005-2303
	REJECTED
CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range  ...)
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not pr ...)
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary f ...)
	NOT-FOR-US: Skype
CVE-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message  ...)
	NOT-FOR-US: Simple Message Board
CVE-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all attach ...)
	NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian
CVE-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5  ...)
	NOT-FOR-US: Sybase EAServer
CVE-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: YabbSE
CVE-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...)
	- netpanzer 0.8+svn20060319-1 (bug #318329; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of reco ...)
	NOT-FOR-US: Oracle
CVE-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...)
	NOT-FOR-US: Oracle
CVE-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords  ...)
	NOT-FOR-US: Oracle
CVE-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext passwo ...)
	NOT-FOR-US: Oracle
CVE-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...)
	NOT-FOR-US: WPS
CVE-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PHPCounter
CVE-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remo ...)
	NOT-FOR-US: PHPCounter
CVE-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a d ...)
	NOT-FOR-US: SoftiaCom wMailServer
CVE-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which  ...)
	NOT-FOR-US: WebEOC
CVE-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as  ...)
	NOT-FOR-US: WebEOC
CVE-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow re ...)
	NOT-FOR-US: WebEOC
CVE-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...)
	NOT-FOR-US: WebEOC
CVE-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6 ...)
	NOT-FOR-US: WebEOC
CVE-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...)
	NOT-FOR-US: WebEOC
CVE-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco
CVE-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2 ...)
	NOT-FOR-US: Cisco
CVE-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable P ...)
	NOT-FOR-US: MailEnable
CVE-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows rem ...)
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318328; medium)
CVE-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
	NOT-FOR-US: Novell Groupwise WebAccess
CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
	NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
	NOTE: maintainer says does not apply to debian, see #320608
CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
	- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
	- xmovie <removed>
CVE-2005-XXXX [xgalaga score file segfault]
	- xgalaga 2.0.34-31 (bug #319686; low)
	[sarge] - xgalaga <no-dsa> (Minor issue)
CVE-2005-XXXX [xemeraldia games file overwrite]
	- xemeraldia 0.4-1 (bug #319661; low)
	[sarge] - xemeraldia <no-dsa> (Very minor issue)
CVE-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows  ...)
	{DSA-774-1}
	NOTE: previous fix in -15 was broken
	- fetchmail 6.2.5-16 (bug #320357; bug #212762; medium)
CVE-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to assistan ...)
	{DSA-766-1}
	- webcalendar 0.9.45-7 (bug #315671; medium)
CVE-2005-2437 (Website Baker Project does not properly verify the file extensions of  ...)
	NOT-FOR-US: Website Baker
CVE-2005-2275
	RESERVED
CVE-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a Javascrip ...)
	NOT-FOR-US: MSIE
CVE-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript di ...)
	NOT-FOR-US: Opera
CVE-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript dialo ...)
	NOT-FOR-US: Sfari
CVE-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...)
	NOT-FOR-US: iCab
CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone  ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (bug #318062; bug #325851; high)
	- mozilla-thunderbird 1.0.6-1 (high)
CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does no ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associa ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and  ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to  ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (low; bug #318728)
CVE-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive inform ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla  ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers t ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9,  ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before 1.7 ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet Cr ...)
	NOT-FOR-US: USANet
CVE-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
	NOT-FOR-US: Squito Gallery
CVE-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to  ...)
	NOT-FOR-US: PhpSlash
CVE-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 a ...)
	{DSA-759-1}
	- phppgadmin 3.5.4-1 (bug #318284; medium)
CVE-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote atta ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5  ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers t ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ga ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2251 (PHP remote file inclusion vulnerability in secure.php in PHPSecurePage ...)
	NOT-FOR-US: PHPSecurePages (phpSP)
CVE-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 a ...)
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318327; medium)
CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact  ...)
	NOT-FOR-US: Jinzora
CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 allo ...)
	NOT-FOR-US: DownloadProtect
CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown i ...)
	NOTE: no details available
	- moodle 1.5.1-1
CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1  ...)
	NOT-FOR-US: iPhotoAlbum
CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers  ...)
	NOT-FOR-US: BIG-IP
CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ear ...)
	NOT-FOR-US: Cisco
CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
	{DSA-1003-1}
	- xpvm 1.2.5-8 (bug #318285; medium)
CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
	- oftpd 20040304-1 (bug #318286; medium)
	NOTE: This was fixed in the patch set maintained by Werner Koch, it's included
CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to  ...)
	NOT-FOR-US: AIX
CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and  ...)
	NOT-FOR-US: AIX
CVE-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...)
	NOT-FOR-US: AIX
CVE-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and  ...)
	NOT-FOR-US: AIX
CVE-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3,  ...)
	NOT-FOR-US: AIX
CVE-2005-2233 (Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 m ...)
	NOT-FOR-US: AIX
CVE-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...)
	NOT-FOR-US: AIX
CVE-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to  ...)
	{DSA-761-2}
	- heartbeat 1.2.3-12 (bug #318287; medium)
CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmos ...)
	- elmo 1.3.0-1.1 (bug #318291; low)
	[sarge] - elmo <no-dsa> (Minor issue)
CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web doc ...)
	NOT-FOR-US: Blog Torrent
CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message tit ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite ...)
	NOT-FOR-US: Softiacom wMailserver
CVE-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account wh ...)
	NOT-FOR-US: Outlook
CVE-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Microsoft
CVE-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard befor ...)
	NOT-FOR-US: MailEnable
CVE-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Profession ...)
	NOT-FOR-US: MailEnable
CVE-2005-2221
	NOT-FOR-US: Dragonfly
CVE-2005-2220
	NOT-FOR-US: Dragonfly
CVE-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check  ...)
	- kfreebsd5-source 5.3-17 (medium)
CVE-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with  ...)
	NOT-FOR-US: Dansie Shopping Cart
CVE-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo  ...)
	NOT-FOR-US: PhotoGal
CVE-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x bef ...)
	- mediawiki 1.4.9
CVE-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
	- apt-setup <unfixed> (bug #305142; unimportant)
	NOTE: That's by design. We want to provide non-root users access to the source code,
	NOTE: thus it needs to be world-readable. Also, the password can't be too sensitive
	NOTE: as it'll be sent non-encrypted over the wire.
CVE-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS Ripp ...)
	NOT-FOR-US: MMS Ripper
CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world readabl ...)
	NOTE: duplicate of CVE-2005-1856
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
	NOTE: duplicate of CVE-2005-1855
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows r ...)
	NOT-FOR-US: Internet Download Manager
CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as  ...)
	NOT-FOR-US: ScanShare
CVE-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: PrivaShare
CVE-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote attacke ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers  ...)
	NOT-FOR-US: kaiseki.cgi
CVE-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) e ...)
	NOT-FOR-US: SiteMinder
CVE-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to bypa ...)
	NOT-FOR-US: phpWishlist
CVE-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
	NOT-FOR-US: Xerox Hardware issue
CVE-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox WorkCent ...)
	NOT-FOR-US: Xerox hardware
CVE-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for Xer ...)
	NOT-FOR-US: Xerox hardware
CVE-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in PP ...)
	NOT-FOR-US: PPA web photo gallery
CVE-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3 ...)
	NOT-FOR-US: SPiD
CVE-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows re ...)
	NOT-FOR-US: Id Board
CVE-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a  ...)
	NOT-FOR-US: Apple Airport
CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers  ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 a ...)
	NOT-FOR-US: Apple
CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in profile ...)
	NOT-FOR-US: PunBB
CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
	NOT-FOR-US: SimplePHPBlog
CVE-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus shoppi ...)
	NOT-FOR-US: Comersus
CVE-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
	NOT-FOR-US: Comersus
CVE-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 store ...)
	NOT-FOR-US: Lantronix SecureLinx
CVE-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2187 (McAfee IntruShield Security Management System allows remote authentica ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShi ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote atta ...)
	NOT-FOR-US: eRoom
CVE-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...)
	NOT-FOR-US: eRoom
CVE-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle l ...)
	NOT-FOR-US: PhpXmail
CVE-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not prop ...)
	NOT-FOR-US: PhpXmail
CVE-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the  ...)
	NOT-FOR-US: SIP phone hardware issue
CVE-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ins ...)
	- gnats 4.0 (bug #318481; high)
CVE-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...)
	NOT-FOR-US: Jaws
CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via sh ...)
	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
	NOTE: the affected probe.cgi
CVE-2005-2177 (Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when  ...)
	{DSA-873-1}
	- net-snmp 5.2.1.2-1 (bug #318420; low)
	- ucd-snmp 4.2.5-5.1 (bug #337394; low)
	[sarge] - ucd-snmp <no-dsa> (Minor issue)
CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without p ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
	NOT-FOR-US: Notes
CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 i ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2. ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2172
	RESERVED
CVE-2005-2171
	RESERVED
CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint a ...)
	NOT-FOR-US: Tivoli
CVE-2005-2348
	REJECTED
CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick &amp; Dirty P ...)
	NOT-FOR-US: PHPSource Printer
CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote unauthe ...)
	NOT-FOR-US: Plague
CVE-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News S ...)
	NOT-FOR-US: Plague
CVE-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...)
	NOT-FOR-US: Plague
CVE-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute arbitr ...)
	NOT-FOR-US: GlobalNoteScript
CVE-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote atta ...)
	NOT-FOR-US: Covide
CVE-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...)
	NOT-FOR-US: AutoIndex PHP Script
CVE-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestboo ...)
	NOT-FOR-US: MyGuestbook
CVE-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...)
	{DSA-768-1}
	- phpbb2 2.0.13+1-6sarge1 (bug #317739; high)
CVE-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which a ...)
	NOT-FOR-US: IMail
CVE-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attacke ...)
	NOT-FOR-US: PlanetDNS
CVE-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows rem ...)
	NOT-FOR-US: JBoss
CVE-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...)
	NOT-FOR-US: nabopoll
CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...)
	NOT-FOR-US: PHPNews
CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and e ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) open.ph ...)
	NOT-FOR-US: osTicket
CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...)
	NOT-FOR-US: osTicket
CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote att ...)
	NOT-FOR-US: Geeklog
CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures whe ...)
	{DSA-784-1}
	- courier 0.47-6 (bug #320290; low)
CVE-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does  ...)
	NOT-FOR-US: Microsoft
CVE-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set  ...)
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to p ...)
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary  ...)
	{DSA-739-1}
	- trac 0.8.4-1
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows  ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of  ...)
	NOT-FOR-US: Prevx Pro
CVE-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and mo ...)
	NOT-FOR-US: Prevx Pro
CVE-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service (cr ...)
	NOT-FOR-US: Microsoft
CVE-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows rem ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service (cra ...)
	NOT-FOR-US: TCP Chat
CVE-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 allow ...)
	NOT-FOR-US: FSboard
CVE-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta A ...)
	NOT-FOR-US: Pavsta
CVE-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev eComme ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers  ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, an ...)
	NOT-FOR-US: Raritan Dominion SX
CVE-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Websi ...)
	NOT-FOR-US: EtoShop
CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow  ...)
	NOT-FOR-US: NetBSD
CVE-2005-2133
	REJECTED
CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1. ...)
	NOT-FOR-US: SCO UnixWare
CVE-2005-2131
	RESERVED
CVE-2005-2130
	RESERVED
CVE-2005-2129
	RESERVED
CVE-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers t ...)
	NOT-FOR-US: Windows
CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet Explore ...)
	NOT-FOR-US: Windows
CVE-2005-2125
	RESERVED
CVE-2005-2124 (Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) ...)
	NOT-FOR-US: Windows
CVE-2005-2123 (Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL ...)
	NOT-FOR-US: Windows
CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Serv ...)
	NOT-FOR-US: Windows
CVE-2005-2121
	RESERVED
CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPM ...)
	NOT-FOR-US: Windows
CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed Transacti ...)
	NOT-FOR-US: Microsoft
CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Serv ...)
	NOT-FOR-US: Windows
CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...)
	NOT-FOR-US: Windows
CVE-2005-2116
	REJECTED
CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause  ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Mele ...)
	NOTE: cannot reproduce with firefox 1.0.5-1 and Sarge's Mozilla using POC exploits
	[sarge] - mozilla <not-affected> (Unreproducible)
	- mozilla 2:1.7.10-1 (bug #318723; medium)
CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC se ...)
	NOT-FOR-US: Xoops
CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 an ...)
	NOT-FOR-US: Xoops
CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to  ...)
	NOT-FOR-US: Community Link Pro Web Editor
CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensit ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers  ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and  ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in Wor ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1  ...)
	{DSA-745-1}
	- drupal 4.5.4-1 (bug #316362)
CVE-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authent ...)
	NOT-FOR-US: IOS
CVE-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive informat ...)
	NOT-FOR-US: sysreport
CVE-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows  ...)
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (high; bug #323706)
CVE-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cau ...)
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (medium; bug #323706)
CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in / ...)
	{DSA-818-1}
	- kdeedu 4:3.4.2-1 (low)
CVE-2005-2100 (The rw_vm function in usercopy.c in the 4GB split patch for the Linux  ...)
	- linux-2.6 <not-affected> (Red Hat specific according to Horms)
	- kernel-source-2.4.27 <not-affected> (Red Hat specific according to Horms)
CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring t ...)
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2 ...)
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2097 (xpdf and kpdf do not properly validate the "loca" table in PDF files,  ...)
	{DSA-1136-1 DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1}
	- kdegraphics 4:3.4.2-1 (bug #322458; low)
	- xpdf 3.00-15 (bug #322462; low)
	[woody] - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
	- tetex-bin 3.0-12
	NOTE: tetex links to poppler since 3.0-12
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- gpdf 2.10.0-4 (bug #334454; low)
	NOTE: Cups switched to xpdf-utils
	- cupsys 1.1.22-7 (bug #324464)
	- cups 1.1.22-7 (bug #324464)
	[woody] - cupsys <not-affected> (Vulnerable code not present)
	- poppler 0.4.0-1 (low)
	- libextractor 0.5.8-1 (medium)
CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial  ...)
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-740-1}
	NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
	NOTE: Florian Weimer is doing a comprehensive audit using clamav
	NOTE: to search for static zlib signatures in binaries in Debian
	NOTE: Not all of the listed packages have been checked for actual
	NOTE: exploitability using this hole.
	NOTE: oldstable (woody) had zlib 1.1, which is not affected
	[woody] - dpkg <not-affected> (Woody contains zlib 1.1, which is not affected)
	- dpkg 1.13.11 (bug #317967; unimportant)
	NOTE: You need to trust debs anyway, when installing them
	- zsync 0.4.0-2 (bug #317968; medium)
	[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected)
	[sarge] - dump <no-dsa> (Backups do not contain untrusted data)
	- dump 0.4b40-1 (bug #317966; low)
	[woody] - aide <not-affected> (Woody contains zlib 1.1, which is not affected)
	- aide 0.10-6.1.1 (bug #317523; unimportant)
	NOTE: aide only uses zlib to compress/decompress internal data
	[woody] - amd64-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- amd64-libs 1.3 (bug #317970; medium)
	[woody] - ia32-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- ia32-libs 1.6 (bug #317971; medium)
	- dar <not-affected> (zlib not used on unstrusted input, see #317989)
	[woody] - bacula <not-affected> (Woody contains zlib 1.1, which is not affected)
	- bacula 1.36.3-2 (bug #318014; medium)
	[sarge] - bacula <no-dsa> (Backups do not contain untrusted data)
	[woody] - sash <not-affected> (Woody contains zlib 1.1, which is not affected)
	- sash 3.7-6 (bug #318246; bug #318069; medium)
	[woody] - libphysfs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- libphysfs 1.0.0-5 (bug #318091; unimportant)
	- oops 1.5.23.cvs-3 (bug #318097; medium)
	[woody] - rpm <not-affected> (Woody contains zlib 1.1, which is not affected)
	- rpm 4.0.4-31.1 (bug #318099; unimportant)
	NOTE: You need to trust rpms anyway, when installing them
	- rageircd 2.0.0-3sid1 (bug #309196; medium)
	- systemimager-ssh <not-affected> (bug #318101; unimportant)
	NOTE: see dannf's first bug comment; systemimager-ssh doesn't use compression
	[woody] - texmacs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- texmacs 1:1.0.5-3 (bug #318100; medium)
	[sarge] - texmacs <no-dsa> (Hardly exploitable)
	- zlib 1:1.2.2-7 (bug #317133; medium)
	- pvpgn 1.7.8-2 (bug #332236)
	- mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant)
	- mrtg <not-affected> (Only used for internal compression, current versions link dynamically)
	- rsync <not-affected> (Uses zlib 1.1, which is not affected)
	NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real need,
	NOTE: as the included version was never affected, despite claiming them so.
CVE-2005-2095 (options_identities.php in SquirrelMail 1.4.4 and earlier uses the extr ...)
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #317094)
CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the we ...)
	NOT-FOR-US: Sun
CVE-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attacker ...)
	NOT-FOR-US: Oracle
CVE-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison  ...)
	NOT-FOR-US: Websphere
CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allo ...)
	- tomcat4 4.1.28-1
	NOTE: tomcat5 in experimental has this fix as well
CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ca ...)
	NOT-FOR-US: Microsoft
CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ac ...)
	{DSA-805-1 DSA-803-1}
	- apache 1.3.33-8 (bug #322607; medium)
	- apache2 2.0.54-5 (bug #316173; medium)
CVE-2005-2087 (Internet Explorer 5.01 SP4 up to 6 on various Windows operating system ...)
	NOT-FOR-US: Microsoft
CVE-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0. ...)
	- phpbb2 <not-affected> (phpbb versions in Debian not affected)
CVE-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7  ...)
	NOT-FOR-US: Inframail
CVE-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Comm ...)
	NOT-FOR-US: Community Forum
CVE-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate Editi ...)
	NOT-FOR-US: IA eMailServer
CVE-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ex ...)
	NOT-FOR-US: imTRSET
CVE-2005-2081 (Stack-based buffer overflow in the function that parses commands in As ...)
	- asterisk 1:1.0.9.dfsg-1 (bug #315532; unimportant)
	NOTE: Can only be exploited by users who already have the privilege to execute arbitrary commands
CVE-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VE ...)
	NOT-FOR-US: Veritas Backup
CVE-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS B ...)
	NOT-FOR-US: Veritas Backup
CVE-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows remot ...)
	NOT-FOR-US: Lpanel
CVE-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: GoodTech SMTP Server
CVE-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a deni ...)
	NOT-FOR-US: BisonFTP Server
CVE-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting Cont ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable fil ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...)
	NOT-FOR-US: DB2
CVE-2005-2072 (The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT ...)
	NOT-FOR-US: Solaris
CVE-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to exec ...)
	NOT-FOR-US: Solaris
CVE-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used i ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #318755; medium)
CVE-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a sla ...)
	{DSA-785-1}
	- openldap2.2 2.2.26-3 (bug #316674; medium)
	- openldap2 2.1.30-11 (medium)
	- libpam-ldap 178-1sarge1 (bug #316972; medium)
	- libnss-ldap 238-1.1 (bug #316973; medium)
CVE-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers t ...)
	- kfreebsd-source <unfixed>
CVE-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of aspn ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allow ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP Nu ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow r ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSel ...)
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow r ...)
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to inclu ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) adda ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6 ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Thr ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.8 ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (bug #318756; medium)
CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne  ...)
	NOT-FOR-US: Affected only Real Player, not Helix Player
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote attack ...)
	NOT-FOR-US: JAF CMS
CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6 ...)
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console  ...)
	NOT-FOR-US: BEWAC
CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers t ...)
	- tor 0.0.9.10-1 (medium)
CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
	NOT-FOR-US: Duware
CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and poss ...)
	NOT-FOR-US: Duware
CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allo ...)
	NOT-FOR-US: Duware
CVE-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and  ...)
	NOT-FOR-US: Duware
CVE-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 al ...)
	NOT-FOR-US: Duware
CVE-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 an ...)
	NOT-FOR-US: ATutor
CVE-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
	NOT-FOR-US: XAMPP
CVE-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allo ...)
	NOT-FOR-US: ajax-spell
CVE-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other p ...)
	NOT-FOR-US: ViRobot
CVE-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd f ...)
	{DSA-758-1}
	- heimdal 0.6.3-11 (bug #315065; bug #315086; high)
CVE-2005-2039 (Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and e ...)
	- nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492)
CVE-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ot ...)
	NOT-FOR-US: Fortibus CMS
CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow rem ...)
	NOT-FOR-US: Fortibus CMS
CVE-2005-2036 (modifyUser.asp in Cool Cafe (Cool Caf&#233;) Chat 1.2.1 allows remote  ...)
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe (Cool Caf&#233; ...)
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCol ...)
	NOT-FOR-US: iGallery
CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for Blue-Collar Pr ...)
	NOT-FOR-US: iGallery
CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote attac ...)
	NOT-FOR-US: socialMPN
CVE-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...)
	NOT-FOR-US: external script that allow interaction between amarok and a browser
CVE-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ea ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does no ...)
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a h ...)
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to  ...)
	NOT-FOR-US: Cisco
CVE-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers  ...)
	{DSA-738-1}
	NOTE: varying and apparently innacurate info about what versions fix it
	- razor 2.720-1 (low)
CVE-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Li ...)
	- gnupg2 1.9.15-1
CVE-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
	NOT-FOR-US: iPlanet
CVE-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier all ...)
	NOT-FOR-US: cPanel
CVE-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network S ...)
	NOT-FOR-US: 3com Network Supervisor
CVE-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) o ...)
	NOT-FOR-US: FreeBSD ipfw
CVE-2005-2018
	RESERVED
CVE-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain priv ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2016
	RESERVED
CVE-2005-2015
	RESERVED
CVE-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...)
	NOT-FOR-US: paFAQ
CVE-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: paFAQ
CVE-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 al ...)
	NOT-FOR-US: paFAQ
CVE-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta  ...)
	NOT-FOR-US: paFAQ
CVE-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Rel ...)
	NOT-FOR-US: Ublog Reload
CVE-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow rem ...)
	NOT-FOR-US: Ublog Reload
CVE-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the  ...)
	- yaws 1.56-1 (low)
CVE-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier a ...)
	- trac 0.8.4-1 (bug #315145)
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain  ...)
	NOT-FOR-US: JBOSS
CVE-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat f ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (U ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain  ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlie ...)
	NOT-FOR-US: Mambo
CVE-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and  ...)
	NOT-FOR-US: paFileDB
CVE-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier all ...)
	NOT-FOR-US: paFileDB
CVE-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...)
	NOT-FOR-US: paFileDB
CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...)
	NOT-FOR-US: McGallery
CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to arbitr ...)
	NOT-FOR-US: McGallery
CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix Site Ma ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download b ...)
	NOT-FOR-US: Finjan SurfinGate
CVE-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-comman ...)
	{DSA-735-2 DSA-735-1}
	- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
CVE-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets  ...)
	{DSA-748-1}
	- ruby1.8 1.8.2-8 (bug #315064; medium)
	- ruby1.9 1.9.0+20050623-1 (bug #315064; medium)
CVE-2005-1991
	RESERVED
CVE-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: MSIE
CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows re ...)
	NOT-FOR-US: MSIE
CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows re ...)
	NOT-FOR-US: MSIE
CVE-2005-1987 (Buffer overflow in Collaboration Data Objects (CDO), as used in Micros ...)
	NOT-FOR-US: Microsoft
CVE-2005-1986
	RESERVED
CVE-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, X ...)
	NOT-FOR-US: Microsoft
CVE-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microso ...)
	NOT-FOR-US: Spoolsv.exe
CVE-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for Mic ...)
	NOT-FOR-US: Microsoft
CVE-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote  ...)
	NOT-FOR-US: Microsoft
CVE-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote  ...)
	NOT-FOR-US: Microsoft
CVE-2005-1978 (COM+ in Microsoft Windows does not properly "create and use memory str ...)
	NOT-FOR-US: Microsoft
CVE-2005-1977
	RESERVED
CVE-2005-1976 (Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1 ...)
	NOT-FOR-US: Annuaire
CVE-2005-1974 (Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE)  ...)
	NOT-FOR-US: Sun Java
CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0  ...)
	NOT-FOR-US: Sun Java
CVE-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11  ...)
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta  ...)
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Wind ...)
	NOT-FOR-US: pcAnywhere
CVE-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserve ...)
	NOT-FOR-US: Pragma Telnetserver
CVE-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce befo ...)
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...)
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows  ...)
	NOT-FOR-US: e107
CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for Broadpool ...)
	NOT-FOR-US: Broadpool Siteframe
CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for Ovidentia Po ...)
	NOT-FOR-US: Ovidentia Portal
CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 a ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allo ...)
	NOT-FOR-US: C-JDBC
CVE-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers t ...)
	NOT-FOR-US: C.J. Steele Tattle
CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute a ...)
	NOT-FOR-US: JamMail
CVE-2005-1958
	REJECTED
CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user authentic ...)
	NOT-FOR-US: File Upload Manager
CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files  ...)
	NOT-FOR-US: File Upload Manager
CVE-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9 ...)
	NOT-FOR-US: singapore
CVE-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: singapore
CVE-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server (pServ ...)
	NOT-FOR-US: Pico Server
CVE-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows re ...)
	NOT-FOR-US: Pico Server
CVE-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Mil ...)
	NOT-FOR-US: osCommerce
CVE-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Webhints
CVE-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...)
	NOT-FOR-US: e107
CVE-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before 1.3. ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery be ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 F ...)
	NOT-FOR-US: Invision Blog
CVE-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...)
	NOT-FOR-US: Invision Blog
CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary fil ...)
	NOT-FOR-US: xmysqladmin
CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 al ...)
	NOT-FOR-US: Loki download manager
CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to  ...)
	NOT-FOR-US: Cisco
CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-st ...)
	NOT-FOR-US: SilverCity
CVE-2005-1940
	RESERVED
CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2005-1938
	REJECTED
CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote at ...)
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.6-1 (medium)
	- mozilla 2:1.7.10-1 (medium)
	[woody] - mozilla <not-affected> (regression of a previous security fix)
CVE-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network Controlle ...)
	NOT-FOR-US: Xerox hardware issue
CVE-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1930 (Directory traversal vulnerability in the Crystal Report component (rpt ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1929 (Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2)  ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1928 (Trend Micro ServerProtect EarthAgent for Windows Management Console 5. ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1927
	RESERVED
CVE-2005-1926
	RESERVED
CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1  ...)
	NOT-FOR-US: Tikiwiki
CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote a ...)
	NOT-FOR-US: External Squirrelmail plugin not packaged in Debian
CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, an ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #316401; bug #316462; medium)
CVE-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 all ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (low)
CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XM ...)
	{DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
	- serendipity 1.0-1
	- drupal 4.5.4-1 (high; bug #316362)
	- phpgroupware 0.9.16.006-1 (high)
	- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
	- phpwiki 1.3.7-4 (bug #316714; high)
	- php4 4:4.3.10-16 (high; bug #316447)
	- horde3 <not-affected> (horde3 ships different XMLRPC code)
CVE-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4. ...)
	{DSA-804-2}
	- kdelibs 4:3.4.2-1 (bug #319016; medium)
CVE-2005-1919
	REJECTED
CVE-2005-1918 (The original patch for a GNU tar directory traversal vulnerability (CV ...)
	- tar 1.14-2.2
	NOTE: 1.14-2.2 is ok, maybe Debian was not-affected anyway
CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite arb ...)
	NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is not the same one
CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low)
CVE-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows  ...)
	NOT-FOR-US: log4sh
CVE-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable  ...)
	{DSA-754-1 DTSA-2-1}
	- centericq 4.20.0-7 (medium)
CVE-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a den ...)
	{DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.6.11 2.6.11-6 (medium)
CVE-2005-1912
	REJECTED
CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang whil ...)
	- leafnode 1.11.3.rel-1 (bug #338886; low)
	[sarge] - leafnode 1.11.2.rel-1.0sarge0
CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events Sys ...)
	NOT-FOR-US: WWWeb Concepts Events System
CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote attack ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls f ...)
	NOT-FOR-US: Perception LiteWeb
CVE-2005-1907 (The ISA Firewall service in Microsoft Internet Security and Accelerati ...)
	NOT-FOR-US: Microsoft
CVE-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows r ...)
	NOT-FOR-US: livingmailing
CVE-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...)
	NOT-FOR-US: Kaspersky
CVE-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...)
	NOT-FOR-US: JiRo's Upload Systems
CVE-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 all ...)
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...)
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before  ...)
	NOT-FOR-US: Sawmill
CVE-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication  ...)
	NOT-FOR-US: Sawmill
CVE-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released befo ...)
	NOT-FOR-US: RakNet
CVE-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before 1.5 ...)
	NOT-FOR-US: phpThumb
CVE-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before  ...)
	NOT-FOR-US: FlexCast
CVE-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allow ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remo ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote at ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...)
	NOT-FOR-US: Mortiforo
CVE-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenanc ...)
	NOT-FOR-US: Sun ONE
CVE-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 all ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and libprojec ...)
	NOT-FOR-US: Solaris
CVE-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0 ...)
	NOT-FOR-US: YaPiG
CVE-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ob ...)
	NOT-FOR-US: YaPiG
CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir comman ...)
	NOT-FOR-US: YaPiG
CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...)
	NOT-FOR-US: YaPiG
CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0 ...)
	NOT-FOR-US: YaPiG
CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict  ...)
	NOT-FOR-US: YaPiG
CVE-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: everybuddy
CVE-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary f ...)
	NOT-FOR-US: LutelWall
CVE-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite arb ...)
	NOT-FOR-US: GIPTables
CVE-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel  ...)
	NOT-FOR-US: Lpanel
CVE-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier allo ...)
	NOT-FOR-US: CuteNews
CVE-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ( ...)
	NOT-FOR-US: Exhibit Engine
CVE-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote att ...)
	NOT-FOR-US: Dzip
CVE-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier vers ...)
	NOT-FOR-US: Crob
CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere Applica ...)
	NOT-FOR-US: WebSphere
CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through  ...)
	- drupal 4.5.3-1
CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php in Popp ...)
	NOT-FOR-US: Popper
CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6 ...)
	NOT-FOR-US: MWChat
CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to e ...)
	NOT-FOR-US: I-Man
CVE-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ad ...)
	NOT-FOR-US: Symantec
CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allo ...)
	NOT-FOR-US: Calendarix
CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in Calenda ...)
	NOT-FOR-US: Calendarix
CVE-2005-1863
	REJECTED
CVE-2005-1862
	REJECTED
CVE-2005-1861
	REJECTED
CVE-2005-1860
	REJECTED
CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
	NOT-FOR-US: arshell
CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ma ...)
	{DSA-786-1}
	- simpleproxy 3.2-4 (medium)
CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixe ...)
	{DSA-787-1}
	- backup-manager 0.5.8-2 (bug #315582; low)
	NOTE: maybe a duplicate of CVE-2005-2212, author contacted
CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...)
	{DSA-787-1}
	- backup-manager 0.5.8-2 (medium)
	NOTE: maybe a duplicate of CVE-2005-2211, author contacted
CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...)
	{DSA-772-1}
	- apt-cacher 0.9.10 (high)
CVE-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...)
	{DSA-770-1}
	- gopher 3.0.8 (low)
CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3  ...)
	{DSA-767-1 DTSA-4-1}
	- kdenetwork 4:3.3.2-5 (bug #319443; unimportant)
	NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
	NOTE: no shared lib version is found. As the Debian package has a dependency on
	NOTE: it the maintainer does not intent to fix it, see # 319443
	- ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium)
CVE-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier  ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier c ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of  ...)
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-763-1}
	NOTE: This is only contrib code not built in the binary packages AFAIK
	- zlib 1:1.2.3-1 (low)
	- zsync 0.4.1-1 (low)
	- sash 3.7-5sarge1 (low)
	NOTE: zsync 0.4.0-2 (mentioned in DSA-797-1) was never uploaded.
CVE-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause  ...)
	{DSA-750-1}
	- dhcpcd 1:1.3.22pl4-22 (medium)
CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to exec ...)
	NOT-FOR-US: YaMT
CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allo ...)
	NOT-FOR-US: YaMT
CVE-2005-1845
	REJECTED
CVE-2005-1844
	REJECTED
CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suit ...)
	NOT-FOR-US: Windows
CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suit ...)
	NOT-FOR-US: Windows
CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX ...)
	NOT-FOR-US: acroread
CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory f ...)
	{DSA-744-1}
	- fuse 2.3.0-1
CVE-2005-2349 (Zoo 2.10 has Directory traversal ...)
	- zoo 2.10-4 (low; bug #309594)
CVE-2005-2350 (Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remo ...)
	- websieve <removed> (bug #311838; low)
CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
	NOT-FOR-US: phpCMS
CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
	NOT-FOR-US: Liberum
CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in Li ...)
	NOT-FOR-US: Liberum
CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded username wi ...)
	NOT-FOR-US: Fortinet firewall
CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with insu ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows rem ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1831
	- sudo <not-affected> (Unreproducable, seems like a broken PAM setup on the submitter's side)
CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 al ...)
	NOT-FOR-US: SoftICE
CVE-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a d ...)
	NOT-FOR-US: Microsoft
CVE-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the rou ...)
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and g ...)
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadig ...)
	NOT-FOR-US: HP Radia
CVE-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP R ...)
	NOT-FOR-US: HP Radia
CVE-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL aut ...)
	- mailutils 1:0.6.1-2
CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Car ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php in Power ...)
	NOT-FOR-US: PowerDownload
CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attacke ...)
	NOT-FOR-US: Zeroboard
CVE-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0. ...)
	NOT-FOR-US: NikoSoft WebMail
CVE-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...)
	NOT-FOR-US: NewLife Blogger
CVE-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to  ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 a ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote attacke ...)
	NOT-FOR-US: PicoWebServer
CVE-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server Evalua ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1810 (SQL injection vulnerability in template-functions-category.php in Word ...)
	- wordpress 1.5.1.2-1
CVE-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sony hardware issue
CVE-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers t ...)
	NOT-FOR-US: Stronghold game
CVE-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier all ...)
	- libphp-phpmailer 1.73
CVE-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows remo ...)
	NOT-FOR-US: PeerCast
CVE-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by Onli ...)
	NOT-FOR-US: Online Solutions for Educators
CVE-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System (N ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dyna ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a d ...)
	NOT-FOR-US: Nortel hardware
CVE-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of s ...)
	NOT-FOR-US: Nokia hardware
CVE-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 t ...)
	NOT-FOR-US: Jaws glossary gadget
CVE-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and W ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software  ...)
	NOT-FOR-US: ServersCheck
CVE-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
	NOTE: Cryptographic attack on AES, cannot be fixed
CVE-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses  ...)
	{DSA-749-1}
	- ettercap 1:0.7.1-1.1 (bug #311615)
CVE-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85 ...)
	NOT-FOR-US: ClamAV on Mac OS X
CVE-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stor ...)
	NOT-FOR-US: Microsoft
CVE-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating sys ...)
	NOT-FOR-US: Microsoft
CVE-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the use ...)
	NOT-FOR-US: Microsoft
CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and ...)
	{CVE-2005-3896}
	NOT-FOR-US: Microsoft
	NOTE: The exploit causes Mozilla to crash, see CVE-2005-3896.
CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution s ...)
	NOT-FOR-US: India Software Solution shopping cart
CVE-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting Contro ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: phpStat
CVE-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 all ...)
	NOT-FOR-US: FunkyASP
CVE-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...)
	NOT-FOR-US: ZonGG
CVE-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers  ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the  ...)
	NOT-FOR-US: BookReview
CVE-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...)
	NOT-FOR-US: BookReview
CVE-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows rem ...)
	NOT-FOR-US: MailEnable
CVE-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager  ...)
	NOT-FOR-US: Active News Manager
CVE-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36 ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows r ...)
	NOT-FOR-US: PostNuke
CVE-2005-1776 (Buffer overflow in the READ_TCP_STRING function in game_message_functi ...)
	NOT-FOR-US: C'Nedra
CVE-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote attac ...)
	NOT-FOR-US: Terminator game
CVE-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Uni ...)
	- davfs2 0.2.4-1 (bug #310757; medium)
CVE-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1. ...)
	NOT-FOR-US: Listserv
CVE-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the  ...)
	NOT-FOR-US: Terminator game
CVE-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...)
	NOT-FOR-US: HPUX
CVE-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6  ...)
	NOT-FOR-US: Avast
CVE-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...)
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #314374; medium)
CVE-2005-1768 (Race condition in the ia32 compatibility code for the execve system ca ...)
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment fau ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 2.4.27-11
	NOTE: amd64 is not supported for 2.4 (the issue is amd64 speficic)
CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1 ...)
	{DSA-826-1}
	- helix-player 1.0.5-1 (bug #316276; high)
	NOTE: Helix Player is affected according to:
	NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard pag ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 p ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	- kernel-source-2.4.27 2.4.27-11
CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users t ...)
	{DSA-1018-1 DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in  ...)
	NOT-FOR-US: sysreport
CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to modif ...)
	- shtool 2.0.1-2 (low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (unimportant)
	- php4 4:4.4.0-1 (unimportant)
CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell Ne ...)
	NOT-FOR-US: Novell
CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.5 ...)
	NOT-FOR-US: Novell
CVE-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novel ...)
	NOT-FOR-US: Novell
CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to creat ...)
	{DSA-789-1 DTSA-15-1}
	- shtool 2.0.1-2 (bug #311206; low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (bug #314464; unimportant)
	- php4 4:4.3.10-16 (low)
CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
	- moodle 1.4.4.dfsg.1-3
CVE-2005-2351 (Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of ser ...)
	- mutt 1.5.20-7 (bug #311296; unimportant)
	[sarge] - mutt <no-dsa> (Minor annoyance, not a real DoS)
	NOTE: An "attacker" could achieve the same by simply filling up /tmp
CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
	NOTE: no longer affected.
	- gforge 3.1-26
CVE-2005-XXXX [osh buffer overflow]
	- osh 1.7-13 (bug #311369)
CVE-2005-XXXX [xile buffer overrun in terminal code]
	- zile 2.0.4-2
CVE-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 all ...)
	NOT-FOR-US: ezwdc NewsletterEz
CVE-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Servic ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 throug ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Se ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through Ser ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack  ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 do ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 an ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users  ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to c ...)
	NOT-FOR-US: Halo
CVE-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecu ...)
	- net-snmp <not-affected> (fixproc not installed in Debian package)
CVE-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick befo ...)
	- imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812)
CVE-2005-1738 (Format string vulnerability in the logPrintBadfile function in delbadf ...)
	NOT-FOR-US: Iron Bars Shell
CVE-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized u ...)
	NOT-FOR-US: PROMS
CVE-2005-1736 (PROMS 0.11 does not properly handle "certain combinations of rights,"  ...)
	NOT-FOR-US: PROMS
CVE-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0. ...)
	NOT-FOR-US: PROMS
CVE-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remo ...)
	NOT-FOR-US: PROMS
CVE-2005-1733 (Cookie Cart stores the password file under the web document root with  ...)
	NOT-FOR-US: Cookie Cart
CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification lis ...)
	NOT-FOR-US: Cookie Cart
CVE-2005-1731
	REJECTED
CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novel ...)
	NOT-FOR-US: Novell iManager
CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Novell
CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Port ...)
	NOT-FOR-US: Apple
CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writ ...)
	NOT-FOR-US: Apple
CVE-2005-1726 (The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users w ...)
	NOT-FOR-US: Apple
CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users t ...)
	NOT-FOR-US: Apple
CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the - ...)
	NOT-FOR-US: Apple
CVE-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...)
	NOT-FOR-US: Apple
CVE-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 1 ...)
	NOT-FOR-US: Apple
CVE-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...)
	NOT-FOR-US: Apple
CVE-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...)
	NOT-FOR-US: Apple
CVE-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earli ...)
	NOT-FOR-US: avast! antivirus
CVE-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote a ...)
	NOT-FOR-US: War Times
CVE-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remo ...)
	NOT-FOR-US: Zyxel hardware
CVE-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the w ...)
	NOT-FOR-US: TOPo
CVE-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2. ...)
	NOT-FOR-US: TOPo
CVE-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 all ...)
	NOT-FOR-US: SurgeMail
CVE-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...)
	NOT-FOR-US: Serendipity
CVE-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple auth ...)
	NOT-FOR-US: Serendipity
CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0. ...)
	NOT-FOR-US: Gibraltar Firewall
CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Repor ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter befor ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14  ...)
	NOT-FOR-US: Gentoo
CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "i ...)
	- mailscanner 4.42.9 (bug #310774; low)
	[sarge] - mailscanner <no-dsa> (Minor issue)
CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the .gdb ...)
	- gdb 6.3-6
CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb b ...)
	- gdb 6.3-6
CVE-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to cau ...)
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers  ...)
	NOT-FOR-US: PortailPHP
CVE-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in Po ...)
	NOT-FOR-US: PostNuke
CVE-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia mod ...)
	NOT-FOR-US: PostNuke
CVE-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: PostNuke
CVE-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote at ...)
	NOT-FOR-US: PostNuke
CVE-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750  ...)
	NOT-FOR-US: PostNuke
CVE-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module  ...)
	NOT-FOR-US: PostNuke
CVE-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia m ...)
	NOT-FOR-US: PostNuke
CVE-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
	NOT-FOR-US: CA Antivirus
CVE-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ve ...)
	- gxine 0.4.7-0.1 (bug #310712; medium)
CVE-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP b ...)
	NOT-FOR-US: SAP
CVE-2005-1690
	REJECTED
CVE-2005-1689 (Double free vulnerability in the krb5_recvauth function in MIT Kerbero ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (medium)
CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive  ...)
	- wordpress 1.5.1-1
CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and e ...)
	- wordpress 1.5.1-1
CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to cau ...)
	{DSA-753-1}
	NOTE: Only exploitable under rare circumstances
	- gedit 2.10.3-1 (low)
CVE-2005-1685 (episodex guestbook allows remote attackers to bypass authentication an ...)
	NOT-FOR-US: episodex
CVE-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex g ...)
	NOT-FOR-US: episodex
CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2005-1682
	NOT-FOR-US: Solstice Internet Mail Server
CVE-2005-1681 (PHP remote file inclusion vulnerability in common.php in phpATM 1.21,  ...)
	NOT-FOR-US: phpATM
CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firm ...)
	NOT-FOR-US: D-Link hardware
CVE-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
	- picasm 1.12c-1
CVE-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, a ...)
	NOT-FOR-US: Groove
CVE-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338,  ...)
	NOT-FOR-US: Groove
CVE-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile W ...)
	NOT-FOR-US: Groove
CVE-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, a ...)
	NOT-FOR-US: Groove
CVE-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live al ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow remot ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center Liv ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activat ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches  ...)
	NOT-FOR-US: Extreme BlackDiamond hardware
CVE-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...)
	NOT-FOR-US: Opera
CVE-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain privilege ...)
	NOT-FOR-US: YusASP Web Asset Manager
CVE-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a denia ...)
	NOT-FOR-US: DataTrac Activity Console
CVE-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remot ...)
	NOT-FOR-US: Orenosv
CVE-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not crypt ...)
	NOT-FOR-US: Microsoft
CVE-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote a ...)
	NOT-FOR-US: Microsoft
CVE-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 al ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web d ...)
	NOT-FOR-US: EZGuestbook
CVE-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServe ...)
	NOT-FOR-US: MyServer
CVE-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 a ...)
	NOT-FOR-US: MyServer
CVE-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005  ...)
	NOT-FOR-US: Mercur Messaging
CVE-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source c ...)
	NOT-FOR-US: Mercur Messaging
CVE-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to cau ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers  ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-XXXX [Two DoS condition in ekg]
	- ekg 1:1.5+20050411-3
CVE-2005-XXXX [lcrash affected by libbfd integer overflows]
	- lcrash 7.0.0.pre.cvs.20050322-3
CVE-2005-XXXX [Multiple security problems in lbreakout2]
	- lbreakout2 2.5.2-2
CVE-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware  ...)
	NOT-FOR-US: Woppoware
CVE-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...)
	NOT-FOR-US: Woppoware
CVE-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware PostMas ...)
	NOT-FOR-US: Woppoware
CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) gener ...)
	NOT-FOR-US: Woppoware
CVE-2005-1649 (The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, wit ...)
	NOT-FOR-US: Windows
CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database f ...)
	NOT-FOR-US: GASoft
CVE-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file  ...)
	NOT-FOR-US: GASoft
CVE-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, whi ...)
	NOT-FOR-US: Fastream NETFile
CVE-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web docum ...)
	NOT-FOR-US: Keyvan1 Gallery
CVE-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Liv ...)
	NOT-FOR-US: Livre d'Or
CVE-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ear ...)
	NOT-FOR-US: Zoidcom
CVE-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab Bu ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...)
	NOT-FOR-US: Ignition Project
CVE-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...)
	NOT-FOR-US: Ignition Project
CVE-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 a ...)
	NOT-FOR-US: Sigma
CVE-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ha ...)
	NOT-FOR-US: SafeHTML
CVE-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remot ...)
	NOT-FOR-US: NPDS
CVE-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 crea ...)
	{DSA-783-1}
	- mysql-dfsg 4.0.12-2 (bug #319526; low)
	- mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
	- mysql-dfsg-5.0 5.0.11beta-3 (medium)
CVE-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain  ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Port ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and  ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules befo ...)
	- cheetah 0.9.16-1
CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view p ...)
	NOT-FOR-US: Booby
CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a "s ...)
	NOT-FOR-US: phpbb attachment mod
CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
	NOT-FOR-US: Photopost
CVE-2005-1628 (apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows r ...)
	NOT-FOR-US: WebAPP
CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a potentia ...)
	- viewglob 2.0.1-1
	[sarge] - viewglob <not-affected> (1.x version in Sarge is not vulnerable)
CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
	NOT-FOR-US: Pico Server
CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in  ...)
	NOT-FOR-US: Acrobat Reader
CVE-2005-1624
	RESERVED
CVE-2005-1623
	RESERVED
CVE-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in  ...)
	NOT-FOR-US: MetaCart
CVE-2005-1621 (Directory traversal vulnerability in the pnModFunc function in pnMod.p ...)
	NOT-FOR-US: Postnuke mod
CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1 ...)
	NOT-FOR-US: Skull-Splitter Guestbook
CVE-2005-1619 (Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page. ...)
	NOT-FOR-US: PHPMyChat
CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remot ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...)
	NOT-FOR-US: Willings WebCAM
CVE-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows rem ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow  ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate  ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open Bulleti ...)
	NOT-FOR-US: OpenBB
CVE-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board (OpenBB ...)
	NOT-FOR-US: OpenBB
CVE-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x a ...)
	NOT-FOR-US: Web Crossing
CVE-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone  ...)
	NOT-FOR-US: Tru-Zone NukeET
CVE-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...)
	NOT-FOR-US: Sun StorEdge 6130 Arrays
CVE-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean AutoT ...)
	NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke
CVE-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart al ...)
	NOT-FOR-US: Remote Cart
CVE-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such  ...)
	NOT-FOR-US: H-Sphere Winbox
CVE-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for SiteStud ...)
	NOT-FOR-US: guestbook for SiteStudio
CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...)
	NOT-FOR-US: phpATM
CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to cau ...)
	NOT-FOR-US: NiteEnterprises Remote File Manager
CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File  ...)
	NOT-FOR-US: Net56 Browser Based File Manager
CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the w ...)
	NOT-FOR-US: MRO Maximo Self Service
CVE-2005-1600 (A "mathematical flaw" in the implementation of the El Gamal signature  ...)
	NOT-FOR-US: LibTomCrypt
CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subje ...)
	NOT-FOR-US: Kryloff Technologies Subject Search Server
CVE-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ea ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) top ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the extr ...)
	NOT-FOR-US: Fusion SBX
CVE-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, whic ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1 ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat S ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1592 (Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3 ...)
	NOT-FOR-US: BirdBlog
CVE-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote att ...)
	NOT-FOR-US: Solaris
CVE-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows loc ...)
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
	- clamav 0.85.1-1 (low)
	[sarge] - clamav 0.84-2.sarge.1
CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
	- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler (pktc ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	[sarge] - kernel-source-2.6.8 <not-affected>
CVE-2005-1588
	NOT-FOR-US: Quick.cart
CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0 ...)
	NOT-FOR-US: Quick.cart
CVE-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as use ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remo ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum  ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new sto ...)
	NOT-FOR-US: 1Two News
CVE-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1. ...)
	NOT-FOR-US: 1Two News
CVE-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remo ...)
	NOT-FOR-US: bug_list.php
CVE-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...)
	NOT-FOR-US: BoastMachine
CVE-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration Ov ...)
	NOT-FOR-US: EnCase
CVE-2005-1577 (APG Technology ClassMaster does not properly restrict access to sensit ...)
	NOT-FOR-US: APG Classmaster
CVE-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
	NOTE: appears windows specific
CVE-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
	NOTE: appears windows specific
CVE-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content protec ...)
	NOT-FOR-US: Windows
CVE-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News Ma ...)
	NOT-FOR-US: ASP Virtual News Manager
CVE-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service (s ...)
	NOT-FOR-US: ShowOff
CVE-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow r ...)
	NOT-FOR-US: ShowOff
CVE-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full pa ...)
	NOTE: for-for-us (bttlxeForum)
CVE-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 a ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtai ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 a ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass  ...)
	NOT-FOR-US: Acrowave AAP-3100AR wireless router
CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is promp ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18-7 (bug #308789; medium)
CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows  ...)
	- bugzilla 2.16.7-7sarge1
CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different er ...)
	- bugzilla 2.16.7-7sarge1
CVE-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earli ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in Max ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute  ...)
	NOT-FOR-US: Nexusway
CVE-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute  ...)
	NOT-FOR-US: Nexusway
CVE-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass a ...)
	NOT-FOR-US: Nexusway
CVE-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestboo ...)
	NOT-FOR-US: WebApp Guestbook PRO
CVE-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a de ...)
	NOT-FOR-US: Gamespy cd-key validation system
CVE-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in Col ...)
	NOT-FOR-US: JRun
CVE-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1 ...)
	NOT-FOR-US: WowBB
CVE-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a w ...)
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when se ...)
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses whe ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute a ...)
	NOT-FOR-US: easy message board
CVE-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...)
	NOT-FOR-US: easy message board
CVE-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 a ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, an ...)
	NOT-FOR-US: Bakbone Netvault
CVE-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remo ...)
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows re ...)
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote atta ...)
	{DSA-755-1}
	NOTE: CVE info about vulnerable version number is bogus
	- tiff 3.7.2-3 (bug #309739)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote Managem ...)
	NOT-FOR-US: Novell Zenworks
CVE-2005-1542
	RESERVED
CVE-2005-1541
	RESERVED
CVE-2005-1540
	RESERVED
CVE-2005-1539
	RESERVED
CVE-2005-1538
	RESERVED
CVE-2005-1537
	RESERVED
CVE-2005-1536
	RESERVED
CVE-2005-1535
	RESERVED
CVE-2005-1534
	RESERVED
CVE-2005-1533
	RESERVED
CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly li ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly  ...)
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, all ...)
	NOT-FOR-US: Sophos
CVE-2005-1529
	RESERVED
CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX Neut ...)
	NOT-FOR-US: QNX
CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
	{DSA-892-1}
	- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php in Cact ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before 0. ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8. ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and  ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions be ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU  ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for  ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered  ...)
	{DSA-751-1}
	- squid 2.5.9-9 (bug #309504)
CVE-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated Nam ...)
	NOT-FOR-US: Solaris
CVE-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 a ...)
	NOT-FOR-US: Cisco
CVE-2005-XXXX [Buffer overflow in libotr]
	- libotr 2.0.2-1
CVE-2005-XXXX [vpnc: config file path security hole]
	- vpnc 0.3.2+SVN20050326-2
CVE-2005-XXXX [Several buffer overflows in termpkg]
	- termpkg 3.3-2
CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
	NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
	NOTE: already fixed since 2.15-6
	- binutils 2.15-6
CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
	- kmd 0.9.19-1.1
CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
	NOTE: Source package has been renamed from unrar to unrar-free
	- unrar-free 1:0.0.1-2
CVE-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded pict ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remot ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 al ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...)
	NOT-FOR-US: WebSTAR
CVE-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0. ...)
	NOT-FOR-US: CJ Ultra Plus
CVE-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configurin ...)
	NOT-FOR-US: MacOS
CVE-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, a ...)
	NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit
CVE-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart a ...)
	NOT-FOR-US: MidiCart
CVE-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...)
	NOT-FOR-US: MidiCart
CVE-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MidiCart
CVE-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...)
	NOT-FOR-US: myBloggie
CVE-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ar ...)
	NOT-FOR-US: myBloggie
CVE-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...)
	NOT-FOR-US: myBloggie
CVE-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: myBloggie
CVE-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE J ...)
	NOT-FOR-US: Oracle
CVE-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...)
	NOT-FOR-US: Oracle
CVE-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in Me ...)
	NOT-FOR-US: MegaBook
CVE-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote attac ...)
	NOT-FOR-US: SimpleCam
CVE-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threa ...)
	NOT-FOR-US: Gossamer Threads Links
CVE-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote auth ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox. ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Serv ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1487
	NOT-FOR-US: FishCart
CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow re ...)
	NOT-FOR-US: FishCart
CVE-2005-1485 (Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 200 ...)
	NOT-FOR-US: ArticleLive
CVE-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by modifyi ...)
	NOT-FOR-US: ArticleLive
CVE-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Cor ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...)
	NOT-FOR-US: RaidenFTPD
CVE-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and  ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows  ...)
	NOT-FOR-US: DMail
CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass auth ...)
	NOT-FOR-US: DMail
CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions i ...)
	{DSA-4692-1 DLA-2234-1}
	- qmail 1.03-38
	- netqmail 1.06-6.2
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large amo ...)
	{DSA-4692-1 DLA-2234-1}
	- qmail 1.03-38
	- netqmail 1.06-6.2
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when run ...)
	{DSA-4692-1 DLA-2234-1}
	- qmail 1.03-38
	- netqmail 1.06-6.2
	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
	NOTE: https://www.openwall.com/lists/oss-security/2020/06/16/2
CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the b ...)
	- mozilla-firefox 1.0.4-1
CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript  ...)
	- mozilla-firefox 1.0.4-1
CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote  ...)
	NOT-FOR-US: Opera
CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install  ...)
	NOT-FOR-US: Apple
CVE-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical  ...)
	NOT-FOR-US: Apple
CVE-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce  ...)
	NOT-FOR-US: Apple
CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 al ...)
	NOT-FOR-US: RSA SecurID Web Agent
CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
	- mailutils 1:0.6.1-2
CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
	- maradns 1.0.27-1
CVE-2005-2352 (I race condition in Temp files was found in gs-gpl before 8.56 addons  ...)
	- gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant)
CVE-2005-XXXX [Possible SQL injection in freeradius]
	- freeradius 1.0.2-4
CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local us ...)
	{DSA-1051-1 DSA-1046-1}
	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- firefox 1.5.dfsg+1.5.0.2-1
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2005-XXXX [Directory traversal in unzoo]
	- unzoo 4.4-4
CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
	- syslog-ng 1.6.5-2.1
CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
	- trackballs 1.1.1-1 (bug #302454; medium)
	[sarge] - trackballs <no-dsa> (Hardly exploitable)
	NOTE: CVE request sent to mitre (who sent this? any response?)
	NOTE: Trackballs doesn't run as gid games anymore, high-score files are
	NOTE: stored in user's home directories instead.
CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP,  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.1 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP,  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1462 (Double free vulnerability in the ICEP dissector in Ethereal before 0.1 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS,  ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote at ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1458 (Multiple unknown "other problems" in the KINK dissector in Ethereal be ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreCh ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissec ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for  ...)
	- freeradius 1.0.2-4
CVE-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL mod ...)
	- freeradius 1.0.2-4
CVE-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to c ...)
	- leafnode 1.11.2.rel-1
CVE-2005-XXXX [Missing input validation in xtradius]
	- xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
CVE-2005-XXXX [fai tempfile vulnerability]
	- fai 2.8.2
CVE-2005-2354 (Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in  ...)
	NOTE: have not checked to see which security holes are in it exactly
	- nvu <removed> (bug #306822; medium)
CVE-2005-2356
	RESERVED
	NOTE: This was assigned to an eskuel non-issue before due to Red Hat typos
CVE-2005-XXXX [Buffer overflow in elog's header buffer]
	- elog 2.5.7+r1558-3 (bug #349528; high)
CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
	- ipsec-tools 1:0.5.2-1
CVE-2005-1452 (Serendipity before 0.8 allows Chief users to "hide plugins installed b ...)
	- serendipity 1.0-1
CVE-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...)
	- serendipity 1.0-1
CVE-2005-1450 (Unknown vulnerability in "the function used to validate path-names for ...)
	- serendipity 1.0-1
CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for Serendip ...)
	- serendipity 1.0-1
CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for Sere ...)
	- serendipity 1.0-1
CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 ...)
	NOT-FOR-US: SitePanel
CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to up ...)
	NOT-FOR-US: SitePanel
CVE-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ea ...)
	NOT-FOR-US: SitePanel
CVE-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...)
	NOT-FOR-US: SitePanel
CVE-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for I ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4  ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5 ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Ente ...)
	NOT-FOR-US: ViArt Shop
CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket allow ...)
	NOT-FOR-US: osTicket
CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket allows ...)
	NOT-FOR-US: osTicket
CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote attack ...)
	NOT-FOR-US: osTicket
CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow  ...)
	NOT-FOR-US: osTicket
CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated us ...)
	- openwebmail <removed>
CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV  ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation Servic ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1432
	RESERVED
CVE-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before  ...)
	- gnutls11 1.0.16-13.1 (bug #309111; bug #307641)
CVE-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ter ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows re ...)
	NOT-FOR-US: WWWguestbook
CVE-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers t ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1427 (Uapplication Uphotogallery stores the database under the web document  ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1426 (Uapplication Ublog Reload stores sensitive information under the web r ...)
	NOT-FOR-US: Uapplication Ublog
CVE-2005-1425 (Uapplication Uguestbook 1.0 stores sensitive information under the web ...)
	NOT-FOR-US: Uapplication Uguestbook
CVE-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and  ...)
	NOT-FOR-US: GoText
CVE-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE  ...)
	NOT-FOR-US: 602 LAN SUITE
CVE-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server  ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 Maili ...)
	NOT-FOR-US: Ocean12 Mailing list manager
CVE-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...)
	NOT-FOR-US: Netleaf
CVE-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and  ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote at ...)
	NOT-FOR-US: 04WebServer
CVE-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote a ...)
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, includin ...)
	NOT-FOR-US: FilePocket
CVE-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote atta ...)
	NOT-FOR-US: enVivo
CVE-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional Guest ...)
	NOT-FOR-US: ECommPro
CVE-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the world-readabl ...)
	NOT-FOR-US: ICUII
CVE-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) d ...)
	- postgresql 7.4.7-6
CVE-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain  ...)
	- postgresql 7.4.7-6
CVE-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary  ...)
	NOT-FOR-US: Apple
CVE-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
	NOT-FOR-US: Skype
CVE-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly cle ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function i ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by modif ...)
	NOT-FOR-US: MyPHP Forum
CVE-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's A ...)
	NOT-FOR-US: JW Amazon Web Store
CVE-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...)
	NOT-FOR-US: NeL libarary
CVE-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ear ...)
	NOT-FOR-US: Mtp-Target
CVE-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 all ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions f ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product p ...)
	NOT-FOR-US: PHPCart
CVE-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before 0.10 ...)
	NOT-FOR-US: PHPCalender
CVE-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows lo ...)
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allo ...)
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
	NOT-FOR-US: ArcGIS
CVE-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 a ...)
	NOT-FOR-US: ArcGIS
CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with world-reada ...)
	- phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway)
CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earl ...)
	{DSA-934-1}
	[sarge] - pound 1.8.2-1sarge1
	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
CVE-2005-1390
	REJECTED
CVE-2005-1389
	REJECTED
CVE-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allo ...)
	NOT-FOR-US: SURVIVOR
CVE-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrat ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service (appli ...)
	NOT-FOR-US: Safari
CVE-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote a ...)
	NOT-FOR-US: phpCoin
CVE-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled,  ...)
	NOT-FOR-US: Oracle
CVE-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...)
	NOT-FOR-US: Oracle
CVE-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...)
	NOT-FOR-US: Oracle
CVE-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allo ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandra ...)
	- lam <not-affected> (Mandrake specific packaging flaw)
CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module f ...)
	NOT-FOR-US: phpbb mod
CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3  ...)
	NOT-FOR-US: Claroline
CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or (2 ...)
	NOT-FOR-US: Claroline
CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6  ...)
	NOT-FOR-US: Claroline
CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...)
	NOT-FOR-US: Claroline
CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CM ...)
	NOT-FOR-US: Koobi CMS
CVE-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...)
	NOT-FOR-US: NetVault
CVE-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not proper ...)
	NOT-FOR-US: NetVault
CVE-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView R ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6 ...)
	- kernel-source-2.4.27 <not-affected>
	- kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel 2. ...)
	[sarge] - kernel-source-2.6.8 <not-affected>
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read arbitra ...)
	NOT-FOR-US: pServ
CVE-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain  ...)
	NOT-FOR-US: pServ
CVE-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: pServ
CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd]
	- shadow 4.0.8
	[sarge] - shadow <not-affected> (was introduced after version 4.0.3)
	[woody] - shadow <not-affected> (was introduced after version 4.0.3)
CVE-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow remot ...)
	NOT-FOR-US: MetaBid Auctions
CVE-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow all ...)
	NOT-FOR-US: MetaCart
CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allo ...)
	NOT-FOR-US: MetaCart
CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow re ...)
	NOT-FOR-US: MetaCart
CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 al ...)
	NOT-FOR-US: GrayCMS
CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows rem ...)
	NOT-FOR-US: text.cgi
CVE-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands  ...)
	NOT-FOR-US: text.cgi
CVE-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a  ...)
	NOT-FOR-US: text.cgi
CVE-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...)
	NOT-FOR-US: includer.cgi
CVE-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...)
	NOT-FOR-US: includer.cgi
CVE-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary comma ...)
	NOT-FOR-US: forum.pl
CVE-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files vi ...)
	NOT-FOR-US: forum.pl
CVE-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows r ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary command ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via  ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows  ...)
	{DSA-727-1}
	- libconvert-uulib-perl 1.0.5.1
CVE-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier  ...)
	NOT-FOR-US: MailEnable
CVE-2005-1347
	NOT-FOR-US: acrobat
CVE-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005  ...)
	NOT-FOR-US: Symantec
CVE-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it i ...)
	{DSA-721-1}
	- squid 2.5.9-7
CVE-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ex ...)
	- apache2 2.0.54-3 (bug #322604)
CVE-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X befo ...)
	NOT-FOR-US: vpnd for Mac OS X
CVE-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3. ...)
	NOT-FOR-US: Apple Terminal
CVE-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands vi ...)
	NOT-FOR-US: Apple Terminal
CVE-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not re ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to esca ...)
	- lukemftpd <not-affected> (our lukemftpd uses pw->pw_name when checking /etc/ftpchroot)
CVE-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ldap_exte ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote att ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain pr ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1334
	REJECTED
CVE-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object exc ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth fil ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display sc ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of servic ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sen ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service (ap ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burnin ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote au ...)
	NOT-FOR-US: VooDoo cIRCle BOTNET
CVE-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and i ...)
	NOT-FOR-US: phpMyVisites
CVE-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for p ...)
	NOT-FOR-US: phpMyVisites
CVE-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
	NOT-FOR-US: NetTerm
CVE-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manage ...)
	- nag 1.1-3.1 (bug #307173)
CVE-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module befo ...)
	- sork-vacation 2.2.2-1
CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager b ...)
	- mnemo 1.1-2.1 (bug #307180)
	- mnemo2 <not-affected> (fixed before 2.1.1)
CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client b ...)
	- imp4 <not-affected>
	- imp3 3.2.8-1 (bug #328218; low)
CVE-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forw ...)
	- sork-forwards 2.2.2-1
CVE-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before  ...)
	NOT-FOR-US: Hord Chora module
CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module befo ...)
	- sork-accounts 2.1.2-1
CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before  ...)
	- turba 1.2.5-1
CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module bef ...)
	- kronolith 1.1.4-1
CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...)
	- sork-passwd 2.2.2-1
CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allow ...)
	NOT-FOR-US: Yappa-NG
CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allo ...)
	NOT-FOR-US: Yappa-NG
CVE-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to  ...)
	NOT-FOR-US: bBlog
CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote  ...)
	NOT-FOR-US: bBlog
CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or HT ...)
	- courier <unfixed> (bug #307575; unimportant)
CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version  ...)
	NOT-FOR-US: Adobe Version Cue
CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 all ...)
	NOT-FOR-US: Adobe Reader 7
CVE-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files v ...)
	NOT-FOR-US: hyper.cgi
CVE-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...)
	NOT-FOR-US: citat.pl
CVE-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files vi ...)
	NOT-FOR-US: citat.pl
CVE-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote  ...)
	NOT-FOR-US: Confixx
CVE-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update  ...)
	NOT-FOR-US: nProtect:Netizen
CVE-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script al ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary c ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary file ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script all ...)
	NOT-FOR-US: include.cgi
CVE-2005-1296 (include.cgi script allows remote attackers to execute arbitrary comman ...)
	NOT-FOR-US: include.cgi
CVE-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: include.cgi
CVE-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for Linu ...)
	- affix-kernel 2.1.1-1.1
CVE-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal 2 ...)
	NOT-FOR-US: StorePortal
CVE-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Car ...)
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remot ...)
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 an ...)
	- phpbb2 2.0.13-6sarge1 (low)
CVE-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ex ...)
	NOT-FOR-US: E-Cart
CVE-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...)
	NOT-FOR-US: ACS Blog
CVE-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote at ...)
	NOT-FOR-US: BK Forum
CVE-2005-1286 (Unquoted Windows search path vulnerability in BitDefender 8 allows loc ...)
	NOT-FOR-US: Bitdefender
CVE-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burn ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote at ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server P ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail S ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.10.10-2
CVE-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote att ...)
	- ethereal 0.10.10-2
	- tcpdump 3.8.3-4
CVE-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...)
	{DSA-850-1}
	- tcpdump 3.8.3-4
CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1  ...)
	- tcpdump 3.8.3-4 (bug #307920)
CVE-2005-1277
	REJECTED
CVE-2005-1276
	RESERVED
CVE-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for I ...)
	- imagemagick 6:6.0.6.2-2.3 (bug #306424)
CVE-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV  ...)
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-1273
	RESERVED
CVE-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL Serv ...)
	NOT-FOR-US: Backup Agent for Microsoft SQL
CVE-2005-1271
	REJECTED
CVE-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter befo ...)
	- rkhunter 1.2.7-14 (medium)
CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
	- libconvert-uulib-perl 1.0.5.1-1
CVE-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) veri ...)
	{DSA-805-1}
	- apache2 2.0.54-5 (bug #320048; bug #320063; bug #322613; low)
	- apache <not-affected> (Not affected, see #322613)
CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle  ...)
	{DSA-854-1}
	- tcpdump 3.9.0.cvs.20050614-1 (medium)
CVE-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
	{DSA-736-2 DSA-736-1}
	- spamassassin 3.0.4-1 (bug #314447; medium)
CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create mem ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	[sarge] - kernel-source-2.4.27 2.4.27-10
	NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of se ...)
	- gaim 1:1.2.1-1.1
CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...)
	- gaim 1:1.2.1-1.1
CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
	{DSA-741-1}
	- bzip2 1.0.2-7
CVE-2005-1259
	RESERVED
CVE-2005-1258
	RESERVED
CVE-2005-1257
	RESERVED
CVE-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail  ...)
	NOT-FOR-US: IMail
CVE-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...)
	NOT-FOR-US: IMail
CVE-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...)
	NOT-FOR-US: IMail
CVE-2005-1253
	RESERVED
CVE-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in Ips ...)
	NOT-FOR-US: IMail
CVE-2005-1251
	RESERVED
CVE-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ( ...)
	NOT-FOR-US: IpSwitch
CVE-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) al ...)
	NOT-FOR-US: IMail
CVE-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to  ...)
	NOT-FOR-US: Apple iTunes
CVE-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ca ...)
	NOT-FOR-US: Novell Nsure Audit
CVE-2005-1246 (Format string vulnerability in the snmppd_log function in snmppd_util. ...)
	NOT-FOR-US: snmppd
CVE-2005-XXXX [Multiple security problems in Quake 2]
	NOTE: this release added lots of warnings about the security problems
	- quake2 1:0.3-1.1
CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, wh ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1244
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1243 (Directory traversal vulnerability in the third party tool from SafeSto ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe,  ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1241 (Directory traversal vulnerability in the third party tool from Powerte ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1240 (Directory traversal vulnerability in the third party tool from Castleh ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1239 (Directory traversal vulnerability in the third party tool from Raz-Lee ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...)
	NOT-FOR-US: AS/400 FTP server
CVE-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows re ...)
	NOT-FOR-US: FlexPHPNews
CVE-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3. ...)
	NOT-FOR-US: DUPortal
CVE-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remot ...)
	NOT-FOR-US: phpbb-Auction
CVE-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote a ...)
	NOT-FOR-US: phpbb-Auction
CVE-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proF ...)
	NOT-FOR-US: PHP Labs proFile
CVE-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...)
	NOT-FOR-US: Sun ONE Proxy Server
CVE-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in Gl ...)
	NOT-FOR-US: JAWS
CVE-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote attack ...)
	NOT-FOR-US: Yawcan
CVE-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows remot ...)
	{DSA-846-1}
	- cpio 2.6-6 (bug #306693; medium)
CVE-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1 ...)
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier  ...)
	NOT-FOR-US: PHPProjekt
CVE-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which al ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows r ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allo ...)
	NOT-FOR-US: DUPortal
CVE-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.0 ...)
	NOT-FOR-US: Ocean12 Calender manager
CVE-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to exec ...)
	NOT-FOR-US: Annuaire Netref
CVE-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro  ...)
	NOT-FOR-US: ECommPro
CVE-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain se ...)
	NOT-FOR-US: Shoutbox
CVE-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows a ...)
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...)
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1217
	RESERVED
CVE-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to servic ...)
	NOT-FOR-US: Microsoft
CVE-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ca ...)
	NOT-FOR-US: Microsoft
CVE-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet cont ...)
	NOT-FOR-US: Microsoft
CVE-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook E ...)
	NOT-FOR-US: Microsoft
CVE-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32 ...)
	NOT-FOR-US: Microsoft
CVE-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft Inte ...)
	NOT-FOR-US: Microsoft
CVE-2005-1210
	RESERVED
CVE-2005-1209
	RESERVED
CVE-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, an ...)
	NOT-FOR-US: Microsoft
CVE-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and  ...)
	NOT-FOR-US: Microsoft
CVE-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for Mi ...)
	NOT-FOR-US: Microsoft
CVE-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and W ...)
	NOT-FOR-US: Microsoft
CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
	- libpam-ssh 1.91.0-9
CVE-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote attack ...)
	NOT-FOR-US: Desktop Rover
CVE-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware befo ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware befo ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board (AZb ...)
	NOT-FOR-US: AZbb
CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ Bullet ...)
	NOT-FOR-US: AZbb
CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows r ...)
	NOT-FOR-US: UBB.threads
CVE-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...)
	NOT-FOR-US: Anaconda Foundation Directory
CVE-2005-1197 (SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CH ...)
	NOT-FOR-US: Oracle
CVE-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...)
	NOT-FOR-US: PHPBB Knowledgebase Mod
CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) MM ...)
	- xine-lib 1.0.1-1
	- mplayer <not-affected> (fixed in 1.0-pre7, which was released before etch)
CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm 0.9 ...)
	- nasm 0.98.38-1.2 (bug #309049)
CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php fo ...)
	- phpbb2 2.0.13-6sarge1 (medium)
CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)
	NOT-FOR-US: HP-UX
CVE-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2 ...)
	NOT-FOR-US: Windows
CVE-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: WebcamXP
CVE-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...)
	NOT-FOR-US: WebcamXP
CVE-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...)
	NOT-FOR-US: ComersusCart
CVE-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other v ...)
	NOT-FOR-US: WinHex
CVE-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com doma ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1185 (Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00 ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...)
	NOT-FOR-US: Apparently bogus report. at least on Linux it couldn't be reproduced
CVE-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows re ...)
	NOT-FOR-US: mvnForum
CVE-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for W ...)
	NOT-FOR-US: iSeries OS
CVE-2005-1181
	NOT-FOR-US: Ariadne CMS
CVE-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuk ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various Work ...)
	NOT-FOR-US: Xerox
CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote attacker ...)
	NOT-FOR-US: Oracle
CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 cause ...)
	- webmin <not-affected>
	NOTE: I haven't found further information on this, but this appears to only
	NOTE: affect non-Debian setups
CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while  ...)
	NOT-FOR-US: AIX
CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC)  ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote atta ...)
	NOT-FOR-US: PMSoftware Simple Web Server
CVE-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank m ...)
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for php ...)
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, whic ...)
	NOT-FOR-US: Mafia Blog
CVE-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows  ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in  ...)
	NOT-FOR-US: Dameware
CVE-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Yager game
CVE-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Yager game
CVE-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote attac ...)
	NOT-FOR-US: Yager game
CVE-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore a ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote a ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1160 (The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Su ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1159 (The native implementations of InstallTrigger and other functions in Fi ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-1158 (Multiple "missing security checks" in Firefox before 1.0.3 allow remot ...)
	- mozilla-firefox 1.0.3-1
CVE-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 all ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 all ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite be ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote atta ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a p ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the umask ...)
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before pro ...)
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlie ...)
	NOT-FOR-US: Sun Java
CVE-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1 ...)
	NOT-FOR-US: ACNews
CVE-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain s ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain s ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1146
	NOT-FOR-US: CalenderScript
CVE-2005-1145
	NOT-FOR-US: CalenderScript
CVE-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to o ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalend ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0 ...)
	- gocr 0.39-5
CVE-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when  ...)
	- gocr 0.39-5
CVE-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows rem ...)
	NOT-FOR-US: MyBloggie
CVE-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital certificate ...)
	NOT-FOR-US: Opera
CVE-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allo ...)
	NOT-FOR-US: Kerio
CVE-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sen ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) c ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP  ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and earlie ...)
	NOT-FOR-US: Serendipity
CVE-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
	NOT-FOR-US: AS/400 system software
CVE-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: LG mobile phone
CVE-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier  ...)
	NOT-FOR-US: Veritas Focalpoint Server
CVE-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
	NOT-FOR-US: PinnacleCart
CVE-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attac ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow r ...)
	NOT-FOR-US: VHCS
CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 an ...)
	{DSA-1122 DSA-1121}
	- libnet-server-perl 0.89-1 (bug #378640)
	NOTE: Net::Server was already fixed in 0.87-1, although the changelog doesn't mention
	NOTE: the security implication, which was noticed later. I've verified both fixes
	NOTE: are identical
	NOTE: but DSA-1122 thinks it was fixed in 0.89-1, so mark that version to make
	NOTE: scripts happy (at time of writing, 0.90-1 is in testing)
	- postgrey 1.22-1
CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 an ...)
	NOT-FOR-US: Free BSD
CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in multi-th ...)
	- libsafe <removed>
CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library  ...)
	NOT-FOR-US: Solaris
CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause  ...)
	NOT-FOR-US: monkeyd
CVE-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) befor ...)
	NOT-FOR-US: monkeyd
CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
	{DSA-726-1}
	- oops 1.5.23.cvs-2.2 (bug #307360; high)
CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.1 ...)
	{DSA-1010-1}
	- ilohamail 0.8.14-0rc3sarge1 (bug #304525; medium)
CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary  ...)
	- sudo <unfixed> (bug #283161; unimportant)
	NOTE: That's a policy violation, but not a security problem
CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the R ...)
	NOT-FOR-US: RSA authentication agent
CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in All4WWW-Homepa ...)
	NOT-FOR-US: All4WWW Homepage creator
CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ph ...)
	NOT-FOR-US: phpbb2 calendar addon
CVE-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0 ...)
	NOT-FOR-US: Photo Album
CVE-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo Al ...)
	NOT-FOR-US: Photo Album
CVE-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...)
	NOT-FOR-US: PhpBB Plus
CVE-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the doc ...)
	NOT-FOR-US: IBM Websphere
CVE-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify pe ...)
	{DSA-846-1}
	- cpio 2.6-6 (bug #305372; low)
CVE-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in t ...)
	NOT-FOR-US: Sumus web server
CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote atta ...)
	{DSA-713-1}
	- junkbuster <removed> (bug #304793)
	- privoxy <not-affected>
CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-thre ...)
	{DSA-713-1}
	- junkbuster <removed>
	- privoxy <not-affected>
CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ins ...)
	NOT-FOR-US: McAfee
CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
	- postgrey 1.21-1
CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers t ...)
	NOT-FOR-US: Windows
CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName meth ...)
	- libgnumail-java <unfixed> (bug #304712; unimportant)
	NOTE: This just provides an Java API function to receive a file name, sanitising
	NOTE: this file name for further use must be done inside the application calling
	NOTE: the function
CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow  ...)
	NOT-FOR-US: Centra
CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4. ...)
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in template-functi ...)
	NOTE: Upstream developers don't consider this an issue, see bug #304468
CVE-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...)
	NOT-FOR-US: Lotus Domino Server
CVE-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in Greyl ...)
	- postfix-gld 1.5-1
CVE-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in G ...)
	- postfix-gld 1.5-1
CVE-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in plain ...)
	NOT-FOR-US: GetDataBack for NTFS (Windows)
CVE-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
	NOT-FOR-US: Rebrand P2P Share Spy
CVE-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membe ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xm ...)
	NOT-FOR-US: FTP Now
CVE-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with  ...)
	NOT-FOR-US: Miranda IM
CVE-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext  ...)
	NOT-FOR-US: DeluxeFTP
CVE-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...)
	NOT-FOR-US: Maxthon
CVE-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API fo ...)
	NOT-FOR-US: Maxthon
CVE-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append  ...)
	NOT-FOR-US: DC++
CVE-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mi ...)
	NOT-FOR-US: DameWare NT Utilities and Mini Remote Control
CVE-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Serv ...)
	NOT-FOR-US: AN HTTPD
CVE-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allo ...)
	NOT-FOR-US: AN HTTPD
CVE-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in aeDat ...)
	NOT-FOR-US: aeDating
CVE-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows remo ...)
	NOT-FOR-US: aeDating
CVE-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...)
	NOT-FOR-US: aeDating
CVE-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 all ...)
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlat ...)
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) utili ...)
	NOT-FOR-US: JAR in J2SE SDK
CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2  ...)
	NOT-FOR-US: zOOm Media Gallery
CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows attac ...)
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x all ...)
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board funct ...)
	NOT-FOR-US: WebCT
CVE-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadB ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids  ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows  ...)
	NOT-FOR-US: PunBB
CVE-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2. ...)
	NOT-FOR-US: JPortal
CVE-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact ...)
	NOT-FOR-US: sCssBoard
CVE-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...)
	NOT-FOR-US: sCssBoard
CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to g ...)
	NOT-FOR-US: Access_user class
CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users t ...)
	- pine 4.63-1 (unimportant)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	NOTE: Not shipped in the binary package
CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ex ...)
	- tetex-base <not-affected> (/var/cache/fonts is not writable by normal users in Debian)
CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ch ...)
	- rsnapshot 1.2.1-1
CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0. ...)
	NOT-FOR-US: Kerio
CVE-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0. ...)
	NOT-FOR-US: Kerio
CVE-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...)
	- logwatch 5.0-1
CVE-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novel ...)
	NOT-FOR-US: Novell Netware
CVE-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password wit ...)
	NOT-FOR-US: Linksys WET11
CVE-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile tha ...)
	NOT-FOR-US: Cisco
CVE-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH vers ...)
	NOT-FOR-US: Cisco
CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 th ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web roo ...)
	NOT-FOR-US: TowerBlog
CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in ModernBill 4.3. ...)
	NOT-FOR-US: ModernBill
CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...)
	NOT-FOR-US: ModernBill
CVE-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not proper ...)
	NOT-FOR-US: Microsoft
CVE-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remot ...)
	NOT-FOR-US: PunBB
CVE-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows rem ...)
	NOT-FOR-US: PostNuke
CVE-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 al ...)
	NOT-FOR-US: PostNuke
CVE-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allow ...)
	NOT-FOR-US: PostNuke
CVE-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not proper ...)
	NOT-FOR-US: PunBB
CVE-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote atta ...)
	{DSA-714-1}
	- kdelibs 4:3.3.2-6
CVE-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings befo ...)
	NOT-FOR-US: OpenText
CVE-2005-1044
	REJECTED
CVE-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial  ...)
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local  ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop  ...)
	- netapplet <not-affected> (Not vulnerable, see bug #310833)
CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2 ...)
	- coreutils 6.10-1 (bug #304556; unimportant)
	NOTE: Minor issue, generic UNIX design issue, see discussion in #304556)
CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows loc ...)
	NOTE: long fixed in Debian's cron
CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client,  ...)
	NOT-FOR-US: AIX
CVE-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permis ...)
	NOT-FOR-US: FreeBSD
CVE-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack v ...)
	- pavuk 0.9.32-1
CVE-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (a ...)
	NOT-FOR-US: SurgeFTP
CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: CubeCart
CVE-2005-1032
	REJECTED
CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), wh ...)
	NOT-FOR-US: exoops
CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction  ...)
	NOT-FOR-US: Active Auction House
CVE-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow r ...)
	NOT-FOR-US: Active Auction House
CVE-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x th ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...)
	NOT-FOR-US: SnailSource phpBB mod
CVE-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote  ...)
	NOT-FOR-US: IBM
CVE-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain s ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root i ...)
	NOT-FOR-US: ColdFusion
CVE-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...)
	NOT-FOR-US: IOS
CVE-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote atta ...)
	NOT-FOR-US: IOS
CVE-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier all ...)
	NOT-FOR-US: Aeon
CVE-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) Bri ...)
	NOT-FOR-US: CA ArcServe Backup
CVE-2005-XXXX [Some security issues in mod_security]
	NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
	NOTE: the changelog entries matches the security criteria, but the changelog
	NOTE: claims so.
	- libapache-mod-security 1.8.7-1
CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
	NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
	- imms 2.0.3-1
CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
	- smarty 2.6.9-1
CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
	- obexftp 0.10.7-3
CVE-2005-1017 (SQL injection vulnerability in the Update_Events function in events_fu ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for Max ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attacke ...)
	NOT-FOR-US: MailEnable
CVE-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and Profess ...)
	NOT-FOR-US: MailEnable
CVE-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows re ...)
	NOT-FOR-US: SiteEnable
CVE-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...)
	NOT-FOR-US: SiteEnable
CVE-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows rem ...)
	NOT-FOR-US: ComersusCart
CVE-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) re ...)
	NOT-FOR-US: NetVault
CVE-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM F ...)
	NOT-FOR-US: XM Forum
CVE-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro bef ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO  ...)
	NOT-FOR-US: SonicWALL
CVE-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass authentica ...)
	NOT-FOR-US: PayProCart
CVE-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCo ...)
	NOT-FOR-US: PayProCart
CVE-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode PayProCa ...)
	NOT-FOR-US: PayProCart
CVE-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows re ...)
	NOT-FOR-US: LOG-FT File Transfer
CVE-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 al ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtai ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for PHP ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for PHP ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...)
	NOT-FOR-US: ProductCart
CVE-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...)
	NOT-FOR-US: ProductCart
CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users  ...)
	NOT-FOR-US: SCO
CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin be ...)
	- phpmyadmin 3:2.6.2-rc1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-3/
CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location f ...)
	NOT-FOR-US: AIX
CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite a ...)
	- sharutils 1:4.2.1-13
CVE-2005-0989 (The find_replen function in jsstr.c in the Javascript engine for Mozil ...)
	{DSA-781-1}
	- mozilla 2:1.7.7-1 (bug #306001)
	- mozilla-firefox 1.0.2-3
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...)
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
	NOT-FOR-US: IRC Services NickServ
CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0. ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-0985 (Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows  ...)
	NOT-FOR-US: Apple
CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jed ...)
	NOT-FOR-US: Star Wars game
CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to  ...)
	NOT-FOR-US: Quake 3 based games
CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another For ...)
	NOT-FOR-US: Yet Another Forum.net
CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in AlstraSoft EPa ...)
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote attack ...)
	NOT-FOR-US: Rumba
CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT Bl ...)
	NOT-FOR-US: IVT BlueSoleil
CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ker ...)
	[sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
	NOT-FOR-US: Apple
CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o  ...)
	NOT-FOR-US: Apple
CVE-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ear ...)
	NOT-FOR-US: Apple
CVE-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ea ...)
	NOT-FOR-US: Apple
CVE-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X 10.3. ...)
	NOT-FOR-US: Apple
CVE-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and execu ...)
	NOT-FOR-US: Apple
CVE-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in M ...)
	NOT-FOR-US: Apple
CVE-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote  ...)
	NOT-FOR-US: CA eTrust IDS
CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service (appli ...)
	- gaim 1:1.2.1-1
CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
	- openwebmail <removed>
CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions,  ...)
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlie ...)
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier all ...)
	NOT-FOR-US: Kerio firewall
CVE-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine  ...)
	NOT-FOR-US: ACPI BIOS hardware issue
CVE-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart a ...)
	NOT-FOR-US: SquirrelCart
CVE-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-R ...)
	- horde3 3.0.4-1
	- horde2 2.2.8-1
CVE-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c  ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may a ...)
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...)
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attacker ...)
	NOT-FOR-US: BayTech RPC
CVE-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kar ...)
	NOT-FOR-US: InterAKT MX Kart
CVE-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote at ...)
	NOT-FOR-US: InterAKT MX Shop
CVE-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remo ...)
	NOT-FOR-US: Windows
CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
	{DSA-730-1}
	- bzip2 1.0.2-6
	NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
	NOTE: attacker would have to exploit the minimal time span between uncompressing
	NOTE: the file and chmodding it to delete the file and place a hardlink to another
	NOTE: file of the "attacked" user. Additionally the attacker needs write permissions
	NOTE: to the directory where the file is being uncompressed, ruling out /~ etc.
CVE-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 all ...)
	NOT-FOR-US: PafileDB
CVE-2005-0951
	REJECTED
CVE-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...)
	NOT-FOR-US: FastStone 4in1 Browser
CVE-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in  ...)
	NOT-FOR-US: PortalApp
CVE-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows remot ...)
	NOT-FOR-US: PortalApp
CVE-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...)
	NOT-FOR-US: phpCoin
CVE-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remot ...)
	NOT-FOR-US: phpCoin
CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remo ...)
	NOT-FOR-US: ACS Blog
CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.86 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlie ...)
	NOT-FOR-US: Cisco
CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...)
	NOT-FOR-US: Sybase ASE
CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
	- openoffice.org 1.1.3-9
CVE-2005-0939
	RESERVED
CVE-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ro ...)
	NOT-FOR-US: UBlog
CVE-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform get_use ...)
	- kernel-source-2.6.8 2.6.8-16
CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
	- freeciv 2.0.1-1
CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack]
	- mailscanner 4.40.11-1
CVE-2005-XXXX [KDE Kopete ICQ remote DoS]
	- kdenetwork 4:3.3.2-2
CVE-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal St ...)
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...)
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 al ...)
	NOT-FOR-US: WackoWiki
CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b an ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier a ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 al ...)
	NOT-FOR-US: The Includer
CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness 2. ...)
	NOT-FOR-US: Chatness
CVE-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote  ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP P ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has  ...)
	NOT-FOR-US: WebAPP
CVE-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ca ...)
	- sylpheed 1.0.4-1
	- sylpheed-claws 1.0.4-1
CVE-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...)
	NOT-FOR-US: Uapplication Ublog
CVE-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...)
	NOT-FOR-US: Adventia E-Data
CVE-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton A ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton An ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...)
	NOT-FOR-US: Lotus
CVE-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow r ...)
	NOT-FOR-US: Bugtracker.NET
CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...)
	NOT-FOR-US: Adventia E-Data
CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier,  ...)
	NOT-FOR-US: Adobe SVG Viewer
CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for Encaps ...)
	NOT-FOR-US: EncapsBB
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
	- kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypas ...)
	NOT-FOR-US: Webmasters-Debutants WD Guestbook
CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9 ...)
	NOT-FOR-US: CPG Dragonfly
CVE-2005-0913 (Unknown vulnerability in the regex_replace modifier (modifier.regex_re ...)
	- smarty 2.6.8-1
CVE-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, p ...)
	NOT-FOR-US: deplate
CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote atta ...)
	NOT-FOR-US: exoops
CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow re ...)
	NOT-FOR-US: exoops
CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for TKai's Sho ...)
	NOT-FOR-US: THai's Shoutbox
CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shop ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0906 (Buffer overflow in a player logging function in the Tincat network lib ...)
	NOT-FOR-US: Tincat network library
CVE-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially  ...)
	NOT-FOR-US: Maxthon
CVE-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the "Force shutdown f ...)
	NOT-FOR-US: Microsoft
CVE-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attacke ...)
	NOT-FOR-US: QuickTime PictureViewer
CVE-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP- ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0 ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which a ...)
	NOT-FOR-US: AS/400 running OS400
CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in E-Stor ...)
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in E-Store Kit- ...)
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in p ...)
	NOT-FOR-US: phpMyDirectory
CVE-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Netcomm 1300NB DSL Modem
CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local  ...)
	- openmosixview 1.5-7
CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain uns ...)
	- smail <removed> (bug #335042; unimportant)
	NOTE: cording to upstream impossible to exploit
CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local us ...)
	{DSA-722-1}
	- smail 3.2.0.115-7 (bug #301428; high)
CVE-2005-0891 (Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote a ...)
	NOTE: The description is wrong; 2.6 is affected as well
	- gtk+2.0 2.6.4-1
	- gdk-pixbuf 0.22.0-7.1
CVE-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote at ...)
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.p ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.4.4-1
CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allo ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.4.4-1
CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...)
	NOT-FOR-US: XMB Forum
CVE-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by d ...)
	NOT-FOR-US: DigitalHive
CVE-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for Di ...)
	NOT-FOR-US: DigitalHive
CVE-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0  ...)
	NOT-FOR-US: BirdBlog
CVE-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for In ...)
	NOT-FOR-US: Interspire ArticleLive
CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Vortex Portal
CVE-2005-0879 (PHP remote file include vulnerability in (1) content.php and (2) index ...)
	NOT-FOR-US: Vortex Portal
CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3  ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache vi ...)
	- dnsmasq 2.21
CVE-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers  ...)
	- dnsmasq 2.21
CVE-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0,  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Ora ...)
	NOT-FOR-US: Oracle
CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in  ...)
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when  ...)
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
	{DSA-899-1 DSA-898-1 DSA-897-1 DSA-724-1}
	NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete.
	- phpsysinfo 2.3-7
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
	- phpsysinfo 2.3-3 (bug #301118; unimportant)
CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) I ...)
	- tn5250 <not-affected> (cannot find STRPCO or STRPCCMD in tn5250)
CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite k ...)
	- kernel-source-2.4.27 <not-affected> (kernel 2.4 doesn't have sysfs)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 <not-affected> (Not vulnerable, see #306137)
CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ov ...)
	- cdrtools 4:2.01+01a01-4 (bug #291376; low)
	[sarge] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
	[woody] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
CVE-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) roo ...)
	NOT-FOR-US: Samsung ADSL modems
CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and pos ...)
	NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago
CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows re ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0. ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow attacker ...)
	NOT-FOR-US: Delegate
CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0 allows  ...)
	NOT-FOR-US: TRG News Script
CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows remot ...)
	NOT-FOR-US: CzarNews
CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier al ...)
	NOT-FOR-US: CoolForum
CVE-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0 ...)
	NOT-FOR-US: CoolForum
CVE-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...)
	NOT-FOR-US: CoolForum
CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sen ...)
	NOT-FOR-US: CoolForum
CVE-2005-0854 (betaparticle blog (bp blog), posisbly before version 4, allows remote  ...)
	NOT-FOR-US: betaparticle blog
CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, wh ...)
	NOT-FOR-US: betaparticle blog
CVE-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of servi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression ...)
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a d ...)
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Code Ocean FTP Server
CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email auto- ...)
	NOT-FOR-US: SurgeMail
CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in SurgeMai ...)
	NOT-FOR-US: SurgeMail
CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory of  ...)
	NOT-FOR-US: Nortel Contivity
CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows re ...)
	NOT-FOR-US: Phorum
CVE-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako eSuppo ...)
	NOT-FOR-US: Kayako eSupport
CVE-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit ...)
	NOT-FOR-US: phpmyfamily
CVE-2005-0840
	REJECTED
CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and obta ...)
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up t ...)
	NOT-FOR-US: Java Web Start for proprietary Sun Java
CVE-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows re ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a mann ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allow ...)
	NOT-FOR-US: PHP-Post
CVE-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by  ...)
	NOT-FOR-US: PHP-Post
CVE-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier,  ...)
	NOT-FOR-US: Xzabite DynDNS Updater
CVE-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the Digitan ...)
	NOT-FOR-US: PHP-Fusion Addon
CVE-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1. ...)
	NOT-FOR-US: e-Xoops based products
CVE-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev ...)
	NOT-FOR-US: e-Xoops based products
CVE-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: OllyDbg MS Windows debugger
CVE-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute a ...)
	- ltris 1.0.6-1.1 (bug #291620)
CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1. ...)
	- mathopd 1.5p5-1
CVE-2005-XXXX [Various /tmp related security issues in cernlib]
	- cernlib 2004.11.04-3
CVE-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usern ...)
	NOT-FOR-US: iSnooker
CVE-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)
	NOT-FOR-US: Citrix
CVE-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 all ...)
	NOT-FOR-US: Citrix
CVE-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in t ...)
	NOT-FOR-US: MS Office
CVE-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attacke ...)
	NOT-FOR-US: Novell Netware
CVE-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote  ...)
	NOT-FOR-US: Pun BB
CVE-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway S ...)
	NOT-FOR-US: Symantec Gateway
CVE-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in L ...)
	- kernel-source-2.4.27 2.4.27-10 (bug #300783; medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc1)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1  ...)
	{DSA-717-1}
	- lsh-utils 2.0.1-1
CVE-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0 ...)
	NOT-FOR-US: ir
CVE-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access  ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote att ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote at ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/
CVE-2005-0807 (Multiple buffer overflows in Cain &amp; Abel before 2.67 allow remote  ...)
	NOT-FOR-US: Cain &amp; Abel
CVE-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ( ...)
	- evolution 2.0.4-2
CVE-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when mag ...)
	NOT-FOR-US: Subdreamer
CVE-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers  ...)
	NOT-FOR-US: MailEnable
CVE-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allo ...)
	NOT-FOR-US: Windows
CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...)
	NOT-FOR-US: ACS Blog
CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer allo ...)
	NOT-FOR-US: The Includer
CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in mcNews 1.3 a ...)
	NOT-FOR-US: mcNews
CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers wi ...)
	NOT-FOR-US: MySQL on Windows
CVE-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages if ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote att ...)
	NOT-FOR-US: Hola CMS
CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes direct ...)
	NOT-FOR-US: Hola CMS
CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scr ...)
	NOT-FOR-US: ZPanel
CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows ...)
	NOT-FOR-US: ZPanel
CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to e ...)
	NOT-FOR-US: ZPanel
CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2 ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote atta ...)
	NOT-FOR-US: SimpGB
CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2 ...)
	NOT-FOR-US: YaBB
CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5 ...)
	NOT-FOR-US: Phorum
CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allo ...)
	NOT-FOR-US: Phorum
CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ca ...)
	NOT-FOR-US: paFileDB
CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
	NOT-FOR-US: paFileDB
CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: paFileDB
CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attac ...)
	NOT-FOR-US: PlatinumFTP
CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is a ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5 ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify admini ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not l ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts i ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 th ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
	NOT-FOR-US: IDA Pro
CVE-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet S ...)
	NOT-FOR-US: GoodTech Telnet Server
CVE-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allow ...)
	- kernel-source-2.6.8 2.6.8-15
CVE-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 throug ...)
	- ethereal 0.10.10-1
CVE-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows  ...)
	- ethereal 0.10.10-1
CVE-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...)
	- rxvt-unicode 5.3-1
CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allo ...)
	{DSA-698-1}
	- mc 1:4.6.0-4.6.1-pre3-1
	NOTE: Sarge-specific regression correcting a previous DSA.
CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote attack ...)
	- imagemagick 5:6.0.2.5 (bug #301110)
CVE-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to  ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of se ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...)
	NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
	- gzip 1.3.5-10 (low)
	- bzip2 1.0.2-8.1 (bug #321286; low)
	[sarge] - bzip2 <no-dsa> (Minor issue)
CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux  ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
	- linux-2.6 <not-affected> (Fixed before upload in archive)
CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on t ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player  ...)
	- helix-player 1.0.4-1
CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without con ...)
	- kdewebdev 1:3.3.2-6
CVE-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to execu ...)
	{DSA-742-1}
	- cvs 1:1.12.9-13
CVE-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote  ...)
	- mozilla-firefox 1.0.3-1
CVE-2005-0751
	REJECTED
CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...)
	- kernel-source-2.4.27 2.4.27-10
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local  ...)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-10
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
	- omniorb4 4.0.5-2
CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allo ...)
	NOT-FOR-US: not part of Woody, has been removed from sarge/sid
CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable
CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable permi ...)
	- wine 0.0.20050310-1.1
CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attacke ...)
	- openslp 1.0.11a-2
CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mai ...)
	NOT-FOR-US: WEBInsta
CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: ApplyYourself
CVE-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allow ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local use ...)
	NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor
CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 a ...)
	NOT-FOR-US: Xoops
CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System Applicatio ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 a ...)
	NOT-FOR-US: YaBB
CVE-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attac ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does n ...)
	{DSA-718-1}
	- ethereal 0.10.10-1
CVE-2005-0738 (Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...)
	- kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0735 (newsscript.pl for NewsScript allows remote attackers to gain privilege ...)
	NOT-FOR-US: newsscript
CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote att ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows  ...)
	NOT-FOR-US: Xpand Rally
CVE-2005-0728
	REJECTED
CVE-2005-0727
	REJECTED
CVE-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows  ...)
	NOT-FOR-US: UBB.threads
CVE-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in wfsfile ...)
	NOT-FOR-US: wfsections
CVE-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: paFileDB
CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in f ...)
	NOT-FOR-US: paFileDB
CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the we ...)
	NOT-FOR-US: eXPerience2
CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in eXPerience2  ...)
	NOT-FOR-US: eXPerience2
CVE-2005-0720 (PHP remote file inclusion vulnerability in admin/header.php in PHP mcN ...)
	NOT-FOR-US: mcNews
CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix 4. ...)
	NOT-FOR-US: Tru64
CVE-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denia ...)
	- squid 2.5.8 (bug #305605)
CVE-2005-0717
	RESERVED
CVE-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Dr ...)
	NOT-FOR-US: Mac OS
CVE-2005-0714
	REJECTED
CVE-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launch ...)
	NOT-FOR-US: Mac OS
CVE-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain di ...)
	NOT-FOR-US: Mac OS
CVE-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable fil ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authen ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authen ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
	- kfreebsd-8 <not-affected> (Fixed before initial release; bug #613311)
	- kfreebsd-7 <not-affected> (Fixed before initial release; bug #613311)
CVE-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collabo ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...)
	[sarge] - gnome-vfs2 <not-affected> (does not install the module with the vulnerable code)
	- grip 3.2.0-4 (low)
	- libcdaudio 0.99.9-2.1 (bug #304799; low)
	- gnome-vfs 1.0.5-5.1 (bug #305163; low)
	- gnome-vfs2 2.10.1-3
CVE-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ig ...)
	- ethereal 0.10.10-1
CVE-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0. ...)
	- ethereal 0.10.10-1
CVE-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...)
	NOT-FOR-US: Xerox MicroServer Web Server
CVE-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote atta ...)
	NOT-FOR-US: phpMyFAQ
CVE-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i  ...)
	NOT-FOR-US: Oracle
CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows remo ...)
	NOT-FOR-US: Aztek
CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the CD ...)
	- ethereal 0.10.9-2
CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier ...)
	NOT-FOR-US: PHPWebLog
CVE-2005-0697 (SQL injection vulnerability in the process_picture function xp_publish ...)
	NOT-FOR-US: CopperExport
CVE-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authentic ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting Controll ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under t ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attack ...)
	NOT-FOR-US: JoWood Chaser (for Windows)
CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fu ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for modules.ph ...)
	NOT-FOR-US: SocialMPN
CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control cons ...)
	NOT-FOR-US: Gene6 FTP Server for Win
CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute arbitr ...)
	NOT-FOR-US: The Includer
CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, allo ...)
	NOT-FOR-US: Windows
CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers t ...)
	- hashcash 1.17-1
CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf suppor ...)
	- mlterm 2.9.2 (bug #298621)
CVE-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ( ...)
	NOT-FOR-US: OutStart Participate Enterprise
CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.0 ...)
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-0683
	REJECTED
CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal befor ...)
	- drupal 4.5.2
CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Nokia
CVE-2005-0680 (PHP remote file inclusion vulnerability in download_center_lite.inc.ph ...)
	NOT-FOR-US: Download Center Lite
CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php for T ...)
	NOT-FOR-US: Tell A Friend Script
CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for Form M ...)
	NOT-FOR-US: Form Mail Script
CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain act ...)
	NOT-FOR-US: Zorum
CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL error ...)
	NOT-FOR-US: Zorum
CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 al ...)
	NOT-FOR-US: Zorum
CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox  ...)
	NOT-FOR-US: Pabox for PHPNuke
CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ph ...)
	- phpbb2 2.0.13-2
CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows re ...)
	NOT-FOR-US: Ca3DE
CVE-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
	NOT-FOR-US: Ca3DE
CVE-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2. ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 th ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prev ...)
	NOT-FOR-US: HAVP
CVE-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9 ...)
	- sylpheed 1.0.3-1
	- sylpheed-claws 1.0.3-1
CVE-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 be ...)
	- kernel-patch-adamantix 1.7
CVE-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
	NOT-FOR-US: XV
CVE-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly  ...)
	{DSA-709-1}
	- libexif 0.6.9-5
CVE-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
	NOT-FOR-US: Mercury Board
CVE-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...)
	NOT-FOR-US: Mercury Board
CVE-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in session. ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 al ...)
	NOT-FOR-US: D-Forum
CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive i ...)
	- phpbb2 <unfixed> (unimportant)
CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
	NOT-FOR-US: TYPO3 extension
CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4. ...)
	NOT-FOR-US: Computalynx CProxy
CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 all ...)
	NOT-FOR-US: auraCMS
CVE-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: auraCMS
CVE-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote att ...)
	NOTE: this is not a security issue according to maintainer
CVE-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...)
	- phpmyadmin 3:2.6.1-pl3-1
CVE-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha  ...)
	NOT-FOR-US: OpenVMS
CVE-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remo ...)
	NOT-FOR-US: ProjectBB
CVE-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5 ...)
	NOT-FOR-US: ProjectBB
CVE-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cro ...)
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow rem ...)
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject arb ...)
	NOT-FOR-US: paNews
CVE-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...)
	NOT-FOR-US: paNews
CVE-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1 ...)
	NOT-FOR-US: CuteNews
CVE-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before 443 ...)
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before 435 ...)
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0642 (SQL injection vulnerability in the Query Designer for Computer Associa ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer  ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
	{DSA-695-1 DSA-694-1}
	- xloadimage 4.1-14.2
	- xli 1.17.0-17
CVE-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to exe ...)
	{DSA-695-1 DSA-694-1}
	- xli 1.17.0-18
	- xloadimage 4.1-14.1 (bug #298926)
CVE-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote attack ...)
	NOT-FOR-US: Foxmail
CVE-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to execu ...)
	NOT-FOR-US: Foxmail
CVE-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to e ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 a ...)
	NOT-FOR-US: PHPNews
CVE-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete a ...)
	NOT-FOR-US: PBLang
CVE-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ar ...)
	NOT-FOR-US: PBLang
CVE-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in  ...)
	NOT-FOR-US: 427BB
CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 all ...)
	NOT-FOR-US: Forumwa
CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be wo ...)
	- qt-x11-free <not-affected> (RPATH disabled in Debian's build)
CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Net ...)
	- squid 2.5.9-2
CVE-2005-0940
	REJECTED
CVE-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, whic ...)
	- reportbug 3.8 (bug #295407)
CVE-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
	- reportbug 3.8 (bug #295407)
CVE-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions bef ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows  ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Scrapland
CVE-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the world- ...)
	NOT-FOR-US: Einstein
CVE-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and pass ...)
	NOT-FOR-US: Einstein
CVE-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R  ...)
	NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware
CVE-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.7 ...)
	NOT-FOR-US: PostNuke
CVE-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download mo ...)
	NOT-FOR-US: PostNuke
CVE-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.p ...)
	NOT-FOR-US: PostNuke
CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ga ...)
	- phpbb2 2.0.13-1
CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, a ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...)
	NOT-FOR-US: Cisco
CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.105 ...)
	NOT-FOR-US: Real
CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in F ...)
	NOT-FOR-US: FreeBSD portupgrade
CVE-2005-0609
	REJECTED
CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
	NOT-FOR-US: Half Life WebMod
CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the  ...)
	NOT-FOR-US: CubeCert
CVE-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeC ...)
	NOT-FOR-US: CubeCert
CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a  ...)
	{DSA-723-1}
	- lesstif2 1:0.93.94-11.1 (bug #298183; bug #299236)
	NOTE: libxmp4 is the real culprit
	- xfree86 4.3.0.dfsg.1-13
	- xorg-x11 <not-affected> (Fixed before upload into archive)
	- openmotif 2.2.3-1.1 (bug #308819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the usern ...)
	NOT-FOR-US: GFI Languard Network Security Scanner
CVE-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to o ...)
	- phpbb2 2.0.13-1
CVE-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...)
	- unzip 5.52-1
	NOTE: um, tar does this too, not really considered a security hole
CVE-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...)
	NOT-FOR-US: Real
CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon cra ...)
	NOTE: Fixed in CVS after 4.3.4 release; see https://bugs.php.net/bug.php?id=27037
	- php4 4:4.3.8-1
CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to  ...)
	NOT-FOR-US: BadBlue
CVE-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...)
	NOT-FOR-US: Apple
CVE-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers  ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefo ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...)
	- mozilla-firefox 1.0.1
CVE-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, Thunderb ...)
	- mozilla-firefox 1.0.1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers  ...)
	- mozilla-firefox 1.0.1
CVE-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:in ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious  ...)
	NOTE: windows only
CVE-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious  ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domai ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTT ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License  ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 al ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client a ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges be ...)
	NOT-FOR-US: cmd5checkpw
CVE-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTH ...)
	NOT-FOR-US: FreeNX
CVE-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable  ...)
	- mozilla-firefox 1.0.1-1
CVE-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier  ...)
	NOT-FOR-US: MKBold-MKItalic
CVE-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font  ...)
	NOT-FOR-US: STSF in Solaris
CVE-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...)
	NOT-FOR-US: Stormy Studios Knet
CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows remot ...)
	NOT-FOR-US: CIS Webserver
CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a denia ...)
	NOTE: Historic Gaim on Windows
CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to  ...)
	NOT-FOR-US: phpWebSite
CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitr ...)
	NOT-FOR-US: PunBB
CVE-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: PunBB
CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote att ...)
	NOT-FOR-US: PunBB
CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a den ...)
	NOT-FOR-US: Soldier of Fortune II
CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...)
	- phpmyadmin 3:2.6.1-pl2-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-1/
CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remot ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote att ...)
	NOT-FOR-US: phpWebSite
CVE-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and  ...)
	NOT-FOR-US: Microsoft Word
CVE-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Acce ...)
	NOT-FOR-US: Microsoft
CVE-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
	NOT-FOR-US: MSN Messenger
CVE-2005-0561
	RESERVED
CVE-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in x ...)
	NOT-FOR-US: Exchange server
CVE-2005-0559
	RESERVED
CVE-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allow ...)
	NOT-FOR-US: Microsoft Word
CVE-2005-0557
	RESERVED
CVE-2005-0556
	RESERVED
CVE-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer  ...)
	NOT-FOR-US: MSIE
CVE-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer 5. ...)
	NOT-FOR-US: MSIE
CVE-2005-0553 (Race condition in the memory management routines in the DHTML object p ...)
	NOT-FOR-US: MSIE
CVE-2005-0552
	RESERVED
CVE-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
	NOT-FOR-US: Microsoft
CVE-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Docume ...)
	NOT-FOR-US: Solaris
CVE-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Docume ...)
	NOT-FOR-US: Solaris
CVE-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11 ...)
	NOT-FOR-US: ftpd on HP-UX
CVE-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attac ...)
	- cyrus21-imapd 2.1.18-1
CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Activ ...)
	NOT-FOR-US: MS Office
CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of th ...)
	- phpmyadmin 3:2.6.1-pl2-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2005-2/
CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows re ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 a ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server  ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote at ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before  ...)
	NOT-FOR-US: IBM
CVE-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ( ...)
	NOT-FOR-US: ginp
CVE-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) S ...)
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x bef ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI befo ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for Lin ...)
	- kernel-source-2.6.8 2.6.8-14
	NOTE: affects only 2.6 (see #296906)
CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for of ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0528
	REJECTED
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via plug ...)
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 all ...)
	NOT-FOR-US: PBLang
CVE-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 a ...)
	{DSA-729-1 DSA-708-1}
	- php4 4:4.3.10-10
	- php3 3:3.0.18-31
CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 an ...)
	- php3 <not-affected>
	- php4 4:4.3.10-10
CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows rem ...)
	{DSA-719-1}
	- prozilla 1:1.3.7.4-1
CVE-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in  ...)
	NOT-FOR-US: Chat Anywhere
CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including password ...)
	NOT-FOR-US: SendLink
CVE-2005-0520 (ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arb ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0519 (ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arb ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...)
	NOT-FOR-US: eXeem
CVE-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext  ...)
	NOT-FOR-US: PeerFTP
CVE-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote  ...)
	NOT-FOR-US: ImageGalleryPlugin for Twiki
CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other version ...)
	NOT-FOR-US: My Firewall Plus
CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5. ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php in the E ...)
	NOT-FOR-US: pMachine
CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allo ...)
	NOT-FOR-US: Mambo
CVE-2005-0511 (misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in H ...)
	NOT-FOR-US: vBulletin
CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause  ...)
	NOT-FOR-US: fallback-reboot
CVE-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5  ...)
	NOTE: default config of Mono not vulnerable
	- mono 1.1.6-4 (medium)
CVE-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attack ...)
	- batik 1.5.1-1
CVE-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier allo ...)
	NOT-FOR-US: SD Server
CVE-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP S ...)
	NOT-FOR-US: Avaya IP Office Phone Manager
CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before 1.5 ...)
	- irm 1.5.3.1-1
CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial dr ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.6.8 2.6.8-12
	- kernel-source-2.6.9 2.6.9-5
	- kernel-source-2.6.10 2.6.10-2
	- kernel-source-2.4.27 2.4.27-8
CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...)
	- uim 1:0.4.6beta2-1
CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows r ...)
	NOT-FOR-US: Xinkaa
CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Bontago
CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spo ...)
	NOT-FOR-US: MSIE6
CVE-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...)
	NOT-FOR-US: Gigafast router
CVE-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain s ...)
	NOT-FOR-US: Gigafast router
CVE-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain pr ...)
	NOT-FOR-US: ADP Elite System
CVE-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that  ...)
	NOT-FOR-US: Arkeia Network Backup
CVE-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote at ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable mo ...)
	NOT-FOR-US: Thomson TCW690 cable modem
CVE-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2. ...)
	NOT-FOR-US: Biz Mail From
CVE-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause  ...)
	NOT-FOR-US: Acrobat Reader
CVE-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows  ...)
	NOT-FOR-US: Arkeia Server Backup
CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and  ...)
	- curl 7.13.0-2
CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before initial release)
CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and  ...)
	- krb4 <unfixed> (unimportant)
	[woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	- krb5 1.8.3+dfsg-4 (unimportant)
	[woody] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	- netkit-telnet <not-affected> (netkit-telnet is not affected)
	NOTE: telnet code was removed earlier than 1.8.3, but that's the version that was available to check
CVE-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupp ...)
	NOT-FOR-US: Kyako ESupport
CVE-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...)
	NOT-FOR-US: Tarantella Secure Global Desktop
CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0 ...)
	NOT-FOR-US: paNews
CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...)
	NOT-FOR-US: GProFTPD
CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk ...)
	NOT-FOR-US: Glftpd
CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial  ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files  ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlie ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote  ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision  ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows r ...)
	NOT-FOR-US: hpm_guestbook.cgi
CVE-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other version ...)
	NOT-FOR-US: paFAQ
CVE-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in user.p ...)
	- webcalendar 0.9.45-3
CVE-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...)
	- gaim 1:1.1.3-1
CVE-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...)
	{DSA-716-1}
	- gaim 1:1.1.3-1
CVE-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long file ...)
	NOT-FOR-US: SUN JRE
CVE-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...)
	- wpasupplicant 0.3.8-1
CVE-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based Tel ...)
	{DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1}
	- krb4 1.2.2-11.2 (bug #306141)
	- krb5 1.3.6-2
	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
	- netkit-telnet 0.17-28
	- heimdal 0.6.3-10
CVE-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
	{DSA-731-1 DSA-703-1}
	- krb5 1.3.6-2
	- krb4 1.2.2-11.2 (bug #306141)
CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_r ...)
	- putty 0.57-1
CVE-2005-0466
	RESERVED
CVE-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, w ...)
	NOT-FOR-US: SGI IRIX
CVE-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does no ...)
	NOT-FOR-US: SGI IRIX
CVE-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to inpu ...)
	NOT-FOR-US: ulog-php
CVE-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1 ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote at ...)
	NOT-FOR-US: NewsBruiser
CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to o ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote att ...)
	- phpmyadmin 4:2.6.2 (unimportant)
	NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> :
	NOTE: I think it is not a problem on Debian as far as everybody knows the full
	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in osCommer ...)
	- oscommerce <itp> (bug #532489)
CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugi ...)
	NOT-FOR-US: Opera
CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded binar ...)
	NOT-FOR-US: Opera
CVE-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed f ...)
	NOT-FOR-US: Real
CVE-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not p ...)
	NOT-FOR-US: Lighttpd
CVE-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.N ...)
	NOT-FOR-US: Microsoft
CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows rem ...)
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote at ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before  ...)
	{DSA-1678-1 DSA-696-1}
	- perl 5.8.4-7
CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote a ...)
	NOT-FOR-US: Quake 3
CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Solaris
CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denia ...)
	{DSA-688-1}
	- squid 2.5.8-3
CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows re ...)
	- openwebmail <removed>
CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries u ...)
	NOT-FOR-US: VMware
CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the  ...)
	NOT-FOR-US: CubeCart
CVE-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 allo ...)
	NOT-FOR-US: CubeCart
CVE-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server Enterp ...)
	NOT-FOR-US: Sybase
CVE-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...)
	- elog 2.5.7+r1558-1
CVE-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 allow ...)
	- elog 2.5.7+r1558-1
CVE-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain se ...)
	- awstats 6.3-1
CVE-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...)
	- awstats 6.3-1
CVE-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6 ...)
	- awstats 6.3-1
CVE-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read serv ...)
	- awstats 6.3-1
CVE-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 al ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pa ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domai ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin 3 ...)
	NOT-FOR-US: vBulletin
CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...)
	- pdns 2.9.16-6
CVE-2005-0427 (The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encr ...)
	- webmin <not-affected> (Gentoo specific)
CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ca ...)
	NOT-FOR-US: Solaris
CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, an ...)
	NOT-FOR-US: Websphere
CVE-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows re ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...)
	NOT-FOR-US: DelphiTurk
CVE-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat f ...)
	NOT-FOR-US: DelphiTurk
CVE-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows re ...)
	NOT-FOR-US: Microsoft
CVE-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote aut ...)
	NOT-FOR-US: 3com
CVE-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up t ...)
	NOT-FOR-US: Sun Java
CVE-2005-0417 (Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and ea ...)
	NOT-FOR-US: IBM DB2
CVE-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows 20 ...)
	NOT-FOR-US: Windows
CVE-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow  ...)
	NOT-FOR-US: Emdros
CVE-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows  ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...)
	NOT-FOR-US: MyPHP Forum
CVE-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows re ...)
	NOT-FOR-US: Spidean PostWrap
CVE-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and  ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ear ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) i ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of  ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibl ...)
	NOT-FOR-US: Openconf
CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images m ...)
	- imagemagick <unfixed> (bug #298051; unimportant)
	NOTE: <Maulkin> The EXIF spec says "if your app can't handle $foo, don't touch $foo"
	NOTE: <Piet> 'convert -strip' will remove exif data according to http://web.archive.org/web/20130922031724/http://www.imagemagick.org:80/pipermail/magick-users/2006-May/017538.html
CVE-2005-0405
	RESERVED
CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email inform ...)
	NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
	- kdepim 3.4-1 (bug #305601; low)
	[sarge] - kdepim <no-dsa> (Hardly exploitable)
	NOTE: According to the KDE bug the URL bar in 3.4 cannot be manipulated. Kmail also
	NOTE: warns that HTML mails introduce the risk of phishing. This could as well
	NOTE: be unimportant
CVE-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterp ...)
	- glibc <not-affected> (Specific to the NPTL backport for RHEL 3)
CVE-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...)
	- mozilla-firefox 1.0.2-1
CVE-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...)
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6  ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
	- kernel-source-2.4.27 2.4.27-10 (bug #303294)
CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozill ...)
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote attacke ...)
	- ipsec-tools 1:0.5-5
CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c fo ...)
	{DSA-702-1}
	- imagemagick 6:6.0.6.2-2.2 (bug #297990)
	- graphicsmagick 1.1.7-1
CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE b ...)
	NOTE: fix in -4 was broken
	- kdelibs 4:3.3.2-6
CVE-2005-0395
	REJECTED
CVE-2005-0394
	RESERVED
CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, w ...)
	{DSA-733-1}
	- crip 3.5-1sarge2 (low)
CVE-2005-0392 (ppxp does not drop root privileges before opening log files, which all ...)
	{DSA-725-2 DSA-725-1}
	- ppxp 0.2001080415-11
CVE-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and  ...)
	{DSA-712-1}
	- geneweb 4.10-7 (bug #304405)
CVE-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel  ...)
	{DSA-706-1}
	- axel 1.0b-1
CVE-2005-0389
	REJECTED
CVE-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...)
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader  ...)
	{DSA-700-1}
	- mailreader 2.3.29-11
CVE-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure s ...)
	{DSA-693-1}
	- luxman 0.41-20 (bug #299857)
CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 a ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote attac ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Breed game
CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 all ...)
	NOT-FOR-US: forumKIT
CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) print_catego ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and e ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...)
	- horde2 <not-affected>
	- horde3 3.0.1-1
CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows  ...)
	NOT-FOR-US: sgallery
CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows local  ...)
	NOT-FOR-US: sgallery
CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: sgallery
CVE-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier a ...)
	NOT-FOR-US: bitboard
CVE-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as  ...)
	NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
	NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
	NOTE: cyrus-sasl2 already has patch applied
	NOTE: oldstable version not affected, thus marking it as done with the oldstable version
	- cyrus-sasl <not-affected> (cyrus-sasl code seems too old for any of the problems to apply)
	- cyrus-sasl2 2.1.19.dfsg1-0sarge2
CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allow ...)
	{DSA-686-1}
	- gftp 2.0.18-1
	NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong.
CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ear ...)
	- armagetron 0.2.8.2.1-1 (bug #296840; low)
	[sarge] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
	[etch] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ear ...)
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but oldstable is affected
CVE-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...)
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but olstable is affected
CVE-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote attacke ...)
	NOT-FOR-US: CMScore
CVE-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1 ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message that w ...)
	- gnupg 1.4.1-1
CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.1 ...)
	- bind9 <not-affected> (Bind on hp-ux)
CVE-2005-0361
	RESERVED
CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterp ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge En ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence  ...)
	- linux-2.6 <not-affected> (Linux is not vulnerable, see #310804)
	- kernel-source-2.4.27 <not-affected> (Linux is not vulnerable, see #310804)
	- kfreebsd5-source 5.3-15 (medium)
CVE-2005-0355
	RESERVED
CVE-2005-0354
	RESERVED
CVE-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel L ...)
	NOT-FOR-US: Sentinel License Manager
CVE-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop SY ...)
	NOT-FOR-US: Servers Alive
CVE-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO Op ...)
	NOT-FOR-US: SCO OpenServer
CVE-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and Interne ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor AR ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files wi ...)
	- kdelibs 4:3.3.2-2
CVE-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute a ...)
	{DSA-682-1}
	- awstats 6.2-1.2
CVE-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...)
	- awstats 6.2-1.2
	NOTE: http://patches.ubuntu.com/patches/awstats.more-CVE-2005-0016.diff
	NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
CVE-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book 1. ...)
	NOT-FOR-US: Woltlab Burning Book
CVE-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows remot ...)
	NOT-FOR-US: RealArcade
CVE-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote att ...)
	NOT-FOR-US: RealArcade
CVE-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...)
	NOT-FOR-US: SafeNet
CVE-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2 ...)
	NOT-FOR-US: php-fusion
CVE-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allow ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...)
	NOT-FOR-US: PerlDesk
CVE-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite arb ...)
	NOT-FOR-US: Apple
CVE-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP he ...)
	NOT-FOR-US: Apple
CVE-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows rem ...)
	NOT-FOR-US: Apple
CVE-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Foxmail
CVE-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ex ...)
	NOT-FOR-US: Savant Web Server
CVE-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_ ...)
	- postfix 2.1.4-5
CVE-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web S ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server 5 ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...)
	NOT-FOR-US: Linksys
CVE-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial o ...)
	NOT-FOR-US: LanChat
CVE-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration Se ...)
	NOT-FOR-US: DeskNow Mail server
CVE-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...)
	NOT-FOR-US: Winrar
CVE-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ver ...)
	NOT-FOR-US: Painkiller
CVE-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows  ...)
	NOT-FOR-US: ZipGenius
CVE-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest fir ...)
	NOT-FOR-US: Netgear
CVE-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arb ...)
	NOT-FOR-US: PafileDB
CVE-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: PafileDB
CVE-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game s ...)
	NOT-FOR-US: Xpand Rally
CVE-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain s ...)
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery W ...)
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7. ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote auth ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6 ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdm ...)
	NOT-FOR-US: Webadmin
CVE-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validat ...)
	NOT-FOR-US: Webadmin
CVE-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Al ...)
	NOT-FOR-US: Webadmin
CVE-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...)
	NOT-FOR-US: WebWasher
CVE-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail  ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server 4 ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote authent ...)
	NOT-FOR-US: WarFTPD under NT
CVE-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session  ...)
	NOT-FOR-US: Ingate
CVE-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Exponent
CVE-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php o ...)
	NOT-FOR-US: Exponent
CVE-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier a ...)
	NOT-FOR-US: W32Dasm
CVE-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Me ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive informati ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlie ...)
	NOT-FOR-US: Siteman
CVE-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier allow ...)
	NOT-FOR-US: DivX Player
CVE-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_su ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and  ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allo ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and  ...)
	- jsboard 2.0.10-1
CVE-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows rem ...)
	- gforge 3.1-26
CVE-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the loca ...)
	NOT-FOR-US: Oracle
CVE-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows remot ...)
	NOT-FOR-US: Oracle
CVE-2005-0296
	NOT-FOR-US: Novell
CVE-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any pro ...)
	NOT-FOR-US: nProtect
CVE-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Minis
CVE-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows r ...)
	NOT-FOR-US: Minis
CVE-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift Regist ...)
	NOT-FOR-US: phpGiftReg
CVE-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR  ...)
	NOT-FOR-US: NetGear
CVE-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, allo ...)
	NOT-FOR-US: NetGear
CVE-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, confi ...)
	NOT-FOR-US: Apple
CVE-2005-0288 (The change password functionality in Bottomline Webseries Payment Appl ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to re ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0285 (Webseries Payment Application does not properly restrict privileged op ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows rem ...)
	NOT-FOR-US: QwikiWiki
CVE-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) al ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in Soldn ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier a ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the "me ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attacke ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 al ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com 3CDa ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and e ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2. ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP  ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0269 (The file extension check in GNUBoard 3.40 and earlier only verifies ex ...)
	NOT-FOR-US: GNU Board
CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote at ...)
	NOT-FOR-US: FlatNuke
CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an admin ...)
	NOT-FOR-US: FlatNuke
CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X  ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0. ...)
	NOT-FOR-US: OWL intranet
CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in O ...)
	NOT-FOR-US: OWL intranet
CVE-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...)
	NOT-FOR-US: AIX
CVE-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local us ...)
	NOT-FOR-US: AIX
CVE-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop p ...)
	NOT-FOR-US: AIX
CVE-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor AR ...)
	NOT-FOR-US: ARCserve Backup
CVE-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ava ...)
	- phpbb2 2.0.12-1
CVE-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) u ...)
	- phpbb2 2.0.12-1
CVE-2005-0257
	RESERVED
CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 all ...)
	{DSA-705-1}
	- wu-ftpd 2.6.2-19
CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbi ...)
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
	NOT-FOR-US: BibORB
CVE-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and p ...)
	NOT-FOR-US: BibORB
CVE-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier vers ...)
	NOT-FOR-US: BibORB
CVE-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1. ...)
	NOT-FOR-US: BibORB
CVE-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5. ...)
	NOT-FOR-US: AIX
CVE-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec AntiViru ...)
	NOT-FOR-US: Symantec AntiVirus Library
CVE-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when cre ...)
	NOT-FOR-US: Solaris
CVE-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier m ...)
	{DSA-683-1}
	- postgresql 7.4.7-2
CVE-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows atta ...)
	- postgresql 7.4.7-1
CVE-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow a ...)
	{DSA-683-1}
	- postgresql 7.4.7-1
CVE-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE  ...)
	- postgresql 7.4.7-1
CVE-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0. ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and p ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 an ...)
	- squid 2.5.7-7
CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...)
	NOT-FOR-US: AIX
CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows  ...)
	NOT-FOR-US: S/MIME plugin
CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote  ...)
	NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
	- epiphany-browser 1.4.8-2
CVE-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE  ...)
	- kdelibs 4:3.3.2-3
CVE-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...)
	NOT-FOR-US: Omniweb
CVE-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows remot ...)
	NOT-FOR-US: Opera
CVE-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows rem ...)
	NOT-FOR-US: Safari
CVE-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino .8. ...)
	NOTE: IDN is now disabled by default in firefox, but there may be a more elegant
	NOTE: solution in the future
	- mozilla-firefox 1.0.1-1
	- mozilla 2:1.7.6-1
CVE-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration pa ...)
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a use ...)
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...)
	NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
	NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers
	NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
	NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
	NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
	- mozilla-firefox <not-affected> (Affects only Firefox on Windows)
CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file  ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0228
	REJECTED
CVE-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
	{DSA-668-1}
	- postgresql 7.4.7-1
CVE-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for  ...)
	NOT-FOR-US: ngIRCd
CVE-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with predic ...)
	- firehol 1.214-4
CVE-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 throug ...)
	NOT-FOR-US: HP-UX
CVE-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4. ...)
	NOT-FOR-US: Java SDK and RTE for Tru64 UNIX
CVE-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitiv ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 A ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 a ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-p ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog al ...)
	NOT-FOR-US: Invision Community Blog
CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Bu ...)
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to cau ...)
	- mozilla <not-affected> (Mozilla 1.6 for Windows)
CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...)
	NOT-FOR-US: SPHPBlog
CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote attacke ...)
	NOT-FOR-US: WinHKI
CVE-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier a ...)
	NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
CVE-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remot ...)
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a de ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-15
	- kernel-source-2.4.27 2.4.27-9 (bug #300838)
CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a d ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
	- gaim 1:1.1.4
CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows N ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CV ...)
	- xpdf <not-affected> (Initial Debian fix was already correct)
	- gpdf <not-affected> (Initial Debian fix was already correct)
	- kdegraphics <not-affected> (Initial Debian fix was already correct)
	- tetex-bin <not-affected> (Initial Debian fix was already correct)
	- pdftohtml <not-affected> (Initial Debian fix was already correct)
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
	NOTE: cupsys uses an external xpdf now.
CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain  ...)
	{DSA-692-1}
	- kdenetwork 4:3.1.6
CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T a ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9 (bug #296700; high)
CVE-2005-0203
	REJECTED
CVE-2005-0202 (Directory traversal vulnerability in the true_path function in private ...)
	{DSA-674-1}
	- mailman 2.1.5-6
CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a socket ...)
	- dbus 0.22
CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been  ...)
	NOT-FOR-US: TikiWiki
CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ngIRC ...)
	NOT-FOR-US: ngIRCd
CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Labe ...)
	NOT-FOR-US: Cisco
CVE-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp lo ...)
	NOT-FOR-US: Cisco
CVE-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco
CVE-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
	{DSA-667-1}
	- squid 2.5.7-7
CVE-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync  ...)
	NOT-FOR-US: mRouter in iSync in OS X
CVE-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata  ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc toolba ...)
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar a ...)
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS T ...)
	NOT-FOR-US: Cisco
CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows re ...)
	NOT-FOR-US: NodeManager Professional
CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin 0. ...)
	NOT-FOR-US: vacation plugin
CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allow ...)
	NOT-FOR-US: vacation plugin
CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
	NOT-FOR-US: mod_dosevasive module for apache
CVE-2005-0181
	RESERVED
CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in sc ...)
	[sarge] - kernel-source-2.6.8 2.6.8-12
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (intlen and outlen are unsigned in 2.4)
CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of s ...)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was only introduced in 2.6.9)
	- linux-2.6 <not-affected> (Fixed before initial release)
CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows l ...)
	- kernel-source-2.4.27 <not-affected> (v2.4 is safe because back there current->signal was not shared.)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, whic ...)
	- kernel-source-2.4.27 <not-affected> (According to joshk, doesn't apply to 2.4.27)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to u ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus scanni ...)
	- clamav 0.81
CVE-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington IM ...)
	- uw-imap 7:2002edebian1-6
CVE-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cach ...)
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cach ...)
	- squid 2.5.7-6
CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated u ...)
	{DSA-667-1}
	- squid 2.5.7-4
CVE-2005-0172
	REJECTED
CVE-2005-0171
	REJECTED
CVE-2005-0170
	REJECTED
CVE-2005-0169
	REJECTED
CVE-2005-0168
	REJECTED
CVE-2005-0167
	REJECTED
CVE-2005-0166
	REJECTED
CVE-2005-0165
	REJECTED
CVE-2005-0164
	RESERVED
CVE-2005-0163
	RESERVED
CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in  ...)
	- openswan 2.3.0-2
	- freeswan <not-affected>
CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow attac ...)
	- unace 1.2b-3
CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute arb ...)
	- unace 1.2b-3
CVE-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU ...)
	{DSA-679-1}
	- toolchain-source 3.4-5
CVE-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote  ...)
	{DSA-687-1}
	- bidwatcher 1.3.17-1
CVE-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to s ...)
	{DSA-720-1}
	- smartlist 3.15-18
CVE-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when insta ...)
	- perl 5.8.4-6
CVE-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid su ...)
	- perl 5.8.4-6
	- mooix 1.0rc5.pre4
CVE-2005-0154
	RESERVED
CVE-2005-0153
	RESERVED
CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows r ...)
	{DSA-662-1}
	- squirrelmail 1:1.2.7-1
	NOTE: This bug exists only in version 1.2.6.
CVE-2005-0151 (Unknown vulnerability in the installation of Adobe License Management  ...)
	NOT-FOR-US: Adobe License Management Software
CVE-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) d ...)
	- mozilla-firefox 1.0
CVE-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obe ...)
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.4
CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the defa ...)
	- mozilla-thunderbird <not-affected> (Affects only Thunderbird on Windows)
CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a  ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to  ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0145 (Firefox before 1.0 does not properly distinguish between user-generate ...)
	- mozilla-firefox 1.0
CVE-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lo ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon  ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozill ...)
	- mozilla-firefox 1.0
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.5
CVE-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to  ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...)
	NOT-FOR-US: PeID
CVE-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6. ...)
	NOT-FOR-US: Irix
CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly a ...)
	NOT-FOR-US: Irix
CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has certai ...)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- linux-2.6 2.6.11
CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) architec ...)
	{DSA-1082-1 DSA-1070-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
	NOT-FOR-US: SCO UnixWare
CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of s ...)
	- clamav 0.80-0.81rc1-1
CVE-2005-0132
	RESERVED
CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses th ...)
	- konversation 0.15-3
CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ex ...)
	- konversation 0.15-3
CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...)
	- konversation 0.15-3
CVE-2005-0128
	REJECTED
CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, generate ...)
	NOT-FOR-US: MacOS
CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ar ...)
	NOT-FOR-US: MacOS
CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop  ...)
	NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for Linu ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 2.6.12-1
CVE-2005-0123
	REJECTED
CVE-2005-0122
	REJECTED
CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
	NOT-FOR-US: golddig
CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary file ...)
	NOT-FOR-US: helvis
CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the  ...)
	NOT-FOR-US: helvis
CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable dir ...)
	NOT-FOR-US: helvis
CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute a ...)
	- xshisen 1.51-1-1.1 (bug #289784)
CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
	- awstats 6.2-1.1
CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler (ID ...)
	NOT-FOR-US: DataRescue Interactive Disassembler
CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wirel ...)
	NOT-FOR-US: ZoneAlarm
CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands v ...)
	NOT-FOR-US: IRIX
CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7 ...)
	- maxdb-7.5.00 7.5.00.18
CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypas ...)
	NOT-FOR-US: MSIE
CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating sys ...)
	NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical
	NOTE: attack, paranoid people should disable hyper threading
	- kfreebsd5-source 5.3-11
CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malic ...)
	{DSA-659-1}
	- libapache-mod-auth-radius 1.5.7-6
	- libpam-radius-auth 1.3.16-3
CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, wh ...)
	{DSA-690-1}
	- bsmtpd 2.3pl8b-16
CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
	- libnet-ssleay-perl 1.25-1.1
CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local user ...)
	{DSA-684-1}
	- typespeed 0.4.4-8
CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMai ...)
	{DSA-662-1}
	- squirrelmail 2:1.4.4
CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...)
	- squirrelmail 2:1.4.4-1
CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier a ...)
	{DSA-673-1}
	- evolution 2.0.3-1.2 (bug #295548)
CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and e ...)
	- newspost 2.1.1-2
CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...)
	{DSA-685-1 DSA-671-1 DSA-670-1}
	- emacs21 21.3+1-9
	- xemacs21 21.4.16-2
CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop p ...)
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before  ...)
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote atta ...)
	- squid 2.5.7-4
CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
	- squid 2.5.7-4
CVE-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows  ...)
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply parse ...)
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0093
	REJECTED
CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB sp ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...)
	{DSA-666-1}
	- python2.2 2.2.3-14
	- python2.3 2.3.4+2.3.5c1-2
	- python2.4 2.4-5
CVE-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote a ...)
	{DSA-689-1}
	- libapache2-mod-python 3.1.3-3
	- libapache-mod-python 2:2.7.10-4
CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for  ...)
	NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
	- alsa-lib 1.0.9-1 (unimportant)
CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allow ...)
	- less <not-affected> (Red Hat specific less bug)
CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3. ...)
	{DSA-680-1}
	- htdig 1:3.1.6-11 (bug #305996)
CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
	{DSA-653-1}
	- ethereal 0.10.9-1
CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and othe ...)
	- maxdb-7.5.00 7.5.00.24-1
CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ver ...)
	- maxdb-7.5.00 7.5.00.21-1
CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
	- maxdb-7.5.00 7.5.00.21-1
CVE-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
	- mailman 2.1.5-5
CVE-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...)
	{DSA-649-1}
	- xtrlock 2.0-9
CVE-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the r ...)
	{DSA-660-1}
	- kdebase 4:3.0.5
CVE-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...)
	{DSA-658-1}
	- libdbi-perl 1.46-6
CVE-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local use ...)
	{DSA-672-1}
	- xview 3.2p1.4-19
CVE-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...)
	- squirrelmail 2:1.4.4-1
CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to exec ...)
	{DSA-676-1}
	- xpcd 2.08-11.1 (bug #294793)
CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when r ...)
	{DSA-677-1}
	- sympa 4.1.2-2.1
CVE-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user config ...)
	{DSA-655-1}
	- zhcon 1:0.2.3-8.1 (bug #292210)
CVE-2005-0071 (vdr before 1.2.6 does not securely create files, which allows attacker ...)
	{DSA-656-1}
	- vdr 1.2.6-6
CVE-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when instal ...)
	{DSA-681-1}
	- synaesthesia 2.1-3
	NOTE: does not apply for sarge, program is not setuid anymore
CVE-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local user ...)
	- vim 1:6.3-058+1
CVE-2005-0068 (The original design of ICMP does not require authentication for host-g ...)
	NOTE: general icmp design error
CVE-2005-0067 (The original design of TCP does not require that port numbers be assig ...)
	NOTE: general tcp design error, no indication it affects linux
CVE-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...)
	NOTE: general tcp design error
CVE-2005-0065 (The original design of TCP does not check that the TCP sequence number ...)
	NOTE: general tcp design error
CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc fo ...)
	{DSA-648-1 DSA-645-1}
	- xpdf 3.00-13
	- gpdf 2.8.2-1.2
	- pdftohtml 0.36-11
	- kdegraphics 4:3.3.2-2
	- tetex-bin 2.0.2-26
	- cupsys 1.1.22-6 (bug #324459)
	- cups 1.1.22-6 (bug #324459)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.23-13, the dormant code in the source
	NOTE: package was fixed.
CVE-2005-0063 (The document processing application used by the Windows Shell in Micro ...)
	NOT-FOR-US: Microsoft
CVE-2005-0062
	RESERVED
CVE-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Wind ...)
	NOT-FOR-US: Microsoft
CVE-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0058 (Buffer overflow in the Telephony Application Programming Interface (TA ...)
	NOT-FOR-US: TAPI for Windows
CVE-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0052
	RESERVED
CVE-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remot ...)
	NOT-FOR-US: Microsoft
CVE-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 Server ...)
	NOT-FOR-US: Microsoft
CVE-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, a ...)
	NOT-FOR-US: Microsoft
CVE-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use  ...)
	NOT-FOR-US: Microsoft
CVE-2005-0046
	RESERVED
CVE-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchan ...)
	NOT-FOR-US: Microsoft
CVE-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...)
	NOT-FOR-US: iTunes
CVE-2005-0042
	RESERVED
CVE-2005-0041
	RESERVED
CVE-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke befo ...)
	NOT-FOR-US: DotNetNuke
CVE-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security Pay ...)
	NOTE: These are known issues of IPSEC and basically every VPN system using
	NOTE: encryption without authentication.
	NOTE: openswan even prevents such configurations
CVE-2005-0038 (The DNS implementation of PowerDNS 2.9.16 and earlier allows remote at ...)
	- pdns 2.9.17-1
CVE-2005-0037 (The DNS implementation of DNRD before 2.10 allows remote attackers to  ...)
	NOT-FOR-US: dnrd
CVE-2005-0036 (The DNS implementation in DeleGate 8.10.2 and earlier allows remote at ...)
	NOT-FOR-US: DeleGate
CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ea ...)
	NOT-FOR-US: Adobe
CVE-2005-0034 (An "incorrect assumption" in the authvalidated validator function in B ...)
	- bind9 1:9.3.1
	[woody] - bind9 <not-affected>
	[sarge] - bind9 <not-affected>
	NOTE: only affects bind9 9.3.0, sarge and woody have an earlier versions
CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND 8. ...)
	- bind 1:8.4.6-1
CVE-2005-0032
	RESERVED
CVE-2005-0031
	RESERVED
CVE-2005-0030
	RESERVED
CVE-2005-0029
	RESERVED
CVE-2005-0028
	RESERVED
CVE-2005-0027
	RESERVED
CVE-2005-0026
	RESERVED
CVE-2005-0025
	RESERVED
CVE-2005-0024
	RESERVED
CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to sp ...)
	- gnome-libs <unfixed> (bug #329156; unimportant)
	- vte <unfixed> (bug #330907; unimportant)
	NOTE: Not considered a security problem, see #329156
CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before 4.43 ...)
	- exim4 4.34-10
CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to e ...)
	{DSA-637-1 DSA-635-1}
	- exim4 4.34-10
	- exim 3.36-13 (bug #290036)
	- exim-tls <removed>
CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute a ...)
	{DSA-641-1}
	- playmidi 2.4debian-3
CVE-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to e ...)
	{DSA-675-1}
	- hztty 2.0-6.1
CVE-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read  ...)
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read a ...)
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos be ...)
	{DSA-640-1}
	- gatos 0.0.5-15
CVE-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitra ...)
	{DSA-650-1}
	- sword 1.5.7-7 (bug #291433)
CVE-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malici ...)
	- ncpfs 2.2.6-1
CVE-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before  ...)
	{DSA-665-1}
	- ncpfs 2.2.6-1
CVE-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo b ...)
	- dillo 0.8.3-1
CVE-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...)
	- kdeedu 4:3.3.2-2
CVE-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...)
	- ethereal 0.10.9-1
CVE-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 thr ...)
	- ethereal 0.10.9-1
CVE-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through  ...)
	- ethereal 0.10.9-1
CVE-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...)
	- ethereal 0.10.9-1
CVE-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote att ...)
	- ethereal 0.10.9-1
CVE-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and  ...)
	{DSA-646-1}
	- imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033)
CVE-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.1 ...)
	{DSA-647-1}
	- mysql-dfsg-4.1 4.1.8a-6
	- mysql-dfsg 4.0.23-3
CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ar ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 2.4.27-9
	[sarge] - kernel-source-2.6.8 2.6.8-9
CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not  ...)
	NOT-FOR-US: poppassd_pam
CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel 2. ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	NOTE: i386 and smp specific
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-13

© 2014-2024 Faster IT GmbH | imprint | privacy policy