path: root/data/CVE/2007.list

CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...)
	NOT-FOR-US: Papoo
CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in eDocStore ...)
	NOT-FOR-US: eDocStore
CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows remote ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows remote ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in BugMall ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username "demo" ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows ...)
	NOT-FOR-US: SJphone
CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3442 (Format string vulnerability on the Research in Motion BlackBerry 7270 ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with ...)
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel PC ...)
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...)
	TODO: check
CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to ...)
	TODO: check
CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain ...)
	TODO: check
CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Pharmacy System
CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and ...)
	NOT-FOR-US: Pharmacy System
CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml ...)
	NOT-FOR-US: Pluxml
CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio ...)
	NOT-FOR-US: Dagger
CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and ...)
	NOT-FOR-US: e107
CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 ...)
	NOT-FOR-US: WebAPP
CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, ...)
	NOT-FOR-US: WebAPP
CVE-2007-3420 (The Random Cookie Password functionality in the loaduser function in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org ...)
	NOT-FOR-US: WebAPP
CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WebAPP
CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 ...)
	NOT-FOR-US: phpRaider
CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 ...)
	NOT-FOR-US: access2asp
CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid ...)
	NOT-FOR-US: bosDataGrid
CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in ...)
	NOT-FOR-US: ClickGallery Server
CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery Server ...)
	NOT-FOR-US: ClickGallery Server
CVE-2007-3410 (Buffer overflow in the wallclock functionality ...)
	- helix-player <not-affected> (Debian versions of Helix player not affected according to maintainer)
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...)
	TODO: check
CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have ...)
	TODO: check
CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...)
	TODO: check
CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp ...)
	NOT-FOR-US: Lebisoft zdefter
CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS ...)
	NOT-FOR-US: SiteDepth CMS
CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in dreamLog (aka ...)
	NOT-FOR-US: dreamLog
CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows ...)
	NOT-FOR-US: pagetool
CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...)
	NOT-FOR-US: B1GBB
CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157 ...)
	TODO: check
CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power ...)
	NOT-FOR-US: Power Phlogger
CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: LiveWEB
CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS) before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) ...)
	NOT-FOR-US: KeyFocus
CVE-2007-3395 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through ...)
	- hiki 0.8.7-1 (bug #430691; medium)
	NOTE: Duplicate of CVE-2007-2836
CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote ...)
	NOT-FOR-US: eNdonesia
CVE-2007-3388
	RESERVED
CVE-2007-3387
	RESERVED
CVE-2007-3386
	RESERVED
CVE-2007-3385
	RESERVED
CVE-2007-3384
	RESERVED
CVE-2007-3383
	RESERVED
CVE-2007-3382
	RESERVED
CVE-2007-3381
	RESERVED
CVE-2007-3380
	RESERVED
CVE-2007-3379
	RESERVED
CVE-2007-3378 [php htaccess safe_mode basedir_bypasses]
	RESERVED
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates ...)
	TODO: check
CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows ...)
	TODO: check
CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver allows ...)
	NOT-FOR-US: Lhaca
CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman ...)
	- redhat-cluster <unfixed> (medium)
CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear ...)
	- redhat-cluster <unfixed> (low)
CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of ...)
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service ...)
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [jailer unsave tempfile usage]
	- jailer 0.4-10 (bug #410548)
CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a ...)
	- avahi <unfixed> (low)
	[etch] - avahi <no-dsa> (Minor issue, only affects local users)
CVE-2007-3371 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Powl
CVE-2007-3370 (Multiple PHP remote file inclusion vulnerabilities in Sun Board ...)
	NOT-FOR-US: Sun Board
CVE-2007-3369 (Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with ...)
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3368 (Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 ...)
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3367 (Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before ...)
	NOT-FOR-US: cPanel
CVE-2007-3366 (Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper ...)
	NOT-FOR-US: cPanel
CVE-2007-3365 (MyServer 0.8.9 and earlier does not properly handle uppercase ...)
	NOT-FOR-US: MyServer
CVE-2007-3364 (Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi ...)
	NOT-FOR-US: MyServer
CVE-2007-3363 (Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 ...)
	NOT-FOR-US: AGEphone
CVE-2007-3362 (ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC ...)
	NOT-FOR-US: AGEphone
CVE-2007-3361 (The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows ...)
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3360 (hook.c in BitchX 1.1-final allows remote IRC servers to execute ...)
	- ircii-pana <unfixed> (low)
CVE-2007-3359 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and ...)
	NOT-FOR-US: SerWeb
CVE-2007-3358 (PHP remote file inclusion vulnerability in html/load_lang.php in ...)
	NOT-FOR-US: SerWeb
CVE-2007-3357 (NetClassifieds Premium Edition does not use encryption for (1) stored ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3356 (NetClassifieds Premium Edition allows remote attackers to obtain ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3355 (Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3354 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3353 (** DISPUTED ** ...)
	NOT-FOR-US: MyEvent
CVE-2007-3352 (Cross-site scripting (XSS) vulnerability in the preview form in ...)
	NOT-FOR-US: Stephen Ostermiller Contact Form
CVE-2007-3351 (The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim ...)
	NOT-FOR-US: SJPhone SIP
CVE-2007-3350 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...)
	NOT-FOR-US: AIM
CVE-2007-3349 (The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version ...)
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3348 (The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a ...)
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3347 (The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are ...)
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3346 (Directory traversal vulnerability in index.php in PHPAccounts 0.5 ...)
	NOT-FOR-US: PHPAccounts
CVE-2007-3345 (Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 ...)
	NOT-FOR-US: PHPAccounts
CVE-2007-3344 (Multiple cross-site scripting (XSS) vulnerabilities in netjukebox ...)
	NOT-FOR-US: netjukebox
CVE-2007-3343 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2007-3342 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type ...)
	NOT-FOR-US: Movable Type
CVE-2007-3341 (Unspecified vulnerability in the FTP implementation in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-3340 (HTTP SERVER 1.6.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ColdFusion
CVE-2007-3338 (Multiple buffer stack-based overflows in Ingres database server 2006 ...)
	NOT-FOR-US: Ingres
CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used ...)
	NOT-FOR-US: Ingres
CVE-2007-3336 (Multiple &quot;pointer overwrite&quot; vulnerabilities in Ingres database server ...)
	NOT-FOR-US: Ingres
CVE-2007-3335 (Multiple SQL injection vulnerabilities in the admin panel in PHPEcho ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server ...)
	NOT-FOR-US: Ingres
CVE-2007-3333
	RESERVED
CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for ...)
	NOT-FOR-US: Satel Lite for PhpNuke
CVE-2007-3331 (Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO ...)
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 ...)
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) ...)
	TODO: check
CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 ...)
	NOT-FOR-US: Interact
CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain ...)
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3326 (Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow ...)
	NOT-FOR-US: vBulletin
CVE-2007-3325 (PHP remote file inclusion vulnerability in lib/language.php in LAN ...)
	NOT-FOR-US: LAN Management System
CVE-2007-3324 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart ...)
	NOT-FOR-US: Comersus Cart
CVE-2007-3323 (SQL injection vulnerability in comersus_optReviewReadExec.asp in ...)
	NOT-FOR-US: Comersus Shop Cart
CVE-2007-4168
	REJECTED
CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3320 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3319 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3318 (Buffer overflow in the Session Initiation Protocol (SIP) User Access ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC) message ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC ...)
	- vlc 0.8.6.c.debian-1 (bug #429726)
CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer ...)
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant ...)
	NOT-FOR-US: Altap Servant Salamander
CVE-2007-3313 (Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3312 (Directory traversal vulnerability in admin/plugin_manager.php in ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3311 (SQL injection vulnerability in print.php in the Articles 1.02 and ...)
	NOT-FOR-US: Articles
CVE-2007-3310 (Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows ...)
	NOT-FOR-US: TDizin
CVE-2007-3309 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3308 (Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3307 (SQL injection vulnerability in game_listing.php in Solar Empire ...)
	NOT-FOR-US: Solar Empire
CVE-2007-3306 (PHP remote file inclusion vulnerability in crontab/run_billing.php in ...)
	NOT-FOR-US: MiniBill
CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2007-3304 (Apache httpd 1.3.37, and 2.0.59 and 2.2.4 with the Prefork MPM module, ...)
	- apache <removed> (low)
	[etch] - apache <unfixed> (low)
	[sarge] - apache <unfixed> (low)
	- apache2 <unfixed> (low)
	[etch] - apache2 <unfixed> (low)
	[sarge] - apache2 <not-affected> (affects only 1.3.xnd 2.2.x)
	NOTE: Apache 2.0 likely not affected, see
	NOTE: http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com>
CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
	- apache2 <unfixed> (unimportant)
	NOTE: If you can execute arbitrary code, a DoS is not a problem.
CVE-2007-3302
	RESERVED
CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...)
	NOT-FOR-US: F-Secure
CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...)
	- awffull 3.7.4final-1 (low)
CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote ...)
	NOT-FOR-US: Spey
CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...)
	NOT-FOR-US: Musoo
CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...)
	TODO: check
CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
	NOT-FOR-US: YaBB
CVE-2007-3294 (Multiple buffer overflows in the Tidy extension for PHP 5.2.3 allow ...)
	TODO: check
CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3289 (PHP remote file inclusion vulnerability in spaw/spaw_control.class.php ...)
	NOT-FOR-US: WiwiMod for XOOPS
CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats ...)
	NOT-FOR-US: skeltoac stats plugin for WordPress
CVE-2007-3287
	RESERVED
CVE-2007-3286
	RESERVED
CVE-2007-3285 (Mozilla Firefox allows remote attackers to bypass file type checks via ...)
	- iceweasel <unfixed> (medium)
	- iceape <unfixed> (medium)
	- firefox <removed> (medium)
	- mozilla <removed> (medium)
	- xulrunner <unfixed> (medium)
CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...)
	- xscreensaver <not-affected> (Not a security issue: works as documented)
CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX ...)
	TODO: check
CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...)
	NOT-FOR-US: Php Hosting Biller
CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...)
	TODO: check
CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL ...)
	TODO: check
CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust ...)
	TODO: check
CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for ...)
	NOT-FOR-US: localization module for WIKINDX
CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site@School ...)
	NOT-FOR-US: Site
CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active ...)
	NOT-FOR-US: MailWasher Server
CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause ...)
	TODO: check
CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows ...)
	NOT-FOR-US: MiniBB
CVE-2007-3271 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3270 (PHP remote file inclusion vulnerability in Includes/global.inc.php in ...)
	NOT-FOR-US: phpMyInventory
CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 ...)
	NOT-FOR-US: Papoo Light
CVE-2007-3268
	RESERVED
CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows ...)
	NOT-FOR-US: WEBIF
CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples component in ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in widgets/widget_search.php ...)
	NOT-FOR-US: dKret
CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when used ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Calendarix
CVE-2007-3258
	RESERVED
CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...)
	{DSA-1321-1}
	- evolution-data-server 1.10.2-2 (bug #429876)
	[sarge] - evolution-data-server <not-affected> (Vulnerable code present in a different source package)
CVE-2007-3256
	RESERVED
CVE-2007-3255
	RESERVED
CVE-2007-3254
	RESERVED
CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-3252 (PortalApp stores sensitive information under the web root with ...)
	NOT-FOR-US: PortalApp
CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and ...)
	NOT-FOR-US: e-Vision CMS
CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS before ...)
	NOT-FOR-US: Elxis CMS
CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php ...)
	NOT-FOR-US: Letterman Subscriber
CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows remote ...)
	NOT-FOR-US: VirtueMart
CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...)
	NOT-FOR-US: IRC Services
CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote ...)
	NOT-FOR-US: IRC Services
CVE-2007-3244 (SQL injection vulnerability in bb-includes/formatting-functions.php in ...)
	NOT-FOR-US: bbPress
CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress ...)
	NOT-FOR-US: bbPress
CVE-2007-3242 (The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) ...)
	NOT-FOR-US: WebAPP
CVE-2007-3241 (Cross-site scripting (XSS) vulnerability in blogroll.php in the ...)
	NOT-FOR-US: cordobo-green-park theme for WordPress
CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the ...)
	NOT-FOR-US: Vistered-Little theme for WordPress
CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in the ...)
	NOT-FOR-US: AndyBlue theme for WordPress
CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the ...)
	- wordpress <unfixed> (low)
CVE-2007-3237 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the Horoscope ...)
	NOT-FOR-US: XOOPS
CVE-2007-3235 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3234 (SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3233 (The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 ...)
	NOT-FOR-US: TEC-IT
CVE-2007-3232 (The IBM TotalStorage DS400 with firmware 4.15 uses a blank password ...)
	NOT-FOR-US: IBM
CVE-2007-3231 (Buffer overflow in MeCab before 0.96 has unknown impact and attack ...)
	- mecab <unfixed> (bug #429174; unknown)
CVE-2007-3230 (PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer ...)
	NOT-FOR-US: PHP::HTML
CVE-2007-3229 (index.php in Singapore Gallery allows remote attackers to obtain ...)
	NOT-FOR-US: Singapore Gallery
CVE-2007-3228 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sitellite CMS
CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json function in ...)
	- rails <unfixed> (bug #429177)
CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 ...)
	NOT-FOR-US: dotProject
CVE-2007-3225 (Unspecified vulnerability in Sun Java System Directory Server (slapd) ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3224 (Unspecified vulnerability in Sun ONE/Java System Directory Server ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3223 (Unspecified vulnerability in the NFS server in Sun Solaris 10 before ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3222 (PHP remote file inclusion vulnerability in modify.php in the XFsection ...)
	NOT-FOR-US: XOOPS
CVE-2007-3221 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3220 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3219 (Unspecified vulnerability in sources/action_public/xmlout.php in ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2007-3218 (Cross-site scripting (XSS) vulnerability in request.php in PHP Live! ...)
	NOT-FOR-US: PHP Live!
CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype of an ...)
	NOT-FOR-US: Prototype of an PHP application
CVE-2007-3216 (Multiple unspecified vulnerabilities in the server component of CA ...)
	NOT-FOR-US: CA BrightStor products
CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote ...)
	{DSA-1315-1}
	- libphp-phpmailer 1.73-4 (high; bug #429179)
	- flyspray 0.9.8-12 (bug #429191; bug #429195)
	[etch] - flyspray <not-affected> (Vulnerable code not)
	[sarge] - flyspray <not-affected> (Vulnerable code not included)
	- moodle <not-affected> (Doesn't affect moodle per maintainer)
	- owl-dms <unfixed> (bug #429197)
	- knowledgeroot <unfixed> (bug #429196)
	[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
	- ipplan 4.85-2 (bug #429193)
	- glpi 0.68.3.2-1 (bug #429192)
	[etch] - glpi <not-affected> (Vulnerable code not used)
	- wordpress 2.2.1-1 (bug #429194)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02 and ...)
	NOT-FOR-US: e-Vision CMS
CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in ...)
	NOT-FOR-US: Sporum Forum
CVE-2007-3212 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-3211 (Cross-site scripting (XSS) vulnerability in 404.php in Domain ...)
	NOT-FOR-US: Domain Technologie Control (DTC)
CVE-2007-3210 (Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens ...)
	NOT-FOR-US: Cellosoft Tokens Object
CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses ...)
	- mail-notification <unfixed> (low; bug #428157)
	[sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x)
	[etch] - mail-notification <no-dsa> (Minor issue, needs proper documentation in errata)
CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 ...)
	NOT-FOR-US: YaBB
CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare ...)
	NOT-FOR-US: Novell NetWare
CVE-2007-3206
	RESERVED
CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...)
	- php4 <unfixed> (low)
	- php5 <unfixed> (low)
CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...)
	- jffnms <unfixed> (high)
	NOTE: the fix for CVE-2007-3190 is incomplete (the 'pass' param can still contain an injection)
CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in ...)
	NOT-FOR-US: Webwiz
CVE-2007-3201 (Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 ...)
	NOT-FOR-US: Windows Privacy Tray (WinPT)
CVE-2007-3200 (NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and ...)
	NOT-FOR-US: Novell
CVE-2007-3199 (Unrestricted file upload vulnerability in Link Request Contact Form ...)
	NOT-FOR-US: Link Request Contact Form
CVE-2007-3198 (Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP ...)
	NOT-FOR-US: Maran PHP Blog
CVE-2007-3197 (SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before ...)
	NOT-FOR-US: vBulletin
CVE-2007-3196 (SQL injection vulnerability in vBSupport.php in vSupport Integrated ...)
	NOT-FOR-US: VBulletin
CVE-2007-3195 (Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI ...)
	NOT-FOR-US: ERFAN WIKI
CVE-2007-3194 (** DISPUTED ** ...)
	NOT-FOR-US: myBloggie
CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...)
	- phpwiki <unfixed> (low; bug #429201)
CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) ...)
	- jffnms <unfixed> (medium)
CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote ...)
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun ...)
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun ...)
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...)
	NOT-FOR-US: Fullaspsite GeometriX Download Portal
CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...)
	NOT-FOR-US: Apple
CVE-2007-3186 (Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote ...)
	NOT-FOR-US: Apple
CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, ...)
	NOT-FOR-US: Cisco
CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, ...)
	NOT-FOR-US: Calendarix
CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...)
	- firebird2 <unfixed> (medium)
CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows ...)
	NOT-FOR-US: HP
CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-3178 (Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi ...)
	NOT-FOR-US: Sistemi
CVE-2007-3177 (Ingate Firewall and SIParator before 4.5.2 allow remote attackers to ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3176 (Unspecified vulnerability in Ingate Firewall and SIParator before ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3175 (Multiple SQL injection vulnerabilities in W2B Online Banking allow ...)
	NOT-FOR-US: W2B Online Banking
CVE-2007-3174 (Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online ...)
	NOT-FOR-US: W2B Online Banking
CVE-2007-3173 (Almnzm allows remote attackers to obtain sensitive information via an ...)
	NOT-FOR-US: Almnzm
CVE-2007-3172 (Directory traversal vulnerability in demo/pop3/error.php in Uebimiau ...)
	NOT-FOR-US: UebiMiau
CVE-2007-3171 (Uebimiau Webmail allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: UebiMiau
CVE-2007-3170 (Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau ...)
	NOT-FOR-US: Uebimiau
CVE-2007-3169 (Buffer overflow in a certain ActiveX control in the EDraw Office ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3168 (A certain ActiveX control in the EDraw Office Viewer Component ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3167 (Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control ...)
	NOT-FOR-US: Vivotek
CVE-2007-3166 (Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, ...)
	NOT-FOR-US: Qualcomm Eudora
CVE-2007-3165 (Tor before 0.1.2.14 can construct circuits in which an entry guard is ...)
	- tor 0.1.2.14-1 (medium)
CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico ...)
	- moin <unfixed> (bug #429205)
	- knowledgeroot <unfixed> (bug #429204)
	- karrigell <unfixed> (bug #429207)
CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX ...)
	NOT-FOR-US: Internet Download Accelerator
CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote ...)
	NOT-FOR-US: Ace-FTP Client
CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in PHP ...)
	NOT-FOR-US: PHP Real Estate Classifieds Premium Plus
CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a ...)
	NOT-FOR-US: MiniWeb
CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote attackers to ...)
	NOT-FOR-US: ASP Folder Gallery
CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build ...)
	NOT-FOR-US: SafeNET
CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi ...)
	- webmin <removed>
CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown ...)
	- egroupware <unfixed> (bug #429208)
CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka ...)
	- ktorrent 2.1.4.dfsg.1-3 (bug #429209)
	- dtc-common <unfixed> (bug #429214)
	- egroupware-core <unfixed> (bug #429215)
	- gallery <unfixed> (bug #429213)
CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other ...)
	NOT-FOR-US: c-ares
CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number ...)
	NOT-FOR-US: c-ares
CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer PacketShaper ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute ...)
	NOT-FOR-US: Google Desktop
CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly check ...)
	- sudo <not-affected> (Not linked with krb5)
CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ...)
	NOT-FOR-US: Yahoo! Webcam Viewer
CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ...)
	NOT-FOR-US: Yahoo! Webcam Upload
CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: Zen Help Desk
CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote ...)
	- galeon <unfixed> (low; bug #429216)
CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote ...)
	- iceweasel <unfixed> (low)
	- iceape <unfixed> (low)
	- firefox <removed> (low)
	- mozilla <removed> (low)
	- xulrunner <unfixed> (low)
CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote ...)
	- kdebase <unfixed> (low)
CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in ...)
	NOT-FOR-US: phpWebThings
CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows ...)
	- wordpress 2.2.1-1 (bug #428073)
CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in ...)
	NOT-FOR-US: WmsCMS
CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php in ...)
	NOT-FOR-US: newsSync
CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom ...)
	NOT-FOR-US: Atom Photoblog
CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Atom PhotoBlog
CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 ...)
	NOT-FOR-US: W1L3D4
CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in Light ...)
	NOT-FOR-US: Light Blog
CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the OpenWiki ...)
	NOT-FOR-US: OpenWiki
CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News ...)
	NOT-FOR-US: Utopia News Pro
CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when ...)
	NOT-FOR-US: WSPortal
CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...)
	NOT-FOR-US: WSPortal
CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...)
	- gimp <unfixed> (unimportant)
CVE-2007-3125
	REJECTED
	NOTE: Duplicate of CVE-2006-6772
CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...)
	NOT-FOR-US: FreeVMS
CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
	{DSA-1320-1}
	- clamav 0.90.3-1
CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
	{DSA-1320-1}
	- clamav 0.90.3-1
CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the ...)
	- zvbi 0.2.25-1 (bug #429221)
CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi ...)
	NOT-FOR-US: Kartli Alisveris Sistemi
CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter ...)
	NOT-FOR-US: Kravchuk letter
CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 ...)
	NOT-FOR-US: ADPLAN
CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows ...)
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, ...)
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x ...)
	{DSA-1319-1}
	- maradns 1.2.12.05-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
	- cacti <unfixed> (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3112 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
	- cacti <unfixed> (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ...)
	NOT-FOR-US: Provideo Camimage
CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 ...)
	NOT-FOR-US: Andy Frank Beatnik
CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage ...)
	NOT-FOR-US: Microsoft FrontPage
CVE-2007-3108
	RESERVED
CVE-2007-3107
	RESERVED
CVE-2007-3106
	RESERVED
CVE-2007-3105
	RESERVED
CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat Enterprise ...)
	TODO: check
CVE-2007-3103
	RESERVED
CVE-2007-3102
	RESERVED
CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...)
	NOT-FOR-US: Apache MyFaces Tomahawk
CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (low; bug #429225)
CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (medium; bug #429225)
CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers ...)
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL) ...)
	NOT-FOR-US: PBLang (PBL)
CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and ...)
	NOT-FOR-US: Symantec Reporting Server
CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in Solaris ...)
	NOT-FOR-US: Solaris Management Console
CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris ...)
	NOT-FOR-US: Solaris Management Console
CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof the URL ...)
	NOT-FOR-US: MSIE6
CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in ...)
	- iceweasel <unfixed> (medium)
	- iceape <unfixed> (medium)
	- firefox <removed> (medium)
	- mozilla <removed> (medium)
	- xulrunner <unfixed> (medium)
CVE-2007-3089 (Mozilla Firefox does not prevent use of document.write to replace an ...)
	- iceweasel <unfixed> (low)
	- iceape <unfixed> (low)
	- firefox <removed> (low)
	- mozilla <removed> (low)
	- xulrunner <unfixed> (low)
CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote ...)
	NOT-FOR-US: Comicsense
CVE-2007-3087 (Peercast places a cleartext password in a query string, which might ...)
	NOT-FOR-US: PeerCast
CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall PRO ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite allow ...)
	NOT-FOR-US: PBSite
CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with ...)
	NOT-FOR-US: Z-Blog
CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...)
	NOT-FOR-US: Sendcard
CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php in ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly ...)
	NOT-FOR-US: Hunkaray Okul Portaly
CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to ...)
	NOT-FOR-US: EQdkp
CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before ...)
	NOT-FOR-US: Aigaion
CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and ...)
	NOT-FOR-US: EQdkp
CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read ...)
	- iceweasel <unfixed> (low)
	- iceape <unfixed> (low)
	- firefox <removed> (low)
	- mozilla <removed> (low)
	- xulrunner <unfixed> (low)
CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...)
	TODO: check
CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...)
	- iceweasel <not-affected>
	NOTE: Windows only
CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...)
	NOT-FOR-US: eSellerate
CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...)
	NOT-FOR-US: BDigital Web Solutions WebStudio
CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional allows ...)
	NOT-FOR-US: DVD X Player
CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and Key ...)
	NOT-FOR-US: EQdkp
CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in php(Reactor) ...)
	NOT-FOR-US: IBM DB2
CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft Particle ...)
	NOT-FOR-US: Particle Gallery
CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My Databook ...)
	NOT-FOR-US: My Datebook
CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows remote ...)
	NOT-FOR-US: My Datebook
CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: Cactushop
CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SendCard
CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail ...)
	NOT-FOR-US: Madirish Webmail
CVE-2007-3057 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN ...)
	- websvn <unfixed> (low)
CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib ...)
	NOT-FOR-US: Codelib Linker
CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib ...)
	NOT-FOR-US: Codelib Linker
CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier ...)
	NOT-FOR-US: Calimero
CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i and ...)
	NOT-FOR-US: PostNuke
CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft ...)
	NOT-FOR-US: RevokeSoft RevokeBB
CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier allows ...)
	NOT-FOR-US: chameleon cms
CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in Buttercup web ...)
	NOT-FOR-US: Buttercup BWFM
CVE-2007-3048 (** DISPUTED ** ...)
	- screen <not-affected> (not reproducible)
CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator username ...)
	NOT-FOR-US: Vonage
CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex Library ...)
	NOT-FOR-US: Advanced Software Production Line Vortex Library
CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on ...)
	NOT-FOR-US: Hitachi TP1
CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi ...)
	NOT-FOR-US: Hitachi
CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows ...)
	NOT-FOR-US: Meneame
CVE-2007-3041
	RESERVED
CVE-2007-3040
	RESERVED
CVE-2007-3039
	RESERVED
CVE-2007-3038
	RESERVED
CVE-2007-3037
	RESERVED
CVE-2007-3036
	RESERVED
CVE-2007-3035
	RESERVED
CVE-2007-3034
	RESERVED
CVE-2007-3033
	RESERVED
CVE-2007-3032
	RESERVED
CVE-2007-3031
	RESERVED
CVE-2007-3030
	RESERVED
CVE-2007-3029
	RESERVED
CVE-2007-3028
	RESERVED
CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3026
	RESERVED
CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before ...)
	- clamav <not-affected> (Solaris-specific bug)
CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
	{DSA-1320-1}
	- clamav 0.90.3-1
CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not ...)
	{DSA-1320-1}
	- clamav 0.90.3-1
CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before ...)
	NOT-FOR-US: Symantec
CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before ...)
	NOT-FOR-US: Symantec
CVE-2007-3020
	RESERVED
CVE-2007-3019
	RESERVED
CVE-2007-3018
	RESERVED
CVE-2007-3017
	RESERVED
CVE-2007-3016
	RESERVED
CVE-2007-3015
	RESERVED
CVE-2007-3014
	RESERVED
CVE-2007-3013
	RESERVED
CVE-2007-3012
	RESERVED
CVE-2007-3011
	RESERVED
CVE-2007-3010
	RESERVED
CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...)
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has ...)
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode ...)
	- php5 5.2.3-1 (unimportant)
CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...)
	NOT-FOR-US: Acoustica MP3 CD Burner
CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment in JDK ...)
	- sun-java5 1.5.0-11-1 (low)
	- sun-java6 <unfixed> (low)
CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun Java ...)
	- sun-java5 1.5.0-11-1 (medium)
	- sun-java6 <unfixed> (medium)
CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...)
	NOT-FOR-US: myBloggie
CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in effect ...)
	NOT-FOR-US: Microsoft
CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS ...)
	NOT-FOR-US: OpenVMS
CVE-2007-2997 (** DISPUTED ** ...)
	NOT-FOR-US: SalesCart Shopping Cart
CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: IBM AIX
CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote ...)
	NOT-FOR-US: DGNews
CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in includes/send.inc.php in ...)
	NOT-FOR-US: Evenzia CMS
CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a logic ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a redirect to ...)
	NOT-FOR-US: Inout Meta Search Engine
CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in sasatl.dll in ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-2986 (PHP remote file inclusion vulnerability in lib/live_status.lib.php in ...)
	NOT-FOR-US: AdminBot
CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by setting ...)
	NOT-FOR-US: Pheap
CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology Group ...)
	NOT-FOR-US: Media Technology Group CDPass
CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications Business ...)
	NOT-FOR-US: British Telecommunications Business Connect
CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD Technologies ...)
	NOT-FOR-US: LeadTools
CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS ...)
	NOT-FOR-US: LeadTools
CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive ...)
	NOT-FOR-US: Techno Dreams Web Directory / Search Engine
CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier allows ...)
	NOT-FOR-US: eggblog
CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c in ...)
	NOT-FOR-US: DOMjudge
CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet ...)
	NOT-FOR-US: Centrinity
CVE-2007-2975 (Unspecified vulnerability in the built-in admin console in Ignite ...)
	NOT-FOR-US: Ignite Realtime
CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46 and ...)
	NOT-FOR-US: gCards
CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in ...)
	NOT-FOR-US: WAnewsletter
CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
	- webpy 0.210-1 (bug #427715; unimportant)
	NOTE: This is not a vulnerability, but an additional precaution function for
	NOTE: a development framework. If someone wants to have this updated in Etch, this
	NOTE: needs to go through a point update
CVE-2007-XXXX [dar choosing weak IV when encrypting]
	- dar 2.3.3-1 (bug #425335; low)
	[sarge] - dar <no-dsa> (minor issue)
	[etch] - dar <no-dsa> (minor issue)
CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...)
	NOT-FOR-US: F-Secure
CVE-2007-2966 (Buffer overflow in the LHA decompresion component in F-Secure ...)
	NOT-FOR-US: F-Secure
CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in ...)
	NOT-FOR-US: F-Secure
CVE-2007-2964 (The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and ...)
	NOT-FOR-US: F-Secure
CVE-2007-2963 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2962 (Cross-site scripting (XSS) vulnerability in search.php in Particle ...)
	NOT-FOR-US: Particle Gallery
CVE-2007-2961 (Unrestricted file upload vulnerability in FileCloset before 1.1.5 ...)
	NOT-FOR-US: FileCloset
CVE-2007-2960 (Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 ...)
	NOT-FOR-US: Scallywag
CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before ...)
	NOT-FOR-US: cpCommerce
CVE-2007-2958
	RESERVED
CVE-2007-2957
	RESERVED
CVE-2007-2956
	RESERVED
CVE-2007-2955
	RESERVED
CVE-2007-2954
	RESERVED
CVE-2007-2953
	RESERVED
CVE-2007-2952
	RESERVED
CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc ...)
	- kvirc <unfixed> (medium)
CVE-2007-2950
	RESERVED
CVE-2007-2949
	RESERVED
CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in ...)
	{DSA-1313-1}
	- mplayer 1.0~rc1-14
CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha ...)
	NOT-FOR-US: OpenBASE Alpha
CVE-2007-2946 (Buffer overflow in a certain ActiveX control in LeadTools Raster ...)
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2945 (RMForum stores sensitive information under the web root with ...)
	NOT-FOR-US: RMForum
CVE-2007-2944 (WabCMS 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: WabCMS
CVE-2007-2943 (PHP remote file inclusion vulnerability in class/class.php in Webavis ...)
	NOT-FOR-US: Webavis
CVE-2007-2942 (SQL injection vulnerability in user.php in My Little Forum 1.7 and ...)
	NOT-FOR-US: My Little Forum
CVE-2007-2941 (Multiple PHP remote file inclusion vulnerabilities in the creator in ...)
	NOT-FOR-US: vBulletin Google Yahoo Site Map
CVE-2007-2940 (Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 ...)
	NOT-FOR-US: FlaP
CVE-2007-2939 (Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat ...)
	NOT-FOR-US: Mazen's PHP Chat
CVE-2007-2938 (Buffer overflow in the BaseRunner ActiveX control in the Ademco ...)
	NOT-FOR-US: BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module
CVE-2007-2937 (PHP remote file inclusion vulnerability in admin/admin.php in TROforum ...)
	NOT-FOR-US: TROforum
CVE-2007-2936 (Multiple PHP remote file inclusion vulnerabilities in Frequency Clock ...)
	NOT-FOR-US: Frequency Clock
CVE-2007-2935 (core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows ...)
	NOT-FOR-US: Fundanemt
CVE-2007-2934 (Directory traversal vulnerability in skins/common.css.php in Vistered ...)
	NOT-FOR-US: Vistered Little
CVE-2007-2933 (SQL injection vulnerability in index.php in the Phil-a-Form ...)
	NOT-FOR-US: Phil-a-Form
CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in BoastMachine ...)
	NOT-FOR-US: BoastMachine
CVE-2007-2931
	RESERVED
CVE-2007-2930
	RESERVED
CVE-2007-2929
	RESERVED
CVE-2007-2928
	RESERVED
CVE-2007-2927
	RESERVED
CVE-2007-2926
	RESERVED
CVE-2007-2925
	RESERVED
CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX ...)
	TODO: check
CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in ...)
	TODO: check
CVE-2007-2922
	RESERVED
CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx ...)
	NOT-FOR-US: Corel
CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX ...)
	NOT-FOR-US: Zoomify Viewer
CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading ActiveX ...)
	NOT-FOR-US: FViewerLoading
CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in ...)
	NOT-FOR-US: Logitech
CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in odapi.dll in ...)
	NOT-FOR-US: Authentium
CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music ...)
	NOT-FOR-US: GMTT Music Distro
CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows ...)
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2914 (Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats ...)
	NOT-FOR-US: PsychoStats
CVE-2007-2913 (Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 ...)
	NOT-FOR-US: ClonusWiki
CVE-2007-2912 (Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2911 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2910 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Java Embedding Plugin for Mac OS X
CVE-2007-2905 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...)
	NOT-FOR-US: 2z Project
CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office 2000 ...)
	NOT-FOR-US: Microsoft Office ActiveX control 
CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in Dokeos ...)
	NOT-FOR-US: Dokeos
CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 ...)
	NOT-FOR-US: Dokeos
CVE-2007-2900 (Multiple PHP remote file inclusion vulnerabilities in Scallywag ...)
	NOT-FOR-US: Scallywag
CVE-2007-2899 (Direct static code injection vulnerability in admin_config.php in ...)
	NOT-FOR-US: Navboard
CVE-2007-2898 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...)
	NOT-FOR-US: 2z Project
CVE-2007-2897 (Microsoft Internet Information Services (IIS) 6.0 allows remote ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-2896 (Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 ...)
	NOT-FOR-US: Symantec
CVE-2007-2895 (Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 ...)
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2894 (The emulated floppy disk controller in Bochs 2.3 allows local users of ...)
	- bochs <unfixed> (unimportant)
CVE-2007-2893 (Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in ...)
	- bochs <unfixed> (low; bug #427144)
CVE-2007-2892 (Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 ...)
	NOT-FOR-US: ASP-Nuke
CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 ...)
	NOT-FOR-US: FirmWorX
CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0 and ...)
	NOT-FOR-US: cpCommerce
CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 ...)
	NOT-FOR-US: Dokeos
CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows ...)
	NOT-FOR-US: UltraISO
CVE-2007-2887 (Cross-site scripting (XSS) vulnerability in index.php in Web Icerik ...)
	NOT-FOR-US: WIYS
CVE-2007-2886 (Unspecified vulnerability in the Nortel CS 1000 M media card in ...)
	NOT-FOR-US: Nortel
CVE-2007-2885 (The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in ...)
	NOT-FOR-US: Microsoft Visual Database Tools
CVE-2007-2884 (Multiple stack-based buffer overflows in Microsoft Visual Basic 6 ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-2883 (Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier ...)
	NOT-FOR-US: Credant
CVE-2007-2882 (Unspecified vulnerability in the NFS client module in Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2881 (Multiple stack-based buffer overflows in the SOCKS proxy support ...)
	NOT-FOR-US: Sun Java Web Proxy Server
CVE-2007-2880 (Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 ...)
	NOT-FOR-US: Digirez
CVE-2007-2879 (Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk ...)
	NOT-FOR-US: GNUTurk
CVE-2007-2878 (The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run ...)
	- linux-2.6 2.6.21-3
CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 ...)
	NOTE: Not a security issue; Windows-only anyway.
CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) ...)
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux ...)
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2874
	RESERVED
CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as ...)
	- spamassassin 3.2.1-1 (low)
CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...)
	- php5 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
	NOTE: Fix from 5.2.3 was ineffective
CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1}
	NOTE: MFSA2007-17
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	- firefox <removed> (low)
	- mozilla <removed> (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1}
	NOTE: MFSA2007-16
	- iceweasel 2.0.0.4-1 (medium)
	- iceape 1.1.2-1 (medium)
	- firefox <removed> (medium)
	- mozilla <removed> (medium)
	- xulrunner 1.8.1.4-1 (medium)
CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before ...)
	{DSA-1308-1 DSA-1306-1}
	NOTE: MFSA2007-13
	- iceweasel 2.0.0.4-1 (unimportant)
	- iceape 1.1.2-1 (unimportant)
	- firefox <removed> (unimportant)
	- mozilla <removed> (unimportant)
	- xulrunner 1.8.1.4-1 (unimportant)
CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox ...)
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- thunderbird <removed> (low)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <unfixed> (low)
CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox ...)
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- thunderbird <removed> (low)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <unfixed> (low)
CVE-2007-2866 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin ...)
	- phppgadmin 4.1.2-1 (low; bug #427151)
CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow ...)
	NOT-FOR-US: CubeCart
CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple ...)
	NOT-FOR-US: SAXON
CVE-2007-2860 (user.php in BoastMachine 3.0 platinum allows remote authenticated ...)
	NOT-FOR-US: BoastMachine
CVE-2007-2859 (Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 ...)
	NOT-FOR-US: SimpGB
CVE-2007-2858 (SQL injection vulnerability in the IP-Search functionality in the ...)
	NOT-FOR-US: IP-Tracking Mod for phpBB
CVE-2007-2857 (PHP remote file inclusion vulnerability in sample/xls2mysql in ABC ...)
	NOT-FOR-US: ABC Excel Parser Pro
CVE-2007-2856 (Buffer overflow in the Dart Communications PowerTCP ZIP Compression ...)
	NOT-FOR-US: Dart Communications PowerTCP
CVE-2007-2855 (Buffer overflow in a certain ActiveX control in DartZipLite.dll ...)
	NOT-FOR-US: Dart ZipLite
CVE-2007-2854 (Multiple SQL injection vulnerabilities in account_change.php in ...)
	NOT-FOR-US: BtiTracker
CVE-2007-2853 (The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD ...)
	NOT-FOR-US: Virtual CD
CVE-2007-2852 (Multiple stack-based buffer overflows in ESET NOD32 Antivirus before ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-2851 (A certain ActiveX control in LeadTools Raster Variant Object Library ...)
	NOT-FOR-US: LeadTools
CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame Presentation ...)
	NOT-FOR-US: Citrix
CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) ...)
	- knowledgetree <unfixed>
	TODO: file bug
CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the shComboBox ...)
	NOT-FOR-US: Sky Software
CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in ...)
	NOT-FOR-US: HLstats
CVE-2007-2846 (Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus ...)
	NOT-FOR-US: Avast
CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus ...)
	NOT-FOR-US: Avast
CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...)
	- php5 <not-affected> (Multi-threaded operation nut supported in Debian)
	- php4 <not-affected> (Multi-threaded operation nut supported in Debian)
CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote ...)
	NOT-FOR-US: Apple Safari
	NOTE: Does not seem to work with Konqueror.
CVE-2007-2842
	RESERVED
CVE-2007-2841
	RESERVED
CVE-2007-2840
	RESERVED
CVE-2007-2839
	RESERVED
CVE-2007-2838
	RESERVED
CVE-2007-2837
	RESERVED
CVE-2007-2836 [hiki file deletion vulnerability]
	RESERVED
	- hiki 0.8.7-1 (bug #430691; medium)
CVE-2007-2835
	RESERVED
CVE-2007-2834
	RESERVED
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service ...)
	{DSA-1316-1}
	- emacs21 <unfixed> (bug #408929; low)
	- emacs-snapshot <unfixed>
CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application ...)
	NOT-FOR-US: Cisco
CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ...)
	- madwifi 1:0.9.3-2 (high; bug #425738)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 ...)
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in MadWifi ...)
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2007-2828 (Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php ...)
	NOT-FOR-US: AdSense-Deluxe
CVE-2007-2827 (Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX ...)
	NOT-FOR-US: LeadTools
CVE-2007-2826 (PHP remote file inclusion vulnerability in lib/addressbook.php in ...)
	NOT-FOR-US: Madirish Webmail
CVE-2007-2825 (Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in ...)
	NOT-FOR-US: @Mail
CVE-2007-2824 (SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-2823 (Multiple buffer overflows in HT Editor before 2.0.6 might allow remote ...)
	NOT-FOR-US: HT Editor
CVE-2007-2822 (TutorialCMS 1.01 and earlier, when register_globals is enabled, allows ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress ...)
	- wordpress 2.2-1 (high)
CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX ...)
	NOT-FOR-US: KSign
CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ ...)
	NOT-FOR-US: Track+
CVE-2007-2818 (Cross-site scripting (XSS) vulnerability in cand_login.asp in ...)
	NOT-FOR-US: Parodia
CVE-2007-2817 (SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 ...)
	NOT-FOR-US: ol'bookmarks
CVE-2007-2816 (Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks ...)
	NOT-FOR-US: ol'bookmarks
CVE-2007-2815 (The &quot;hit-highlighting&quot; functionality in webhits.dll in Microsoft ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-2814 (Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX ...)
	NOT-FOR-US: Pegasus ImagN'
CVE-2007-2813 (Cisco IOS 12.4 and earlier, when using the crypto packages and SSL ...)
	NOT-FOR-US: Cisco
CVE-2007-2812 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...)
	NOT-FOR-US: HLstats
CVE-2007-2811 (Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and ...)
	NOT-FOR-US: OSK Advance-Flow
CVE-2007-2810 (SQL injection vulnerability in down_indir.asp in Gazi Download Portal ...)
	NOT-FOR-US: Gazi Download Portal
CVE-2007-2809 (Buffer overflow in the transfer manager in Opera before 9.21 for ...)
	NOT-FOR-US: Opera
CVE-2007-2808 (Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb ...)
	- gnatsweb <unfixed> (low; bug #427156)
CVE-2007-2807 (Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop ...)
	- eggdrop <unfixed> (medium; bug #427157)
CVE-2007-2806 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: GaliX
CVE-2007-2805 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: ClientExec
CVE-2007-2804 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: CandyPress Store
CVE-2007-2803 (SQL injection vulnerability in default.asp in Vizayn Urun Tanitim ...)
	NOT-FOR-US: Vizayn Urun Tanitim Sitesi
CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in ...)
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2801
	RESERVED
CVE-2007-2800
	RESERVED
CVE-2007-2799 (Integer overflow in the &quot;file&quot; program 4.20, when running on 32-bit ...)
	- file 4.21-1 (medium)	
CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in ...)
	- krb5 1.6.dfsg.1-5 (high; bug #430785)
CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7]
	- mantis 1.0.7+dfsg-1
	NOTE: "email notifications bypass security on custom fields" and "XSS vulnerabilities"
CVE-2007-XXXX [NTFS driver for FUSE unspecified issue]
	- ntfs-3g 1:1.516-1
	NOTE: local root exploit
CVE-2007-2797 [xterm world-writable tty]
	RESERVED
	- xterm <not-affected> (Debian uses safe compile-time settings)
CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Arris Cadant
CVE-2007-2795
	RESERVED
CVE-2007-2794
	RESERVED
CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...)
	- geeklog <itp> (bug #203818)
CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4 beta ...)
	NOT-FOR-US: com_yanc for Mambo
	NOTE: com_yanc component not in Mambo Debian package
CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...)
	NOT-FOR-US: HP Tru64
CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before ...)
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #422403)
CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java ...)
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #422403)
CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) ...)
	NOT-FOR-US: LeadTools Raster Thumbnail Object Library
CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote ...)
	NOT-FOR-US: ircd-ratbox
CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to ...)
	NOT-FOR-US: eSyndiCat Pro
CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit ...)
	- globus <itp> (bug #142932)
CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 ...)
	NOT-FOR-US: Rational Soft Hidden Administrator
CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WikyBlog
CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: PsychoStats
CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in ...)
	NOT-FOR-US: Libstats
CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 ...)
	NOT-FOR-US: MolyX BOARD
CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but ...)
	NOT-FOR-US: AlstraSoft Live Support
CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...)
	NOT-FOR-US: SunLight CMS
CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...)
	NOT-FOR-US: Zomplog
CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and ...)
	NOT-FOR-US: CA BrightStor Backup
CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG ...)
	NOT-FOR-US: LeadTools JPEG 2000
CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...)
	NOT-FOR-US: Eudora
CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...)
	- openssh <unfixed> (low)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a plaintext ...)
	- backup-manager <unfixed> (low)
	[sarge] - backup-manager <no-dsa> (Minor issue)
	[etch] - backup-manager <no-dsa> (Minor issue)
CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse ...)
	NOT-FOR-US: BlockHosts
CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches ...)
	NOT-FOR-US: Sun-Brocade SilkWorm
CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast ...)
	NOT-FOR-US: Build it Fast
CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier ...)
	NOT-FOR-US: MagicISO
CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before 3.1.6 ...)
	NOT-FOR-US: Adempiere
CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function in the ...)
	NOT-FOR-US: Adempiere
CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted ...)
	NOT-FOR-US: WinImage
CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...)
	NOT-FOR-US: Redoable
CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...)
	- libgd <unfixed> (bug #426099; low)
	- libgd2 <unfixed> (bug #426100; low)
	NOTE: http://bugs.libgd.org/?do=details&task_id=86
CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...)
	{DSA-1302-1}
	- freetype 2.2.1-6 (bug #425625)
CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the ...)
	NOT-FOR-US: RunawaySoft
CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber portal ...)
	NOT-FOR-US: RunawaySoft
CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 ...)
	NOT-FOR-US: PHPGlossar
CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01 and ...)
	NOT-FOR-US: SimpNews
CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and ...)
	NOT-FOR-US: FAQEngine
CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows ...)
	- php4 <not-affected> (Debian shipped the correct fix from the beginning)
	- php5 <not-affected> (Debian shipped the correct fix from the beginning)
CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...)
	NOT-FOR-US: rdiffWeb
CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk ...)
	NOT-FOR-US: vDesk Webmail
CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in ...)
	NOT-FOR-US: GlossWord
CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 ...)
	NOT-FOR-US: w2box
CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows ...)
	- lcms 1.15-1 (medium)
CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...)
	- php-xajax 0.2.5-1 (bug #426103; low)
CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows ...)
	- php-xajax 0.2.5-1 (bug #426103; low)
CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 ...)
	NOT-FOR-US: Glossaire for Xoops
CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 ...)
	NOT-FOR-US: MyConference for Xoops
CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 ...)
	NOT-FOR-US: Achievo
CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 ...)
	NOT-FOR-US: ResManager for Xoops
CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width ...)
	NOT-FOR-US: 3Com TippingPoint IPS
CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...)
	NOT-FOR-US: Comodo Personal Firewall
CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...)
	- php5 5.2.3-1 (low)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php4 <not-affected> (no soap functions in php4)
CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php5 5.2.2-1 (low)
	NOTE: Code not present in PHP 4.
CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BitsCast
CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control ...)
	NOT-FOR-US: DeWizardX
CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog ...)
	NOT-FOR-US: fotolog
CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote attackers to ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers ...)
	NOT-FOR-US: NewzCrawler
CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer ...)
	- jasper <unfixed> (medium; bug #413033)
CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...)
	NOT-FOR-US: Group-Office
CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system in ...)
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 ...)
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c ...)
	NOT-FOR-US: EQdkp
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to ...)
	NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...)
	NOT-FOR-US: Akismet
CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when ...)
	NOT-FOR-US: iFdate
CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows ...)
	NOT-FOR-US: TinyIdentD
CVE-2007-2710 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2709 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in Feindt ...)
	NOT-FOR-US: News-Script
CVE-2007-2707 (PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php ...)
	NOT-FOR-US: Linksnet Newsfeed
CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media ...)
	NOT-FOR-US: Geeklog
CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in BEA ...)
	NOT-FOR-US: BEA WebLogic Integration
CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2700 (The WLST script generated by the configToScript command in BEA ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic Server ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic Server ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic 
CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without SELECT ...)
	- mysql-dfsg-5.0 <not-affected> (bug #424778)
	[sarge] - mysql-dfsg-4.1 <not-affected> (bug #424830)
	[sarge] - mysql-dfsg <not-affected>
CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x ...)
	- mysql-dfsg-5.0 <unfixed> (bug #424778)
	[sarge] - mysql-dfsg-4.1 <unfixed> (bug #424830)
	[sarge] - mysql-dfsg <not-affected>
	NOTE: the CVE says it's fixed in 5.0.40, but 5.0.41 is vulnerable
	NOTE: http://bugs.mysql.com/bug.php?id=28499
CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does ...)
	- mysql-dfsg-5.0 5.0.41a-1 (bug #424778)
	[sarge] - mysql-dfsg-4.1 <unfixed> (bug #424830)
	[sarge] - mysql-dfsg <not-affected>
CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, and M ...)
	NOT-FOR-US: ISS
CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain ...)
	NOT-FOR-US: Check Point
CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS ...)
	NOT-FOR-US: Cisco
CVE-2007-2687 (Stack-based buffer overflow in the MicroWorld Agent service ...)
	NOT-FOR-US: MicroWorld
CVE-2007-2686 (Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to execute ...)
	- mutt <unfixed> (low; bug #426116)
CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as ...)
	NOT-FOR-US: Adobe
CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution ...)
	- b2evolution <unfixed> (unimportant)
	NOTE: This is a register_globals=on issue.
	NOTE: More than just blogs/index.php is affected (that file isn't
	NOTE: installed by the Debian package).
CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Canon
CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery ...)
	NOT-FOR-US: Simple PHP Scripts
CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in Netsprint ...)
	NOT-FOR-US: Netsprint
CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess ...)
	NOT-FOR-US: phpChess
CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in Open ...)
	NOT-FOR-US: Open Translation Engine
CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings ...)
	NOT-FOR-US: Pre Classifieds Listings
CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2007-2673 (SQL injection vulnerability in censura.php in Censura 1.15.04 allows ...)
	NOT-FOR-US: Censura
CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...)
	NOT-FOR-US: PHP Coupon Script
CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: PHPChain
CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 ...)
	NOT-FOR-US: PHPChain
CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to ...)
	NOT-FOR-US: webdesproxy
CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...)
	NOT-FOR-US: VImpX
CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla ...)
	NOT-FOR-US: notepad++
CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost ...)
	NOT-FOR-US: PhpFirstPost
CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php in Yaap ...)
	NOT-FOR-US: Yaap
CVE-2007-2663 (PHP remote file inclusion vulnerability in language/1/splash.lang.php ...)
	NOT-FOR-US: Beacon
CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote ...)
	NOT-FOR-US: EfesTECH
CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows ...)
	NOT-FOR-US: BlogMe
CVE-2007-2660 (** DISPUTED ** ...)
	NOT-FOR-US: PhpConcept
CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ...)
	NOT-FOR-US: ID Automation
CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ...)
	NOT-FOR-US: HP
CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before ...)
	NOT-FOR-US: NetWin
CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure ...)
	- xfsdump 2.2.45-1 (bug #417894; low)
CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has ...)
	NOT-FOR-US: This is bogus, the annoucement refers to the recently discovered modelines issues	
CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...)
	NOT-FOR-US: Free-SA
CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow ...)
	NOT-FOR-US: VooDoo cIRCle
CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...)
	{DSA-1320-1}
	- clamav 0.90.2-1
CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for ...)
	NOT-FOR-US: Speedport W 700v
CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 ...)
	NOT-FOR-US: Clever Database Comparer
CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php ...)
	NOT-FOR-US: MonAlbum
CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted ...)
	NOT-FOR-US: yEnc32
CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in ...)
	- libexif 0.6.15-1 (bug #424775)
CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX Professional ...)
	NOT-FOR-US: Morovia
CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow Designs ...)
	NOT-FOR-US: maGAZIn
CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 ...)
	NOT-FOR-US: R2K Gallery
CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard ...)
	NOT-FOR-US: W1L3D4
CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid &quot;trivial ...)
	NOT-FOR-US: LibTMCG
CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote ...)
	NOT-FOR-US: TFTPDWIN
CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: eFileCabinet
CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for calendars ...)
	- moin 1.5.7-2 (low)
CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote ...)
	NOT-FOR-US: phpTodo
CVE-2007-2635 (Unspecified vulnerability in Interchange before 5.4.2 allows remote ...)
	- interchange 5.4.2-1 (low)
CVE-2007-2634 (PHP remote file inclusion vulnerability in common/errormsg.php in ...)
	NOT-FOR-US: aForum
CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows ...)
	NOT-FOR-US: H-Sphere
CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User ...)
	NOT-FOR-US: phpMUR
CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail ...)
	- squirrelmail 2:1.4.10a-1 (low)
	NOTE: this is likely a duplicate of CVE-2007-2589
CVE-2007-2630 (Incomplete blacklist vulnerability in ...)
	NOT-FOR-US: ActiveCampaign products
CVE-2007-2629 (Bradford CampusManager Network Control Application Server 3.1(6) ...)
	NOT-FOR-US: Bradford
CVE-2007-2628 (PHP remote file inclusion vulnerability in include/logout.php in ...)
	NOT-FOR-US: PHPSecurityAdmin
CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...)
	- wordpress <unfixed> (low)
CVE-2007-2626 (** DISPUTED ** ...)
	NOT-FOR-US: SchoolBoard
CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2624 (Dynamic variable evaluation vulnerability in ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2623 (Multiple buffer overflows in RControl.dll in Remote Display Dev kit ...)
	NOT-FOR-US: Remote Display Dev kit
CVE-2007-2622 (Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier ...)
	NOT-FOR-US: TaskDriver
CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 ...)
	NOT-FOR-US: Thyme Calendar
CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub ...)
	NOT-FOR-US: Jakub Steiner (aka jimmac) original 
CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows ...)
	NOT-FOR-US: Drake CMS
CVE-2007-2617 (srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2616 (Stack-based buffer overflow in the SSL version of the NMDMC.EXE ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-2615 (Multiple PHP remote file inclusion vulnerabilities in Crie seu ...)
	NOT-FOR-US: PHPLojaFacil
CVE-2007-2614 (PHP remote file inclusion vulnerability in examples/widget8.php in ...)
	NOT-FOR-US: phpHtmlLib
CVE-2007-2613 (WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2612 (SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2611 (Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 ...)
	NOT-FOR-US: CGX
CVE-2007-2610 (Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and ...)
	NOT-FOR-US: OpenLD
CVE-2007-2609 (Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 ...)
	NOT-FOR-US: gnuedu
CVE-2007-2608 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Miplex2
CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...)
	NOT-FOR-US: LaVague
CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...)
	- firebird2 <unfixed> (low)
CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...)
	NOT-FOR-US: Brujula Toolbar
CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows ...)
	NOT-FOR-US: FlexLabel
CVE-2007-2603 (Unspecified vulnerability in the Init function in the Audio CD Ripper ...)
	NOT-FOR-US: Audio CD Ripper
CVE-2007-2602 (Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2007-2601 (Buffer overflow in a certain ActiveX control in the GDivX Zenith ...)
	NOT-FOR-US: GDivX Zenith Player
CVE-2007-2600 (Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2599 (Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2598 (SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2007-2597 (Multiple PHP remote file inclusion vulnerabilities in telltarget CMS ...)
	NOT-FOR-US: telltarget CMS
CVE-2007-2596 (PHP remote file inclusion vulnerability in common/func.php in aForum ...)
	NOT-FOR-US: aForum
CVE-2007-2595 (RSAuction 2.73.1.3 allows remote authenticated users to move their own ...)
	NOT-FOR-US: RSAuction
CVE-2007-2594 (PHP remote file inclusion vulnerability in inc/articles.inc.php in ...)
	NOT-FOR-US: phpMyPortal
CVE-2007-2593 (The Terminal Server in Microsoft Windows 2003 Server, when using TLS, ...)
	NOT-FOR-US: Microsoft
CVE-2007-2592 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia ...)
	NOT-FOR-US: Nokia
CVE-2007-2591 (usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, ...)
	NOT-FOR-US: Nokia
CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, ...)
	NOT-FOR-US: Nokia
CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
	- squirrelmail 2:1.4.10a-1 (low)
CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control ...)
	NOT-FOR-US: Office Viewer OCX ActiveX
CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2007-2586 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 does not properly ...)
	NOT-FOR-US: Cisco
CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the BarCodeWiz ...)
	NOT-FOR-US: BarCodeWiz ActiveX control
CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the ...)
	NOT-FOR-US: Subscription Manager ActiveX control
CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before ...)
	- mysql-dfsg-5.0 <unfixed> (low)
	NOTE: http://bugs.mysql.com/bug.php?id=27513
CVE-2007-2582 (Unspecified vulnerability in the DB2 JDBC Applet Server (DB2JDS) ...)
	NOT-FOR-US: IBM DB2
CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to obtain ...)
	NOT-FOR-US: Safari
CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 ...)
	NOT-FOR-US: ACP3
CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php in ...)
	NOT-FOR-US: ACP3
CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote ...)
	NOT-FOR-US: ACP3
CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ...)
	NOT-FOR-US: advdaudio.ocx ActiveX control
CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the vm ...)
	NOT-FOR-US: vm watermark 0.4.1 mod for Gallery
CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel Weblog ...)
	NOT-FOR-US: Archangel Weblog
CVE-2007-2573 (PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in ...)
	NOT-FOR-US: PHPtree
CVE-2007-2572 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NoAh (aka PHP Content Architect, phparch)
CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0 module ...)
	NOT-FOR-US: wfquotes module for XOOPS
CVE-2007-2570 (PHP remote file inclusion vulnerability in handlers/page/show.php in ...)
	NOT-FOR-US: Wikivi5
CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 ...)
	NOT-FOR-US: Friendly
CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow ...)
	NOT-FOR-US: VCDGear
CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote attackers ...)
	NOT-FOR-US: Cdelia Software ImageProcessing
CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital Music ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ...)
	NOT-FOR-US: VersalSoft HTTP File Upload ActiveX control
CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako eSupport
CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote ...)
	NOT-FOR-US: fipsCMS
CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 ...)
	NOT-FOR-US: ACGVannu
CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american cart ...)
	NOT-FOR-US: american cart
CVE-2007-2558 (** DISPUTED ** ...)
	NOT-FOR-US: pfa CMS
CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, ...)
	NOT-FOR-US: Mambo
CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote ...)
	NOT-FOR-US: Nuked-klaN
CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows remote ...)
	NOT-FOR-US: Podium CMS
CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank ...)
	NOT-FOR-US: Newspower
CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 ...)
	NOT-FOR-US: CubeCart
CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools SunShop ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 ...)
	NOT-FOR-US: SMF
CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism CMS ...)
	NOT-FOR-US: Persism
CVE-2007-2544 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: TopTree BBS
CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1 module ...)
	NOT-FOR-US: XOOPS
CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in workbench ...)
	NOT-FOR-US: workbench survival guide
CVE-2007-2541 (PHP remote file inclusion vulnerability in includes/ajax_listado.php ...)
	NOT-FOR-US: Versado
CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and ...)
	NOT-FOR-US: PMECMS
CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows remote ...)
	NOT-FOR-US: RunCms
CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in RunCms ...)
	NOT-FOR-US: RunCms
CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 ...)
	NOT-FOR-US: NPDS
CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service (infinite ...)
	NOT-FOR-US: Picozip
CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service (infinite ...)
	NOT-FOR-US: WinAce
CVE-2007-2534 (** DISPUTED ** ...)
	NOT-FOR-US: phpHoo3
CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58 before ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen ...)
	NOT-FOR-US: Minh Nguyen Duong Obie Website Mini Web Shop
CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php in ...)
	NOT-FOR-US: Berylium2
CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm ...)
	NOT-FOR-US: Tropicalm
CVE-2007-2529 (Integer signedness error in the acl (facl) system call in Solaris 10 ...)
	NOT-FOR-US: Solaris 10
CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD ...)
	NOT-FOR-US: DynamicPAD
CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC ...)
	NOT-FOR-US: VNC Viewer ActiveX control
CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in ...)
	- linux-2.6 <unfixed>
CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open ...)
	{DSA-1298-1}
	- otrs2 2.1.1-1 (bug #423524)
	NOTE: 2.1 and 2.2 are not affected, so recording earliest 2.1 version as fix
CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! 2.2.6 ...)
	NOT-FOR-US: E-GADS!
CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when ...)
	NOT-FOR-US: MyNews
CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...)
	TODO: check
CVE-2007-2518
	REJECTED
CVE-2007-2517
	RESERVED
CVE-2007-2516
	RESERVED
CVE-2007-2515
	RESERVED
CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple ...)
	NOT-FOR-US: Symantec
CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP ...)
	{DTSA-39-1}
	- php5 5.2.2-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before ...)
	{DSA-1295-1 DTSA-39-1}
	- php5 5.2.2-1 (low)
CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before ...)
	{DSA-1296-1 DSA-1295-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.2-1 (low)
	- php4 4.4.7-1 (low)
CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect ...)
	NOT-FOR-US: Trend Micro
CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble ...)
	NOT-FOR-US: Treble Designs 1024 CMS
CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and ...)
	NOT-FOR-US: OpenEdge WebSpeed
CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 ...)
	NOT-FOR-US: MailCOPA
CVE-2007-2504 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Turbulence
CVE-2007-2503 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Turbulence
CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with ...)
	NOT-FOR-US: HP ProCurve 9300m Series switches
CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before ...)
	NOT-FOR-US: CodePress
CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash ...)
	- gnash 0.7.2+cvs20070518.1557-1 (bug #423433)
CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and ...)
	NOT-FOR-US: DVDdb
CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote ...)
	NOT-FOR-US: Winamp
CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a ...)
	NOT-FOR-US: RealPlayer
	NOTE: helix-player not affected
CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote ...)
	NOT-FOR-US: WordViewer.ocx
CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control ...)
	NOT-FOR-US: ExcelViewer .ocx
CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX ...)
	NOT-FOR-US: PowerPointViewer .ocx
CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ &amp; RULES ...)
	NOT-FOR-US: FAQ & RULES module for mxBB
CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for ...)
	NOT-FOR-US: v4bJournal module for PostNuke
CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation ...)
	NOT-FOR-US: EMC VMware
CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows ...)
	NOT-FOR-US: LiveData Server
CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and ...)
	NOT-FOR-US: LiveData Protocol Server
CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ...)
	NOT-FOR-US: AtomixMP3
CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and ...)
	NOT-FOR-US: Motobit
CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the ...)
	NOT-FOR-US: myflash plugin for WordPress
CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-XXXX [schroot may use outdated configuration information]
	- schroot <unfixed> (low; bug #422354)
	[etch] - schroot <not-affected> (Only exploitable in unstable)
CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does ...)
	- asterisk <unfixed> (low)
	NOTE: ASA-2007-013
CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel ...)
	- linux-2.6 <unfixed> (medium)
CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2477 (** DISPUTED ** ...)
	NOT-FOR-US: phpMyChat
CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before ...)
	NOT-FOR-US: Novell
CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell ...)
	NOT-FOR-US: Novell
CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 ...)
	NOT-FOR-US: CMS Made Simple
CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard ...)
	NOT-FOR-US: Sendcard
CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...)
	NOT-FOR-US: Sendcard
CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: FileRun
CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and earlier ...)
	NOT-FOR-US: FileRun
CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (SDK) ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and ...)
	NOT-FOR-US: Cisco
CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: FireFly
CVE-2007-2459 (Buffer overflow in the read_4bit_bmp function in bmp.c in Imager 0.56 ...)
	- libimager-perl 0.58-1 (medium; bug #421582)
	NOTE: http://rt.cpan.org/Ticket/Display.html?id=26811
CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2457 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 ...)
	NOT-FOR-US: FireFly
CVE-2007-2455 (Parallels allows local users to cause a denial of service (virtual ...)
	NOT-FOR-US: Parallels
CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows local ...)
	NOT-FOR-US: Parallels
CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13, and ...)
	- linux-2.6 2.6.21-5 (low)
CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in ...)
	- findutils 4.2.31-1 (low; bug #426862)
	[sarge] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue)
	[etch] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue)
CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES ...)
	- linux-2.6 2.6.21-3
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...)
	- tomcat4 <removed> (low)
	- tomcat5 <unfixed> (low)
	- tomcat5.5 <unfixed> (low)
CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP ...)
	- tomcat4 <removed> (low)
	- tomcat5 <unfixed> (low)
	- tomcat5.5 <unfixed> (low)
CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the &quot;partial ...)
	- subversion 1.4.4dfsg1-1 (bug #428194; low)
CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd in ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...)
	- libpng 1.2.15~beta5-2 (unimportant)
	- libpng3 <unfixed> (unimportant)
	NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far
CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1
CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in ...)
	- krb5 1.6.dfsg.1-5 (bug #430787; medium)
CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...)
	- krb5 1.6.dfsg.1-5 (bug #430787; high)
CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...)
	- vim <unfixed> (medium)
	NOTE: Exploitable through modelines.
CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, ...)
	- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
	NOTE: etch vulnerable (patch below applies)
	NOTE: git url to fix the issue 
	NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
	NOTE: Not considered a security problem, only exploitable by authenticated users
	NOTE: If an attacker convinces such a user to run his exploit code blindly she could
	NOTE: just as well provide a binary which does more harm
CVE-2007-2436
	REJECTED
	NOTE: duplicate of CVE-2007-1861
CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java ...)
	- sun-java5 1.5.0-11-1 (medium; bug #423062)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows ...)
	NOT-FOR-US: Aventail Connect
CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 ...)
	NOT-FOR-US: Ariadne
CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp in ...)
	NOT-FOR-US: Nukedit
CVE-2007-2431 (Dynamic variable evaluation vulnerability in ...)
	NOT-FOR-US: TCExam
CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote ...)
	NOT-FOR-US: TCExam
CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers to ...)
	NOT-FOR-US: ManageEngine PasswordManager Pro (PMP)
CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php in ...)
	NOT-FOR-US: Ahhp-Portal
CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...)
	NOT-FOR-US: pnFlashGames
CVE-2007-2426 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: myGallery
CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview 5.3 ...)
	NOT-FOR-US: Imageview
CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The ...)
	NOT-FOR-US: The Merchant
CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin ...)
	- moin 1.5.7-3 (medium; bug #422408)
CVE-2007-2422 (** DISPUTED ** ...)
	NOT-FOR-US: Comdev One Admin
CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...)
	NOT-FOR-US: Burak Yilmaz Blog
CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
	- tomcat5 <unfixed> (low)
	- tomcat5.5 <unfixed> (low)
	NOTE: SSO cookies sent over secure connections do not require
	NOTE: secure connections, possibly defeating HTTPS encryption.
	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in ...)
	NOT-FOR-US: Macrovision
CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2417
	RESERVED
CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...)
	NOT-FOR-US: E-Annu
CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Pi3Web Web Server
CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: MyServer
CVE-2007-2413 (Heap-based buffer overflow in Imager before 0.57 allows remote ...)
	- libimager-perl 0.58-1 (bug #421582)
CVE-2007-2412 (** DISPUTED ** ...)
	NOT-FOR-US: Seir Anphin
CVE-2007-2411 (** DISPUTED ** ...)
	NOT-FOR-US: Sphider
CVE-2007-2410
	RESERVED
CVE-2007-2409
	RESERVED
CVE-2007-2408
	RESERVED
CVE-2007-2407
	RESERVED
CVE-2007-2406
	RESERVED
CVE-2007-2405
	RESERVED
CVE-2007-2404
	RESERVED
CVE-2007-2403
	RESERVED
CVE-2007-2402
	RESERVED
CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, and ...)
	TODO: check
CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, ...)
	TODO: check
CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs an ...)
	TODO: check
CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2397
	RESERVED
CVE-2007-2396
	RESERVED
CVE-2007-2395
	RESERVED
CVE-2007-2394
	RESERVED
CVE-2007-2393
	RESERVED
CVE-2007-2392
	RESERVED
CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 ...)
	NOT-FOR-US: Apple
CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows ...)
	NOT-FOR-US: Apple
CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear ...)
	NOT-FOR-US: Apple
CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not ...)
	NOT-FOR-US: Apple
CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel ...)
	NOT-FOR-US: Apple
CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 ...)
	NOT-FOR-US: Apple mDNSResponder
CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...)
	TODO: check yui
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object ...)
	TODO: check glpi knowledgeroot mt-daapd op-panel python-webhelpers qwik rails wordpress
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2383 (The Prototype (prototypejs) framework exchanges data using JavaScript ...)
	TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel poker-web python-webhelpers qwik rails wordpress 
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: Moo.fx framework
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...)
	TODO: check python-paste
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
	NOT-FOR-US: Microsoft Atlas
CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: jQuery framework
CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
	NOT-FOR-US: Google Web Toolkit (GWT)
CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...)
	NOT-FOR-US: Getahead Direct Web Remoting
CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: Dojo
CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security ...)
	NOT-FOR-US: Symantec
CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server ...)
	NOT-FOR-US: Microsoft
CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) ...)
	NOT-FOR-US: WF-Links (wflinks) module for XOOPS
CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 ...)
	NOT-FOR-US: Jobs module for XOOPS
CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) ...)
	NOT-FOR-US: Wserve HTTP Server (whttp)
CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted ...)
	NOT-FOR-US: Corel
CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements ...)
	NOT-FOR-US: Adobe
CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...)
	NOT-FOR-US: burnCMS
CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted ...)
	NOT-FOR-US: IrfanView
CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...)
	{DTSA-36-1}
	- mydns 1:1.1.0-8
CVE-2007-2361 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, and ...)
	NOT-FOR-US: Symantec
CVE-2007-2360 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, and ...)
	NOT-FOR-US: Symantec
CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton ...)
	NOT-FOR-US: Symantec
CVE-2007-2358 (** DISPUTED ** ...)
	- b2evolution <not-affected> (Debian's version does not contain the affected variables)
CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in ...)
	NOT-FOR-US: SineCms
CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in ...)
	{DSA-1301-1}
	- gimp 2.2.14-2
CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive ...)
	- axis <unfixed> (unimportant)
	NOTE: only path disclosure
CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) ...)
	NOT-FOR-US: HP Power Manager Remote Agent
CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows ...)
	NOT-FOR-US: freePBX
CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell ...)
	- lftp <unfixed> (unimportant)
	NOTE: Non-issue, also already documented as potentially risky
CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in ...)
	NOT-FOR-US: OneClick CMS
CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...)
	NOT-FOR-US: PHP-Generics
CVE-2007-2345 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBrowse
CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight ...)
	NOT-FOR-US: Enterasys
CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys ...)
	NOT-FOR-US: Enterasys
CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts CreaDirectory ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in ...)
	NOT-FOR-US: phpBandManager
CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: phporacleview
CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow ...)
	NOT-FOR-US: Phorum
CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Phorum
CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader ...)
	NOT-FOR-US: Lunascape
CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...)
	NOT-FOR-US: Shop-Script
CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in ...)
	NOT-FOR-US: DynaTracker
CVE-2007-2329 (PHP remote file inclusion vulnerability in searchbot.php in ...)
	NOT-FOR-US: Searchactivity
CVE-2007-2328 (PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b ...)
	NOT-FOR-US: phpMYTGP
CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox ...)
	NOT-FOR-US: HTMLeditbox
CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...)
	TODO: check smarty, moodle, gallery2
CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) ...)
	NOT-FOR-US: MyNewsGroups
CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows ...)
	NOT-FOR-US: JulmaCMS
CVE-2007-2323 (Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo ...)
	NOT-FOR-US: InterVideo
CVE-2007-2322 (NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows ...)
	NOT-FOR-US: Nero
CVE-2007-2321 (Unspecified vulnerability in the search functionality in SilverStripe ...)
	NOT-FOR-US: SilverStripe
CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier ...)
	NOT-FOR-US: Papoo
CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and ...)
	NOT-FOR-US: AutoStand
CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 ...)
	- filezilla <unfixed> (bug #421776)
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
	NOT-FOR-US: MiniBB
CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business ...)
	NOT-FOR-US: Open Business Management
CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to ...)
	NOT-FOR-US: MiniShare
CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the ...)
	NOT-FOR-US: Shotcast module for mxBB
CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2311 (** DISPUTED ** ...)
	NOT-FOR-US: BlooFoxCMS
CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...)
	NOT-FOR-US: BloofoxCMS
CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...)
	NOT-FOR-US: FloweRS
CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...)
	NOT-FOR-US: FloweRS
CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in ...)
	NOT-FOR-US: WebKalk2
CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick ...)
	NOT-FOR-US: QDBlog
CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ...)
	NOT-FOR-US: QDBlog
CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News ...)
	NOT-FOR-US: NMDeluxe
CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 ...)
	NOT-FOR-US: Expow
CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash ...)
	NOT-FOR-US: audioCMS
CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto ...)
	NOT-FOR-US: phpwebnews
CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier ...)
	NOT-FOR-US: CMS Frogss
CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 ...)
	NOT-FOR-US: Garennes
CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...)
	- asterisk 1:1.4.3~dfsg-1 (high; bug #420864)
CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...)
	- asterisk 1:1.4.3~dfsg-1 (low)
CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in ...)
	- asterisk 1:1.4.3~dfsg-1 (high)
	[sarge] - asterisk <not-affected> (vulnerable code not present)
	[etch] - asterisk <not-affected> (vulnerable code not present)
	NOTE: only in 1.4.x
CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...)
	- iceweasel (low)
	- firefox <removed> (low)
	- mozilla <removed> (low)
CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and ...)
	NOT-FOR-US: B2 Weblog
	NOTE: Debian's b2evolution does not contain the string "b2inc",
	NOTE: and does not seem to suffer from this vulnerability.
CVE-2007-2289 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net ...)
	NOT-FOR-US: doruk100net
CVE-2007-2287 (PHP remote file inclusion vulnerability in accept.php in comus 2.0 ...)
	NOT-FOR-US: comus
CVE-2007-2286 (PHP remote file inclusion vulnerability in config.php in Built2Go PHP ...)
	NOT-FOR-US: Built2Go
CVE-2007-2285 (Directory traversal vulnerability in examples/layout/feed-proxy.php in ...)
	NOT-FOR-US: Jack Slocum Ext
CVE-2007-2284 (Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote ...)
	NOT-FOR-US: ABC-View Manager
CVE-2007-2283 (Buffer overflow in Fresh View 7.15 allows user-assisted remote ...)
	NOT-FOR-US: Fresh View
CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before ...)
	NOT-FOR-US: Cisco
CVE-2007-2281
	RESERVED
CVE-2007-2280
	RESERVED
CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage ...)
	NOT-FOR-US: Symantec
CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to ...)
	NOT-FOR-US: Plogger
CVE-2007-2276 (** DISPUTED ** ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View Advanced ...)
	NOT-FOR-US: HP StorageWorks
CVE-2007-2274 (The BitTorrent implementation in Opera 9.2 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2007-2273 (PHP remote file inclusion vulnerability in include/loading.php in ...)
	NOT-FOR-US: wavewoo
CVE-2007-2272 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2007-2271 (Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS ...)
	NOT-FOR-US: TotaRam
CVE-2007-2270 (The Linksys SPA941 VoIP Phone allows remote attackers to cause a ...)
	NOT-FOR-US: Linksys
CVE-2007-2269 (Directory traversal vulnerability in top.php3 in SWsoft Plesk for ...)
	NOT-FOR-US: Plesk
CVE-2007-2268 (Multiple directory traversal vulnerabilities in SWsoft Plesk for ...)
	NOT-FOR-US: Plesk
CVE-2007-2267 (Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 ...)
	NOT-FOR-US: Sun Cluster
CVE-2007-2266 (Progress Webspeed Messenger allows remote attackers to read, create, ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows ...)
	NOT-FOR-US: YA Book
CVE-2007-2264
	RESERVED
CVE-2007-2263
	RESERVED
CVE-2007-2262 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: jmuffin
CVE-2007-2261 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: C-Arbre
CVE-2007-2260 (Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta ...)
	NOT-FOR-US: bibtex mase
CVE-2007-2259 (SQL injection vulnerability in forum.php in EsForum 3.0 allows remote ...)
	NOT-FOR-US: EsForum
CVE-2007-2258 (PHP remote file inclusion vulnerability in includes/init.inc.php in ...)
	NOT-FOR-US: PHPMyBibli
CVE-2007-2257 (PHP remote file inclusion vulnerability in subscp.php in Fully Modded ...)
	NOT-FOR-US: Fully Modded phpBB2
CVE-2007-2256 (Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 ...)
	NOT-FOR-US: TJSChat
CVE-2007-2255 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2254 (PHP remote file inclusion vulnerability in admin/setup/level2.php in ...)
	NOT-FOR-US: PHP Classifieds
CVE-2007-2253 (Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2252 (Directory traversal vulnerability in iconspopup.php in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2251 (Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and ...)
	NOT-FOR-US: Xaraya
CVE-2007-2250 (admin.php in Phorum before 5.1.22 allows remote attackers to obtain ...)
	NOT-FOR-US: Phorum
CVE-2007-2249 (include/controlcenter/users.php in Phorum before 5.1.22 allows remote ...)
	NOT-FOR-US: Phorum
CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
	NOT-FOR-US: Phorum
CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace ...)
	NOT-FOR-US: phpMySpace
CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running ...)
	NOT-FOR-US: HP-UX
CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:2.10.1-1 (low)
	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4
CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3 allow ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...)
	- openssh <unfixed> (low)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...)
	- linux-2.6 <unfixed> (low; bug #421595)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD)
	NOTE: This should be off by default, tweakable by a simple knob.
	NOTE: (FreeBSD has it turned on for hosts, too.)
CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 ...)
	- bind9 1:9.4.1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
	[sarge] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
CVE-2007-2240
	RESERVED
CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera ...)
	NOT-FOR-US: AXIS Camera Control
CVE-2007-2238
	RESERVED
CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers to ...)
	NOT-FOR-US: PunBB
CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 ...)
	NOT-FOR-US: PunBB
CVE-2007-2234 (include/common.php in PunBB 1.2.14 and earlier does not properly ...)
	NOT-FOR-US: PunBB
CVE-2007-2233 (cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote ...)
	NOT-FOR-US: CoSign
CVE-2007-2232 (The CHECK command in Cosign 2.0.1 and earlier allows remote attackers ...)
	NOT-FOR-US: CoSign
CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in ...)
	- dovecot 1.0.rc29-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows remote ...)
	NOT-FOR-US: CA Clever Path
CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for ...)
	NOT-FOR-US: Microsoft
CVE-2007-2228
	RESERVED
CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2226
	RESERVED
CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2224
	RESERVED
CVE-2007-2223
	RESERVED
CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and ...)
	NOT-FOR-US: Microsoft
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2220
	RESERVED
CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security Package for ...)
	NOT-FOR-US: Microsoft
CVE-2007-2217
	RESERVED
CVE-2007-2216
	RESERVED
CVE-2007-2215
	RESERVED
CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in ...)
	NOT-FOR-US: DmCMS
CVE-2007-2213 (Unspecified vulnerability in the Initialize function in ...)
	NOT-FOR-US: WS_FTP
CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2211 (SQL injection vulnerability in calendar.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2210 (A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar ...)
	NOT-FOR-US: Netsprint
CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ...)
	NOT-FOR-US: AccuSoft
CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 ...)
	NOT-FOR-US: Extreme PHPBB2
CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2206 (Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2205 (PHP remote file inclusion vulnerability in modules/rtmessageadd.php in ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2204 (Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board ...)
	NOT-FOR-US: GPL PHP Board
CVE-2007-2203 (Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows ...)
	NOT-FOR-US: Big Blue Guestbook
CVE-2007-2202 (PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php ...)
	NOT-FOR-US: Accueil et Conseil en Visites et Sejours Web Services
CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolution ...)
	NOT-FOR-US: Post Revolution
CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in ...)
	NOT-FOR-US: Pagode
CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka ...)
	NOT-FOR-US: Joomla
CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through ...)
	NOT-FOR-US: NeatUpload
CVE-2007-2196 (** DISPUTED ** ...)
	NOT-FOR-US: Jambook module for Mambo and Joomla
CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...)
	NOT-FOR-US: Alvaro's Messenger
CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted ...)
	NOT-FOR-US: XnView
CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...)
	NOT-FOR-US: ACDSee
CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted ...)
	NOT-FOR-US: Photofiltre
CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x ...)
	NOT-FOR-US: freePBX
CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php ...)
	NOT-FOR-US: Eba News
CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka ...)
	NOT-FOR-US: eXtremail
CVE-2007-2187 (Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows ...)
	NOT-FOR-US: eXtremail
CVE-2007-2186 (Foxit Reader 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Foxit Reader
CVE-2007-2185 (Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b ...)
	NOT-FOR-US: Supasite
CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...)
	NOT-FOR-US: jchit
CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System ...)
	NOT-FOR-US: PHP-Ring Webring System
CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...)
	NOT-FOR-US: Maran PHP Forum
CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...)
	NOT-FOR-US: WEBInsta
CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in ...)
	NOT-FOR-US: RaidenFTPD
CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity ...)
	NOT-FOR-US: Sharity
CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...)
	NOT-FOR-US: Microgaming Download Helper
CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers ...)
	NOT-FOR-US: Related to Apple QuickTime as well, no information about Mozilla being affected is available
CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal ...)
	NOT-FOR-US: ZoneAlarm
CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) ...)
	NOT-FOR-US: Gentoo's packaging of courier
CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 causes RTA_MAX to be used ...)
	- linux-2.6 <unfixed> (medium)
CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem ...)
	NOT-FOR-US: Mozzers SubSystem
CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...)
	NOT-FOR-US: AimStats
CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 ...)
	NOT-FOR-US: AimStats
CVE-2007-2166 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OpenSurveyPilot
CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous ...)
	- proftpd 1.3.0-22 (low)
CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 ...)
	NOT-FOR-US: jGallery
CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in ...)
	NOT-FOR-US: Zomplog
CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic ...)
	NOT-FOR-US: Rezervi Generic
CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2007-2154 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Cabron Connector
CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 ...)
	NOT-FOR-US: @Mail
CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2007-2151 (The administration server in McAfee e-Business Server before 8.1.1 and ...)
	NOT-FOR-US: McAfee
CVE-2007-2150 (BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b ...)
	NOT-FOR-US: BlueArc
CVE-2007-2149 (Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores ...)
	NOT-FOR-US: Chatness
CVE-2007-2148 (Direct static code injection vulnerability in admin/save.php in ...)
	NOT-FOR-US: Chatness
CVE-2007-2147 (admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and ...)
	NOT-FOR-US: Chatness
CVE-2007-2146 (The imagecomments function in classes.php in MiniGal b13 allow remote ...)
	NOT-FOR-US: MiniGal
CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...)
	NOT-FOR-US: MiniGal
CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php ...)
	NOT-FOR-US: JoomlaPack
CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 ...)
	NOT-FOR-US: Be2004-2 template for Joomla
CVE-2007-2142 (Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php ...)
	NOT-FOR-US: AjPortal2Php
CVE-2007-2141 (Direct static code injection vulnerability in shoutbox.php in ShoutPro ...)
	NOT-FOR-US: ShoutPro
CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin ...)
	NOT-FOR-US: Flip-search-add-on
CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...)
	NOT-FOR-US: Tivoli
CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol ...)
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote ...)
	NOT-FOR-US: Oracle
CVE-2007-2134 (Unspecified vulnerability in the HTML Server in Oracle JD Edwards ...)
	NOT-FOR-US: Oracle
CVE-2007-2133 (Unspecified vulnerability in the PeopleSoft Enterprise Human Capital ...)
	NOT-FOR-US: Oracle
CVE-2007-2132 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2131 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2007-2130 (Unspecified vulnerability in Workflow Cartridge, as used in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2129 (Unspecified vulnerability in the Agent component in Oracle Enterprise ...)
	NOT-FOR-US: Oracle
CVE-2007-2128 (Unspecified vulnerability in the Sales Online component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2127 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 ...)
	NOT-FOR-US: Oracle
CVE-2007-2126 (Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has ...)
	NOT-FOR-US: Oracle
CVE-2007-2125 (Unspecified vulnerability in Collaborative Workspace in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2124 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2123 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2122 (Unspecified vulnerability in the Wireless component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2121 (Unspecified vulnerability in the COREid Access component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2120 (The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-2119 (Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the ...)
	NOT-FOR-US: Oracle
CVE-2007-2118 (Unspecified vulnerability in the Upgrade/Downgrade component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2117 (Unspecified vulnerability in the Oracle Text component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2116 (Unspecified vulnerability in the Advanced Replication component in ...)
	NOT-FOR-US: Oracle
CVE-2007-2115 (Unspecified vulnerability in the Change Data Capture (CDC) component ...)
	NOT-FOR-US: Oracle
CVE-2007-2114 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2007-2113 (SQL injection vulnerability in the Upgrade/Downgrade component ...)
	NOT-FOR-US: Oracle
CVE-2007-2112 (Unspecified vulnerability in the Authentication component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2111 (SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in ...)
	NOT-FOR-US: Oracle
CVE-2007-2110 (Unspecified vulnerability in the Core RDBMS component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...)
	NOT-FOR-US: Oracle
CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
	- mixmaster 3.0b2-5 (low; bug #418662)
	[etch] - mixmaster 3.0b2-4.etch1
	[sarge] - mixmaster <not-affected> (Code generation in Sarge pads over this)
CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names]
	- git-core 1.5.1.2-1 (low)
	NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...)
	{DSA-1311-1 DSA-1309-1}
	- postgresql-8.2 8.2.4-1
	- postgresql-8.1 8.1.9-1
	- postgresql-7.4 1:7.4.17-1
CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content ...)
	NOT-FOR-US: Kai Content Management System
CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS ...)
	NOT-FOR-US: Monkey CMS
CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow ...)
	NOT-FOR-US: iXon CMS
CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum ...)
	NOT-FOR-US: my little forum
CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
	NOT-FOR-US: my little weblog
CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in ...)
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2007-2097 (** DISPUTED ** ...)
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: PHPHD Download System
CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 ...)
	NOT-FOR-US: MySpeach
CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia ...)
	NOT-FOR-US: Anthologia
CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2091 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: tsdisplay4xoops
CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika ...)
	NOT-FOR-US: TuMusika Evolution
CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx ...)
	NOT-FOR-US: Jx Development Article component for Mambo and Joomla
CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 ...)
	- sitebar 3.3.8-7 (unimportant)
	NOTE: this was register globals only and is fixed in Debian anyway
CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, ...)
	NOT-FOR-US: CNStats
CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 ...)
	NOT-FOR-US: CNStats
CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...)
	NOT-FOR-US: oe2edit CMS
CVE-2007-2084 (** DISPUTED ** ...)
	NOT-FOR-US: MobilePublisherphp
CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in ...)
	NOT-FOR-US: MyBlog
CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: MyBlog
CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows ...)
	NOT-FOR-US: XAMPP
CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...)
	NOT-FOR-US: XAMPP
CVE-2007-2078 (** DISPUTED ** ...)
	NOT-FOR-US: Maian Weblog
CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search ...)
	NOT-FOR-US: Maian Search
CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery ...)
	NOT-FOR-US: Maian Gallery
CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery ...)
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2072 (** DISPUTED ** ...)
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto ...)
	NOT-FOR-US: Open-gorotto
CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
	NOT-FOR-US: openMairie
CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront ...)
	NOT-FOR-US: StoreFront extension for Gallery
CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio ...)
	NOT-FOR-US: WebSlider
CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: UseBB
CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure ...)
	NOT-FOR-US: IBM zOS
CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows ...)
	NOT-FOR-US: VCDGear
CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in ...)
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...)
	NOT-FOR-US: Wizz RSS Reader
CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in ...)
	NOT-FOR-US: eIQnetworks Enterprise Security Analyzer
CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows ...)
	NOT-FOR-US: Acubix PicoZip
CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows ...)
	{DSA-1280-1 DTSA-35-1}
	- aircrack-ng 1:0.7-3 (medium)
	NOTE: http://trac.aircrack-ng.org/changeset/288
CVE-2007-2056
	REJECTED
CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
	- python2.4 2.4.4-3 (bug #416931; low)
	- python2.5 <unfixed> (bug #416934; low)
	- python2.3 <unfixed> (low)
CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has ...)
	NOT-FOR-US: bftpd
CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in ...)
	NOT-FOR-US: RicarGBooK
CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar ...)
	NOT-FOR-US: Calendar Module for Mambo
CVE-2007-2048 (Directory traversal vulnerability in /console in the Management ...)
	NOT-FOR-US: webMethods Glue
CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 ...)
	NOT-FOR-US: Openads
CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads ...)
	NOT-FOR-US: Openads
CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the ...)
	NOT-FOR-US: Weather module for Mambo and Joomla
CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ...)
	NOT-FOR-US: Cisco
CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points ...)
	NOT-FOR-US: Cisco
CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x ...)
	NOT-FOR-US: Cisco
CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco
CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive ...)
	NOT-FOR-US: Cisco
CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
	NOT-FOR-US: Cisco
CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
	NOT-FOR-US: Cisco
CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded ...)
	NOT-FOR-US: Cisco
CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, ...)
	NOT-FOR-US: 3proxy
CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might ...)
	- lha <unfixed> (low)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (low; bug #418849)
	NOTE: closed report: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459
	NOTE: Commit r3021 looks as if it's just a null pointer dereference.
CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...)
	- freeradius <unfixed> (low)
	[sarge] - freeradius <no-dsa> (Minor issue)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string ...)
	- elinks 0.11.1-1.4 (bug #417789; low)
	[sarge] - elinks <no-dsa> (Hardly exploitable)
	[etch] - elinks <no-dsa> (Hardly exploitable)
	NOTE: Unrealistic attack vector, no evidence code injection is possible
CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...)
	- file 4.20-6 (low)
	[etch] - file <no-dsa> (Hardly any security impact)
	[sarge] - file <not-affected> (version too old)
CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature ...)
	- phpwiki <unfixed> (unknown)
CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature ...)
	- phpwiki <unfixed> (unknown)
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...)
	NOT-FOR-US: Secustick USB flash drive
CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before ...)
	- flashplayer-mozilla <unfixed> (unknown)
	[sarge] - flashplayer-mozilla <no-dsa> (Non-free not supported)
	[etch] - flashplayer-mozilla <no-dsa> (Non-free not supported)
	NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in a few months
	NOTE: Some browser vendors produce updates, which fix this issue on the browser side,
	NOTE: but that it not of concern for Debian
CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2007-2020 (** DISPUTED ** ...)
	NOT-FOR-US: xodagallery
CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in ...)
	NOT-FOR-US: phpGalleryScript
CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in ...)
	- phpmyadmin 4:2.6.2-3 (unimportant)
CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It ...)
	NOT-FOR-US: Request It
CVE-2007-2014 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNews
CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme ...)
	NOT-FOR-US: Passworschutz
CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX ...)
	NOT-FOR-US: CompreXX
CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...)
	NOT-FOR-US: DeskPro
CVE-2007-2010 (Double-free vulnerability in bftpd before 1.8 allows remote ...)
	NOT-FOR-US: bftpd
CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...)
	NOT-FOR-US: SimpCMS Light
CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper ...)
	NOT-FOR-US: Taskhopper component for Mambo and Joomla
CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2001 (Multiple direct static code injection vulnerabilities in ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...)
	NOT-FOR-US: Crea-Book
CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages ...)
	NOT-FOR-US: Weatimages
CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) ...)
	NOT-FOR-US: HIOX Guest Book
CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...)
	NOT-FOR-US: CodeBreak
CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...)
	{DSA-1293-1}
	- quagga 0.99.6-5 (low; bug #418323)
	NOTE: The attributes are non-transitive, which means that they
	NOTE: are not propagated via BGP and therefore must originate
	NOTE: from a peer (which is explicitly configured).
CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX ARPA transport
CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File ...)
	NOT-FOR-US: HP-UX Portable File System
CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...)
	NOT-FOR-US: com_zoom
CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
	NOT-FOR-US: MyBlog
CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...)
	NOT-FOR-US: DotClear
CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1987 (** DISPUTED ** ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser ...)
	NOT-FOR-US: AROUNDMe
CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: phpexplorator
CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...)
	NOT-FOR-US: lite-cms
CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php ...)
	NOT-FOR-US: Cyboards PHP Lite
CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on ...)
	NOT-FOR-US: Metamod-P
CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module ...)
	NOT-FOR-US: Topliste module for PHP-Fusion
CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ...)
	NOT-FOR-US: PopnupBlog module for Xoops
CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...)
	NOT-FOR-US: Arcade module for PHP-Fusion
CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS ...)
	NOT-FOR-US: holaCMS
CVE-2007-1976 (** DISPUTED ** ...)
	NOT-FOR-US: Virii Info module for Xoops
CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 ...)
	NOT-FOR-US: SLAED CMS
CVE-2007-1974 (SQL injection vulnerability in the getArticle function in ...)
	NOT-FOR-US: Xoops modules
CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1972 (** DISPUTED ** ...)
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2007-XXXX [mydms SQL injection]
	- mydms 1.4.4+1-5
CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
	NOT-FOR-US: fotokategori.asp
CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
	- iceweasel <unfixed> (low)
CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...)
	NOT-FOR-US: MyBlog
CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
	NOT-FOR-US: MyBlog
CVE-2007-1967 (** DISPUTED ** ...)
	NOT-FOR-US: stat12
CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1963 (SQL injection vulnerability in the create_session function in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and ...)
	NOT-FOR-US: WF-Snippets module for Xoops
CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...)
	NOT-FOR-US: Mutant portal for phpBB
CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in ...)
	- tinymux <unfixed> (unimportant)
CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a ...)
	- tinymux <unfixed>
CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...)
	NOT-FOR-US: Portail Web Php
CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX ...)
	NOT-FOR-US: SKCrypAX ActiveX control
CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 ...)
	NOT-FOR-US: ArchiveXpert
CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...)
	NOT-FOR-US: onelook courts on-line
CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote ...)
	NOT-FOR-US: onelook onebyone CMS
CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote ...)
	NOT-FOR-US: onelook obo Shop
CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers ...)
	NOT-FOR-US: IrfanView
CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...)
	NOT-FOR-US: WIndows Explorer
CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent ...)
	NOT-FOR-US: ACDSee Photo Manager
CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
	NOT-FOR-US: Domino Web Access
CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in ...)
	NOT-FOR-US: LanguageTool
CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows ...)
	NOT-FOR-US: Ichitaro
CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book ...)
	NOT-FOR-US: Scorp Book
CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 ...)
	NOT-FOR-US: eBoard module for PHP-Nuke
CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook ...)
	NOT-FOR-US: PcP-Guestbook
CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews ...)
	NOT-FOR-US: ScarNews
CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in ...)
	NOT-FOR-US: SmodCMS
CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, ...)
	NOT-FOR-US: cattaDoc
CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and ...)
	NOT-FOR-US: Beryo
CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...)
	NOT-FOR-US: witshare
CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin ...)
	NOT-FOR-US: JBMC Software DirectAdmin
CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2007-1924 (** DISPUTED ** ...)
	NOT-FOR-US: phpContact
CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in ...)
	NOT-FOR-US: Winamp
CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...)
	NOT-FOR-US: Winamp
CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in ...)
	NOT-FOR-US: aktualnosci module in SmodBIP
CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...)
	NOT-FOR-US: Arizona Dream Livre d'or
CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant ...)
	NOT-FOR-US: PHP121 Instant Messenger
CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content ...)
	NOT-FOR-US: Pathos CMS
CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...)
	NOT-FOR-US: eCardMAX HotEditor
CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple ...)
	NOT-FOR-US: QuizShock
CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-1903 (Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 ...)
	NOT-FOR-US: SonicBB
CVE-2007-1902 (Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote ...)
	NOT-FOR-US: SonicBB
CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SonicBB
CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
CVE-2007-1899
	RESERVED
CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager ...)
	NOT-FOR-US: Akamai
CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function ...)
	NOT-FOR-US: Akamai
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...)
	- sqlite <unfixed> (medium)
	NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself.
	NOTE: SQLite 3 no longer contains the affected function.
CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled ...)
	{DSA-1283-1 DTSA-39-1}
	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
	- php5 5.2.0-11 (medium)
	NOTE: php5 is vulnerable due to improper use of the system sqlite libs
CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
	NOTE: Duplicate of CVE-2007-1885
CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...)
	NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...)
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control ...)
	NOT-FOR-US: KL.SysInfo ActiveX control
CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of ...)
	NOT-FOR-US: VMware
CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest ...)
	NOT-FOR-US: VMware
CVE-2007-1875
	RESERVED
CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows ...)
	NOT-FOR-US: mephisto
CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows ...)
	NOT-FOR-US: toendaCMS
CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows ...)
	NOT-FOR-US: chcounter
CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ...)
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (low; bug #422254)
CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial ...)
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (medium; bug #422254)
CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute ...)
	NOT-FOR-US: IrfanView
CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...)
	NOT-FOR-US: dproxy-nexgen
CVE-2007-1865
	RESERVED
CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...)
	- php4 <unfixed>
	- php5 5.2.2-1
CVE-2007-1863
	RESERVED
CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
	- apache2 <not-affected> (Only Apache 2.2.4 was affected)
	TODO: Check, that no 2.2.4 version is uploaded w/o a fix and remove me once 2.2.5 is in the archive
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
	{DSA-1289-1}
	- linux-2.6 2.6.21-1
CVE-2007-1860 (mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 ...)
	{DSA-1312-1}
	- libapache-mod-jk 1:1.2.23-1 (bug #425836)
CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for ...)
	- xscreensaver <unfixed> (low)
CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through ...)
	NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
	[sarge] - tomcat4 <no-dsa> (low)
	[etch] - tomcat5 <no-dsa> (low; bug #423435)
	- tomcat5 <unfixed> (low; bug #423435)
	- tomcat5.5 5.5.17-1 (low)
	- tomcat4 <removed> (low)
CVE-2007-1857
	RESERVED
CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure ...)
	- cron <not-affected> (Debian uses proper permission scheme)
CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Shop-Script
CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container ...)
	NOT-FOR-US: Hitachi Cosminexus Component Container
CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, ...)
	NOT-FOR-US: Hitachi DeviceManager
CVE-2007-1852 (** DISPUTED ** ...)
	NOT-FOR-US: 2BGal
CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module ...)
	NOT-FOR-US: Repository module for Xoops
CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and ...)
	NOT-FOR-US: MyAds
CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...)
	NOT-FOR-US: Expanded Calendar module for PHP-Fusion
CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in ...)
	NOT-FOR-US: MapLab
CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before ...)
	NOT-FOR-US: JSBoard
CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...)
	{DSA-1299-1}
	- ipsec-tools 1:0.6.6-3.2 (medium; bug #423252)
	[sarge] - ipsec-tools <not-affected> (the older stream of development used in the sarge package is not vulnerable - a code change that went into that branch coincidentally fixed it and this change was already there in sarge)
CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
	- initramfs-tools 0.85g (low; bug #417995)
CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)
	{DSA-1287-1}
	- ldap-account-manager 1.1.1-2 (medium; bug #415379)
CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...)
	NOT-FOR-US: CodeBB
CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ...)
	NOT-FOR-US: Friendfinder module for Xoops
CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS ...)
	NOT-FOR-US: MangoBery CMS
CVE-2007-1836 (The command line administration interface in Data Domain OS before ...)
	NOT-FOR-US: Data Domain OS
CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...)
	NOT-FOR-US: WebAPP
CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have ...)
	NOT-FOR-US: WebAPP
CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org ...)
	NOT-FOR-US: WebAPP
CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...)
	NOT-FOR-US: T-Mobile
CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to ...)
	NOT-FOR-US: Sprint Nextel
CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a ...)
	NOT-FOR-US: Nortel Networks
CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control ...)
	NOT-FOR-US: ActiveX control in TestDirector
CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php ...)
	NOT-FOR-US: Forum picture and META tags module for phpBB
CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews ...)
	NOT-FOR-US: Lykos Reviews module for Xoops
CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...)
	NOT-FOR-US: Tutorials module for Xoops
CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for ...)
	NOT-FOR-US: Library module for Xoops
CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for ...)
	NOT-FOR-US: Core module for Xoops
CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and ...)
	NOT-FOR-US: eCal module for Xoops
CVE-2007-1812 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BT-Sondage
CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
	NOT-FOR-US: Tiny Event module for Xoops
CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 ...)
	NOT-FOR-US: Kshop module for Xoops
CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and ...)
	NOT-FOR-US: Camportail module for Xoops
CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the ...)
	NOT-FOR-US: myAlbum-P module for Xoops
CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery ...)
	NOT-FOR-US: RM+Soft Gallery module for Xoops
CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...)
	NOT-FOR-US: debaser module for Xoops
CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...)
	- pulseaudio 0.9.6-1 (medium)
CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...)
	NOT-FOR-US: sBLOG
CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust ...)
	NOT-FOR-US: Cisco
CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
	- ktorrent <unfixed> (medium)
CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...)
	- imagemagick <unfixed> (medium)
CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 ...)
	NOT-FOR-US: URLshrink
CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: URLshrink
CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...)
	NOTE: Duplicate of CVE-2006-3805
CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1792
	RESERVED
CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ...)
	NOT-FOR-US: Picture-Engine
CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction ...)
	NOT-FOR-US: Kaqoo Auction Software
CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...)
	- flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway)
CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or &quot;set to a low ...)
	- flyspray 0.9.8-10 (medium)
	[sarge] - flyspray <not-affected> (Vulnerable code not present)
CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Time-Assistant
CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 ...)
	NOT-FOR-US: CA BrightStor ARCserve Backup
CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus ...)
	NOT-FOR-US: JNILoader ActiveX control
CVE-2007-1783
	RESERVED
CVE-2007-XXXX [low-entropy default passphrase in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414480)
CVE-2007-XXXX [file permission race conidition in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414482)
CVE-2007-XXXX [too lenient UTF-8 decoder in kjs/function.cpp]
	- kdelibs 4:3.5.5a.dfsg.1-8
CVE-2007-XXXX [double-free vulnerability in the Real Media demuxer]
	- ffmpeg 0.cvs20060823-8 (low; bug #379922)
CVE-2007-XXXX [various crashes and infinite loops in ffmpeg]
	- ffmpeg 0.cvs20060823-8 (low; bug #407003)
CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access ...)
	NOT-FOR-US: CruiseWorks
CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to ...)
	NOT-FOR-US: Minna De Office
CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...)
	NOT-FOR-US: Overlay Weaver
CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in ...)
	NOT-FOR-US: Advanced Website Creator
CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the ...)
	NOT-FOR-US: Eve-Nuke
CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (medium)
CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com ...)
	NOT-FOR-US: D4J eZine
CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 ...)
	NOT-FOR-US: JBrowser
CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers ...)
	NOT-FOR-US: HP JetDirect
CVE-2007-1771 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Ay System Solutions Web Content System
CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental ...)
	NOT-FOR-US: ArcSDE
CVE-2007-1769
	REJECTED
	NOT-FOR-US: Mephisto
CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Mephisto
CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in ...)
	NOT-FOR-US: AOL
CVE-2007-1766 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Advanced Login
CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...)
	NOT-FOR-US: Microsoft
CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs ...)
	- iceweasel <unfixed> (low)
CVE-2007-1761
	RESERVED
CVE-2007-1760
	RESERVED
CVE-2007-1759
	RESERVED
CVE-2007-1758
	RESERVED
CVE-2007-1757
	RESERVED
CVE-2007-1756
	RESERVED
CVE-2007-1755
	RESERVED
CVE-2007-1754
	RESERVED
CVE-2007-1753
	RESERVED
CVE-2007-1752
	REJECTED
	NOT-FOR-US: Microsoft
CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-1749
	RESERVED
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1746
	RESERVED
CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for ...)
	NOT-FOR-US: VMware
CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)
	- apache2 <unfixed> (unimportant)
CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison ...)
	- apache2 <unfixed> (unimportant)
CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...)
	- apache2 <unfixed> (unimportant)
CVE-2007-1740
	REJECTED
CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...)
	NOT-FOR-US: TrueCrypt
CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe ...)
	NOT-FOR-US: Opera
CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...)
	- iceweasel <unfixed> (low)
CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...)
	NOT-FOR-US: Corel WordPerfect
CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
	- linux-2.6 2.6.20-1 (medium; bug #420875)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-1732 (** DISPUTED ** ...)
	- wordpress 2.1.3-1
CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous ...)
	NOT-FOR-US: hpaftpd
CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...)
	- linux-2.6 <unfixed> (medium)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 ...)
	NOT-FOR-US: Flexbb
CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and ...)
	NOT-FOR-US: Sony Playstation 3
CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 ...)
	NOT-FOR-US: IceBB
CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows ...)
	NOT-FOR-US: IceBB
CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and ...)
	NOT-FOR-US: ReactOS
CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: IronMail
CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea ...)
	NOT-FOR-US: SKCommAX ActiveX control
CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 ...)
	NOT-FOR-US: C-Arbre
CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the ...)
	NOT-FOR-US: Addressbook 1.2 module for PHP-Nuke
CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...)
	NOT-FOR-US: mcweject
CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 <unfixed> (medium)
	[sarge] - php4 <not-affected> (Vulnerable code not present)
	- php5 5.2.0-11 (medium)
CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: This is a regular bug, not a security problem
CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...)
	NOT-FOR-US: pam_console
CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
	NOT-FOR-US: Free Image Hosting
CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...)
	NOT-FOR-US: CcCounter
CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...)
	NOT-FOR-US: BASP21
CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Auction Pro
CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...)
	{DSA-1283-1 DSA-1282-1}
	- php4 <unfixed> (unimportant)
	- php5 5.2.0-9 (unimportant)
	NOTE: register_globals not supported
CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...)
	NOT-FOR-US: PECL phpDOC
CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS ...)
	NOT-FOR-US: ttCMS
CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side ...)
	NOT-FOR-US: Net-Side.net CMS
CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows ...)
	NOT-FOR-US: eWebQuiz
CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows ...)
	NOT-FOR-US: Active Trade
CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager ...)
	NOT-FOR-US: Joomla module Car Manager
CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards) ...)
	NOT-FOR-US: Joomla module RWCards
CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the ...)
	NOT-FOR-US: Flatmenu
CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...)
	- php5 5.2.0-9 (unimportant)
	- php4 6:4.4.4-9 (unimportant)
	NOTE: register_globals not supported
	NOTE: Dupe of CVE-2007-0910
CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-9
	- php4 6:4.4.4-9
	[etch] - php5 5.2.0-8+etch1
	[etch] - php4 6:4.4.4-8+etch1
	NOTE: This was fixed as a side-effect of previous security fixes, noting the
	NOTE: status as of DSA-1286 as fixed version
CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu ...)
	NOT-FOR-US: Mambo module SWmenu
CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: Philex
CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex ...)
	NOT-FOR-US: Philex
CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...)
	NOT-FOR-US: Active Newsletter
CVE-2007-1695 (** DISPUTED ** ...)
	- phpbb2 <not-affected> (requires register_globals to exploit)
	NOTE: Vulnerability is disputed, but is a non-issue anyway.
CVE-2007-1694
	RESERVED
CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before ...)
	- yate 1.2.0-1.dfsg-1 (medium; bug #421994)
CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...)
	NOT-FOR-US: Microsoft
CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL ...)
	NOT-FOR-US: Norton
CVE-2007-1688
	RESERVED
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX ...)
	NOT-FOR-US: iPIX Image Well ActiveX control
CVE-2007-1686
	RESERVED
CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, ...)
	NOT-FOR-US: BlueCoat
CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in ...)
	NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the ...)
	NOT-FOR-US: IncrediMail
CVE-2007-1682
	RESERVED
CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)
	NOT-FOR-US: AudioConf ActiveX control
CVE-2007-1679 (** DISPUTED ** ...)
	NOTE: Allegedly a duplicate of CVE-2006-4255.
	NOTE: The other issue needs a CSRF attack to exploit.
CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...)
	NOT-FOR-US: Fizzle 0.5 extension for Firefox
CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the ...)
	NOT-FOR-US: NetBSD
CVE-2007-1676
	RESERVED
CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service (infinite ...)
	[sarge] - zoo <no-dsa> (Minor issue)
	[etch] - zoo <no-dsa> (Minor issue)
	- zoo 2.10-19 (bug #424686)
	- unzoo <unfixed> (bug #424690)
	[sarge] - unzoo <no-dsa> (Minor issue)
	[etch] - unzoo <no-dsa> (Minor issue)
CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...)
	NOT-FOR-US: avast
CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...)
	NOT-FOR-US: Avira
CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ...)
	NOT-FOR-US: Panda
CVE-2007-1669 (Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, ...)
	NOT-FOR-US: Barracuda
CVE-2007-1668
	RESERVED
CVE-2007-1666 (The processor_request function in the debugger server for DataRescue ...)
	NOT-FOR-US: IDA Pro
CVE-2007-1665 (Memory leak in the token OCR functionality in ekg before ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1664 (ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1663 (Memory leak in the image message functionality in ekg before ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1662
	RESERVED
CVE-2007-1661
	RESERVED
CVE-2007-1660
	RESERVED
CVE-2007-1659
	RESERVED
CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...)
	- python2.5 <not-affected> (does not build minigzip.c)
CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX ...)
	{DSA-1317-1}
	- tinymux 2.4.3.31-1.1 (bug #417539)
CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ...)
	NOT-FOR-US: ne7ssh
CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: GlowWorm FW
CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...)
	NOT-FOR-US: pcapsipdump
CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...)
	- php5 5.2.2-1
	[etch] - php5 <not-affected> (Only affects PHP 5.2.1)
CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: 0irc
CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...)
	- moodle 1.5.3-1 (low)
CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 ...)
	NOT-FOR-US: SubHub
CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on ...)
	NOT-FOR-US: Microsoft DNS Server
CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management ...)
	NOT-FOR-US: LAN Management System
CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows ...)
	NOT-FOR-US: PortailPHP
CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 ...)
	NOT-FOR-US: ClassWeb
CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control ...)
	NOT-FOR-US: IMAILAPILib ActiveX control
CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 ...)
	NOT-FOR-US: RoseOnlineCMS
CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio ...)
	NOT-FOR-US: Splatt Forum
CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has ...)
	NOT-FOR-US: webCMS
CVE-2007-1631 (** DISPUTED ** ...)
	NOT-FOR-US: CLBOX
CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Link Engine
CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Photo Gallery
CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner ...)
	NOT-FOR-US: Study planner
CVE-2007-1627 (Multiple SQL injection vulnerabilities in php-revista 1.1.2 and ...)
	NOT-FOR-US: php-revista
CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame ...)
	NOT-FOR-US: iFrame Module for PHP-NUKE
CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in ...)
	NOT-FOR-US: Active PHP Bookmark Notes
CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer ...)
	NOT-FOR-US: PHP DB Designer
CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...)
	- zziplib <unfixed> (low)
	NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
	NOTE: If an attacker can supply arbitrary file names, we likely suffer from
	NOTE: an information disclosure issue anyway.
CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows ...)
	NOT-FOR-US: MPM Chat
CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a ...)
	NOT-FOR-US: IKANARI JIJYOU
CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue ...)
	NOT-FOR-US: NewsGlue
CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1601 (** DISPUTED ** ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye ...)
	NOT-FOR-US: Digital Eye Gallery
CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect ...)
	- wordpress <unfixed> (low)
CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 ...)
	NOT-FOR-US: FileCOPA FTP
CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address ...)
	NOT-FOR-US: NFN Address Book
CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk ...)
	- asterisk <unfixed> (low)
CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...)
	NOT-FOR-US: Symantec
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...)
	NOT-FOR-US: Trend Micro
CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and ...)
	NOT-FOR-US: Grandstream
CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows ...)
	NOT-FOR-US: Truecrypt
CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before calling ...)
	NOT-FOR-US: MyServer
CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows ...)
	NOT-FOR-US: StatsDawg
CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link ...)
	NOT-FOR-US: Zyxel
CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware ...)
	NOT-FOR-US: Cisco
CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows ...)
	NOTE: Dupe of CVE-2007-0907; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 <unfixed> (medium)
CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
	- php5 <unfixed> (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...)
	- php5 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: FTPDMIN
CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows ...)
	NOT-FOR-US: GeBlog
CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain ...)
	NOT-FOR-US: CARE2X
CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and ...)
	NOT-FOR-US: JGBBS
CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in ...)
	NOT-FOR-US: Activist Mobilization Platform
CVE-2007-1570
	REJECTED
	NOT-FOR-US: Haber Sistemi
CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 ...)
	NOT-FOR-US: NewsReactor
CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly ...)
	NOT-FOR-US: WarFTPd
CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows ...)
	NOT-FOR-US: NetVIOS Portal
CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ...)
	- kdelibs <unfixed> (unimportant)
CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote ...)
	- kdelibs 4:3.5.5a.dfsg.1-7
CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...)
	- iceweasel 2.0.0.3-1 (low)
CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6 ...)
	- squid 2.6.5-6 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-1559 (Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio ...)
	NOT-FOR-US: Roxio
CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 ...)
	{DSA-1305-1 DSA-1300-1}
	NOTE: Affects various clients, but no practical security implications
	NOTE: MFSA2007-15
	- icedove 2.0.0.4-1 (unimportant)
	- iceape 1.1.2-1 (unimportant)
CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...)
	NOT-FOR-US: F-Secure
CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...)
	NOT-FOR-US: Creative Files
CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 ...)
	NOT-FOR-US: Minerva module of phpBB
CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php ...)
	NOT-FOR-US: Guestbara
CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote ...)
	NOT-FOR-US: Guestbara
CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum ...)
	NOT-FOR-US: MetaForum
CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 ...)
	NOT-FOR-US: phpx
CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote ...)
	NOT-FOR-US: phpx
CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 ...)
	NOT-FOR-US: phpx
CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in ...)
	{DSA-1273-1}
	- nas 1.8-4 (medium; bug #416038)
CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...)
	NOT-FOR-US: Cisco
CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...)
	NOT-FOR-US: pragmaMX Landkarten
CVE-2007-1538 (** DISPUTED ** ...)
	NOT-FOR-US: McAfee
CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2007-1536 (Integer underflow in the file_printf function in the &quot;file&quot; program ...)
	{DSA-1274-1}
	- file 4.20-1 (bug #415362; high)
	NOTE: Has got lots of reverse dependencies.
	NOTE: Some of them process remotely supplied untrusted input.
CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user ...)
	NOT-FOR-US: Microsoft
CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains ...)
	NOT-FOR-US: Microsoft
CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the same ...)
	NOT-FOR-US: Microsoft
CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries included ...)
	NOT-FOR-US: Microsoft
CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather ...)
	NOT-FOR-US: Microsoft
CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the Mapper ...)
	NOT-FOR-US: Microsoft
CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP ...)
	NOT-FOR-US: Microsoft
CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox ...)
	NOT-FOR-US: Dayfox Blog
CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 ...)
	NOT-FOR-US: ZomPlog
CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain ...)
	NOT-FOR-US: NetBSD
CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...)
	{DSA-1283-1}
	- php5 <unfixed> (medium)
CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 <unfixed> (medium)
CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...)
	NOT-FOR-US: WSN Guest
CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 ...)
	- asterisk 1:1.4.2~dfsg-5 (bug #415466; medium)
	NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 ...)
	- asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
	[sarge] - asterisk <not-affected> (correctly logs a warning)
	NOTE: http://bugs.digium.com/view.php?id=9313
CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in ...)
	NOT-FOR-US: CcMail
CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 ...)
	- imp4 <unfixed> (medium)
CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb ...)
	NOT-FOR-US: ViperWeb Portal
CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7 and ...)
	NOT-FOR-US: FrontBase Relational Database Server
CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger 1.0.0 ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha Schroeder ...)
	NOT-FOR-US: krypt
CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x ...)
	{DSA-1271-1}
	- openafs 1.4.2-6 (medium)
CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Oracle Portal
CVE-2007-1505 (Fujistu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption ...)
	NOT-FOR-US: Fujistu FENCE-Pro
CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service in ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...)
	- rhapsody <removed> (medium)
CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...)
	- rhapsody <removed> (medium)
CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows ...)
	NOT-FOR-US: Avant Browse
CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to ...)
	NOT-FOR-US: Linux Security Auditing Tool
CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ...)
	NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control
CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not ...)
	{DSA-1289-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows ...)
	{DSA-1289-1}
	- linux-2.6 <unfixed> (medium)
CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl Portal ...)
	NOT-FOR-US: WebAPP
CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha Schroeder ...)
	NOT-FOR-US: CyberTeddy WebLog
CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2007-1485 (** DISPUTED ** ...)
	NOT-FOR-US: LIBFtp
CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: local malicious scripts only
CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...)
	- webcalendar 1.0.5-1 (high)
	[sarge] - webcalendar 0.9.45-4sarge7
	NOTE: This was fixed in Sarge as a side-effect of an earlier fix, marking current
	NOTE: Sarge version as fixed version
CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...)
	NOT-FOR-US: WBBlog
CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote ...)
	NOT-FOR-US: WBBlog
CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read ...)
	NOT-FOR-US: McGallery
CVE-2007-1477 (** DISPUTED ** ...)
	NOT-FOR-US: Point Of Sale for osCommerce
CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006 9.1.1.7 ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...)
	- php4 <unfixed> (unimportant)
	NOTE: Can only be triggered by malicious script
CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde ...)
	- horde3 3.1.3-4 (medium)
CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in ...)
	- horde3 <unfixed> (low)
CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...)
	NOT-FOR-US: Groupit
CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Orion-Blog
CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote ...)
	NOT-FOR-US: LIBFtp
CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gallery ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Cisco
CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...)
	- libwpd 0.8.9-1 (medium)
	[etch] - libwpd 0.8.7-6
CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 ...)
	NOT-FOR-US: dproxy
CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...)
	- inkscape <unfixed> (medium)
CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows ...)
	- inkscape <unfixed> (low)
CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
	NOT-FOR-US: conga
CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
	- php5 <unfixed> (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP ...)
	- php5 <unfixed> (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator ...)
	NOT-FOR-US: WebCreator
CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow ...)
	NOT-FOR-US: CARE2X
CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer ...)
	NOT-FOR-US: UniquE RAR File Library
CVE-2007-1456 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Photo Album
CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as ...)
	NOT-FOR-US: Fantastico
CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a ...)
	NOT-FOR-US: GuppY
CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open Education ...)
	NOT-FOR-US: Open Education System
CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for ...)
	NOT-FOR-US: BP Blog
CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary ...)
	- netperf <unfixed> (bug #413658; medium)
	[sarge] - netperf <no-dsa> (Non-free not supported)
	[etch] - netperf <no-dsa> (Non-free not supported)
CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the ...)
	NOT-FOR-US: Oracle Database
CVE-2007-1441 (The 4thPass browser on the RIM BlackBerry 8100 (Pearl) before 4.2.1 ...)
	NOT-FOR-US: BlackBerry 8100
CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows ...)
	NOT-FOR-US: JGBBS
CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php in ...)
	NOT-FOR-US: MySQL Commander
CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 ...)
	NOT-FOR-US: X-Ice News System
CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to ...)
	NOT-FOR-US: D-Link TFTP Server
CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 ...)
	- pennmush <unfixed> (low)
	[sarge] - pennmush <no-dsa> (Minor issue)
	[etch] - pennmush <no-dsa> (Minor issue)
CVE-2007-1430 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ClipShare
CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 ...)
	- moodle <unfixed>
CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 ...)
	NOT-FOR-US: JobSitePro
CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...)
	NOT-FOR-US: AssetMan
CVE-2007-1426 (AstroCam before 2.6.6 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AstroCam
CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro ...)
	NOT-FOR-US: SonicMailer Pro
CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media ...)
	NOT-FOR-US: DataLife Engine
CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti ...)
	NOT-FOR-US: Duyuru Scripti
CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 ...)
	NOT-FOR-US: SubDog
CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of ...)
	- mysql-dfsg-5.0 5.0.32-8 (bug #414790)
	[etch] - mysql-dfsg-5.0 5.0.32-7etch1
CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ...)
	NOT-FOR-US: JMX RMI-IIOP
CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: DekiWiki
CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...)
	NOT-FOR-US: NEWSSYSTEM
CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp ...)
	NOT-FOR-US: URLshrink
CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services ...)
	NOT-FOR-US: PMB Services
CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...)
	- php4 <not-affected> (cpdf extension not enabled in binary build)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...)
	TODO: check
	NOTE: Haven't been able to reproduce the issue in either php4 or php5
	NOTE: code inspection should be the next step.
CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal ...)
	NOT-FOR-US: GaziYapBoz Game Portal
CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via ...)
	- wordpress <not-affected> (Path disclosure)
CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) ...)
	NOT-FOR-US: Vallheru
CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header ...)
	[etch] - trac 0.10.3-1etch1
	- trac <unfixed> (low; bug #414134; bug #420219)
CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the &quot;download wiki page as ...)
	[etch] - trac 0.10.3-1etch1
	- trac <unfixed> (low; bug #414134; bug #420219)
CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote ...)
	NOT-FOR-US: ProSysInfo TFTP Server
CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows ...)
	NOT-FOR-US: Rediff Toolbar ActiveX control
CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...)
	NOT-FOR-US: php doesn't ship with cracklib activated in debian.
CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...)
	NOT-FOR-US: Plash
CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...)
	- php5 <unfixed> (medium)
CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...)
	- snort <not-affected> (Vulnerable code not present)
CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...)
	NOT-FOR-US: FiSH IRC Encryption
CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...)
	- php5 <unfixed> (unimportant)
	NOTE: Non-issue
CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 ...)
	- phpmyadmin 4:2.10.0.2-1 (medium)
CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...)
	NOT-FOR-US: Flat Chat
CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS ...)
	NOT-FOR-US: Magic CMS
CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows ...)
	NOT-FOR-US: netForo!
CVE-2007-1391 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: WEBO
CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 ...)
	NOT-FOR-US: dynalias
CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: dynalias
CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer ...)
	- mplayer 1.0~rc1-13 (bug #414075; low)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; low)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
CVE-2007-1386
	RESERVED
CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 ...)
	- php4 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...)
	NOT-FOR-US: Windows PHP COM extensions
CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...)
	- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...)
	{DSA-1283-1 DTSA-39-1}
	- php4 <unfixed> (unimportant)
	- php5 5.2.0-11 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
	NOTE: Should be fixed, could be used as a stepstone for further attacks
CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...)
	NOT-FOR-US: Snitz Forums
CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php ...)
	NOT-FOR-US: PostGuestbook
CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...)
	- conquest <unfixed> (medium)
CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before ...)
	NOT-FOR-US: Drupal module Project
CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya ...)
	NOT-FOR-US: Avaya Communications Manager
CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the ...)
	{DSA-1284-1 DTSA-38-1}
	- qemu 0.9.0-2 (bug #424070)
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...)
	NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...)
	NOT-FOR-US: DropAFew
CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...)
	NOT-FOR-US: DropAFew
CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1}
	NOTE: MFSA2007-14
	- iceape 1.1.2-1 (low)
	- iceweasel 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x ...)
	NOT-FOR-US: Drupal module Nodefamily
CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and ...)
	- libapache-mod-security <removed>
CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...)
	- tomcat4 <removed> (low)
CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-1356
	RESERVED
CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- tomcat4 <removed> (low)
	- tomcat5 <unfixed> (low)
	- tomcat5.5 <unfixed> (low)
CVE-2007-1354
	RESERVED
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...)
	- linux-2.6 <unfixed> (low)
CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont ...)
	{DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ...)
	{DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
	- freetype <unfixed> (medium; bug #426771)
CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in ...)
	- apache <removed> (low)
	- libapache2-mod-perl2 <unfixed> (low)
CVE-2007-1348
	RESERVED
CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...)
	NOT-FOR-US: Sun Fire Server
CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA ...)
	NOT-FOR-US: CA eTrust Admin
CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 ...)
	NOT-FOR-US: Ezstream
CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does ...)
	{DSA-1267-1}
	- webcalendar 1.0.5-1 (high)
CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in ...)
	NOT-FOR-US: vBulletin
CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz ...)
	NOT-FOR-US: News-Letterman
CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management ...)
	NOT-FOR-US: Links Management Application
CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort ...)
	NOT-FOR-US: Apple AirPort Extreme
CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 ...)
	NOT-FOR-US: VMware
CVE-2007-1336
	RESERVED
CVE-2007-1335
	RESERVED
CVE-2007-1334
	RESERVED
CVE-2007-1333
	RESERVED
CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...)
	NOT-FOR-US: JOLY BJ Webring
CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...)
	NOT-FOR-US: silc daemon
CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows ...)
	- serendipity <unfixed> (unimportant)
	NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html
CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in ...)
	- phpmyadmin 4:2.10.0.2-1
	[sarge] - phpmyadmin <no-dsa> (workaround for PHP issue)
	[etch] - phpmyadmin <no-dsa> (workaround for PHP issue)
CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the ...)
	NOT-FOR-US: SnapGear
CVE-2007-1323
	RESERVED
	{DSA-1284-1 DTSA-38-1}
CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
	{DSA-1284-1 DTSA-38-1}
	- qemu 0.9.0-2 (bug #424070)
CVE-2007-1321
	RESERVED
	{DSA-1284-1 DTSA-38-1}
	- qemu 0.9.0-2 (bug #424070)
CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...)
	{DSA-1284-1 DTSA-38-1}
	- qemu 0.9.0-2 (bug #424070)
CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...)
	NOT-FOR-US: DeviceXPlorer OLE
CVE-2007-1318
	RESERVED
CVE-2007-1317
	RESERVED
CVE-2007-1316
	RESERVED
CVE-2007-1315
	RESERVED
CVE-2007-1314
	RESERVED
CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly ...)
	NOT-FOR-US: NETxAutomation NETxEIB OPC Server
CVE-2007-1312
	RESERVED
CVE-2007-1311
	RESERVED
CVE-2007-1310
	RESERVED
CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated ...)
	NOT-FOR-US: Novell Access Management
CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...)
	NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote ...)
	- asterisk 1:1.2.16~dfsg-1 (medium)
CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and ...)
	NOT-FOR-US: RRDBrowse
CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...)
	NOT-FOR-US: LI-Guestbook
CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier ...)
	NOT-FOR-US: ISPUtil
CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats ...)
	NOT-FOR-US: Mani Stats Reader
CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows ...)
	NOT-FOR-US: AJ Auction
CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...)
	NOT-FOR-US: AJ Dating
CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds ...)
	NOT-FOR-US: AJ Classifieds
CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows ...)
	NOT-FOR-US: AJ Forum
CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in ...)
	NOT-FOR-US: DivXBrowserPlugin ActiveX control
CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ...)
	NOT-FOR-US: Rigter Portal System
CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug ...)
	NOT-FOR-US: TygerBT
CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking ...)
	NOT-FOR-US: TygerBT
CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking ...)
	NOT-FOR-US: TygerBT
CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News ...)
	NOT-FOR-US: WB News
CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info]
	- lintian 1.23.28 (low)
	[sarge] - lintian <not-affected> (Vulnerable code not present)
CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...)
	- php4 <unfixed> (unimportant)
	[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
	NOTE: Non-issue, explicit debug feature
CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (low)
CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...)
	- php5 <unfixed> (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: Needs to be sanisited within apps, only crashes the current instance anyway
CVE-2007-1284
	RESERVED
CVE-2007-1283
	RESERVED
CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey ...)
	- icedove 1.5.0.10.dfsg1-1 (medium)
CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux ...)
	NOT-FOR-US: Kaspersky AntiVirus Engine
CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and ...)
	NOT-FOR-US: Adobe
CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 ...)
	NOT-FOR-US: Adobe JRun and Coldfusion
CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...)
	- wordpress <not-affected> (orig.tar.gz not compromised)
CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...)
	- webmin <removed>
CVE-2007-1275
	RESERVED
CVE-2007-1274
	RESERVED
CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3]
	- git-core 1.5.0.3-1 (bug #413629; low)
	[etch] - git-core 1:1.4.4.4-2 (bug #413629; low)
CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before ...)
	NOT-FOR-US: NetBSD Kernel
CVE-2007-1272
	RESERVED
CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd ...)
	- gnumail <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1268 (Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...)
	- mutt <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1267 (Sylpheed 2.2.7 and earlier does not properly use the --status-fd ...)
	- sylpheed <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1266 (Evolution 2.8.1 and earlier does not properly use the --status-fd ...)
	- evolution <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1265 (KMail 1.9.5 and earlier does not properly use the --status-fd argument ...)
	- kdepim <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd ...)
	- enigmail <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the ...)
	{DSA-1266-1}
	- gnupg 1.4.6-2 (bug #413922; low)
	- gpgme1.0 1.1.2-3 (bug #414170; low)
	- gnupg2 2.0.3-1
	[sarge] - gnupg2 <no-dsa> (Minor issue)
	[etch] - gnupg2 <no-dsa> (Minor issue)
CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...)
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1
CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in ...)
	NOT-FOR-US: WebMod
CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have ...)
	NOT-FOR-US: WebAPP
CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...)
	NOT-FOR-US: Cisco
CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...)
	NOT-FOR-US: Cisco
CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...)
	- iceweasel <unfixed> (medium)
CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script ...)
	- blender 2.42a-6 (medium)
	[sarge] - blender <not-affected> (bug was introduced in version 2.42)
	NOTE: http://lists.alioth.debian.org/pipermail/secure-testing-team/2007-March/001095.html
CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch ...)
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1251 (Format string vulnerability in the new_warning function in ...)
	NOT-FOR-US: Netrek Vanilla Server
CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning ...)
	NOT-FOR-US: Learning Management Suite
CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 ...)
	NOT-FOR-US: Contelligent
CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News ...)
	NOT-FOR-US: News Manager Blog
CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs ...)
	NOT-FOR-US: aWebNews
CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...)
	- mplayer 1.0~rc1-13 (bug #414075; medium)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; medium)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
	NOTE: vlc checked, and is not affected.
CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: IrfanView
CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...)
	- wordpress 2.1.2-1 (medium)
CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS ...)
	NOT-FOR-US: Docebo CMS
CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: sitex
CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: sitex
CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote ...)
	NOT-FOR-US: sitex
CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow ...)
	NOT-FOR-US: sitex
CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in ...)
	NOT-FOR-US: STWC-Counter
CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- wordpress 2.1.2-1 (medium)
CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ...)
	NOT-FOR-US: Nullsoft ShoutcastServer
CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows ...)
	NOT-FOR-US: Hitachi OSAS/FT/W
CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...)
	NOT-FOR-US: Parallels Desktop
CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin ...)
	NOT-FOR-US: Phorum
CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...)
	- isdnutils 1:3.9.20060704-3 (bug #408530; low)
	[sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
	- asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant)
	- linux-2.6 <unfixed> (bug #411294; unimportant)
	NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server
CVE-2007-1216 (Double-free vulnerability in the GSS-API library ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1210
	RESERVED
CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ...)
	NOT-FOR-US: Windows Vista
CVE-2007-1208
	RESERVED
CVE-2007-1207
	RESERVED
CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1201
	RESERVED
CVE-2007-1200
	RESERVED
CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have ...)
	NOT-FOR-US: Epiware
CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for ...)
	NOT-FOR-US: Citrix
CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt ...)
	NOT-FOR-US: SandBox Analyzer
CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM ...)
	NOT-FOR-US: OrangeHRM
CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive ...)
	NOT-FOR-US: HyperBook Guestbook
CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes ...)
	NOT-FOR-US: Quicksilver plugin Social Bookmarks
CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX ...)
	NOT-FOR-US: EmbeddedWB ActiveX control
CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell ...)
	NOT-FOR-US: Alcatel-Lucent Bell Labs Plan 9
CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form ...)
	NOT-FOR-US: WebAPP
CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...)
	NOT-FOR-US: WebAPP
CVE-2007-1186 (WebAPP before 0.9.9.5 does not &quot;censor&quot; the Latest Member real name, ...)
	NOT-FOR-US: WebAPP
CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...)
	NOT-FOR-US: WebAPP
CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA ...)
	NOT-FOR-US: WebAPP
CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof ...)
	NOT-FOR-US: WebAPP
CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest ...)
	NOT-FOR-US: WebAPP
CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the ...)
	NOT-FOR-US: WebAPP
CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...)
	NOT-FOR-US: WebAPP
CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts ...)
	NOT-FOR-US: WebAPP
CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
	NOT-FOR-US: WebAPP
CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
	NOT-FOR-US: WebAPP
CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service ...)
	NOT-FOR-US: CentennialIPTransferServer
CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel ...)
	NOT-FOR-US: WebAPP
CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends ...)
	NOT-FOR-US: SimBin Racing
CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ...)
	NOT-FOR-US: Clanportal
CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows ...)
	NOT-FOR-US: Nabopoll
CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 ...)
	NOT-FOR-US: DBGuestbook
CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery ...)
	NOT-FOR-US: DBImageGallery
CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and ...)
	NOT-FOR-US: webSPELL
CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ...)
	NOT-FOR-US: Common Controls ActiveX control
CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...)
	NOT-FOR-US: Call Center Software
CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the ...)
	{DSA-1272-1}
	- tcpdump 3.9.5-2 (bug #413430; low)
CVE-2007-XXXX [puttygen can create world-readable private keys]
	- putty <unfixed> (bug #400804; unimportant)
	NOTE: Sensitive operations like key generation should only be done in private home
CVE-2007-XXXX [asterisk remote SIP security hole]
	- asterisk 1:1.2.16~dfsg-1
CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to ...)
	NOT-FOR-US: webSPELL
CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1158 (Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 ...)
	NOT-FOR-US: Pagesetter
CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: JBoss
CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access ...)
	NOT-FOR-US: JBrowser
CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote ...)
	NOT-FOR-US: webSPELL
CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to ...)
	NOT-FOR-US: webSPELL
CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2007-1152 (Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows ...)
	NOT-FOR-US: hbm
CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost ...)
	NOT-FOR-US: arabhost
CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote ...)
	NOT-FOR-US: pheap
CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1137 (putmail.py in Putmail before 1.4 does not detect when a user attempts ...)
	NOT-FOR-US: Putmail
CVE-2007-1136 (index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1135 (Multiple SQL injection vulnerabilities in WebMplayer before ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1134 (Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown ...)
	NOT-FOR-US: Watchtower
CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 ...)
	NOT-FOR-US: FCRing
CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the &quot;Contact ...)
	NOT-FOR-US: MTCMS
CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis ...)
	NOT-FOR-US: Sinapis Forum
CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis ...)
	NOT-FOR-US: Sinapis Gastebuch
CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow ...)
	NOT-FOR-US: MTCMS
CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows ...)
	NOT-FOR-US: xtcommerce
CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow ...)
	NOT-FOR-US: ZPanel
CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1120 (The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions ...)
	NOT-FOR-US: TeeChart Pro ActiveX control
CVE-2007-1119 (Unspecified vulnerability in Novell ZENworks 7 Desktop Management ...)
	NOT-FOR-US: Novell ZENworks
CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 ...)
	NOT-FOR-US: eFiction
CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...)
	{DSA-1300-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	- xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; low)
	NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/,
	NOTE: older mozillas are not vulnerable
CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset ...)
	NOT-FOR-US: Opera
CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1113
	RESERVED
CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery ...)
	NOT-FOR-US: Phpwebgallery
CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian ...)
	NOT-FOR-US: CS-Gallery
CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1106 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NoMoKeTos Rules
CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme ...)
	NOT-FOR-US: phpBB Extreme
CVE-2007-1104 (PHP remote file inclusion vulnerability in top.php in PHP Module ...)
	NOT-FOR-US: PHP Module Implementation
CVE-2007-1103 (Tor does not verify a node's uptime and bandwidth advertisements, ...)
	- tor <unfixed> (medium)
CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Photostand
CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand ...)
	NOT-FOR-US: Photostand
CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan ...)
	NOT-FOR-US: Pickle
CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...)
	- dropbear 0.49-1 (unimportant; bug #412899)
	NOTE: That's a lack of a security feature (strict hostkey checking in openssh
	NOTE: termininoloy) and an awkward interface, but not a vulnerability per se
	NOTE: Especially as dropbear is specifically labeled a stripped down SSH implementation
	[etch] - dropbear 0.48.1-2
CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have ...)
	NOT-FOR-US: ScryMUD
CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function ...)
	NOT-FOR-US: Wiclear
CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload ...)
	- iceweasel <unfixed> (medium)
CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...)
	NOT-FOR-US: Network Node Manager
CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows ...)
	NOT-FOR-US: Google Desktop
CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...)
	- iceweasel <unfixed> (low)
	- iceape <unfixed> (low)
	NOTE: xulrunner by itself is not affeced, but other browsers based on xulrunner may be affected
	TODO: check epiphany, galeon and kazehakase
CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...)
	NOT-FOR-US: ConfigChk ActiveX control
CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, ...)
	NOT-FOR-US: FTP Explorer
CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, ...)
	- typo3-src 4.0.5+debian-1 
	[etch] - typo3-src 4.0.2+debian-3
CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager ...)
	NOT-FOR-US: FTP Voyager
CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in ...)
	NOT-FOR-US: FlashGameScript
CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 ...)
	NOT-FOR-US: UserPages2
CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows ...)
	NOT-FOR-US: mcRefer
CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, ...)
	NOT-FOR-US: Cisco
CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple ...)
	NOT-FOR-US: Apple ImageIO
CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows ...)
	NOT-FOR-US: VMware
CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ...)
	NOT-FOR-US: Cisco
CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, ...)
	NOT-FOR-US: Cisco
CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and ...)
	NOT-FOR-US: Cisco
CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire ...)
	NOT-FOR-US: SendStudio
CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate ...)
	NOT-FOR-US: Ultimate Fun Book
CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web ...)
	NOT-FOR-US: Online Web Building
CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application ...)
	NOT-FOR-US: Nortel Application Switch
CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user ...)
	NOT-FOR-US: VMware
CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1053 (** DISPUTED ** ...)
	NOT-FOR-US: phpXmms
CVE-2007-1052 (** DISPUTED ** ...)
	NOT-FOR-US: PBLang
CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: MyCalendar
CVE-2007-1048 (PHP remote file inclusion vulnerability in admin_rebuild_search.php in ...)
	NOT-FOR-US: phpbb_wordsearch
CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) ...)
	- dcc <unfixed> (medium)
CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a ...)
	NOT-FOR-US: Dem_trac
CVE-2007-1045 (mAlbum 0.3 has default accunts (1) &quot;login&quot;/&quot;pass&quot; for its ...)
	NOT-FOR-US: mAlbum
CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list ...)
	NOT-FOR-US: PowerSchool
CVE-2007-1043 (Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass ...)
	NOT-FOR-US: Ezboo
CVE-2007-1042 (Directory traversal vulnerability in news.php in Xpression News ...)
	NOT-FOR-US: Xpression News
CVE-2007-1041 (Multiple stack-based buffer overflows in S&amp;H Computer Systems News ...)
	NOT-FOR-US: News Rover
CVE-2007-1040 (Directory traversal vulnerability in archives.php in Xpression News ...)
	NOT-FOR-US: Xpression News
CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 ...)
	NOT-FOR-US: Peanut Knowledge Base
CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: Grabit
CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier ...)
	NOT-FOR-US: News File Grabber
CVE-2007-XXXX [vserver patch allows renice of processes in different context]
	- linux-2.6 2.6.18.dfsg.1-12 (bug #412143)
CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]
	- apg <unfixed> (bug #412618)
	[etch] - apg <no-dsa> (Minor issue)
	NOTE: This is not reproducible after a recompile on amd64.
CVE-2007-XXXX [mt-daapd remote access & default password]
	- mt-daapd <unfixed> (unimportant; bug #404640)
	NOTE: User-unfriendly packaging flaw, but not a vulnerability per se
CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security support in default config]
	- amavisd-new <unfixed> (unimportant; bug #410588)
	NOTE: Doesn't affect a standard Debian installation, only users, which install
	NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability
CVE-2007-XXXX [MediaWiki XSS based on Microsoft Internet Explorer's UTF-7 charset autodetection]
	- mediawiki1.7 1.7.1-9 (low)
CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce ...)
	{DTSA-34-1}
	- wordpress 2.1.1-1 (low)
CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro ServerProtect for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...)
	NOT-FOR-US: JBoss
CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 ...)
	NOT-FOR-US: Mediafield and Audio modules for Drupal
	NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3
CVE-2007-1034 (SQL injection vulnerability in the category file in modules.php in the ...)
	NOT-FOR-US: Emporium for PHP-Nuke
CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and ...)
	NOT-FOR-US: Secure site for Drupal
CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when ...)
	NOT-FOR-US: phpMyFAQ
CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs ...)
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a ...)
	- libevent <unfixed> (bug #411996; unimportant)
	NOTE: Only versions 1.2 and 1.2a are vulnerable -- 1.1a-1 is safe.
CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 ...)
	NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image ...)
	NOT-FOR-US: Image Pager
CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier ...)
	NOT-FOR-US: XLAtunes
CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php in ...)
	NOT-FOR-US: VS-Link-Partner
CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's ...)
	NOT-FOR-US: Meganoide's news
CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 ...)
	NOT-FOR-US: Turuncu Portal
CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 ...)
	NOT-FOR-US: CedStat
CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when ...)
	NOT-FOR-US: webSPELL
CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote ...)
	NOT-FOR-US: VicFTPS
CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in ...)
	NOT-FOR-US: VirtualSystem Htaccess Password Generator
CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 ...)
	NOT-FOR-US: DeskPRO
CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in ...)
	NOT-FOR-US: VS-Gastebuch
CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, ...)
	NOT-FOR-US: ZebraFeeds
CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the ...)
	NOT-FOR-US: InstallAnywhere
CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Apple iTunes
CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows ...)
	{DSA-1262-1}
	- gnomemeeting <removed> (high)
CVE-2007-1006 (Multiple format string vulnerabilities in the ...)
	- ekiga 2.0.3-2.1 (bug #411944; high)
CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in ...)
	NOT-FOR-US: eTrust Intrusion Detection
CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and ...)
	- iceweasel <unfixed> (low)
	- iceape <unfixed> (low)
	- xulrunner <unfixed> (low)
	NOTE: maintainer notes that this may affect browsers based on xulrunner
CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList ...)
	{DSA-1294-1}
	- xorg-server 2:1.1.1-21 (medium)
CVE-2007-1002 (Format string vulnerability in the write_html function in ...)
	- evolution <unfixed>
	[sarge] - evolution <not-affected> (Vulnerable code not present)
CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp ...)
	- libgd2 <unfixed> (medium)
	NOTE: Although reported initially for PHP5, this needs to be fixed in gd2, our
	NOTE: PHP5 links dynamically
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
	- linux-2.6 2.6.18.dfsg.1-12 (medium)
CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...)
	- ekiga 2.0.3-5 (bug #414069; high)
CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly ...)
	- xen-3.0 <unfixed> (medium)
CVE-2007-0997
	RESERVED
CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before ...)
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey ...)
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-tunderbird <unfixed> (low)
	[sarge] - mozilla-firefox <unfixed> (low)
	[sarge] - mozilla <unfixed> (low)
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x ...)
	- iceweasel 2.0.0.2+dfsg-2 (medium)
CVE-2007-0993
	REJECTED
CVE-2007-0992
	RESERVED
CVE-2007-0991
	RESERVED
CVE-2007-0990
	RESERVED
CVE-2007-0989
	RESERVED
CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...)
	{DSA-1264-1}
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	- php5 5.2.0-9
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and ...)
	NOT-FOR-US: phpCC
CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows ...)
	NOT-FOR-US: PollMentor
CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT ...)
	NOT-FOR-US: AT Contenator
CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x ...)
	NOTE: MFSA-2007-07
	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
	- xulrunner 1.8.0.10-1 (high)
	- iceape 1.0.8-1 (high)
	- mozilla-firefox <removed> (high)
	- mozilla <removed> (high)
	- firefox <removed> (high)
CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for ...)
	NOT-FOR-US: HP Serviceguard
CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...)
	NOT-FOR-US: LifeType
CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML for all ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...)
	NOT-FOR-US: ActSoft DVD-Tools ActiveX control
CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before ...)
	NOT-FOR-US: DropBox
CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and ...)
	NOT-FOR-US: WebTester
CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester ...)
	NOT-FOR-US: WebTester
CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
	NOT-FOR-US: Cisco
CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows ...)
	NOT-FOR-US: Cisco
CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the ...)
	NOT-FOR-US: Cisco
CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to ...)
	NOT-FOR-US: Cisco
CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...)
	NOT-FOR-US: Cisco
CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before ...)
	NOT-FOR-US: Cisco
CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before ...)
	NOT-FOR-US: Cisco
CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series ...)
	NOT-FOR-US: Cisco
CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...)
	NOT-FOR-US: Cisco
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1 (unimportant)
CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...)
	NOT-FOR-US: Mail Enable Professional
CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...)
	NOT-FOR-US: MOHA Chat
CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 ...)
	NOT-FOR-US: @Mail
CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player ...)
	NOT-FOR-US: iTinySoft
CVE-2007-0948
	RESERVED
CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0943
	RESERVED
CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0941
	RESERVED
CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object ...)
	NOT-FOR-US: Microsoft CAPICOM
CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0937
	RESERVED
CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow ...)
	NOT-FOR-US: Microsoft
CVE-2007-0935
	RESERVED
CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ ...)
	NOT-FOR-US: D-Link
CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 ...)
	NOT-FOR-US: prb (php rrd browser)
CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to ...)
	NOT-FOR-US: uTorrent
CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows ...)
	NOT-FOR-US: KvGuestbook
CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx ...)
	NOT-FOR-US: Community Server
CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass ...)
	NOT-FOR-US: phpPolls
CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to ...)
	NOT-FOR-US: Portal Search
CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in ...)
	NOT-FOR-US: Portal Search
CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an ...)
	NOT-FOR-US: Portal Search
CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 ...)
	NOT-FOR-US: Philboard
CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ...)
	NOT-FOR-US: MiniWebsvr
CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System ...)
	NOT-FOR-US: Cisco
CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...)
	NOT-FOR-US: Cisco
CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...)
	NOT-FOR-US: HP-UX
CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...)
	NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...)
	- php5 5.2.2-1 (bug #410561; bug #410995; medium)
	[etch] - php5 <not-affected> (A regression only affecting 5.2.1)
CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...)
	- php5 5.2.0-9 (unimportant)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9 (unimportant)
	NOTE: this extension is not enabled in the php packages
CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...)
	{DSA-1264-1}
	NOTE: (4) is a non-issue, as we don't use the bundled sqlite
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...)
	- php5 <unfixed> (bug #410561; bug #410995; unimportant)
	NOTE: we normally don't spend much time on safe_mode and open_basedir
	NOTE: issues, but the because the attack vectors are "unspecified", it
	NOTE: might be harder for us to try and sort out the fixes for this
	NOTE: from the session fixes in CVE-2007-0906 (see there for more info)
CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd ...)
	- ejabberd 1.1.2-5
CVE-2007-0902 (Unspecified vulnerability in the &quot;Show debugging information&quot; feature ...)
	- moin <not-affected> (Despite what the CVE says, this is not a problem in the 1.5.x code)
	[sarge] - moin <unfixed> (bug #411084; medium)
CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in ...)
	- moin <unfixed> (unimportant)
	NOTE: this is a version information disclosure.
CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c]
	RESERVED
	{DSA-1263-1}
	- clamav 0.90-1
	[etch] - clamav	0.88.7-2
CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411117)
	[etch] - clamav	0.88.7-2
CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411118)
	[etch] - clamav	0.88.7-2
CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before ...)
	- firefox-sage 1.3.10-1
	[etch] - firefox-sage <not-affected> (HTML mode not enabled in Etch)
	NOTE: http://secunia.com/advisories/24086/
	NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer
CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to cause a ...)
	- spamassassin 3.1.7-2 (bug #410843)
	NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2) ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...)
	- mediawiki <unfixed> (unimportant)
	NOTE: Only path disclosure
CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in ...)
	NOT-FOR-US: cPanel
CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption (&quot;reversible ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login ...)
	NOT-FOR-US: Axigen
CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows ...)
	NOT-FOR-US: Axigen
CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Rainbow.Zen
CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows ...)
	- mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable)
CVE-2007-0883 (Directory traversal vulnerability in ...)
	NOT-FOR-US: IP3 NetAccess
CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...)
	NOT-FOR-US: OPENi-CMS
CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root ...)
	NOT-FOR-US: Capital Request Forms
CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows ...)
	NOT-FOR-US: PEBrowse
CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...)
	NOT-FOR-US: March Networks DVR
CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image ...)
	NOT-FOR-US: Quick Digital Image Gallery
CVE-2007-0875 (** DISPUTED ** ...)
	NOT-FOR-US: mcRefer
CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Allons_voter
CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: nabopoll
CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) ...)
	NOT-FOR-US: Plain Old Webserver
CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File ...)
	NOT-FOR-US: eXtreme File Hosting
CVE-2007-XXXX [dokuwiki conf directory accessible by web users]
	- dokuwiki 0.0.20061106-3 (bug #410557)
CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager ...)
	NOT-FOR-US: vBulletin
CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in ...)
	NOT-FOR-US: Site-Assistant
CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on ...)
	NOT-FOR-US: HP OpenView
CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0863 (** DISPUTED ** ...)
	NOT-FOR-US: Trevorchan
CVE-2007-0862 (** DISPUTED ** ...)
	NOT-FOR-US: gnopaste
CVE-2007-0861 (** DISPUTED ** ...)
	NOT-FOR-US: phpCOIN
CVE-2007-0860 (** DISPUTED ** ...)
	NOT-FOR-US: local Calendar System
CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the ...)
	NOT-FOR-US: Palm OS Treo
CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki]
	- ikiwiki 1.42 (low)
	[etch] - ikiwiki 1.33.1
CVE-2007-0858
	RESERVED
CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...)
	- moin 1.5.3-1.2 (bug #410338; medium; bug #410552)
CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module ...)
	NOT-FOR-US: Trend Micro Anti-Rootkit Common Module
CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR ...)
	- rar 1:3.7b1-1 (high; bug #410582)
	[sarge]	- rar <no-dsa> (Non-free)
	[etch] - rar <no-dsa> (Non-free)
	- unrar-nonfree 1:3.7.3-1 (high; bug #410580)
	[sarge]	- unrar-nonfree <no-dsa> (Non-free)
	[etch] - unrar-nonfree <no-dsa> (Non-free)
	NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
	NOTE: which probably turns this into remote code execution
	NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration
	NOTE: unrar-free and clamav (which embeds unrar-free code) not affected
CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...)
	NOT-FOR-US: DevTrack
CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...)
	NOT-FOR-US: DevTrack
CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before ...)
	NOT-FOR-US: Trend Micro Scan Engine
CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and ...)
	NOT-FOR-US: SysCP
CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly ...)
	NOT-FOR-US: SysCP
CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php ...)
	NOT-FOR-US: Maian Recipe
CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...)
	NOT-FOR-US: Advanced Poll
CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library ...)
	NOT-FOR-US: Microsoft
CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...)
	NOT-FOR-US: vbDrupal
CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...)
	NOT-FOR-US: HLstats
CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: WebMatic
CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a ...)
	NOT-FOR-US: FreeProxy
CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...)
	NOT-FOR-US: AgerMenu
CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows ...)
	NOT-FOR-US: FlashChat
CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the &quot;Enable copy and paste to and ...)
	NOT-FOR-US: VMware
CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the ...)
	NOT-FOR-US: VMware
CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Atsphp
CVE-2007-0830 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a ...)
	NOT-FOR-US: avast!
CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in ...)
	NOT-FOR-US: MySQLNewsEngine
CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...)
	NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control
CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows ...)
	NOT-FOR-US: Kisisel Site
CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of ...)
	NOT-FOR-US: FlashFXP
CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been ...)
	- xterm <not-affected> (Not a security problem)
CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux ...)
	- mount <not-affected> (Not a security problem)
CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2007-0818
	REJECTED
CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web ...)
	NOT-FOR-US: Adobe ColdFusion web server
CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in ...)
	NOT-FOR-US: Uphotogallery
CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...)
	NOT-FOR-US: ASP Chat
CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production ...)
	NOT-FOR-US: MySearchEngine
CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on ...)
	NOT-FOR-US: Microsoft
CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in ...)
	NOT-FOR-US: GeekLog
CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Categories Hierarchy
CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows ...)
	NOT-FOR-US: Mina Ajans Script
CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat ...)
	NOT-FOR-US: flashChat
CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Les News
CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...)
	NOT-FOR-US: GGCMS
CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...)
	- stlport5 5.0.3-1 (bug #410864; low)
	[etch] - stlport5 5.0.2-12
	[sarge] - stlport5 <not-affected> (Vulnerable code not compiled in)
CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
	- iceweasel <unfixed> (low)
CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- firefox <removed> (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <unfixed> (medium)
	[sarge] - mozilla <unfixed> (medium)
	- firefox <removed> (medium)
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in ...)
	NOT-FOR-US: SMA-DB
CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, ...)
	NOT-FOR-US: WinProxy
CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal ...)
	NOT-FOR-US: Wap Portal Server
CVE-2007-0794 (** DISPUTED ** ...)
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in ...)
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...)
	- bugzilla <not-affected> (Only development version 2.23.3 is affected)
CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla ...)
	- bugzilla <unfixed> (bug #409824; low)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP ...)
	NOT-FOR-US: SmartFTP
CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote ...)
	- mambo 4.6.1-1 (medium)
	NOTE: only the 4.5.x tree was vulnerable
CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before ...)
	- mediawiki <not-affected> (Only in 1.9 branch, fixed in 1.9.2)
CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie ...)
	NOT-FOR-US: Noname Media Photo Galerie Standard
CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in ...)
	NOT-FOR-US: Flipsource Flip
CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond ...)
	NOT-FOR-US: RBL ASP tPassword
CVE-2007-0783
	RESERVED
CVE-2007-0782
	RESERVED
CVE-2007-0781
	RESERVED
CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and ...)
	NOTE: MFSA-2007-04
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <not-affected> (introduced in firefox 1.5)
	[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x ...)
	NOTE: MFSA-2007-03
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <unfixed> (low)
	[sarge] - mozilla <unfixed> (low)
CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <unfixed> (high)
	[sarge] - mozilla-thunderbird <unfixed> (low)
	[sarge] - mozilla <unfixed> (high)
CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <unfixed> (low)
	[sarge] - mozilla-thunderbird <unfixed> (low)
	[sarge] - mozilla <unfixed> (low)
	NOTE: Only one of the crashes can be triggered in Sarge, 326864
CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function ...)
	- libapache-mod-jk 1:1.2.21-1 (medium)
	[sarge] - libapache-mod-jk <not-affected>
	[etch] - libapache-mod-jk <not-affected>
	NOTE: affects only 1.2.19 and 1.2.20
CVE-2007-0773 (The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users ...)
	- linux-2.6 2.6.12-1
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...)
	- linux-2.6 2.6.18.dfsg.1-11
CVE-2007-0771 (Unspecified vulnerability in the utrace support for Linux kernel ...)
	- linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree)
CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...)
	{DSA-1260}
	- graphicsmagick 1.1.7-12
	- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c ...)
	{DSA-1294-1}
	- xfree86 <removed> (bug #414046; medium)
	- libx11 2:1.0.3-7 (bug #414045; medium)
	NOTE: Discovered through CVE-2007-0770.
	NOTE: With certain mail user agents, this issue is likely exploitable
	NOTE: without much user interaction.
CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when ...)
	- libpam-ssh <unfixed> (bug #410236; medium)
CVE-2007-0769 (** DISPUTED ** ...)
	NOT-FOR-US: Phorum
CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before ...)
	NOT-FOR-US: Phorum
CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows ...)
	NOT-FOR-US: .NET Explorer
CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 ...)
	NOT-FOR-US: Curium CMS
CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier ...)
	NOT-FOR-US: F3Site
CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment ...)
	NOT-FOR-US: F3Site
CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB++
CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard ...)
	NOT-FOR-US: phpBB ezBoard converter
CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by ...)
	NOT-FOR-US: EQdkp
CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow ...)
	NOT-FOR-US: EasyMoblog
CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 ...)
	NOT-FOR-US: PHPProbid
CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes ...)
	NOT-FOR-US: CoD2 DreamStats
CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Chicken of the VNC
CVE-2007-0755
	RESERVED
CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the ...)
	NOT-FOR-US: Apple
CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might ...)
	NOT-FOR-US: Apple
CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 ...)
	NOT-FOR-US: Apple
CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function in ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect configuration ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0742 (The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display ...)
	NOT-FOR-US: Apple
CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0737 (The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0736 (Integer overflow in the RPC library in Libinfo in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0735 (Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0734 (fsck, as used by the AirPort Disk feature of the AirPort Extreme Base ...)
	NOT-FOR-US: AirPort Extreme Base Station
CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple Mac ImageIO
CVE-2007-0732 (Unspecified vulnerability in the CoreServices daemon in CarbonCore in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac Server Manager
CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0727
	RESERVED
CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple OpenSSH
CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0723 (Unspecified vulnerability in the authentication feature for ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to ...)
	- cupsys <unfixed> (low)
	[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
	[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows ...)
	NOT-FOR-US: GOM Player
CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet ...)
	NOT-FOR-US: Darksky RSS
CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and ...)
	NOT-FOR-US: Sleipnir
CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 ...)
	NOT-FOR-US: Somery
CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in ...)
	NOT-FOR-US: WebBuilder
CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan ...)
	NOT-FOR-US: phpEventMan
CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in ...)
	NOT-FOR-US: Epistemon
CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain ...)
	NOT-FOR-US: Portail Web
CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in ...)
	NOT-FOR-US: Portail Web
CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 ...)
	NOT-FOR-US: DGNews
CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote ...)
	NOT-FOR-US: DGNews
CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: DGNews
CVE-2007-0691
	REJECTED
CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: myEvent
CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-XXXX [remctl ACL bypass vulnerability]
	- remctl 2.2-2
	[sarge] - remctl <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [ejabberd unspecified vulnerability in mod_roster_odbc]
	- ejabberd 1.1.2-5
CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti ...)
	NOT-FOR-US: Hunkaray Duyuru Scripti
CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...)
	NOT-FOR-US: L2J Dropcalc
CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) ...)
	NOT-FOR-US: Intel 2200BG Cards drive.
CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean ...)
	NOT-FOR-US: Cerulean Portal System
CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Omegaboard
CVE-2007-0682 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ...)
	NOT-FOR-US: ExtCalendar
CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Phpbb Tweaked it is a module to phpbb
CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in ...)
	NOT-FOR-US: PHPMyRing
CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting ...)
	NOT-FOR-US: Fullaspsite Asp Hosting Sites
CVE-2007-0677 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Cadre PHP Framework
CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...)
	NOT-FOR-US: ExoPHPDesk
CVE-2007-0675 (** DISPUTED ** ...)
	NOT-FOR-US: Windows Vista
CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
	NOT-FOR-US: Windows Mobile
CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops &amp; Desktops ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local ...)
	- twiki 1:4.0.5-9 (bug #410256)
CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...)
	NOT-FOR-US: Sun Solaris.
CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...)
	- sql-ledger <unfixed> (bug #409703)
	[etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
	NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
	NOTE: is not secure with untrusted users.
CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...)
	- thttpd <not-affected> (Gentoo-specific packaging flaw)
	NOTE: In accordance with Debian Policy is not possible start Webserver 
	NOTE: in root directory (/).
CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0662 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Hailboards
CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), ...)
	NOT-FOR-US: Intel BMC
CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before ...)
	NOT-FOR-US: DotNetNuke
CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for ...)
	NOT-FOR-US: MODx MuddyDogPaws FileDownload
CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module ...)
	NOT-FOR-US: Drupal addon module "Textimage"
CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to ...)
	- nexuiz 2.2.3-1 (medium)
	[etch] - nexuiz <not-affected> (Vulnerable code not present, was introduced in 2.2.2)
CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan ...)
	NOT-FOR-US: MicroWorld
CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...)
	- tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does)
CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR ...)
	NOT-FOR-US: OpenEMR
CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...)
	NOT-FOR-US: Cisco
CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote ...)
	NOT-FOR-US: AppleKit
CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote ...)
	NOT-FOR-US: iMovie
CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote ...)
	NOT-FOR-US: iPhoto
CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows ...)
	NOT-FOR-US: Bloodshed Dev-C++ 
CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU ...)
	NOT-FOR-US: Raymond BERTHOU script collection
CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 ...)
	NOT-FOR-US: Shaffer Solutions (SSC)
CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack ...)
	- zabbix 1:1.1.4-8 (bug #409257)
CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY ...)
	NOT-FOR-US: GuppY
CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...)
	NOT-FOR-US: PHPFootball
CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...)
	NOT-FOR-US: Galeria Zdjec
CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact ...)
	NOT-FOR-US: incron
CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 ...)
	NOT-FOR-US: EncapsCMS
CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak]
	- kaya 0.2.0-6 (bug #409062)
CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive]
	- libx11 2:1.0.3-5 (low)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=9279
CVE-2007-0633 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNews
CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...)
	NOT-FOR-US: xNews
CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not ...)
	NOT-FOR-US: Plain Black WebGUI 
CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password ...)
	NOT-FOR-US: gtalkbot
CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal ...)
	- drupal 4.7.6-1
CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not ...)
	NOT-FOR-US: NoMachine NX Server
CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0621
	REJECTED
	NOT-FOR-US: Microsoft Word
CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: FD Script
CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ...)
	- chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...)
	NOT-FOR-US: Earthlink TotalAccess
CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in ...)
	NOT-FOR-US: zenphoto
CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition ...)
	NOT-FOR-US: Hitachi
CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
	NOT-FOR-US: Apple
CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
	NOT-FOR-US: Apple
CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and ...)
	NOT-FOR-US: Microsoft ActiveX
CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in ...)
	NOT-FOR-US: CMSimple
CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...)
	NOT-FOR-US: Movable Type
CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...)
	NOT-FOR-US: PGP Desktop
CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde ...)
	NOT-FOR-US: makit news
CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review ...)
	NOT-FOR-US: high5 Review
CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with ...)
	NOT-FOR-US: Siteman
CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with ...)
	NOT-FOR-US: Siteman
CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows ...)
	NOT-FOR-US: EzDatabase
CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An ...)
	NOT-FOR-US: VirtualPath
CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by ...)
	NOT-FOR-US: Apple
CVE-2007-0587
	RESERVED
CVE-2007-0586
	RESERVED
CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals ...)
	NOT-FOR-US: Webfwlog
CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php ...)
	NOT-FOR-US: PhP Generic
CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander ...)
	NOT-FOR-US: HTTP Commander
CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows ...)
	NOT-FOR-US: ChernobiLe
CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB ...)
	NOT-FOR-US: EclipseBB
CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...)
	NOT-FOR-US: Foro Domus
CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...)
	NOT-FOR-US: Horde Groupware
CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows ...)
	- mpg123 0.61-5 (bug #409296; unimportant)
	NOTE: Not much of a security problem; user will abort mpg123 and never listen to
	NOTE: the faulty stream again
CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ...)
	NOT-FOR-US: ACGVclick
CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats ...)
	NOT-FOR-US: Xt-Stats
CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login ...)
	NOT-FOR-US: ASPCode.net AdMentor
CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in ...)
	NOT-FOR-US: nsGalPHP
CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in ...)
	NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...)
	NOT-FOR-US: phpMyReports
CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes ...)
	NOT-FOR-US: Ad Fundum Integratable News Script
CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote ...)
	NOT-FOR-US: xNews
CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in ...)
	NOT-FOR-US: MyPHPCommander
CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
	NOT-FOR-US: Interactive-Scripts.Com
CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and ...)
	NOT-FOR-US: ASP NEWS
CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) ...)
	NOT-FOR-US: Symantec
CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web ...)
	NOT-FOR-US: Symantec
CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP ...)
	NOT-FOR-US: Windows Explorer
CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 ...)
	NOT-FOR-US: Xero Portal
CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 ...)
	NOT-FOR-US: RPW
CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in ...)
	NOT-FOR-US: vHostAdmin
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ...)
	NOT-FOR-US: rPath
CVE-2007-0556 (The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and ...)
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 <not-affected> (only PostgreSQL 8.x)
	- postgresql <not-affected> (only PostgreSQL 8.x)
CVE-2007-0555 (PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, ...)
	{DSA-1261-1}
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 1:7.4.16-1
	- postgresql <not-affected> (only transitional package)
CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...)
	NOT-FOR-US: Guos Posting System
CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php ...)
	NOT-FOR-US: PHProxy
CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Onnac
CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...)
	NOT-FOR-US: CMSimple
CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: KarjaSoft
CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root ...)
	NOT-FOR-US: Toxiclab Shoutbox
CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Maxtricity Tagger
CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: ZixForum
CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0541 (WordPress allows remote attackers to determine the existence of ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service ...)
	- wordpress 2.1.0-1 (low)
CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Telligent
CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not ...)
	- kdelibs 4:3.5.5a.dfsg.1-6 (bug #409868; medium)
CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop ...)
	NOT-FOR-US: rPath
CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and ...)
	NOT-FOR-US: Borland Delphi
CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive ...)
	NOT-FOR-US: Uploader
CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in ...)
	NOT-FOR-US: FreeWebShop
CVE-2007-0530 (** DISPUTED ** ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the ...)
	NOT-FOR-US: PHP Link Directory
CVE-2007-0528 (The admin web console implemented by the Centrality Communications ...)
	NOT-FOR-US: Centrality Communications
CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in ...)
	NOT-FOR-US: Website Baker
CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...)
	NOT-FOR-US: Bitweaver
CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server ...)
	NOT-FOR-US: Mini Web server
CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...)
	NOT-FOR-US: LG
CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Nokia
CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a ...)
	NOT-FOR-US: Motorola
CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to ...)
	NOT-FOR-US: Sony Ericsson
CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x ...)
	NOT-FOR-US: Unique Ads
CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U ...)
	NOT-FOR-US: XMB Host
CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with ...)
	NOT-FOR-US: Yana
CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...)
	NOT-FOR-US: Hitachi
CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and ...)
	NOT-FOR-US: Hitachi
CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and ...)
	NOT-FOR-US: Hitachi
CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM ...)
	NOT-FOR-US: phpXD
CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...)
	- awffull <unfixed> (unimportant)
	NOTE: This appears to be a bug without a vulnerability vector.
CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have ...)
	NOT-FOR-US: MaklerPlus
CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before ...)
	NOT-FOR-US: Drupal module "Acidfree"
CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Sun
CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows ...)
	NOT-FOR-US: webSPELL
CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum ...)
	NOT-FOR-US: Advanced Random Generators
CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in ...)
	NOT-FOR-US: Bradabra
CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim ...)
	NOT-FOR-US: phpIndexPage
CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...)
	NOT-FOR-US: MySpeach
CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in ...)
	NOT-FOR-US: Upload-Service
CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs ...)
	NOT-FOR-US: Neon Lab
CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in ...)
	NOT-FOR-US: PhpSherpa
CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING ...)
	NOT-FOR-US: MySpeach
CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain ...)
	NOT-FOR-US: Open-Realty
CVE-2007-0489 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: VisoHotlink
CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the ...)
	NOT-FOR-US: Huawei
CVE-2007-0487 (** DISPUTED ** ...)
	NOT-FOR-US: FreeForum
CVE-2007-0486 (** DISPUTED ** ...)
	NOT-FOR-US: Openads
CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...)
	NOT-FOR-US: Webdev
CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 ...)
	NOT-FOR-US: Sun
CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Cisco
CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before ...)
	NOT-FOR-US: Openads
CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, ...)
	- openldap2 <not-affected> (Gentoo packaging bug)
CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in ...)
	- smb4k <unfixed> (low)
	NOTE: not all problems fixed in 0.8.0
CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K ...)
	- smb4k <unfixed> (low)
	NOTE: not fixed in 0.8.0, see
	NOTE: http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 ...)
	- smb4k 0.8.0-1 (low)
CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to ...)
	- smb4k 0.8.0-1 (low)
CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in ...)
	- bbclone 0.4.6-8 (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
	- hinfo 1.02-3.1 (bug #402316; low)
	[sarge] - hinfo <no-dsa> (Package completely broken, hardly usable for an attack)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 ...)
	{DSA-1254-1}
	- bind9 1:9.3.4-2 (medium; bug #408432)
	- bind <not-affected>
CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...)
	- bind9 1:9.3.4-2 (medium; bug #408432)
	[sarge] - bind9 <not-affected> (Vulnerable code not present)
	- bind <not-affected>
CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions]
	- gstreamer0.10-ffmpeg 0.10.1-6
	- gst-ffmpeg 0.8.7-10
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- mplayer 1.0~rc1-12
CVE-2007-0471 (sre/params.php in the Integrity Clientless Security (ICS) component in ...)
	NOT-FOR-US: Check Point
CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...)
	- libgems-ruby 0.9.3-1 (low; bug #408299)
	[etch] - libgems-ruby <no-dsa> (Minor issue, needs implicit trust on installed data)
CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...)
	NOT-FOR-US: Visual C++
CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)
	NOT-FOR-US: Apple
CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 ...)
	NOT-FOR-US: Telestream
CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 ...)
	NOT-FOR-US: CFNetwork on Apple Mac OS
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by ...)
	NOT-FOR-US: Apple
CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before ...)
	- dazuko-source <unfixed> (bug #408300)
	[sarge] - dazuko-source <not-affected> (Vulnerable code not present)
CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and ...)
	- ulogd 1.23-6 (medium)
CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...)
	- libgd2 <unfixed> (bug #408982; low)
	[sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
	[etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...)
	{DSA-1257}
	- samba 3.0.23d-5 (medium)
CVE-2007-0453 (Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 ...)
	- samba <not-affected> (Solaris-specific vulnerability)
CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users ...)
	{DSA-1257}
	- samba 3.0.23d-5 (low)
CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...)
	- tomcat5.5 <unfixed> (medium)
CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI ...)
	- php5 <unfixed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-0447
	RESERVED
CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...)
	NOT-FOR-US: HP Mercury
CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
	NOT-FOR-US: Citrix
CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown ...)
	NOT-FOR-US: IBM OS/400
CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2007-0440
	RESERVED
CVE-2007-0439
	RESERVED
CVE-2007-0438
	RESERVED
CVE-2007-0437
	RESERVED
CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install ...)
	NOT-FOR-US: X-Kryptor
CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)
	NOT-FOR-US: T-Com Speedport
CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 ...)
	NOT-FOR-US: BEA
CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject ...)
	NOT-FOR-US: BEA
CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote ...)
	NOT-FOR-US: AVM
CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed ...)
	NOT-FOR-US: DivX Web Player
CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for ...)
	- wzdftpd 0.8.1-1 (medium)
CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered ...)
	NOT-FOR-US: BEA
CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...)
	NOT-FOR-US: BEA
CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...)
	NOT-FOR-US: BEA
CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...)
	NOT-FOR-US: BEA
CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 ...)
	NOT-FOR-US: BEA
CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to ...)
	NOT-FOR-US: BEA
CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache ...)
	NOT-FOR-US: BEA
CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and ...)
	NOT-FOR-US: BEA
CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce ...)
	NOT-FOR-US: BEA
CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext data in a ...)
	NOT-FOR-US: BEA
CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when ...)
	NOT-FOR-US: BEA
CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...)
	NOT-FOR-US: BEA
CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...)
	NOT-FOR-US: BEA
CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate ...)
	NOT-FOR-US: BEA
CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, ...)
	- gxine 0.5.8-2 (medium; bug #405876)
CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in ...)
	NOT-FOR-US: MisterSPa-forum
CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
	- wordpress 2.0.7 (bug #407116; unimportant)
	NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,
	NOTE: register_globals unsupported anyway
CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in ...)
	NOT-FOR-US: HP-UX
CVE-2007-0395 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ComVironment
CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file ...)
	NOT-FOR-US: HP-UX
CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0391 (Format string vulnerability in the log creation functionality of ...)
	NOT-FOR-US: BitDefender
CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...)
	NOT-FOR-US: sabros.us
CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) ...)
	NOT-FOR-US: ArsDigita Community System
CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks ...)
	- joomla <itp> (bug #326398)
CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...)
	NOT-FOR-US: PostNuke
CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain ...)
	NOT-FOR-US: PostNuke
CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews ...)
	NOT-FOR-US: PostNuke
CVE-2007-0383 (** DISPUTED ** ...)
	NOT-FOR-US: WDaemon
CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the ...)
	NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla!
CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote ...)
	NOT-FOR-US: ATutor
CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: DocMan
CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows ...)
	NOT-FOR-US: DocMan
CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow ...)
	NOT-FOR-US: DocMan
CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote ...)
	NOT-FOR-US: Xoops
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows ...)
	NOT-FOR-US: Virtuemart
CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive ...)
	- joomla <itp> (bug #326398)
CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and ...)
	- mambo 4.6.1-5 (bug #407995; low)
	- joomla <itp> (bug #326398)
	NOTE: Mantainer working in new upstream version of Joomla and waiting patch
	NOTE: for Mambo.
CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow ...)
	- joomla <itp> (bug #326398)
CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 ...)
	NOT-FOR-US: phpBP
CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows ...)
	NOT-FOR-US: phpBP
CVE-2007-0368 (Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local ...)
	NOT-FOR-US: mbse
CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...)
	NOT-FOR-US: All In One Control Panel
CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com ...)
	NOT-FOR-US: nicecoder.com INDEXU
CVE-2007-XXXX [libjabber DoS]
	- centericq 4.21.0-18 (unimportant; bug #406982)
	NOTE: Affected function isn't used in the source
CVE-2007-XXXX [python-django flup/FastCGI/debugging issue]
	- python-django 0.95.1-1 (bug #407607)
CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids]
	- gstreamer0.10-ffmpeg 0.10.1-5
	- gst-ffmpeg 0.8.7-9
	- mplayer 1.0~rc1-12
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
CVE-2007-XXXX [netpbm heap corruption]
	- netpbm-free 2:10.0-11 (bug #407605)
CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...)
	NOT-FOR-US: Openads
CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...)
	NOT-FOR-US: FreshReader
CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in ...)
	NOT-FOR-US: PHPMyphorum
CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon ...)
	NOT-FOR-US: Oreon
CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey ...)
	NOT-FOR-US: Travelsized CMS
CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP ...)
	NOT-FOR-US: HP Jetdirect
CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in ...)
	NOT-FOR-US: AVM
CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in ...)
	NOT-FOR-US: Apple
CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook ...)
	NOT-FOR-US: MGB OpenSource Guestbook
CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...)
	NOT-FOR-US: myBloggie
CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...)
	NOT-FOR-US: FileMailer
CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...)
	NOT-FOR-US: INDEXU
CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...)
	NOT-FOR-US: ActiveX control in InterActual Player
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
	TODO: check
	NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5 source)
CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
	NOT-FOR-US: FileMailer
CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain ...)
	NOT-FOR-US: Apple
CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) ...)
	- colloquy <removed>
CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: OpenBSD
CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple WebKit
CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and ...)
	- phpmyadmin 4:2.9.1.1-2 (medium)
CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard ...)
	NOT-FOR-US: ThWboard
CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in ...)
	NOT-FOR-US: FileMailer
CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...)
	NOT-FOR-US: KGB
CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows ...)
	NOT-FOR-US: Rixstep
CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book ...)
	NOT-FOR-US: Jax Petition Book
CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...)
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote ...)
	NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in ...)
	NOT-FOR-US: Macrovision
CVE-2007-0327
	RESERVED
CVE-2007-0326
	RESERVED
CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...)
	NOT-FOR-US: LizardTech DjVu Browser Plug-in
CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion ...)
	NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control
CVE-2007-0322
	RESERVED
CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in ...)
	NOT-FOR-US: FLEXnet Connect
CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...)
	NOT-FOR-US: InstallFromTheWeb
CVE-2007-0319
	RESERVED
CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla ...)
	- filezilla 3.0.0~beta2-3 (medium; bug #407683)
CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System ...)
	NOT-FOR-US: Article System
CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) ...)
	- gosa 2.5.8-1 (medium)
	[etch] - gosa 2.5.6-2.1
CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ...)
	NOT-FOR-US: wcSimple
CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates ...)
	NOT-FOR-US: BMC Software
CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...)
	NOT-FOR-US: Digiappz
CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 ...)
	NOT-FOR-US: MiNT Haber Sistemi
CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have ...)
	NOT-FOR-US: Zina
CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...)
	NOT-FOR-US: InstantASP
CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in ...)
	NOT-FOR-US: FdWeB
CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS ...)
	NOT-FOR-US: TLM CMS
CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...)
	NOT-FOR-US: LunarPoll
CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...)
	NOT-FOR-US: Oracle
CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...)
	NOT-FOR-US: Oracle
CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...)
	NOT-FOR-US: Oracle
CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web ...)
	NOT-FOR-US: Oracle
CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, ...)
	NOT-FOR-US: Oracle
CVE-2007-0272 (Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0270 (Unspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and ...)
	NOT-FOR-US: Oracle
CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...)
	NOT-FOR-US: UFS filesystem on MacOS/FreeBSD
CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to ...)
	NOT-FOR-US: Winzip
CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows ...)
	NOT-FOR-US: Total Commander
CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...)
	{DTSA-33-1}
	- wordpress <unfixed> (unimportant; bug #407289)
CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when ...)
	NOT-FOR-US: sNews
CVE-2007-0260 (** DISPUTED ** ...)
	NOT-FOR-US: Naig
CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...)
	NOT-FOR-US: Fastilo
CVE-2007-0257 (** DISPUTED ** ...)
	- kernel-patch-grsecurity2 2.1.10-1 (bug #407350)
	NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html
CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of ...)
	- vlc 0.8.6.c-1 (unimportant; bug #407290)
CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)
	NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere
	NOTE: This appears to be a generic crash
CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...)
	- xine-ui 0.99.4+dfsg+cvs20061111-2 (low; bug #407369)
CVE-2007-0253 (** DISPUTED ** ...)
	- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
	NOTE: See CVE-2007-0257
CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote ...)
	NOT-FOR-US: easy-content
CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort ...)
	- snort <not-affected> (DecodeGRE function not in unstable version)
	NOTE: unstable contains version 2.3.3-11, and the last upstream is 2.6.1.2
	NOTE: This is fixed in upstream CVS so it's very likely to never affect Debian.
CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers ...)
	- squid 2.6.5-4 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 ...)
	{DSA-1297-1}
	- gforge-plugin-scmcvs 4.5.14-6
CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier ...)
	{DSA-1307-1}
	- openoffice.org 2.2.1~rc1-1
CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before ...)
	{DSA-1288-1}
	- pptpd 1.3.4-1
CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...)
	- sun-java5 1.5.0-10-1
CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does ...)
	{DSA-1292-1}
	- qt4-x11 4.2.2-2
	- qt-x11-free 3:3.3.7-4
CVE-2007-0241
	RESERVED
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier ...)
	{DSA-1275-1}
	- zope2.9 2.9.7-1
	[etch] - zope2.9 2.9.6-4etch1
CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ...)
	{DSA-1269-1}
	- lookup-el 1.4-5 (low)
CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...)
	{DSA-1255-1}
	- libgtop2 2.14.4-3 (medium; bug #407020)
	NOTE: libgtop does not contain the affected code.
CVE-2007-0234
	REJECTED
	NOTE: Duplicate of CVE-2007-0243
CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...)
	- wordpress 2.1.0-1 (unimportant)
	NOTE: This is argubly a php bug, CVE-2006-3017
CVE-2007-0232 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jshop Server
CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...)
	NOT-FOR-US: Movable Type
CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...)
	NOT-FOR-US: CS-Cart
CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and ...)
	NOT-FOR-US: MacOS X
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...)
	NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...)
	- slocate <unfixed> (bug #411937; low)
	[sarge] - slocate <not-affected> (Performs correct access checks)
	NOTE: slocate will allow users to find files in directories with the
	NOTE: executable bit set but without the readable bit set.  This is
	NOTE: an information leak.
CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...)
	NOT-FOR-US: uniForum
CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Microsoft
CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...)
	NOT-FOR-US: Microsoft
CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0216
	RESERVED
CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does ...)
	NOT-FOR-US: Microsoft
CVE-2007-0212
	RESERVED
CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...)
	NOT-FOR-US: Microsoft
CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...)
	NOT-FOR-US: Microsoft
CVE-2007-0207
	RESERVED
CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2007-XXXX [udev wrong permissions on raid devices]
	- udev 0.105-2 (bug #404927)
	[sarge] - udev <not-affected> (Doesn't affect Sarge)
CVE-2007-XXXX [yacas insecure rpath]
	- yacas 1.0.57-3 (bug #399226; bug #399227; low)
CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...)
	- squid 2.6.5-4 (low; bug #407202)
	[sarge] - squid <not-affected> (Vulnerable code not present)
	NOTE: reference - http://secunia.com/advisories/23767/
CVE-2007-XXXX [bcfg2 password disclosure]
	- bcfg2 0.8.7.3-1 (low; bug #406285)
	[etch] - bcfg2 0.8.6.1-1.1etch1
CVE-2007-XXXX [mysql 5.0 several DoS vulns]
	- mysql-dfsg-5.0 5.0.32-1
CVE-2007-0205 (Multiple directory traversal vulnerabilities in @lex Guestbook 4.0.2 ...)
	NOT-FOR-US: @alex
CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: duplicate of CVE-2006-6374?
CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and ...)
	NOT-FOR-US: @lex
CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet ...)
	NOT-FOR-US: TIS
CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey ...)
	NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery
CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 ...)
	NOT-FOR-US: Cisco
CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center Enterprise, ...)
	NOT-FOR-US: Cisco
CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web ...)
	NOT-FOR-US: Motionborg Web Real Estate
CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays ...)
	NOT-FOR-US: F5
CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain ...)
	NOT-FOR-US: MKPortal
CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by ...)
	NOT-FOR-US: FON La Fonera
CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main ...)
	NOT-FOR-US: MKPortal
CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal ...)
	NOT-FOR-US: MKPortal
CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x ...)
	NOT-FOR-US: edit-x ecommerce
CVE-2007-0189 (** DISPUTED ** ...)
	NOT-FOR-US: GeoBB
CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access ...)
	NOT-FOR-US: F5
CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to ...)
	NOT-FOR-US: F5
CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
	NOT-FOR-US: F5
CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0183 (Cross-site scripting (XSS) vulnerability in /search in iPlanet Web ...)
	NOT-FOR-US: iPlanet Web
CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo ...)
	NOT-FOR-US: Magic photo storage website
CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php ...)
	NOT-FOR-US: Magic Photo Storage website
CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows user-assisted ...)
	NOT-FOR-US: EF Commander
CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows ...)
	NOT-FOR-US: PHPKIT
CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy Banner Pro ...)
	NOT-FOR-US: Easy Banner Pro
CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in ...)
	- mediawiki 1.7.1-6 (bug #406238; medium)
	NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721
CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php ...)
	- gforge 4.5.14-20 (low; bug #406244)
	[sarge] - gforge <not-affected> (Vulnerable code not present)
CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in ...)
	- b2evolution 0.9.2-4 (bug #410568; low)
CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ...)
	NOT-FOR-US: Sina UC2006
CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...)
	NOT-FOR-US: L2J Statistik Script
CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...)
	NOT-FOR-US: AllMyGuest
CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks ...)
	NOT-FOR-US: AllMyLinks
CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors ...)
	NOT-FOR-US: AllmyVisitors
CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...)
	NOT-FOR-US: PPC Search
CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify ...)
	- kfreebsd-5 <not-affected>
CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, ...)
	NOT-FOR-US: Camouflage
CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in ...)
	NOT-FOR-US: Steganography
CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...)
	NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
	- centericq 4.21.0-17 (low)
	[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
	NOTE: The bug really exist but, is not exploitable because the LiveJournal server
	NOTE: has a length restriction on both the username (15 characters) and the real name
	NOTE: (50 characters). In my opnion is only exploitable if the user try connect in
	NOTE: fake LiveJournal server. All version of Debian centericq packages have a
	NOTE: compromised code.
CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
	- geoip 1.3.17-1.1 (bug #406628; low)
	[sarge] - geoip <no-dsa> (Minor issue)
CVE-2007-0158
	RESERVED
CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for ...)
	- neon26 0.26.2-3.1 (medium; bug #404723)
	NOTE: neon25 doesn't have the uri_lookup macro
CVE-2007-0156 (M-Core stores the database under the web document root, which allows ...)
	NOT-FOR-US: M-Core
CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: HarikaOnline
CVE-2007-0154 (Webulas stores sensitive information under the web root with ...)
	NOT-FOR-US: Webulas
CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with ...)
	NOT-FOR-US: AJLogin
CVE-2007-0152 (OhhASP stores sensitive information under the web root with ...)
	NOT-FOR-US: OhhASP
CVE-2007-0151 (MitiSoft stores sensitive information under the web root with ...)
	NOT-FOR-US: MitiSoft
CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Dayfox
CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: EMembersPro
CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote ...)
	NOT-FOR-US: OminiGroup
CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an ...)
	NOT-FOR-US: Cuyahoga
CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips ...)
	NOT-FOR-US: Fix and Chips
CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP ...)
	NOT-FOR-US: BinGoPHP
CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...)
	NOT-FOR-US: NUNE News
CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce ...)
	NOT-FOR-US: ShopStoreNow
CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another ...)
	NOT-FOR-US: YALD
CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download ...)
	NOT-FOR-US: Kolayindir
CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in ...)
	NOT-FOR-US: DECnet-Plus
CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ ...)
	NOT-FOR-US: Serene Bach
CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before ...)
	- drupal 4.7.5-1
	NOTE: vendor advisory: http://drupal.org/node/104233, DRUPAL-SA-2007-001
CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix ...)
	NOT-FOR-US: Aratix
CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow ...)
	NOT-FOR-US: IG Shop
CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in ...)
	NOT-FOR-US: IG Shop
CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop ...)
	NOT-FOR-US: IG Shop
CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves ...)
	NOT-FOR-US: JAMWiki
CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 ...)
	NOT-FOR-US: iG Calendar
CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and ...)
	NOT-FOR-US: LocazoList
CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and ...)
	NOT-FOR-US: Digirez
CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly ...)
	NOT-FOR-US: Opera
CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before ...)
	- drupal 4.7.5-1 (low)
CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows ...)
	NOT-FOR-US: Uber Uploader
CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 ...)
	NOT-FOR-US: RI Blog
CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and ...)
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 ...)
	NOT-FOR-US: EditTag
CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow ...)
	NOT-FOR-US: EditTag
CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...)
	NOT-FOR-US: PacketWise
CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...)
	NOT-FOR-US: createauction
CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...)
	NOT-FOR-US: PocketPC
CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...)
	NOT-FOR-US: Novell Access Manager
CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error ...)
	- wordpress 2.0.6-1 (low)
	NOTE: http://trac.wordpress.org/changeset/4665
CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...)
	NOT-FOR-US: Novell Client
CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...)
	NOT-FOR-US: Cisco
CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 ...)
	- kdegraphics 4:3.5.5-3 (unimportant)
	- koffice <unfixed> (unimportant)
	- poppler 0.4.5-5.1 (unimportant)
	- xpdf <unfixed> (bug #406852; unimportant)
	NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering
	NOTE: such an endless loop the user will simply abort kpdf and never look at
	NOTE: that file again, this is only denial of service by a _very_ far stretch
	NOTE: of imagination. I suppose KDE Security only issued an update for it
	NOTE: because the shared underlying code was part of the Month of Apple Bugs
	NOTE: and they wanted to debunk claims of code injection.
CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...)
	NOT-FOR-US: SPINE
CVE-2007-0100 (The Perforce client does not restrict the set of files that it ...)
	NOT-FOR-US: Perforce
CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet Explorer 6 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 ...)
	NOT-FOR-US: VerliAdmin
CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ...)
	NOT-FOR-US: ConeXware PowerArchive
CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...)
	NOT-FOR-US: Carbon Communities
CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...)
	- phpmyadmin <unfixed> (bug #399329; unimportant)
	NOTE: Only path disclosure
CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...)
	NOT-FOR-US: Sven Moderow GuestBook
CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content ...)
	NOT-FOR-US: Simple Web Content Management System
CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 ...)
	NOT-FOR-US: E-SMARTCART 
CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with ...)
	NOT-FOR-US: newsCMSlite
CVE-2007-0090 (WineGlass stores sensitive information under the web root with ...)
	NOT-FOR-US: WineGlass
CVE-2007-0089 (jgbbs stores sensitive information under the web root with ...)
	NOT-FOR-US: jgbbs
CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote ...)
	NOT-FOR-US: openmedia
CVE-2007-0087 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-0086 (** DISPUTED ** ...)
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...)
	NOT-FOR-US: OpenBSD VGA wscons driver
CVE-2007-0084 (** DISPUTED ** ...)
	NOT-FOR-US: Windows NT
CVE-2007-0083 (Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier ...)
	NOT-FOR-US: Nuked Klan
CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 and earlier does not properly ...)
	NOT-FOR-US: IMGallery
CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2007-0080 (** DISPUTED ** ...)
	- freeradius <unfixed> (unimportant)
	NOTE: Data triggering the buffer overflow can only be controlled by root
CVE-2007-0079 (rblog stores sensitive information under the web root with ...)
	NOT-FOR-US: rblog
CVE-2007-0078 (BattleBlog stores sensitive information under the web root with ...)
	NOT-FOR-US: BattleBlog
CVE-2007-0077 (lblog stores sensitive information under the web root with ...)
	NOT-FOR-US: lblog
CVE-2007-0076 (Openforum stores sensitive information under the web root with ...)
	NOT-FOR-US: Openforum
CVE-2007-0075 (AspBB stores sensitive information under the web root with ...)
	NOT-FOR-US: AspBB
CVE-2007-0074
	RESERVED
CVE-2007-0073
	RESERVED
CVE-2007-0072
	RESERVED
CVE-2007-0071
	RESERVED
CVE-2007-0070
	RESERVED
CVE-2007-0069
	RESERVED
CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x ...)
	NOT-FOR-US: Lotus Domino Server
CVE-2007-0066
	RESERVED
CVE-2007-0065
	RESERVED
CVE-2007-0064
	RESERVED
CVE-2007-0063
	RESERVED
CVE-2007-0062
	RESERVED
CVE-2007-0061
	RESERVED
CVE-2007-0060
	RESERVED
CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through ...)
	NOT-FOR-US: Cisco
CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe ...)
	NOT-FOR-US: AShop Deluxe
CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0054 (Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2007-0053 (SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer ...)
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows ...)
	NOT-FOR-US: Vizayn Haber
CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other ...)
	NOT-FOR-US: Apple iPhoto
CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_022007.141.html
CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_012007.140.html
CVE-2007-0050 (** DISPUTED ** ...)
	NOT-FOR-US: OpenPinboard
CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: TaskTracker
CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, when used with Internet ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
	NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02)
	NOTE: and icape 1.0.8-1
CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0043
	RESERVED
CVE-2007-0042
	RESERVED
CVE-2007-0041
	RESERVED
CVE-2007-0040
	RESERVED
CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in ...)
	NOT-FOR-US: Microsoft
CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-0037
	RESERVED
CVE-2007-0036
	RESERVED
CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0032
	RESERVED
CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-0023 (The CFUserNotificationSendRequest function in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic ...)
	NOT-FOR-US: Panic Transmit
CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX ...)
	NOT-FOR-US: NCTAudioFile2 ActiveX control
CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler ...)
	{DSA-1252-1}
	- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...)
	NOT-FOR-US: MoviePlay
CVE-2007-XXXX [webcam-server unspecified vulnerability]
	- webcam-server 0.50-2
CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java class ...)
	NOT-FOR-US: ChainKey Java Code Protection
CVE-2007-0013
	RESERVED
CVE-2007-0012
	RESERVED
CVE-2007-0011
	RESERVED
CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) ...)
	{DSA-1256-1}
	- gtk+2.0 2.8.20-5
	TODO: check gdk-pixbuf
CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network ...)
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <unfixed> (high)
	[sarge] - mozilla <unfixed> (high)
	- firefox <removed> (high)
CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security ...)
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <unfixed> (high)
	[sarge] - mozilla <unfixed> (high)
	- firefox <removed> (high)
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary ...)
	- gnucash 2.0.5-1 (bug #411942; medium)
CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in ...)
	{DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0004
	RESERVED
CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...)
	- pam <not-affected> (Only pam 0.99.7 affected)
CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document ...)
	{DSA-1270-1 DSA-1268-1}
	- libwpd 0.8.9-1
	NOTE: openoffice.org changelog indicates libwpd is included but not used
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
	[etch] - libwpd 0.8.7-6
CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...)
	- linux-2.6 <not-affected> (Red Hat specific vulnerability)